System32Problems1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

System32Problems1.zip
Size

10.0MB
MD5

3baea37bd530c581c72ca876db5b2938
SHA1

3b0aa56510b804664d4155a95916b78030f6519e
SHA256

1d37b7585b94ae72ff2b1f08ab084fd2e74ee265eb4b5a39616e8190e85e139e
SHA512

6c3eb01aa4d9bcfc0b7edd978c34a55d0be2205b1735d5fd71b254c0c55eb4d2efe3417e43a9b5ca8ce211f4a418530b1241499ef464d3b009e0cd68dcd7085a
SSDEEP

196608:aiBPAB1zPMi9XdTKNGo+Xa+Du1BD4DHE8hfm8K2gGaJBfFJYGj/aOzBuRRqCu:nI1zPldTPojEmVQD7gV0Gj3Au

Score

3^/10

Malware Config

Signatures

Unsigned PE 72 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ARP.EXE
unpack001/AggregatorHost.exe
unpack001/AppHostRegistrationVerifier.exe
unpack001/ApproveChildRequest.exe
unpack001/AtBroker.exe
unpack001/AxInstUI.exe
unpack001/BackgroundTransferHost.exe
unpack001/BdeUISrv.exe
unpack001/BitLockerDeviceEncryption.exe
unpack001/BitLockerWizardElev.exe
unpack001/ByteCodeGenerator.exe
unpack001/CIDiag.exe
unpack001/CertEnrollCtrl.exe
unpack001/CheckNetIsolation.exe
unpack001/CompMgmtLauncher.exe
unpack001/CompPkgSrv.exe
unpack001/ComputerDefaults.exe
unpack001/CustomInstallExec.exe
unpack001/DataStoreCacheDumpTool.exe
unpack001/Defrag.exe
unpack001/agentactivationruntimestarter.exe
unpack001/alg.exe
unpack001/appidcertstorecheck.exe
unpack001/appidpolicyconverter.exe
unpack001/appidtel.exe
unpack001/at.exe
unpack001/attrib.exe
unpack001/auditpol.exe
unpack001/autochk.exe
unpack001/bash.exe
unpack001/bcdboot.exe
unpack001/bitsadmin.exe
unpack001/bootim.exe
unpack001/bridgeunattend.exe
unpack001/browserexport.exe
unpack001/bthudtask.exe
unpack001/cacls.exe
unpack001/calc.exe
unpack001/certreq.exe
unpack001/certutil.exe
unpack001/charmap.exe
unpack001/chkdsk.exe
unpack001/chkntfs.exe
unpack001/choice.exe
unpack001/cipher.exe
unpack001/cleanmgr.exe
unpack001/cliconfg.exe
unpack001/clip.exe
unpack001/cmd.exe
unpack001/cmdkey.exe
unpack001/cmdl32.exe
unpack001/cmmon32.exe
unpack001/cmstp.exe
unpack001/cofire.exe
unpack001/colorcpl.exe
unpack001/comp.exe
unpack001/compact.exe
unpack001/conhost.exe
unpack001/control.exe
unpack001/convert.exe
unpack001/coredpussvr.exe
unpack001/credwiz.exe
unpack001/cscript.exe
unpack001/ctfmon.exe
unpack001/cttune.exe
unpack001/cttunesvr.exe
unpack001/dasHost.exe
unpack001/dccw.exe
unpack001/dcomcnfg.exe
unpack001/ddodiag.exe
unpack001/deploymentcsphelper.exe
unpack001/desktopimgdownldr.exe

Files

System32Problems1.zip
.zip
ARP.EXE
.exe windows:10 windows x64 arch:x64

48a4d83e58f21e6758c9f94526fbb940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

arp.pdb

Imports

msvcrt

__C_specific_handler
?terminate@@YAXXZ
__setusermatherr
_fmode
fprintf
time
_setmode
_fileno
_wsetlocale
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_commode
_XcptFilter
islower
isdigit
isspace
isxdigit
_vsnprintf
sscanf_s
toupper
_vsnwprintf
__iob_func
_initterm
memcpy

ntdll

RtlIpv4AddressToStringW

ws2_32

ntohl
WSAStartup
inet_addr
gethostbyname

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExA
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetTickCount
GetSystemTimeAsFileTime

snmpapi

SnmpUtilOidCpy
SnmpUtilVarBindFree
SnmpUtilMemAlloc
SnmpUtilMemFree

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

iphlpapi

GetIpStatisticsEx
GetTcpStatisticsEx
GetUdpStatisticsEx
GetIcmpStatisticsEx
GetIpForwardTable

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AggregatorHost.exe
.exe windows:10 windows x64 arch:x64

207487943eb7fd46bd62ed964afec4dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AggregatorHost.pdb

Imports

msvcp_win

_Mtx_init_in_situ
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
_Mtx_lock
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-string-l1-1-0

memset
strcspn

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__strnicmp
memmove
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_isspace
_o_iswspace
_o_malloc
_o_rand
_o_srand
_o_strtod
_o_strtoul
_o_strtoull
_o_terminate
_o_tolower
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o___p__commode
_o__crt_atexit
_o___p___wargv
_o__configure_wide_argv
_o___p___argc
_o__configthreadlocale
_o__cexit
_o__callnewh
__CxxFrameHandler3
_CxxThrowException
_o____lc_codepage_func
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
__std_terminate
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
memchr
memcmp
memcpy

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ResumeThread
TerminateProcess
OpenThreadToken
GetCurrentThread
GetCurrentProcessId
GetThreadId
OpenThread
GetStartupInfoW
GetCurrentProcess
SuspendThread

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSemaphore
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
SetEvent
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SetThreadpoolTimer
CreateThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetThreadTimes
GetThreadContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegGetValueW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

AllocateLocallyUniqueId

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

ntdll

RtlSubscribeWnfStateChangeNotification
RtlAllocateAndInitializeSid
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlReportExceptionEx
NtQueryInformationProcess
NtQueryWnfStateData
RtlReportException

api-ms-win-core-psapi-ansi-l1-1-0

K32GetModuleBaseNameA

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l1-1-0

CreateDirectoryW
ReadFile
GetFileAttributesExW
GetFileSize
CreateFileW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppHostRegistrationVerifier.exe
.exe windows:10 windows x64 arch:x64

a8f95ce93866aa2f9ff35899a0271872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppHostRegistrationVerifier.pdb

Imports

msvcp_win

?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o_abort
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_freopen
_o_fsetpos
_o_fwrite
_o_iswspace
_o_malloc
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o__callnewh
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o___p__commode
_o__crt_atexit
_o___p___wargv
_o___p___argc
_o__configthreadlocale
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__cexit
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObject
SetEvent
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstring
WindowsCreateStringReference
WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsGetStringLen
WindowsDeleteString

ntdll

RtlDeriveCapabilitySidsFromName

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-appmodel-identity-l1-2-0

AppXFreeMemory
AppXGetPackageCapabilities

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-appmodel-state-l1-2-0

GetSystemAppDataKey
OpenStateExplicit
CloseState

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppInstallerBackgroundUpdate.exe
.exe windows:10 windows x64 arch:x64

db517dcd8e27c95037f893b749a20d89

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77
Signer

Actual PE Digest

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AppInstallerBackgroundUpdate.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o___p__commode
memcpy
_o___stdio_common_vsnwprintf_s
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoSetProxyBlanket

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplicationFrameHost.exe
.exe windows:10 windows x64 arch:x64

786740c31e7b1973cf11e4c17b9c2e8d

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:e8:1a:b5:79:e2:a8:21:8a:aa:82:ef:1f:7a:c2:9f:de:bf:84:c3:02:7e:97:38:64:10:6d:97:ff:6b:f1:d4
Signer

Actual PE Digest

9d:e8:1a:b5:79:e2:a8:21:8a:aa:82:ef:1f:7a:c2:9f:de:bf:84:c3:02:7e:97:38:64:10:6d:97:ff:6b:f1:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplicationFrameHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSemaphore
LeaveCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetProcessShutdownParameters

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

uxtheme

ord135

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplyTrustOffline.exe
.exe windows:10 windows x64 arch:x64

ce259a9ec10b5a939b4b54e8324ff58c

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-02-2024 19:22

Not After

07-02-2025 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:d8:60:1f:e2:ba:1d:ad:44:0e:3c:82:84:bd:d1:59:a4:75:33:b7:c8:ad:50:08:05:e0:5b:56:bd:74:1f:7b
Signer

Actual PE Digest

f0:d8:60:1f:e2:ba:1d:ad:44:0e:3c:82:84:bd:d1:59:a4:75:33:b7:c8:ad:50:08:05:e0:5b:56:bd:74:1f:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApplyTrustOffline.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__wcslwr
_o__wcsnicmp
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__get_initial_wide_environment
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
wcsrchr
__CxxFrameHandler4
__std_terminate
wcsstr
__CxxFrameHandler3
_o__configthreadlocale
_o__cexit
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree
CoInitializeEx
StringFromGUID2
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsSetValue
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenProcessToken
OpenThreadToken
ProcessIdToSessionId
TlsGetValue
TlsAlloc
GetCurrentProcess
SetThreadToken

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualProtect
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
VirtualFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-rtlsupport-l1-1-0

RtlDeleteFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlAddFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetLocalTime
GetSystemInfo
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

staterepository.core

sqlite3_column_bytes
sqlite3_column_text16
sqlite3_column_text
sqlite3_bind_blob
sqlite3_column_blob
sqlite3_bind_text16
sqlite3_column_type
sqlite3_stmt_busy
sqlite3_sql
sqlite3_db_handle
sqlite3_log
sqlite3_bind_int64
sqlite3_finalize
sqlite3_errmsg
sqlite3_expanded_sql
sqlite3_reset
sqlite3_step
sqlite3_bind_int
sqlite3_column_int64
sqlite3_next_stmt
sqlite3_bind_null
sqlite3_get_autocommit
sqlite3_close
sqlite3_open_v2
sqlite3_extended_errcode
sqlite3_file_control
sqlite3_extended_result_codes
sqlite3_db_config
sqlite3_clear_bindings
sqlite3_exec
sqlite3_wal_checkpoint_v2
sqlite3_changes
sqlite3_total_changes
sqlite3_last_insert_rowid
sqlite3_db_filename
sqlite3_errcode
sqlite3_column_int
sqlite3_busy_timeout
sqlite3_db_status
sqlite3_create_function_v2
sqlite3_user_data
sqlite3_result_error_nomem
sqlite3_result_error16
sqlite3_snprintf
sqlite3_result_error_code
sqlite3_result_int64
sqlite3_result_int
sqlite3_profile
sqlite3_value_type
sqlite3_value_text16
sqlite3_value_int
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_malloc
sqlite3_result_blob
sqlite3_free
sqlite3_value_int64
sqlite3_trace
sqlite3_result_text16
sqlite3_wal_autocheckpoint
sqlite3_value_text
sqlite3_prepare_v2

api-ms-win-appmodel-runtime-internal-l1-1-1

GetPackageFullNameFromToken
GetPackageStatus
UpdatePackageStatus
IncrementPackageStatusVersion

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser
PackageSidFromFamilyName

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

ntdll

NtFsControlFile
NtQueryInformationProcess
NtQueryInformationFile
RtlCompareUnicodeString
RtlValidSid
RtlFreeUnicodeString
NtCreateFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtSetInformationVirtualMemory
RtlReportException
RtlInitializeCriticalSection
RtlNtStatusToDosErrorNoTeb
NtGetCachedSigningLevel
NtCompareSigningLevels
RtlIsStateSeparationEnabled
RtlFindAceByType
RtlCreateSecurityDescriptor
RtlEqualSid
RtlLeaveCriticalSection
NtQueryInformationThread
RtlCreateAcl
RtlInsertElementGenericTableAvl
NtQueryLicenseValue
RtlFreeSid
RtlEnterCriticalSection
RtlIsMultiUsersInSessionSku
RtlAllocateHeap
RtlLengthSid
RtlInitializeGenericTableAvl
NtSetSecurityObject
RtlConvertSidToUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlAllocateAndInitializeSid
NtSetInformationThread
RtlLookupElementGenericTableAvl
RtlAddProcessTrustLabelAce
RtlAcquireSRWLockExclusive
RtlSetSaclSecurityDescriptor
RtlReleaseSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlDowncaseUnicodeString
RtlFreeHeap

api-ms-win-security-provider-l1-1-0

GetSecurityInfo
SetNamedSecurityInfoW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
FindNextFileW
GetFileSizeEx
FindClose
GetVolumePathNameW
GetVolumeInformationW
FindFirstFileW
GetFileAttributesExW
WriteFile
DeleteFileW
CreateFileW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
InitializeCriticalSectionEx
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

SetSecurityAccessMask
EqualSid
GetAce
RevertToSelf
GetLengthSid
GetTokenInformation
ImpersonateSelf
GetFileSecurityW
AccessCheck
IsValidSid
GetSecurityDescriptorOwner
ImpersonateLoggedOnUser
AdjustTokenPrivileges
CopySid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
QueryFullProcessImageNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchRemoveBackslash
PathAllocCanonicalize
PathCchCombine

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-file-l1-2-2

FindFirstFileNameW
FindNextFileNameW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

crypt32

CertFreeCertificateChainEngine
CertGetEnhancedKeyUsage
CertFreeCertificateChain
CertFreeCertificateContext
CryptMsgClose
CertVerifyCertificateChainPolicy
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetCertificateChain
CertOpenStore
CertCreateCertificateChainEngine

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-windowserrorreporting-l1-1-1

WerRegisterCustomMetadata

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviderFieldInformation
TdhGetEventMapInformation
TdhGetEventInformation

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 480KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApproveChildRequest.exe
.exe windows:10 windows x64 arch:x64

334a1ef956dc8fefbb9d107317698ca8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ApproveChildRequest.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
EventWriteTransfer
EventActivityIdControl

kernel32

OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetErrorMode
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CloseThreadpool
SleepConditionVariableSRW
WakeAllConditionVariable
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
InitializeSRWLock
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
TlsAlloc
TlsFree
TlsSetValue
ConvertFiberToThread
Sleep
QueueUserAPC
OpenThread
GetTickCount
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
AcquireSRWLockExclusive
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
SetErrorMode
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetLastError
OpenEventW
CreateEventExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
_o_ceilf
_o_exit
_o_free
_o_iswascii
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
strchr
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

oleaut32

SysAllocString
SysFreeString
VariantClear

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

user32

PostThreadMessageW

api-ms-win-core-com-l1-1-0

CoCreateInstance

ntdll

EtwTraceMessage

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AtBroker.exe
.exe windows:10 windows x64 arch:x64

34d1312802afb39409fe0be066fcf443

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ATBroker.pdb

Imports

advapi32

RegQueryValueExW
OpenServiceW
QueryServiceConfigW
EventUnregister
RegOpenKeyExW
CheckTokenMembership
UnregisterTraceGuids
RegisterTraceGuidsW
FreeSid
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
AllocateAndInitializeSid
OpenSCManagerW
EventRegister
CloseServiceHandle
EventWriteTransfer
RegCloseKey
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW

kernel32

LocalAlloc
GetCurrentThreadId
GetVersionExW
MultiByteToWideChar
Sleep
LockResource
CloseHandle
RaiseException
FindResourceExW
LoadResource
LocalFree
lstrcmpiW
OpenMutexW
DelayLoadFailureHook
ResolveDelayLoadedAPI
ExpandEnvironmentStringsW
SetProcessShutdownParameters
SizeofResource
OOBEComplete
IsProcessInJob
OpenJobObjectW
InitOnceComplete
InitOnceBeginInitialize
RegEnumValueW
RegDeleteTreeW
K32GetModuleBaseNameW
K32EnumProcessModules
ProcessIdToSessionId
K32EnumProcesses
RegLoadMUIStringW
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
CreateSemaphoreExW
CreateMutexExW
CompareStringOrdinal
CreateThreadpoolTimer
OpenSemaphoreW
WaitForSingleObject
InitializeCriticalSectionEx
WaitForSingleObjectEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseMutex
ReleaseSemaphore
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter

user32

GetShellWindow
GetKeyState
SendInput
SetDesktopColorTransform
GetWindowThreadProcessId
UnregisterClassA
SendNotifyMessageW
SystemParametersInfoW
GetUserObjectInformationW
GetThreadDesktop

msvcrt

wcscspn
_wcslwr_s
_ltow_s
wcsspn
wcschr
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
memmove_s
__C_specific_handler
malloc
free
wcscpy_s
_wcsicmp
memcpy_s
_callnewh
??1type_info@@UEAA@XZ
memcmp
memset
?terminate@@YAXXZ
__CxxFrameHandler4
_vsnwprintf
_purecall
_wtoi
wcsrchr
wcscmp

ntdll

RtlVirtualUnwind
NtQueryWnfStateData
RtlCaptureContext
WinSqmIsOptedIn
WinSqmAddToStream
NtUpdateWnfStateData
RtlLookupFunctionEntry

shell32

ShellExecuteW

shlwapi

ord460
PathFileExistsW

uxtheme

ord65

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AuthHost.exe
.exe windows:10 windows x64 arch:x64

4cb8be5a89fe119751f43b270ccc8461

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:7d:3d:62:9c:6e:88:24:3d:93:50:1f:d2:66:df:46:13:65:63:1a:d0:de:22:1e:2b:ae:47:d5:7f:26:94:e8
Signer

Actual PE Digest

22:7d:3d:62:9c:6e:88:24:3d:93:50:1f:d2:66:df:46:13:65:63:1a:d0:de:22:1e:2b:ae:47:d5:7f:26:94:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AuthHost.pdb

Imports

msvcrt

memset
memcpy
_commode
__CxxFrameHandler4
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
wcstoul
_wcsnicmp
_purecall
_wcsicmp
wcsncmp
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_XcptFilter
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
?terminate@@YAXXZ
wcscmp

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
GetCurrentProcessId
CreateThread
ExitProcess
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockShared
SetEvent

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoRevokeClassObject
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-url-l1-1-0

ParseURLW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrTrimW

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

ntdll

RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlFreeHeap
RtlAllocateHeap

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AxInstUI.exe
.exe windows:10 windows x64 arch:x64

7d8dee85a40fc5307cb205608512d381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AxInstUI.pdb

Imports

kernel32

LocalFree
GetCommandLineW
CreateFileW
CloseHandle
GetLastError

user32

IsWindow

msvcrt

_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
__wgetmainargs
exit
?terminate@@YAXXZ
_exit
__set_app_type
_amsg_exit
_XcptFilter
swscanf_s
_commode
memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertControlStore
CertGetCertificateContextProperty
CertOpenStore
CertCloseStore

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

CommandLineToArgvW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BackgroundTransferHost.exe
.exe windows:10 windows x64 arch:x64

43ba7c14f952d3784267c6946f79bd81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BackgroundTransferHost.pdb

Imports

msvcrt

__C_specific_handler
_wcmdln
_fmode
_commode
_initterm
__setusermatherr
_cexit
malloc
_exit
exit
_callnewh
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_purecall
?terminate@@YAXXZ
__CxxFrameHandler3
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoActivateInstance
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BdeUISrv.exe
.exe windows:10 windows x64 arch:x64

10df48356defd9056d7e2f19500019aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BdeUISrv.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
OpenThreadToken
AddAccessAllowedAce
GetLengthSid
RegDeleteValueW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
UnregisterTraceGuids
RegisterTraceGuidsW
OpenProcessToken
GetTraceEnableLevel
AddAce
RegSetValueExW
IsValidSid
GetTraceEnableFlags
RegEnumKeyExW
GetTraceLoggerHandle
ConvertStringSidToSidW
CopySid
TraceMessage
RegCreateKeyExW
GetAce
SetSecurityDescriptorOwner
RegQueryInfoKeyW
GetAclInformation
RegCloseKey
SetSecurityDescriptorDacl
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
FreeSid
QueryServiceStatus
StartServiceW
OpenServiceW

kernel32

WaitForSingleObject
GetCurrentThreadId
CreateEventW
MultiByteToWideChar
Sleep
GetLastError
SetEvent
GetCurrentThread
CloseHandle
RaiseException
CreateThread
HeapSetInformation
FindResourceExW
LoadResource
GetProcAddress
LocalFree
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
LeaveCriticalSection
GetModuleFileNameW
GetCommandLineW
EnterCriticalSection
SizeofResource
InitializeCriticalSection
GetCurrentProcess
HeapAlloc
HeapFree
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW

user32

CharNextW
DispatchMessageW
CharUpperW
TranslateMessage
UnregisterClassA
PostThreadMessageW
GetMessageW

msvcrt

_fmode
__setusermatherr
_exit
exit
__set_app_type
_commode
_amsg_exit
_XcptFilter
_callnewh
_purecall
wcsncat_s
wcsncpy_s
malloc
free
wcscat_s
wcscpy_s
memcpy_s
__C_specific_handler
_errno
realloc
_lock
_unlock
_wcmdln
__wgetmainargs
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
_initterm
_cexit
memset

userenv

ExpandEnvironmentStringsForUserW

oleaut32

SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysStringByteLen

shell32

ShellExecuteExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoResumeClassObjects
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance

rpcrt4

RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
NdrClientCall3
RpcBindingFree

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BioIso.exe
.exe windows:10 windows x64 arch:x64

7ce5a8206846996fd8baa75413cbbb2a

Code Sign

33:00:00:04:8e:16:55:47:b1:c3:02:85:03:00:00:00:00:04:8e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-05-2024 23:19

Not After

14-05-2025 23:19

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:03:b9:9f:cf:ff:9c:8f:f0:7f:da:78:b4:bd:89:06:d4:a8:71:e9:a4:a4:3b:ec:62:ff:a8:7a:65:6d:dd
Signer

Actual PE Digest

08:ad:03:b9:9f:cf:ff:9c:8f:f0:7f:da:78:b4:bd:89:06:d4:a8:71:e9:a4:a4:3b:ec:62:ff:a8:7a:65:6d:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BioIso.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__crt_atexit
_o_atoi
_o_bsearch_s
_o_exit
_o_free
_o_isdigit
_o_iswalpha
_o_malloc
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
memcmp
_o__cexit
_o__callnewh
_o___p__commode
memcpy
_o___p___wargv
_o___p___argc
_o___stdio_common_vswprintf
__std_terminate
_o___stdio_common_vsnprintf_s
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexExW
CreateEventW
ResetEvent
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
ReleaseMutex
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetLengthSid
IsValidSid
GetTokenInformation
EqualSid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-file-l1-1-0

CompareFileTime

rpcrt4

RpcMgmtStopServerListening
RpcServerUseProtseqIfW
RpcServerRegisterIfEx
RpcServerUnregisterIf
NdrServerCallAll
NdrServerCall2
UuidFromStringA
RpcImpersonateClient
RpcRevertToSelfEx
RpcMgmtWaitServerListen
RpcServerListen

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualQuery
UnmapViewOfFile

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlEqualSid
RtlFreeHeap
RtlTimeFieldsToTime
RtlNtStatusToDosError
RtlImageNtHeader
NtQuerySystemInformation
RtlAllocateHeap

iumsdk

GetTaggedData
GetSecureIdentitySigningKey
GetSignedReport
EncryptData
OpenSecureSection
GetTaggedDataSize
DecryptData

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGECONS
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitLockerDeviceEncryption.exe
.exe windows:10 windows x64 arch:x64

f9ab900b18f04823f1f612ee6f5befca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BitLockerDeviceEncryption.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWriteTransfer
OpenProcessToken
OpenThreadToken
EventSetInformation
EventRegister
EventUnregister
RegDeleteTreeW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
EventWrite
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
DuplicateTokenEx
RegSetValueExW
RegSetKeyValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegGetValueA
RegGetValueW
RegCloseKey
RegOpenKeyExW

kernel32

ResolveDelayLoadedAPI
GetProcAddress
FreeLibrary
HeapAlloc
HeapFree
CloseHandle
GetVolumePathNameW
AcquireSRWLockExclusive
GetModuleHandleExA
SetEvent
CreateEventW
GetCurrentThread
RaiseException
LocalAlloc
GetProcessMitigationPolicy
GetModuleFileNameW
GetModuleHandleExW
SetLastError
HeapSetInformation
GetLastError
GetVolumePathNamesForVolumeNameW
ReleaseSRWLockExclusive
MultiByteToWideChar
CompareStringOrdinal
DelayLoadFailureHook
GetProcessHeap
LocalFree
HeapSize

msvcrt

_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
_exit
memmove
_stricmp
wcstoul
wcschr
__dllonexit
_onexit
memset
__setusermatherr
??1type_info@@UEAA@XZ
exit
memcpy
__CxxFrameHandler3
_CxxThrowException
iswascii
?what@exception@@UEBAPEBDXZ
_cexit
_vsnwprintf
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
wcscmp

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

fveskybackup

FveBackupRecoveryPasswordToSkyDrive
FveBackupRecoveryPasswordToCloudDomain

api-ms-win-core-com-l1-1-0

CoUninitialize
CoWaitForMultipleHandles
CLSIDFromString
CoInitializeEx
CoCreateInstance

fveapi

FveGetAuthMethodInformation
FveAddAuthMethodInformation
FveDeleteAuthMethod
FveGetStatus
FveCloseVolume
FveOpenVolumeW
FveCommitChanges
FveBackupRecoveryInformationToADEx
FveCheckTpmCapability
FveGetSecureBootBindingState
FveIsDeviceLockedOut
FveIsBoundDataVolumeToOSVolume
FveSetAllowKeyExport
FveSelectBestRecoveryPasswordByBackupInformation
FveBindDataVolume
FveGetVolumeNameW
FveGetIdentity

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

dsreg

DsrGetJoinInfoEx
DsrFreeJoinInfoEx

bcrypt

BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
NtPowerInformation
RtlNtStatusToDosError
NtQuerySystemInformation

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitLockerWizardElev.exe
.exe windows:10 windows x64 arch:x64

1438673c4b1b5696c777658ad76b5d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BitLockerWizardElev.pdb

Imports

kernel32

GetProcessHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetCurrentProcess
TerminateProcess
HeapSetInformation
GetCurrentProcessId
GetCommandLineW
UnhandledExceptionFilter

msvcrt

memset
_commode
_fmode
_acmdln
__iob_func
__C_specific_handler
_initterm
?terminate@@YAXXZ
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
fwprintf
towupper

fvewiz

FveuiWizard
FveuipClearFveWizOnStartup

ole32

CoInitialize
CoUninitialize

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ByteCodeGenerator.exe
.exe windows:10 windows x64 arch:x64

b702fd7ffebc67519666bfb64ba98381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ByteCodeGenerator.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
__CxxFrameHandler4
__std_terminate
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
RtlEnumerateGenericTableAvl
RtlReportException
RtlNumberGenericTableElementsAvl
RtlInitUnicodeString
RtlCompareUnicodeString
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlInitializeGenericTableAvl
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
RtlVirtualUnwind
RtlLookupElementGenericTableAvl
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnsubscribeWnfNotificationWaitForCompletion
NtSetInformationThread
RtlSubscribeWnfStateChangeNotification
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtQueryInformationThread

urlmon

CreateUri
CoInternetParseIUri

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
GetTokenInformation

rpcrt4

RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcServerInqBindings
RpcServerRegisterIf3
RpcMgmtStopServerListening
RpcServerListen
NdrServerCall2
NdrServerCallAll
RpcBindingVectorFree
UuidFromStringW
RpcObjectSetType
RpcEpRegisterW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegGetValueW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
ExitProcess
OpenProcessToken
GetCurrentThread

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-file-l1-1-0

WriteFile
GetFileAttributesExW
GetFileSizeEx
SetEndOfFile
SetFilePointer
CreateFileW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

oleaut32

SysFreeString

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CIDiag.exe
.exe windows:10 windows x64 arch:x64

1afe1300ea8bc875dfc78d078c5a6448

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CIDiag.pdb

Imports

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_lock
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_commode
_fmode
??1exception@@UEAA@XZ
__C_specific_handler
_callnewh
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
malloc
_initterm
__setusermatherr
_cexit
_exit
_CxxThrowException
?terminate@@YAXXZ
_onexit
__dllonexit
_purecall
exit
__set_app_type
??3@YAXPEAX@Z
__wgetmainargs
_amsg_exit
_wcsicmp
_XcptFilter
towlower
memmove
wprintf
__CxxFrameHandler3
_unlock
__CxxFrameHandler4
memcpy
memset

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileW
CreateFileW
CreateDirectoryW
FindNextFileW
FindClose

ntdll

NtQuerySystemInformation
RtlDosPathNameToNtPathName_U

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-kernel32-legacy-l1-1-1

GetFirmwareType

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

wevtapi

EvtFormatMessage
EvtOpenChannelConfig
EvtClose
EvtNext
EvtQuery
EvtOpenPublisherMetadata
EvtExportLog
EvtSaveChannelConfig
EvtSetChannelConfigProperty

bcd

BcdExportStore

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CameraSettingsUIHost.exe
.exe windows:10 windows x64 arch:x64

ea8169a1260eaee5890abeaebb003159

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:6d:ee:5f:54:86:f0:e4:a7:a6:65:2d:8a:f5:d6:7a:43:33:e1:fe:03:19:3f:89:b0:cf:05:a6:2c:4b:31:7b
Signer

Actual PE Digest

12:6d:ee:5f:54:86:f0:e4:a7:a6:65:2d:8a:f5:d6:7a:43:33:e1:fe:03:19:3f:89:b0:cf:05:a6:2c:4b:31:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CameraSettingsUIHost.pdb

Imports

advapi32

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids

kernel32

AcquireSRWLockShared
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReleaseSRWLockShared
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
IsDebuggerPresent
AcquireSRWLockExclusive
GetCurrentThreadId
EncodePointer
InitOnceExecuteOnce
GetStartupInfoW
TerminateProcess

user32

TranslateMessage
PostThreadMessageW
DispatchMessageW
GetMessageW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

dui70

InitThread
UnInitProcessPriv
UnInitThread
InitProcessPriv

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoReleaseServerProcess
CoUninitialize
CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoAddRefServerProcess

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

imm32

ImmDisableIME

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CastSrv.exe
.exe windows:10 windows x64 arch:x64

3cc761e65448d0359d83908cb970e8ee

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:13:65:fc:86:b6:b3:20:d5:f4:39:a2:f2:e0:a2:55:56:f3:30:c0:44:d5:ef:ca:3b:88:c7:a2:7f:24:3a:2a
Signer

Actual PE Digest

70:13:65:fc:86:b6:b3:20:d5:f4:39:a2:f2:e0:a2:55:56:f3:30:c0:44:d5:ef:ca:3b:88:c7:a2:7f:24:3a:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CastSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
OpenThreadToken
SetPriorityClass
GetCurrentThread

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CertEnrollCtrl.exe
.exe windows:10 windows x64 arch:x64

e8d91130a22bf0ef5ca8b60fd9e899e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CertEnrollCtrl.pdb

Imports

msvcrt

memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__CxxFrameHandler4
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strcspn
fprintf
wcscspn
fflush
fclose
fopen
_errno
_wgetenv
fseek
ftell
fwrite
_vsnwprintf
strchr
getenv
_vsnprintf
iswxdigit
iswdigit
_wcsnicmp
??3@YAXPEAX@Z
_purecall
malloc
_wcsicmp
wcsncmp
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??1type_info@@UEAA@XZ
_XcptFilter

certca

ord802
ord840
ord823
ord841
ord705
ord847
ord707
ord842
ord839

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadResource
LoadStringW
GetModuleHandleW
GetProcAddress
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

CreateFileW
GetFullPathNameW
CompareFileTime
DeleteFileW
GetTempFileNameW
FileTimeToLocalFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetLocaleInfoEx
GetACP

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

certenroll

ord20

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckNetIsolation.exe
.exe windows:10 windows x64 arch:x64

e437a3a0162600ce23b282a0dfa53d7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CheckNetIsolation.pdb

Imports

msvcrt

_exit
_cexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__setusermatherr
fprintf
_initterm
_wsetlocale
swprintf_s
towupper
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
wprintf
__iob_func
exit
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlIpv6AddressToStringW
RtlVirtualUnwind
RtlIsParentOfChildAppContainer
RtlFreeSid
RtlEqualSid
EtwTraceMessage
RtlIpv4AddressToStringW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler

ws2_32

htonl

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

fwpuclnt

FwpmEngineSetOption0
FwpmNetEventSubscribe4
FwpmEngineOpen0
FwpmFreeMemory0
FwpmNetEventUnsubscribe0
FwpmEngineClose0
FwpmProviderAdd0
FwpmFilterAdd0
FwpmEngineGetOption0

firewallapi

NetworkIsolationEnumAppContainers
NetworkIsolationGetAppContainerConfig
NetworkIsolationSetAppContainerConfig
FwEmptyWFAddresses

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CiTool.exe
.exe windows:10 windows x64 arch:x64

544049f986ec92ba18fed9616a84fd9c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ef:e7:8a:9e:96:62:fa:6d:86:49:82:aa:4c:b5:09:c5:51:65:5d:a4:96:f5:7a:0f:e3:e2:92:eb:c5:00:73
Signer

Actual PE Digest

13:ef:e7:8a:9e:96:62:fa:6d:86:49:82:aa:4c:b5:09:c5:51:65:5d:a4:96:f5:7a:0f:e3:e2:92:eb:c5:00:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CiTool.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
strcspn
__strncnt

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__free_base
_o__fseeki64
_o__get_initial_wide_environment
_o__get_stream_buffer_pointers
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsdup
_o__wfsopen
_o__wsetlocale
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floor
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_frexp
_o_fseek
_o_fsetpos
_o_fwrite
_o_islower
_o_isupper
_o_localeconv
_o_malloc
_o_rand
_o_realloc
_o_setlocale
_o_setvbuf
_o_srand
_o_terminate
_o_ungetc
_o_ungetwc
__uncaught_exception
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__calloc_base
_o__callnewh
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
__CxxFrameHandler4
memcmp
_o__configthreadlocale
memcpy

rpcrt4

RpcStringFreeW
UuidToStringW

ntdll

RtlGUIDFromString
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetSystemInformation

kernel32

SetLastError
HeapFree
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
CreateFileW
GetFileInformationByHandleEx
WideCharToMultiByte
GetStringTypeW
FormatMessageA
MultiByteToWideChar
LocalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileAttributesExW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
LocalFree
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW

advapi32

EventWriteTransfer

user32

LoadStringW

manageci

GetSBCPTokenByID
BeginRemoveSBCPToken
GetSModeUnlockID
BeginSetSBCPToken
End
ParsePolicy
IsInProgress
GetAllCIPolicies
BeginUpsertCIPolicy
GetCIPolicyByID
BeginTransaction
BeginRemoveCIPolicy
GetPolicyInformation
Rollback
Commit
GetTokenInformation
GetAllSBCPTokens
Start

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClipRenew.exe
.exe windows:10 windows x64 arch:x64

01f7cb5b9c9d78be5626b4e7e185aabd

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:40:b6:3d:3c:f7:85:b1:ea:83:89:1a:ae:ee:c6:30:52:74:b8:a4:5e:dc:27:91:11:14:b6:bf:45:ac:a2:30
Signer

Actual PE Digest

cd:40:b6:3d:3c:f7:85:b1:ea:83:89:1a:ae:ee:c6:30:52:74:b8:a4:5e:dc:27:91:11:14:b6:bf:45:ac:a2:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ClipRenew.pdb

Imports

msvcrt

?terminate@@YAXXZ
_onexit
memcpy
__dllonexit
memcmp
_vsnwprintf
_wcsicmp
_purecall
time
memmove_s
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
memmove
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy_s
_unlock
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
GetProcAddress
FindResourceExW
LoadResource
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

testdata
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClipUp.exe
.exe windows:10 windows x64 arch:x64

87818532c79e068c33e8cb576596e500

Code Sign

33:00:00:04:70:69:f2:ac:06:49:04:ec:1c:00:00:00:00:04:70
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-02-2024 19:22

Not After

07-02-2025 19:22

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:e7:99:a3:a9:e7:53:d0:cd:e0:76:45:0e:47:52:79:d9:22:39:6e:27:71:ca:45:cf:07:35:b0:1e:ee:f6:d5
Signer

Actual PE Digest

c5:e7:99:a3:a9:e7:53:d0:cd:e0:76:45:0e:47:52:79:d9:22:39:6e:27:71:ca:45:cf:07:35:b0:1e:ee:f6:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ClipUp.pdb

Imports

msvcrt

_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
malloc
memmove_s
free
time
wcsstr
rand
_wtoi
swscanf_s
memcpy_s
srand
wprintf
wcsncmp
vfwprintf
wcschr
_purecall
__setusermatherr
_initterm
vwprintf
_commode
_lock
_wcsicmp
towlower
__iob_func
qsort
_itow_s
__CxxFrameHandler4
_wcsnicmp
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memset
memmove
memcpy
memcmp
memchr
log10
_cexit
_vsnwprintf
_fmode
wcscmp

api-ms-win-core-file-l1-1-0

WriteFile
GetTempFileNameW
CreateDirectoryW
GetFileType
GetFileSize
FindFirstFileW
ReadFile
DeleteFileW
SetFilePointer
CompareFileTime
GetFileAttributesW
FindNextFileW
FindClose
WriteFileEx
CreateFileW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
SysFreeString
SysAllocString
SafeArrayAccessData
SafeArrayCreateVector
VariantClear

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegOpenCurrentUser
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptGenRandom
BCryptSignHash
BCryptImportKey
BCryptGenerateKeyPair
BCryptExportKey
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptFinalizeKeyPair
BCryptVerifySignature
BCryptGetProperty
BCryptKeyDerivation
BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptHashData
BCryptImportKeyPair

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
SleepEx
CreateEventW
AcquireSRWLockExclusive
WaitForSingleObjectEx
SetEvent
OpenSemaphoreW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
CreateSemaphoreExW
CreateMutexExW
DeleteCriticalSection
AcquireSRWLockShared

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetStdHandle

ncrypt

NCryptImportKey
NCryptOpenStorageProvider
NCryptFreeObject
NCryptExportKey

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LoadLibraryExA

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-com-l1-1-0

IIDFromString
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-processthreads-l1-1-0

InitializeProcThreadAttributeList
GetCurrentProcess
UpdateProcThreadAttribute
GetExitCodeProcess
GetCurrentThread
OpenProcessToken
TerminateProcess
GetCurrentProcessId
CreateProcessW
GetCurrentThreadId

crypt32

CryptQueryObject
CertFreeCertificateContext
CryptImportPublicKeyInfoEx2

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-localization-l1-2-0

LCMapStringW
LCMapStringEx
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetVersionExA
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetSystemInfo

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-security-cryptoapi-l1-1-0

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDestroyKey
CryptReleaseContext
CryptVerifySignatureW
CryptImportKey
CryptAcquireContextW
CryptGetHashParam

api-ms-win-security-base-l1-1-0

GetTokenInformation
FreeSid
GetLengthSid

rpcrt4

UuidCreate
I_RpcMapWin32Status

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlDeleteFunctionTable
RtlAddFunctionTable
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlGetPersistedStateLocation

cryptxml

CryptXmlSign
CryptXmlClose
CryptXmlVerifySignature
CryptXmlEncode
CryptXmlGetDocContext
CryptXmlCreateReference
CryptXmlGetSignature
CryptXmlGetStatus
CryptXmlOpenToDecode
CryptXmlOpenToEncode
CryptXmlGetReference

webservices

WsFreeReader
WsReadStartAttribute
WsReadEndAttribute
WsMoveReader
WsGetReaderNode
WsReadChars
WsSetInputToBuffer
WsFreeHeap
WsFindAttribute
WsGetReaderPosition
WsSetReaderPosition
WsReadStartElement
WsCreateError
WsReadElement
WsReadToStartElement
WsFreeError
WsCreateHeap
WsCreateReader
WsSkipNode
WsReadXmlBufferFromBytes
WsDateTimeToFileTime

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 868KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudExperienceHostBroker.exe
.exe windows:10 windows x64 arch:x64

5e12cc496db425450ff667e5d434782f

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:4a:98:1e:2c:ba:cb:69:0a:86:fa:1b:a3:26:9e:98:7d:46:2a:10:b8:51:b4:16:14:2a:6f:09:b7:7e:ed:c3
Signer

Actual PE Digest

95:4a:98:1e:2c:ba:cb:69:0a:86:fa:1b:a3:26:9e:98:7d:46:2a:10:b8:51:b4:16:14:2a:6f:09:b7:7e:ed:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CloudExperienceHostBroker.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
_onexit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
_purecall
??1type_info@@UEAA@XZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler3
memmove
exit
__CxxFrameHandler4
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
CreateMutexExW
ReleaseMutex
OpenEventW
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateSemaphoreExW
CreateEventExW
SetEvent
ReleaseSRWLockShared
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoCreateFreeThreadedMarshaler
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoImpersonateClient
CoRevertToSelf
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoRevokeClassObject
CoDisconnectObject

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

combase

ord69

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudNotifications.exe
.exe windows:10 windows x64 arch:x64

82f06946cb1b3231fd5e208f6379dcb3

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:ef:44:d8:ae:8e:fc:dc:8e:7e:3d:0b:00:ab:a0:65:21:9c:5f:0c:af:ec:97:36:70:3e:d7:ab:76:10:57:51
Signer

Actual PE Digest

9b:ef:44:d8:ae:8e:fc:dc:8e:7e:3d:0b:00:ab:a0:65:21:9c:5f:0c:af:ec:97:36:70:3e:d7:ab:76:10:57:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CloudNotifications.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
CreateSemaphoreExW
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CreateMutexW
LockResource
LoadResource
FindResourceExW
GetModuleFileNameA
ResolveDelayLoadedAPI
DelayLoadFailureHook
HeapAlloc

user32

DispatchMessageW
TranslateMessage
GetMessageW

msvcrt

__CxxFrameHandler3
memcmp
_onexit
_wcmdln
__dllonexit
_commode
_fmode
?terminate@@YAXXZ
_unlock
_lock
__C_specific_handler
_initterm
__setusermatherr
_cexit
??1type_info@@UEAA@XZ
memmove
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
wcsstr
memmove_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memset

shlwapi

SHGetThreadRef
PathAppendW
PathRemoveFileSpecW
ord487

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetCurrentProcess
TerminateProcess
TlsAlloc

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsReplaceString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockExclusive

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

ntdll

WinSqmAddToStream

uxtheme

GetCurrentThemeName

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompMgmtLauncher.exe
.exe windows:10 windows x64 arch:x64

538a832defc229579607486bf4d9d0ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompMgmtLauncher.pdb

Imports

kernel32

GetVersionExW
GetFileAttributesW
GetLastError
CloseHandle
FlushFileBuffers
CreateFileW
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
SetThreadStackGuarantee
IsProcessorFeaturePresent
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
DecodePointer
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameA
HeapCreate
HeapSetInformation
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
HeapFree
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapAlloc
GetConsoleCP
GetConsoleMode
SetFilePointer
MultiByteToWideChar
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlVirtualUnwind

shell32

ShellExecuteExW
SHGetKnownFolderPath

api-ms-win-core-com-l1-1-0

CoTaskMemFree

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompPkgSrv.exe
.exe windows:10 windows x64 arch:x64

d7ed93426f31f100eeb90be258936765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompPkgSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_atoi
_o_exit
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strncpy_s
_o_terminate
_o_wcstombs_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
_o___p__commode
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
memcmp
memcpy
wcsrchr

api-ms-win-crt-string-l1-1-0

strnlen
memset
memmove_s
wcscmp

comppkgsup

GetMediaComponentPackageInfoInternal

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeSRWLock
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsGetValue
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsSetValue

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
FreeLibrary
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CompatTelRunner.exe
.exe windows:10 windows x64 arch:x64

d876ebdd4961ab5027389ebd89990f01

Code Sign

33:00:00:05:56:c9:20:2b:1f:74:32:5d:2d:00:00:00:00:05:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:17:e0:6c:d4:ac:c3:c5:ad:bc:d7:12:2a:59:dc:85:fb:0f:71:2b:c5:17:2b:64:c2:9e:e6:12:f7:09:18:61
Signer

Actual PE Digest

fe:17:e0:6c:d4:ac:c3:c5:ad:bc:d7:12:2a:59:dc:85:fb:0f:71:2b:c5:17:2b:64:c2:9e:e6:12:f7:09:18:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CompatTelRunner.pdb

Imports

msvcrt

_CxxThrowException
memcpy
_callnewh
memmove
malloc
memcmp
memset
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strncmp
__dllonexit
_unlock
_lock
_wcslwr
_commode
_fmode
__C_specific_handler
_initterm
wcscat_s
__setusermatherr
??0exception@@QEAA@AEBQEBDH@Z
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wfopen_s
iswalpha
fwprintf
wcscpy_s
sprintf_s
strcpy_s
wcsncmp
_wtoi64
sscanf_s
strchr
_vsnprintf
_stricmp
_wcsicmp
iswdigit
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
_cexit
??_V@YAXPEAX@Z
wcschr
memmove_s
_vsnprintf_s
wcsstr
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
wcsrchr
_wtof
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_wtoi
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
_onexit
wcscmp

ntdll

RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlAdjustPrivilege
RtlImageDirectoryEntryToData
RtlAllocateAndInitializeSid
RtlFreeSid
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtCreateEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlNtStatusToDosError

rpcrt4

UuidCreate

ws2_32

WSACleanup
freeaddrinfo
WSAGetLastError
gethostname
WSAStartup
getaddrinfo

aepic

ord106
ord107
ord103
ord105
ord101
ord104
ord100
ord109
ord102
ord108

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
WaitForSingleObjectEx
ReleaseSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObject
TryAcquireSRWLockExclusive
OpenSemaphoreW
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
OpenWaitableTimerW
CreateMutexW
CreateEventW
CreateSemaphoreExW
ReleaseMutex
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSemaphore
SetWaitableTimer
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
SetPriorityClass
GetExitCodeProcess
CreateProcessW
ExitProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryA
GetTickCount64
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegGetValueW
RegEnumValueW
RegSetKeySecurity
RegSaveKeyExW
RegSetValueExW
RegDeleteKeyExW
RegOpenKeyExW
RegLoadAppKeyW
RegLoadKeyW
RegCloseKey
RegUnLoadKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

SignalObjectAndWait
Sleep

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW
WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegDeleteKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesW
CreateFileW
GetFileTime
WriteFile

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId
GetSystemPowerStatus

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetCredentials
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpGetDefaultProxyConfiguration

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

oleaut32

SysAllocString
SysFreeString
SysStringLen

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ComputerDefaults.exe
.exe windows:10 windows x64 arch:x64

f80fc6ef610cc28e0f47123bdb00c150

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ComputerDefaults.pdb

Imports

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

?terminate@@YAXXZ
_onexit
__setusermatherr
_cexit
__dllonexit
_unlock
_initterm
_wcmdln
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_lock
_fmode
_commode
memcpy_s
exit
_vsnwprintf
_exit
memset

shell32

ShellExecuteExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredentialEnrollmentManager.exe
.exe windows:10 windows x64 arch:x64

6c603c0cfe0bcb8074aa71a4981e081b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:28:5c:fa:08:95:0f:3c:65:e5:19:78:e6:d2:6f:7d:ee:85:86:70:88:4a:76:67:cb:05:5d:6e:0b:52:72:05
Signer

Actual PE Digest

12:28:5c:fa:08:95:0f:3c:65:e5:19:78:e6:d2:6f:7d:ee:85:86:70:88:4a:76:67:cb:05:5d:6e:0b:52:72:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CredentialEnrollmentManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
memmove
_o_ceilf
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FindResourceExW
GetModuleHandleW
LoadResource
LockResource
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
ReleaseSemaphore
WaitForSingleObject
SetEvent
ReleaseSRWLockShared
OpenEventW
InitializeCriticalSectionAndSpinCount
CreateEventExW
CreateMutexExW
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateEventW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoActivateInstance
RoGetActivationFactory
RoUninitialize
RoInitialize
RoRevokeActivationFactories

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess
PropVariantClear
CoRegisterClassObject
CoAddRefServerProcess
CoMarshalInterface
CoDisconnectContext
CoReleaseMarshalData
CoInitializeSecurity
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
MakeAbsoluteSD
GetLengthSid
CopySid
GetTokenInformation

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsCompareStringOrdinal

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetComputerNameExW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord66
ord69
ord68
ord67

msvcp_win

_Mtx_destroy_in_situ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_lock
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_wait
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_C_error@std@@YAXH@Z
_Query_perf_counter
_Query_perf_frequency
_Xtime_get_ticks
_Cnd_timedwait
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_unlock
_Mtx_init_in_situ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

oleaut32

SafeArrayGetUBound
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayGetLBound

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlAllocateHeap
RtlInitString
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiSessionSku
RtlIsMultiUsersInSessionSku
RtlCompareUnicodeString
RtlInitUnicodeString
RtlNtStatusToDosErrorNoTeb

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-security-lsalookup-l1-1-2

LsaLookupUserAccountType

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

sspicli

LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LogonUserExExW
LsaConnectUntrusted

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaClose
LsaFreeMemory
LsaLookupSids

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-rtcore-ntuser-private-l1-1-0

GetWindowBand

api-ms-win-rtcore-ntuser-window-l1-1-0

GetPropW
GetWindowThreadProcessId

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CredentialUIBroker.exe
.exe windows:10 windows x64 arch:x64

fa79c95e00320c3106692952db7f17ac

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:64:7f:04:28:1e:9e:96:c4:96:30:41:ff:97:91:f1:11:2f:66:79:fc:c2:e5:cd:1a:d8:ce:d4:71:04:0f:dd
Signer

Actual PE Digest

6c:64:7f:04:28:1e:9e:96:c4:96:30:41:ff:97:91:f1:11:2f:66:79:fc:c2:e5:cd:1a:d8:ce:d4:71:04:0f:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CredentialUIBroker.pdb

Imports

advapi32

EventActivityIdControl
GetTokenInformation
EventUnregister
RegGetValueW
RegOpenKeyExW
CheckTokenMembership
OpenProcessToken
RegEnumKeyExW
EventSetInformation
AllocateAndInitializeSid
EventRegister
EventWriteTransfer
RegQueryInfoKeyW
RegCloseKey

kernel32

GetModuleFileNameA
FindStringOrdinal
InitOnceBeginInitialize
InitOnceExecuteOnce
CreateSemaphoreExW
HeapFree
SetLastError
CreateEventExW
EnterCriticalSection
ReleaseSemaphore
RegisterWaitForSingleObject
GetModuleHandleExW
UnregisterWait
GetProcessId
EncodePointer
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
OpenEventW
ReleaseMutex
OpenProcess
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
CreateThreadpoolTimer
CreateThread
HeapAlloc
DecodePointer
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
QueryFullProcessImageNameW
DebugBreak
IsDebuggerPresent
DelayLoadFailureHook
ResolveDelayLoadedAPI
GlobalGetAtomNameW

user32

GetWindowThreadProcessId
GetMessageW
ord2521
GetWindowBand
IsWindow
GetWindowRect
IsWindowVisible
GetPropW
GetShellWindow
GetDesktopWindow
DispatchMessageW
TranslateMessage
PostThreadMessageW
PostQuitMessage

msvcrt

__set_app_type
memcmp
_callnewh
malloc
wcschr
_exit
_amsg_exit
_XcptFilter
free
_cexit
__setusermatherr
memcpy
_initterm
__wgetmainargs
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
memmove_s
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
exit
memset

shlwapi

ord12
SHSetThreadRef

api-ms-win-core-com-l1-1-0

CoReleaseServerProcess
CoTaskMemAlloc
CoCreateGuid
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoAddRefServerProcess
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoGetCallContext
CoRevokeClassObject
CoResumeClassObjects
CoTaskMemRealloc

oleaut32

SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDuplicateString
WindowsCreateString
WindowsIsStringEmpty
WindowsDeleteString
WindowsStringHasEmbeddedNull

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoUninitialize
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetLengthSid
CopySid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalAlloc

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlEqualSid
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlIsParentOfChildAppContainer

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CustomInstallExec.exe
.exe windows:10 windows x64 arch:x64

69cb6aaa8e7be4ed6eb03f3cbc946c0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CustomInstallExec.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o__wtoi
_o__wtoi64
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
LoadStringW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
OpenProcessToken
CreateProcessW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-security-base-l1-1-0

IsValidSid
GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags
WerGetFlags

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ntdll

NtQueryInformationProcess
NtQueryMutant

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-rtcore-ntuser-window-l1-1-0

EnableWindow
AllowSetForegroundWindow
SetWindowTextW
DefWindowProcW
EnumWindows
ShowWindow
SetForegroundWindow
RegisterClassExW
CreateWindowExW
GetWindowThreadProcessId

comctl32

InitCommonControlsEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataExchangeHost.exe
.exe windows:10 windows x64 arch:x64

49c1ddf00d65adc71a873b54d5ac58d7

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:3b:d2:c5:33:bd:84:39:53:49:19:c3:8d:02:a5:3c:43:94:18:8f:f9:11:1c:ad:72:43:8b:95:bc:a5:b0:3b
Signer

Actual PE Digest

c7:3b:d2:c5:33:bd:84:39:53:49:19:c3:8d:02:a5:3c:43:94:18:8f:f9:11:1c:ad:72:43:8b:95:bc:a5:b0:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataExchangeHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_abort
_o_ceilf
_o_exit
_o_floor
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
FindResourceExW
GetModuleHandleExW
LockResource
GetModuleHandleW
FreeLibrary
LoadResource

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
LeaveCriticalSection
AcquireSRWLockShared
CreateEventW
CreateMutexExW
SetEvent
ResetEvent
AcquireSRWLockExclusive
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
CreateSemaphoreExW
InitializeCriticalSection
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
SetPriorityClass
OpenProcessToken
GetStartupInfoW
GetCurrentThread
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoRegisterClassObject
CoDecrementMTAUsage
CoUninitialize
CoFreeUnusedLibrariesEx
CoInitializeEx
CoResumeClassObjects
CoCreateInstance
CoCancelCall
CoInitializeSecurity
CoEnableCallCancellation
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoGetCallerTID
CoTaskMemFree
CoReleaseServerProcess
CoTaskMemAlloc
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoAddRefServerProcess
CoGetMalloc
CoRevokeClassObject
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
CoDisableCallCancellation
CoGetCallContext

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoRevokeActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringLen
WindowsCreateString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthority
DuplicateTokenEx

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalUnlock
GlobalLock

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlFreeHeap
ZwQueryWnfStateData
RtlNtStatusToDosError
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
RtlAllocateHeap
RtlPublishWnfStateData
NtQueryInformationToken

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-shcore-stream-l1-1-0

IStream_Read
IStream_Reset
IStream_Size

api-ms-win-core-debug-l1-1-1

CheckRemoteDebuggerPresent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-rtcore-ntuser-window-l1-1-0

SetTimer
DefWindowProcW
ShowWindow
PostMessageW
SendMessageW
UnregisterClassW
DestroyWindow
GetWindowLongPtrW
TranslateMessage
SetForegroundWindow
WindowFromPoint
GetMessageW
GetParent
GetWindowThreadProcessId
GetDesktopWindow
AllowSetForegroundWindow
GetWindowRect
GetPropW
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
DispatchMessageW
GetWindowLongW
ClientToScreen
GetForegroundWindow
ScreenToClient

d2d1

ord7

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

d3d11

D3D11CreateDevice

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

dwrite

DWriteCreateFactory

api-ms-win-rtcore-ntuser-clipboard-l1-1-0

GetClipboardFormatNameW

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFullName

combase

ord69
ord99

twinapi

ord11
ord12

dcomp

ord1019
DCompositionCreateDevice2

user32

ord2550
GetTopLevelWindow
ord2557
SetCapture
GetCapture
IsIconic
ord2521
AttachThreadInput
GetSysColor
GetAsyncKeyState
SetProcessDefaultLayout
GetWindowDpiAwarenessContext
ReleaseCapture
SendInput

msvcp_win

?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataStoreCacheDumpTool.exe
.exe windows:10 windows x64 arch:x64

92d24aaef3eb74338a5a2498bef83307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DataStoreCacheDumpTool.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_errno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__configure_wide_argv
_o__wfopen
_o_ceilf
_o_exit
_o_fclose
_o_free
_o_malloc
_o_sqrt
_o_terminate
_o_towupper
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__callnewh
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionEx
AcquireSRWLockExclusive
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
CreateMutexExW
AcquireSRWLockShared
ReleaseSemaphore
DeleteCriticalSection
WaitForSingleObject
EnterCriticalSection
CreateEventExW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
StringFromGUID2
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
TerminateProcess
GetCurrentThread

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-path-l1-1-0

PathCchCanonicalizeEx
PathCchRemoveFileSpec

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize
ReadFile

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Read
SHCreateMemStream
IStream_Size

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Defrag.exe
.exe windows:10 windows x64 arch:x64

98b596156d97a7ea63632cfc56d4c734

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

defrag.pdb

Imports

msvcrt

localeconv
_wsetlocale
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
fclose
_vsnwprintf
memcpy_s
_exit
sprintf_s
_cexit
__setusermatherr
_initterm
swscanf_s
iswspace
_vscwprintf
_callnewh
strchr
wcschr
__iob_func
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
wprintf
__CxxFrameHandler3
_wcsicmp
?terminate@@YAXXZ
memmove
free
fflush
fputws
malloc
memcpy
mbtowc
_wfopen
__C_specific_handler
memset

ntdll

RtlGetPersistedStateLocation
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlCaptureStackBackTrace

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString
SysStringLen

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetVolumeInformationW
ReadFile
CreateDirectoryW
CreateFileW
WriteFile
GetVolumePathNameW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetTempFileNameW
GetFullPathNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoDisconnectObject
CoCreateGuid

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetVersionExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ResetEvent
SetEvent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
LoadStringW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

rpcrt4

UuidCreate

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-security-base-l1-1-0

IsWellKnownSid
GetTokenInformation

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

sxshared

SxTracerDebuggerBreak
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure

api-ms-win-eventing-controller-l1-1-0

StartTraceW
EnableTraceEx2
ControlTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-eventlog-legacy-l1-1-0

RegisterEventSourceW
ReportEventW
DeregisterEventSource

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agentactivationruntimestarter.exe
.exe windows:10 windows x64 arch:x64

ae8a657d931c8f4598f99cf55a9f1562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AgentActivationRuntimeStarter.pdb

Imports

msvcp110_win

?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_purecall
??3@YAXPEAX@Z
__CxxFrameHandler4
memcpy

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize
RoGetActivationFactory

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aitstatic.exe
.exe windows:10 windows x64 arch:x64

a71dd85f2eb4dbb8ad73068c535d12c2

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:f5:d6:68:f8:97:5f:cc:51:b1:06:4f:61:5c:fe:5c:b5:26:90:14:a1:a1:41:05:cc:22:1c:ea:22:7f:6c:9a
Signer

Actual PE Digest

aa:f5:d6:68:f8:97:5f:cc:51:b1:06:4f:61:5c:fe:5c:b5:26:90:14:a1:a1:41:05:cc:22:1c:ea:22:7f:6c:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AitStatic.pdb

Imports

kernel32

CreateSemaphoreExW
GetProcessHeap
HeapAlloc
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
HeapFree
VirtualProtect
LocalFree
WideCharToMultiByte
UnmapViewOfFile
GetFileInformationByHandle
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
RaiseException
GetFileAttributesW
MultiByteToWideChar
GetModuleFileNameA
GetSystemDirectoryW
HeapReAlloc
WaitForSingleObject
FindClose
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
FormatMessageW
ReleaseMutex
LocalAlloc
ReleaseSemaphore
GetSystemTimeAsFileTime
HeapSetInformation
GetSystemWow64DirectoryW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetLastError
WriteFile
GetModuleHandleExW
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
GetLastError
CloseHandle
GetProcAddress
FreeLibrary
DebugBreak
LoadLibraryExW
IsDebuggerPresent
FindFirstFileW
FindNextFileW

msvcrt

__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wfullpath
printf
vprintf
_wcsicmp
_vsnwprintf
_vsnprintf
wcscpy_s
wcscat_s
_wcslwr
strcpy_s
wcschr
wcsstr
strchr
_wcsnicmp
wcsrchr
wcsncmp
_commode
_lock
_strdup
_strrev
bsearch_s
free
_stricmp
_wcsrev
qsort_s
??3@YAXPEAX@Z
_purecall
strnlen
memcpy_s
strrchr
strncpy_s
_ui64toa_s
_strnicmp
??_V@YAXPEAX@Z
wcstombs_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
_fmode
swscanf_s
iswalpha
wcspbrk
sprintf_s
memset

ntdll

EtwEventRegister
ZwClose
ZwQuerySystemInformation
RtlGUIDFromString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
EtwEventWrite
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
RtlCharToInteger
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtClose
NtQueryInformationFile
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventWriteNoRegistration
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
EtwEventUnregister

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

advapi32

EventRegister
EventUnregister
EventWriteTransfer

shlwapi

PathFindExtensionA
PathStripPathW
PathFindExtensionW
PathRemoveBackslashW

Exports

Exports

CreateDCW
DeleteDC
GetFirmwareType
RtlCheckPortableOperatingSystem

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alg.exe
.exe windows:10 windows x64 arch:x64

0a7a2e70ff1c1295203cb6c0b3d76235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ALG.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
exit
_lock
_unlock
__set_app_type
_exit
__dllonexit
__wgetmainargs
_amsg_exit
_XcptFilter
_onexit
?terminate@@YAXXZ
_cexit
_commode
_fmode
_initterm
memmove
__CxxFrameHandler4
_wcmdln
isdigit
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@XZ
memmove_s
memcpy_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
realloc
wcscat_s
malloc
free
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
__setusermatherr
memcmp
memcpy
memset

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
WaitForSingleObject

api-ms-win-core-libraryloader-l1-2-0

LoadResource
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
FindResourceExW
SizeofResource
GetProcAddress

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateThread
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
CreateTimerQueue
DeleteTimerQueueEx
DeleteTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

cryptbase

SystemFunction036

mswsock

AcceptEx
GetAcceptExSockaddrs

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

BindIoCompletionCallback

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidcertstorecheck.exe
.exe windows:10 windows x64 arch:x64

7168353edbe3ab24a184bb681fd55ae6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidcertstorecheck.pdb

Imports

msvcrt

_lock
_unlock
__dllonexit
_exit
__set_app_type
_commode
?terminate@@YAXXZ
memcmp
_fmode
exit
__wgetmainargs
_cexit
__setusermatherr
_initterm
__C_specific_handler
_vsnwprintf
_amsg_exit
_XcptFilter
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
_onexit
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ResetEvent
ReleaseMutex
SetEvent
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
WaitForSingleObject
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-namespace-l1-1-0

AddSIDToBoundaryDescriptor
ClosePrivateNamespace
OpenPrivateNamespaceW
CreatePrivateNamespaceW
CreateBoundaryDescriptorW
DeleteBoundaryDescriptor

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-file-l1-1-0

CompareFileTime
CreateFileW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

ntdll

EtwEventWriteTransfer
EtwEventUnregister
EtwEventWrite
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidpolicyconverter.exe
.exe windows:10 windows x64 arch:x64

88c456fe094be3232ebf85407cd4909f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidpolicyconverter.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memmove
memcpy
__RTDynamicCast
wcstol
_ui64tow_s
_vsnwprintf_s
_wtoi
towupper
??0exception@@QEAA@XZ
memset
__CxxFrameHandler4
_wsetlocale
_wcsicmp
wcscpy_s
wcsstr
qsort
_wcsnicmp
wcsncmp
swscanf_s
_callnewh
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
_purecall
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
FlushFileBuffers
WriteFile

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeSecurity

api-ms-win-core-synch-l1-1-0

SleepEx
CreateMutexExW
WaitForSingleObject
ReleaseMutex

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-namespace-l1-1-0

AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
ClosePrivateNamespace
CreateBoundaryDescriptorW

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorDacl

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessage
NtSetValueKey
NtClose
NtOpenKey
EtwEventWriteTransfer
NtQueryLicenseValue
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlFreeHeap
RtlAllocateHeap
EtwEventUnregister
EtwEventWrite
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromId

srpapi

AppIDFreeAttributeString
AppIDEncodeAttributeString

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidtel.exe
.exe windows:10 windows x64 arch:x64

ee8cadc7162a0f5d13ed90f25bbd2d68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

appidtel.pdb

Imports

msvcrt

_exit
_cexit
__setusermatherr
_initterm
_fmode
exit
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__C_specific_handler
_wtoi64
_purecall
??3@YAXPEAX@Z
_wcsicmp
_commode
__CxxFrameHandler4

ntdll

RtlCaptureContext
NtQuerySystemTime
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegCloseKey
ChangeServiceConfigW
RegCreateKeyW
StartServiceW
RegSetValueExW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenServiceW

kernel32

GetLastError
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
at.exe
.exe windows:10 windows x64 arch:x64

706b3b3a140a0d02348522c84c2cb7b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

at.pdb

Imports

msvcrt

strcpy_s
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
sscanf_s
strspn
_exit
_cexit
malloc
_stricmp
__setusermatherr
_initterm
wcscpy_s
strpbrk
__C_specific_handler
_fmode
wcsrchr
_commode
strchr
free
memset
wcschr
fgets
wcstok_s
wcstoul
strcat_s
_itoa_s
_wcsupr
exit
_wcsicmp
_vsnwprintf
?terminate@@YAXXZ
__iob_func
wcscmp

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-console-l1-1-0

GetConsoleMode
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetCPInfo
SetThreadUILanguage
GetThreadLocale

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType

schedcli

NetScheduleJobGetInfo
NetScheduleJobDel
NetScheduleJobAdd
NetScheduleJobEnum

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-privateprofile-l1-1-0

GetProfileIntA
GetProfileStringA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
attrib.exe
.exe windows:10 windows x64 arch:x64

2cb38fe7d8f223d9da50b7cba9b95a6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

attrib.pdb

Imports

ulib

??0CLASS_DESCRIPTOR@@QEAA@XZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBD@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??1FSN_FILTER@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?WorkOnReparsePoint@FSNODE@@QEAAEE@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?Initialize@FSN_FILTER@@QEAAEXZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??1OBJECT@@UEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??0FSN_FILTER@@QEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
??1DSTRING@@UEAA@XZ

api-ms-win-core-heap-l1-1-0

HeapSetInformation

ntdll

RtlAllocateHeap
RtlFreeHeap

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
swprintf_s

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
audiodg.exe
.exe windows:10 windows x64 arch:x64

9b2dcee32bd17768b475918dc58d2d9c

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:0c:56:69:99:6b:47:f0:63:6a:ef:af:5c:24:7c:6a:df:be:75:65:72:35:7a:70:65:10:91:ed:3c:1b:eb:1e
Signer

Actual PE Digest

25:0c:56:69:99:6b:47:f0:63:6a:ef:af:5c:24:7c:6a:df:be:75:65:72:35:7a:70:65:10:91:ed:3c:1b:eb:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AudioDG.pdb

Imports

msvcp_win

_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-math-l1-1-0

_isnan

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcstoui64
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_floor
_o_free
_o_malloc
_o_powf
_o_realloc
_o_sqrt
_o_terminate
_o_wcsncpy_s
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
__C_specific_handler_noexcept
memcpy
_CxxThrowException
memcmp
_o__configure_wide_argv
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o__configthreadlocale
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__exit
_o___p__commode
_o__errno
__std_type_info_compare
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_o__crt_atexit

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW
FreeLibrary
FindResourceExW
LockResource
SizeofResource
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadResource
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
TryEnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
CreateMutexExW
OpenSemaphoreW
CreateEventExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
InitializeCriticalSection
LeaveCriticalSection
CreateWaitableTimerExW
ResetEvent
EnterCriticalSection
CancelWaitableTimer
SetEvent
InitializeSRWLock
SetWaitableTimer
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
GetThreadId
GetCurrentProcess
GetCurrentProcessId
TlsFree
SetThreadPriority
GetCurrentThread
TerminateProcess
CreateThread
GetStartupInfoW
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
GetHandleInformation
DuplicateHandle

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
Sleep
InitOnceComplete
WakeByAddressAll
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree

api-ms-win-core-featurestaging-l1-1-0

SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
GetFeatureEnabledState

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolThreadMinimum
SetThreadpoolTimer
CloseThreadpoolCleanupGroup
CloseThreadpoolTimer
CreateThreadpool
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolWait
CloseThreadpoolWork
TrySubmitThreadpoolCallback
CloseThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolCleanupGroupMembers
CloseThreadpool

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Unregister_Notification
CM_Open_DevNode_Key
CM_MapCrToWin32Err
CM_Register_Notification

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlReportException
NtSetTimerResolution
NtClose
NtQueryWnfStateData
NtQueryInformationProcess
EtwEventActivityIdControl
EtwLogTraceEvent
NtSetInformationProcess
NtSetInformationThread
NtSetSystemInformation
NtAlpcSendWaitReceivePort
NtQuerySystemInformation
EtwEventRegister
EtwEventUnregister
EtwEventWriteTransfer
AlpcGetMessageAttribute
EtwUnregisterTraceGuids
EtwEventSetInformation
NtAlpcCreatePort
EtwGetTraceEnableFlags
EtwTraceMessage
NtCreateWnfStateName
NtDeleteWnfStateName
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
AlpcInitializeMessageAttribute
EtwRegisterTraceGuidsW
NtAlpcAcceptConnectPort
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlInitUnicodeStringEx
NtAlpcOpenSenderProcess
NtAlpcConnectPort
RtlRandomEx
RtlExtendMemoryBlockLookaside
RtlDestroyMemoryBlockLookaside
RtlCreateMemoryZone
RtlNtStatusToDosError
RtlLockCurrentThread
RtlFreeMemoryBlockLookaside
RtlLockMemoryZone
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnlockCurrentThread
RtlLockMemoryBlockLookaside
RtlUnlockModuleSection
RtlLockModuleSection
RtlSubscribeWnfStateChangeNotification
RtlCreateMemoryBlockLookaside
RtlUnlockMemoryBlockLookaside
RtlDestroyMemoryZone
RtlAllocateMemoryBlockLookaside
ShipAssert
RtlConvertHostPerfCounterToPerfCounter
RtlAllocateMemoryZone
RtlPublishWnfStateData
RtlUnlockMemoryZone

mmdevapi

ord2
ord33
ord4
ord9
ord29
ord8
ord26
ord7

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsDuplicateString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 640KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 4KB - Virtual size: 314B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auditpol.exe
.exe windows:10 windows x64 arch:x64

fa2cfab845a1096fb0f05ee99677bdd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

auditpol.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
_onexit
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
_wcsnicmp
??_V@YAXPEAX@Z
_wsetlocale
?terminate@@YAXXZ
__CxxFrameHandler4
_wcsicmp
??3@YAXPEAX@Z
wprintf
__iob_func
_vsnwprintf

auditpolcore

LoadFormatStringAndPrintToConsole
DisplayMessage
GetDisplayPolicy
AdtRemoveBasePolicy
AdtSetSystemPolicy
AdtRestorePolicy
AdtRemoveAllUsers
AdtEnableSinglePrivilege
AuditPolicyData_DeleteAuditDataInstance
SetDisplayPolicy
AdtParseGuidOrNameArray
AdtClearPolicy
AdtListCategories
AdtLoadStringEx
AdtGetOption
AdtSetPerUserPolicy
AdtBackupPolicy
AdtGetPerUserPolicy
AdtSetOption
DisplayMessageToSpecificConsoleHandle
AdtGetSystemPolicy
AdtParseAuditOptionName
AdtListSubCategories

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
GetSecurityDescriptorSacl
GetAclInformation
DeleteAce
SetSecurityDescriptorSacl
GetAce
EqualSid
GetLengthSid

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-audit-l1-1-1

AuditQueryGlobalSaclW
AuditSetGlobalSaclW
AuditEnumeratePerUserPolicy
AuditQuerySecurity
AuditSetSecurity

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids
LsaClose
LsaOpenPolicy
LsaFreeMemory

api-ms-win-security-audit-l1-1-0

AuditFree

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

ntdll

RtlNtStatusToDosError
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autochk.exe
.sys windows:10 windows x64 arch:x64

020b9cfbef6c56682225f237706926b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

autochk.pdb

Imports

ntdll

NtWriteFile
_wcsicmp
NtOpenKey
RtlPublishWnfStateData
NtQuerySymbolicLinkObject
LdrSetMUICacheType
RtlSetSystemBootStatus
RtlInitUnicodeString
RtlGetSystemBootStatus
RtlPrefixUnicodeString
NtSerializeBoot
NtClose
RtlEqualUnicodeString
NtFsControlFile
wcsstr
NtQueryDirectoryObject
NtCreateFile
NtOpenFile
NtQueryValueKey
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memset
DbgPrintEx
NtOpenSymbolicLinkObject
NtQuerySystemTime
RtlCompareUnicodeString
NtOpenDirectoryObject
__C_specific_handler
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
wcsspn
_wtol
_wtoi64
_wcsupr
_wcslwr
wcschr
NtDeviceIoControlFile
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
RtlGetPersistedStateLocation
wcscpy_s
wcscat_s
NtQueryInformationFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtReadFile
RtlRaiseStatus
qsort
NtDelayExecution
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
NtDrawText
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
RtlNumberGenericTableElementsAvl
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
RtlExpandEnvironmentStrings_U
NtSetInformationFile
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
RtlRandomEx
NtQueryPerformanceCounter
isprint
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeSRWLock
RtlInitializeCriticalSection
NtFreeVirtualMemory
NtSetEvent
RtlCaptureStackBackTrace
NtAllocateVirtualMemory
NtWaitForSingleObject
NtResetEvent
wcsncmp
RtlFindMessage
RtlInitUTF8StringEx
RtlInitAnsiStringEx
RtlUTF8StringToUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatMessage
RtlDeleteSecurityObject
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlSystemTimeToLocalTime
RtlCrc64
RtlUpcaseUnicodeString
RtlComputeCrc32
DbgPrint
NtOpenThreadToken
_wcsnicmp
RtlDosPathNameToNtPathName_U
RtlCreateSystemVolumeInformationFolder
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
NtFlushBuffersFile
__chkstk
memcmp
memcpy
memmove
wcscmp

bcd

BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdOpenStore
BcdForciblyUnloadStore

Sections

.text
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
backgroundTaskHost.exe
.exe windows:10 windows x64 arch:x64

dc601e2593053a84a6989de251407aa7

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:9c:65:eb:90:d3:c0:f3:d0:50:a6:c7:a1:05:22:87:19:90:5c:8b:b5:7a:43:77:90:a5:32:dd:cc:0f:0f:ed
Signer

Actual PE Digest

0d:9c:65:eb:90:d3:c0:f3:d0:50:a6:c7:a1:05:22:87:19:90:5c:8b:b5:7a:43:77:90:a5:32:dd:cc:0f:0f:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

backgroundTaskHost.pdb

Imports

msvcrt

_cexit
__set_app_type
__setusermatherr
_XcptFilter
?terminate@@YAXXZ
__getmainargs
_exit
exit
_commode
_fmode
__C_specific_handler
_amsg_exit
_initterm

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bash.exe
.exe windows:10 windows x64 arch:x64

d6fbb83459a83bb12d66ed1540c4d7f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bash.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
memmove
_o__wsetlocale
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseSRWLockShared
SetEvent
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoCreateFreeThreadedMarshaler
CoTaskMemFree
IIDFromString
CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-job-l2-1-0

SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SetErrorInfo
SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdboot.exe
.exe windows:10 windows x64 arch:x64

5a0264b5d8094a869d4a4abce1dbb53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bcdboot.pdb

Imports

msvcrt

memset
_wcsicmp
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memmove
memcpy
memcmp
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
_wsetlocale
wcscpy_s
fflush
swprintf_s
?terminate@@YAXXZ
strncmp
strcpy_s
wcsnlen
wcsstr
_wcslwr
_snwscanf_s
wcstoul
_ultow_s
wcsncpy_s
wcschr
_vsnwprintf_s
fclose
_wfopen_s
wcsncmp
wcsrchr
_vsnwprintf
wcscat_s
_wcsnicmp
_wcsupr
__iob_func
wcscmp

rpcrt4

UuidCreate

bcrypt

BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptHashData

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CertGetNameStringW

imagehlp

CheckSumMappedFile

kernel32

SetLastError
GetLastError
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
FormatMessageW
LoadLibraryW
HeapAlloc
WriteConsoleW
GetProcAddress
GetProcessHeap
FreeLibrary
WideCharToMultiByte
GetFileType
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
QueryDosDeviceW
GetFileSizeEx
GetLongPathNameW
GetVolumePathNameW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
GetVolumeNameForVolumeMountPointW
GetCurrentThread
CloseHandle
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
LocalFree
FindVolumeClose
DeleteVolumeMountPointW
FindNextVolumeW
GetFullPathNameW
LoadLibraryExW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
GetPrivateProfileSectionW
FindClose
SetFileAttributesW
MoveFileExW
CreateDirectoryW
DeviceIoControl
LoadResource
FindResourceExW
LCIDToLocaleName
GetVersionExW
GetModuleHandleExW
GetUserDefaultUILanguage
GetLocaleInfoEx
GetSystemDefaultUILanguage
GetCurrentProcess
LocalAlloc
GetLocaleInfoW
LocaleNameToLCID
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
DeleteFileW
CopyFileExW
SearchPathW

shlwapi

PathRemoveBackslashW

advapi32

DuplicateTokenEx
EventRegister
EventUnregister
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
SetNamedSecurityInfoW
RegQueryValueExW
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
OpenProcessToken
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
EventWriteTransfer
SetThreadToken

ntdll

ZwWaitForSingleObject
ZwQueryKey
ZwReleaseMutant
ZwOpenMutant
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtOpenSymbolicLinkObject
RtlSetDaclSecurityDescriptor
NtOpenKey
NtQuerySymbolicLinkObject
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
RtlFreeSid
RtlCreateAcl
RtlCreateSecurityDescriptor
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
ZwCreateFile
ZwCreateKey
ZwQueryAttributesFile
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetSecurityObject
ZwUnloadKey
ZwSetValueKey
ZwOpenKey
ZwAllocateUuids
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwQueryInformationFile
ZwOpenProcess
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtOpenThreadTokenEx
RtlImpersonateSelf
ZwLoadKey
ZwClose
ZwOpenFile
ZwQuerySystemInformation
RtlAllocateHeap
NtQuerySystemEnvironmentValueEx
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
RtlCompareMemory
RtlFreeHeap
RtlStringFromGUID
NtSetInformationFile
RtlFreeUnicodeString
NtOpenFile
NtWaitForSingleObject
RtlNtStatusToDosError
NtQueryInformationThread
NtQueryInformationFile
NtCreateEvent
NtClose
RtlImageNtHeader
NtDeviceIoControlFile
NtSetInformationThread
NtReadFile
NtOpenProcess
NtQueryInformationProcess
NtWriteFile
RtlInitUnicodeString
RtlGUIDFromString
RtlAppendUnicodeToString

Sections

.text
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bcdedit.exe
.exe windows:10 windows x64 arch:x64

c8c8203bdce2871d4a59d4ebd68d8d21

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:1a:b1:9b:f0:6e:a1:b5:40:31:a2:6a:1d:f4:43:fd:4b:5f:c7:cd:ba:bd:25:81:8f:24:38:f8:12:4a:2b:89
Signer

Actual PE Digest

6c:1a:b1:9b:f0:6e:a1:b5:40:31:a2:6a:1d:f4:43:fd:4b:5f:c7:cd:ba:bd:25:81:8f:24:38:f8:12:4a:2b:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bcdedit.pdb

Imports

msvcrt

__setusermatherr
_initterm
_exit
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
memmove
memcpy
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
iswspace
_vsnwprintf
wcsrchr
_wtol
wcschr
_ui64tow_s
_wcstoui64
wcstoul
_cexit
_wcsicmp
wcscpy_s
_wtoi
_wcsnicmp
fflush
fwprintf
__iob_func
_vsnwprintf_s
wcscat_s
_ultow_s
strcpy_s
wcsncpy_s
wcsstr
wcsnlen
_wcsupr
strncmp
_snwscanf_s
_wcslwr
_aligned_free
_aligned_malloc
free
malloc
wcsncmp
vswprintf_s
_vscwprintf
_wsetlocale
swprintf_s
memcmp
memset

ntdll

ZwClose
ZwQuerySystemInformation
RtlAppendUnicodeToString
ZwQueryAttributesFile
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateFile
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwDeleteValueKey
ZwSaveKey
RtlFreeSid
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwSetValueKey
ZwOpenKey
LdrGetProcedureAddress
ZwQueryVolumeInformationFile
LdrGetDllHandle
ZwQueryInformationProcess
ZwDeleteFile
ZwQueryInformationFile
ZwOpenProcess
NtQuerySystemInformation
ZwAllocateUuids
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
ZwOpenMutant
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtSetValueKey
NtQueryValueKey
NtDeleteKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetSecurityObject
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtCreateKey
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
ZwReleaseMutant
ZwQueryKey
ZwWaitForSingleObject
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtClose
NtOpenFile
RtlStringFromGUID
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlCompareMemory
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlGUIDFromString
RtlInitUnicodeString
RtlIpv6StringToAddressW
RtlFreeHeap
RtlNtStatusToDosError
RtlAllocateHeap
ZwOpenFile

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
LoadResource
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
GetFileSizeEx
GetFileType
QueryDosDeviceW
CreateFileW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetFinalPathNameByHandleW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetStdHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsFree
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
TlsSetValue
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorLength
GetSidSubAuthority
GetSidLengthRequired
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
SetSecurityDescriptorGroup
MakeSelfRelativeSD
CreatePrivateObjectSecurityWithMultipleInheritance
InitializeSecurityDescriptor
GetSecurityDescriptorControl
InitializeSid
SetSecurityDescriptorOwner
IsValidSid
InitializeAcl
SetSecurityDescriptorDacl
SetPrivateObjectSecurityEx
GetLengthSid
AddAccessAllowedAce

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-localization-obsolete-l1-1-0

GetSystemDefaultUILanguage
LCIDToLocaleName
GetUserDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateHiveEx
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORFlushHive
ORGetKeySecurity
ORGetValue
ORGetVirtualFlags
OROpenHive
OROpenHiveByHandle
OROpenKey
ORQueryInfoKey
ORQueryInfoKeyEx
ORQueryInfoKeyValueEx
ORRenameKey
ORSaveHive
ORSaveHiveEx
ORSaveHiveToHandle
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdeunlock.exe
.exe windows:10 windows x64 arch:x64

e0f899378314471531cb54b05533b862

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:27:5c:20:c4:b6:2d:bf:ab:40:c2:0d:49:de:60:a0:7d:83:41:c3:5d:96:3e:ca:06:0d:77:e8:42:e9:f1:22
Signer

Actual PE Digest

3d:27:5c:20:c4:b6:2d:bf:ab:40:c2:0d:49:de:60:a0:7d:83:41:c3:5d:96:3e:ca:06:0d:77:e8:42:e9:f1:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bdeunlock.pdb

Imports

advapi32

RegGetValueW

kernel32

GetCurrentProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetDriveTypeW
GetFileAttributesW
GetSystemTimeAsFileTime
GetTickCount
HeapFree
SetLastError
GetModuleHandleExW
GetModuleFileNameW
GetProcessMitigationPolicy
LocalAlloc
GetProcAddress
FreeLibrary
GetUserPreferredUILanguages
GetLocaleInfoEx
TerminateProcess
SetErrorMode
GetVolumePathNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
HeapSetInformation
GetLastError
GetProcessHeap
GetCommandLineW
GetCurrentProcessId
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
RaiseException
LocalFree
FormatMessageW
GetLogicalDriveStringsW
HeapAlloc
CreateFileW
CloseHandle
WaitForSingleObject
CreateThread

user32

RemovePropW
DefWindowProcW
CreateWindowExW
RegisterClassExW
DestroyWindow
FindWindowW
GetMessageW
TranslateMessage
DispatchMessageW
AllowSetForegroundWindow
SetForegroundWindow
GetSystemMetrics
PostMessageW
LoadStringW
GetPropW
SetPropW
PostQuitMessage

msvcrt

_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
iswascii
exit
_fmode
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_commode
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memset
memcpy
_vsnwprintf
_purecall
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
malloc
__set_app_type
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shell32

ord645
SHGetPathFromIDListEx
ord644
ord155
ord2
SHGetKnownFolderIDList
ord4
ShellExecuteW
CommandLineToArgvW

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

shlwapi

ord219

duser

DUserPostEvent
InitGadgets
DeleteHandle

dui70

?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Detach@CSafeElementProxy@@QEAAXXZ
?GetClassInfoPtr@TouchEdit2@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@TouchHyperLink@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetEncodedContentString@Element@DirectUI@@QEAAJPEAG_K@Z
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetSelection@TouchEdit2@DirectUI@@QEAAJJJ@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?GetSelection@TouchEdit2@DirectUI@@QEAAJPEAJ0@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?GetCheckedState@TouchCheckBox@DirectUI@@QEAA?AW4CheckedStateFlags@2@XZ
?SetCheckedState@TouchCheckBox@DirectUI@@QEAAJW4CheckedStateFlags@2@@Z
StrToID
?MultipleClick@TouchButton@DirectUI@@SA?AVUID@@XZ
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?CreateInstance@CSafeElementProxy@@SAJPEAVElement@DirectUI@@PEAPEAV1@@Z

fveapi

FveOpenVolumeW
FveCloseVolume
FveIsRecoveryPasswordGroupValidW
FveGetStatus

bdeui

?ClearProxyObject@BuiVolume@@QEAAXXZ
?LaunchUpdate@BuiVolume@@QEAAJXZ
?NeedsDiscoveryVolumeUpdate@BuiVolume@@QEAAJPEAH@Z
?GetPasswordId@BuiVolume@@QEAAJPEAPEAG@Z
?UnlockWithPassword@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithPassphrase@BuiVolume@@QEAAJPEBGPEAH@Z
?UnlockWithSmartCard@BuiVolume@@QEAAJPEAUHWND__@@PEAH@Z
?EnableAutoUnlock@BuiVolume@@QEAAJXZ
?UnlockWithKey@BuiVolume@@QEAAJPEBGPEAH@Z
?RefreshStatus@BuiVolume@@QEAAJ_N@Z
?SetProxyObject@BuiVolume@@QEAAXPEAUIDispatch@@@Z
BuisCreateProxyObject
?Init@BuiVolume@@QEAAJPEAG@Z
??0BuiVolume@@QEAA@XZ
??1BuiVolume@@QEAA@XZ
BuisIsFipsEnabled

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

Exports

Exports

??0VolumeFveStatus@@IEAA@XZ
??0VolumeFveStatus@@QEAA@K_KJW4_FVE_WIPING_STATE@@@Z
??4BuiVolume@@QEAAAEAV0@AEBV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@$$QEAV0@@Z
??4VolumeFveStatus@@QEAAAEAV0@AEBV0@@Z
?FailedDryRun@VolumeFveStatus@@QEBA_NXZ
?GetExtendedFlags@VolumeFveStatus@@QEBA_KXZ
?GetLastConvertStatus@VolumeFveStatus@@QEBAJXZ
?GetStatusFlags@VolumeFveStatus@@QEBAKXZ
?HasExternalKey@VolumeFveStatus@@QEBA_NXZ
?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasPassphraseProtector@VolumeFveStatus@@QEBA_NXZ
?HasPinProtector@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryData@VolumeFveStatus@@QEBA_NXZ
?HasRecoveryPassword@VolumeFveStatus@@QEBA_NXZ
?HasSmartCardProtector@VolumeFveStatus@@QEBA_NXZ
?HasStartupKeyProtector@VolumeFveStatus@@QEBA_NXZ
?HasTpmProtector@VolumeFveStatus@@QEBA_NXZ
?IsConverting@VolumeFveStatus@@QEBA_NXZ
?IsCsvMetadataVolume@VolumeFveStatus@@QEBA_NXZ
?IsDEAutoProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsDecrypted@VolumeFveStatus@@QEBA_NXZ
?IsDecrypting@VolumeFveStatus@@QEBA_NXZ
?IsDisabled@VolumeFveStatus@@QEBA_NXZ
?IsEDriveVolume@VolumeFveStatus@@QEBA_NXZ
?IsEncrypted@VolumeFveStatus@@QEBA_NXZ
?IsEncrypting@VolumeFveStatus@@QEBA_NXZ
?IsLocked@VolumeFveStatus@@QEBA_NXZ
?IsOn@VolumeFveStatus@@QEBA_NXZ
?IsOsCriticalVolume@VolumeFveStatus@@QEBA_NXZ
?IsOsVolume@VolumeFveStatus@@QEBA_NXZ
?IsPartiallyConverted@VolumeFveStatus@@QEBA_NXZ
?IsPaused@VolumeFveStatus@@QEBA_NXZ
?IsPreProvisioned@VolumeFveStatus@@QEBA_NXZ
?IsRoamingDevice@VolumeFveStatus@@QEBA_NXZ
?IsSecure@VolumeFveStatus@@QEBA_NXZ
?IsUnknownFveVersion@VolumeFveStatus@@QEBA_NXZ
?IsWiping@VolumeFveStatus@@QEBA_NXZ
?NO_DRIVE_LETTER@BuiVolume@@2IB
?NeedsRestart@VolumeFveStatus@@QEBA_NXZ

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bitsadmin.exe
.exe windows:10 windows x64 arch:x64

0cac68dc73a62ca8c76038194d54bf79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bitsadmin.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

__doserrno
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
memcpy
_o__wcsicmp
_o__wfopen
_o__wsetlocale
_o_exit
_o_feof
_o_floor
_o_free
_o_getc
_o_iswxdigit
_o_malloc
_o_terminate
_o_ungetc
_o_wcstok
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
wcschr
__std_terminate
__CxxFrameHandler4
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-downlevel-kernel32-l1-1-0

GetConsoleOutputCP
WriteFile
SetConsoleMode
TerminateProcess
SetThreadUILanguage
InitializeCriticalSection
GetSystemDirectoryW
GetConsoleMode
FillConsoleOutputCharacterW
FileTimeToSystemTime
FileTimeToLocalFileTime
QueueUserAPC
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetTimeFormatW
GetNumberOfConsoleInputEvents
GetSystemTimeAsFileTime
GetFileType
SetConsoleCursorPosition
GetDateFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetConsoleScreenBufferInfo
LoadLibraryExW
Sleep
SleepEx
DeleteCriticalSection
ReadConsoleInputW
InitializeCriticalSectionEx
LeaveCriticalSection
WriteConsoleW
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
CompareStringA
GetFileAttributesW
ExpandEnvironmentStringsW
SetLastError
CompareStringW
WideCharToMultiByte
HeapSetInformation
CloseHandle
GetCurrentThreadId
GetCurrentThread
MultiByteToWideChar
DuplicateHandle
FormatMessageW
GetThreadLocale
GetCurrentProcess
GetLastError
SetConsoleCtrlHandler
GetProcAddress
GetModuleHandleW
FreeLibrary
GetStdHandle

api-ms-win-downlevel-ole32-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree

sspicli

LogonUserExExW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
AllocateAndInitializeSid
RevertToSelf
GetTokenInformation
GetSidSubAuthority
CopySid
ImpersonateSelf
ImpersonateLoggedOnUser
GetLengthSid

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-kernel32-legacy-l1-1-2

OpenMutexA

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootim.exe
.exe windows:10 windows x64 arch:x64

1e736fc89bc5a82bd2fedf354a4c0ec2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BootIM.pdb

Imports

user32

GetSystemMetrics

msvcrt

_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_unlock
__setusermatherr
__dllonexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wtol
_wcsnicmp
_onexit
wcschr
?terminate@@YAXXZ
_wcsicmp
_vsnwprintf
memcpy_s
_cexit
memset

bootux

ord9
ord12

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntExW

ntdll

RtlNtStatusToDosError
NtQuerySystemInformation

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootsect.exe
.exe windows:10 windows x64 arch:x64

197b5f5cf02964bf07b3a72286de3102

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:23

Not After

01-09-2022 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59
Signer

Actual PE Digest

8e:91:fe:32:e0:17:91:b3:86:1d:26:cc:9b:42:c4:cf:56:49:49:85:d0:0d:ad:3e:a2:38:96:42:03:fb:17:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bootsect.pdb

Imports

msvcrt

?terminate@@YAXXZ
_amsg_exit
_XcptFilter
__setusermatherr
__getmainargs
iswxdigit
_vsnwprintf
_wcsnicmp
memcpy
_stricmp
swprintf_s
__set_app_type
isalpha
exit
_exit
_cexit
__C_specific_handler
_fmode
_initterm
wcsncmp
_snwscanf_s
_wcslwr
wcsstr
wcsnlen
memset
wcscpy_s
_commode
_wcsicmp

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
SetFilePointer
CreateFileW
GetFileType
ReadFile
WriteFile

api-ms-win-core-libraryloader-l1-1-0

FindResourceExW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameW
GetModuleHandleW
GetProcAddress

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
RtlFreeHeap
NtQueryDirectoryObject
NtCreateEvent
NtOpenDirectoryObject
NtDeviceIoControlFile
NtQuerySymbolicLinkObject
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtResetEvent
NtOpenFile
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtOpenKey
RtlVirtualUnwind
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtFsControlFile
NtClose
RtlInitUnicodeString
NtQuerySystemInformation

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-1-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage
LCIDToLocaleName

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bridgeunattend.exe
.exe windows:10 windows x64 arch:x64

e94ad2353fb89025343a2422c862e414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

bridgeunattend.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

CreateEventW
GetLastError
CloseHandle
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

msvcrt

__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__getmainargs
?what@exception@@UEBAPEBDXZ
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
wcschr
??_V@YAXPEAX@Z
__CxxFrameHandler4
??3@YAXPEAX@Z
_CxxThrowException
__set_app_type
memset

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoSetProxyBlanket

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
browser_broker.exe
.exe windows:10 windows x64 arch:x64

a701c00271cc8f17a1c302c292918e0e

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:8d:7f:70:13:78:9b:87:85:d0:e0:69:a5:17:01:2d:4b:d2:7b:53:76:10:90:52:e7:9f:3c:79:6d:09:84:bd
Signer

Actual PE Digest

64:8d:7f:70:13:78:9b:87:85:d0:e0:69:a5:17:01:2d:4b:d2:7b:53:76:10:90:52:e7:9f:3c:79:6d:09:84:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

browser_broker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o_exit
_o_terminate
_o_wcstok_s
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
ReleaseMutex
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

rpcrt4

UuidFromStringW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteEx
EventUnregister

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjects

api-ms-win-rtcore-ntuser-window-l1-1-0

TranslateMessage
DispatchMessageW
PeekMessageW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
browserexport.exe
.exe windows:10 windows x64 arch:x64

d2bab879eb0e6a9d59a3ba185acf0274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

browserexport.pdb

Imports

msvcp_win

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?good@ios_base@std@@QEBA_NXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?flags@ios_base@std@@QEBAHXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?widen@?$ctype@G@std@@QEBAGD@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAGG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_J@Z
?setf@ios_base@std@@QEAAHHH@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

memcpy
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler4
__std_terminate
_o___p___argc
_o___p___wargv
_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__fseeki64
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__unlock_file
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputwc
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_memcpy_s
_o_setvbuf
_o_terminate
_o_ungetc
_o_ungetwc

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

IIDFromString
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
DeleteFileW
SetFileAttributesW
FindClose
GetFileSize

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
OpenProcessToken
CreateProcessAsUserW
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

crypt32

CryptUnprotectData

api-ms-win-security-base-l1-1-0

GetSidLengthRequired
GetTokenInformation
InitializeSid
GetSidSubAuthority
SetTokenInformation
DuplicateTokenEx

api-ms-win-core-synch-l1-1-0

ReleaseMutex
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteEx
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wininet

InternetGetCookieEx2
InternetFreeCookies

winsqlite3

sqlite3_prepare_v2
sqlite3_column_blob
sqlite3_step
sqlite3_finalize
sqlite3_column_int64
sqlite3_column_text16
sqlite3_open16
sqlite3_close
sqlite3_column_bytes

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

iertutil

ord597
ord398
ord793
ord791
ord796
ord820
ord683
ord650
ord653
ord594

msiso

ord207

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bthudtask.exe
.exe windows:10 windows x64 arch:x64

1c54a8f41de7b28992e2bd7a4d586748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BthUdTask.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
UnhandledExceptionFilter
TerminateProcess
CloseHandle
SetEvent
ResolveDelayLoadedAPI
OpenEventW
DelayLoadFailureHook
GetLastError
CompareStringOrdinal
GetCurrentThreadId

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
__C_specific_handler
memset

newdev

DiUninstallDevice

devobj

DevObjUninstallDevice
DevObjEnumDeviceInfo
DevObjGetDeviceInstanceId
DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjOpenDevRegKey
DevObjDestroyDeviceInfoList

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cacls.exe
.exe windows:10 windows x64 arch:x64

30254a514cd61ab9d483307aa5a195e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cacls.pdb

Imports

msvcrt

_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_wsetlocale
free
__iob_func
printf
fgetws
wcschr
fprintf
_vsnwprintf_s
_initterm
vswprintf_s
_wcsicmp
?terminate@@YAXXZ
_commode
wcscat_s
fwprintf_s
_fmode
fwprintf
ferror
exit
__C_specific_handler
wprintf
_wcsnicmp
wcscpy_s
__setusermatherr
memcpy

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenFile
RtlNtStatusToDosError
RtlVirtualUnwind
NtQueryInformationFile
NtClose
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlFreeHeap

ntmarta

AccTreeResetNamedSecurityInfo

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-security-base-l1-1-0

GetLengthSid
EqualSid
GetSecurityDescriptorControl
GetKernelObjectSecurity
GetFileSecurityW
InitializeAcl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
QuerySecurityAccessMask
SetSecurityAccessMask
InitializeSecurityDescriptor
SetKernelObjectSecurity
AddAce

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindNextFileW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
FindClose
GetVolumeInformationW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
calc.exe
.exe windows:10 windows x64 arch:x64

8eeaa9499666119d13b3f44ecd77a729

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

calc.pdb

Imports

shell32

ShellExecuteW

kernel32

GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
RtlLookupFunctionEntry

msvcrt

__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_cexit
__wgetmainargs
_amsg_exit
_XcptFilter
exit
__set_app_type
_exit

advapi32

EventSetInformation
EventWriteTransfer
EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certreq.exe
.exe windows:10 windows x64 arch:x64

6a0f86aa44f988073c05e0ee40f2bd02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

certreq.pdb

Imports

advapi32

CryptGenKey
CryptAcquireContextW
RevertToSelf
CryptDestroyKey
WaitServiceState
CryptReleaseContext

kernel32

EncodePointer
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetFileAttributesW
lstrcmpW
GetTickCount
GetSystemTimeAsFileTime
GetTempFileNameW
LocalFree
DecodePointer
RaiseException
DeleteFileW
LocalAlloc

msvcrt

memcmp
__iob_func
__C_specific_handler
wcscspn
_XcptFilter
memset
__wgetmainargs
__set_app_type
exit
strcmp
?terminate@@YAXXZ
wcsrchr
_wcsnicmp
_amsg_exit
_swab
_onexit
__dllonexit
_unlock
_lock
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_callnewh
?what@exception@@UEBAPEBDXZ
wcsstr
wcschr
iswdigit
_vsnprintf
fputws
fclose
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
memcpy
_CxxThrowException
_itoa_s
wcscpy_s
_stricmp
towupper
iswlower
iswupper
sscanf_s
wcscmp
strpbrk
strcat_s
strcpy_s
strspn
_fileno
_setmode
getenv
_commode
fwrite
ftell
_wgetenv
_errno
fopen
strcspn
_wfopen_s
wcsncmp
_fmode
_wcmdln
strncmp
atoi
strchr
_initterm
__setusermatherr
isdigit
qsort
towlower
free
malloc
_cexit
_purecall
_exit
_wcsicmp
vfwprintf
fprintf
fflush
ferror
_vsnwprintf
__CxxFrameHandler3
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswspace
iswxdigit
_wtoi
gmtime
_wsetlocale
iswalpha
_wfopen
fgetc
feof
fseek
fgetws
fgets

certcli

ord261
ord207
ord360
ord254
ord358
ord219
ord213
ord357
ord223
ord373
ord225
ord205
ord359
ord220
ord203
ord221
CAGetCertTypeProperty
CAFreeCertTypeProperty
CACloseCertType
CAFindCertTypeByName
ord356
ord246
ord252
ord366
ord260
ord256

gdi32

GetStockObject

ncrypt

NCryptOpenKey
NCryptFreeObject
NCryptIsKeyHandle
NCryptSetProperty
NCryptFreeBuffer
NCryptEnumStorageProviders
NCryptOpenStorageProvider
NCryptGetProperty

normaliz

IdnToUnicode

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
EtwTraceMessage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

setupapi

SetupOpenInfFileW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetIntField
SetupCloseInfFile
SetupGetFieldCount
SetupFindNextLine
SetupGetStringFieldW

profapi

ord104

wldap32

ord12
ord18
ord167
ord147
ord13
ord142
ord41
ord140
ord79
ord26
ord203
ord224
ord127
ord16
ord210

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgUpdate
CertGetCertificateChain
CertFreeCRLContext
CertEnumCRLsInStore
CertFindAttribute
CryptFindOIDInfo
CryptMsgGetAndVerifySigner
CryptAcquireCertificatePrivateKey
CryptMsgOpenToDecode
CryptMsgControl
CryptFindCertificateKeyProvInfo
CryptSignAndEncodeCertificate
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCloseStore
CryptHashPublicKeyInfo
CertFreeCertificateContext
CryptMsgGetParam
CertFreeCertificateChain
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertVerifySubjectCertificateContext
CertFindExtension
CryptEncodeObjectEx
CryptDecodeObjectEx
CryptStringToBinaryW
CertGetNameStringW
CryptExportPublicKeyInfoEx
CryptSignCertificate
CertNameToStrW
CryptHashCertificate
CertSetStoreProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertAddCertificateLinkToStore
CryptEnumOIDInfo
CryptFormatObject
CryptSignMessage
CertStrToNameW
CryptMsgOpenToEncode
CertCreateCertificateContext

ole32

CoUninitialize
CoCreateInstance
StringFromCLSID
CoInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantCopyInd
CreateErrorInfo
SetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
SysFreeString
SysStringByteLen
SysAllocString
SysAllocStringByteLen
SafeArrayGetElement
VariantClear
SysStringLen

rpcrt4

NdrClientCall3
RpcExceptionFilter
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
RpcEpResolveBinding
RpcBindingSetAuthInfoExW
UuidCreate

secur32

GetComputerObjectNameW
GetUserNameExW

user32

DispatchMessageW
PostMessageW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassW
LoadIconW
DefWindowProcW
PostQuitMessage
LoadCursorW
SetCursor
LoadStringW
GetDesktopWindow
MessageBoxW
CharLowerW

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCanonicalizeUrlW

shlwapi

PathFindFileNameW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindResourceExW
FreeLibrary
GetModuleHandleW
GetProcAddress
LockResource
LoadResource

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalReAlloc

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CreateFileW
LocalFileTimeToFileTime
GetFullPathNameW
SetEndOfFile
CompareFileTime
GetFileType
SetFilePointer
FileTimeToLocalFileTime

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW
FoldStringW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTime
GetComputerNameExW
GetLocalTime
GetSystemDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptSetProvParam
CryptEnumProvidersA
CryptGetProvParam

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
SearchPathW
GetCommandLineW
GetEnvironmentVariableW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetACP
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessImageFileNameW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-security-logon-l1-1-0

LogonUserExW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetDateFormatA
GetDateFormatW
GetTimeFormatW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
InitializeCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
CreateEventW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringA

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-service-winsvc-l1-1-0

ControlService

Sections

.text
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
certutil.exe
.exe windows:10 windows x64 arch:x64

323a326d7b550351b75ec637a5575902

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

certutil.pdb

Imports

advapi32

IsValidSecurityDescriptor
GetSecurityDescriptorLength
CryptReleaseContext
CryptAcquireContextW
LookupAccountNameW
IsValidSid
ConvertSidToStringSidW
ImpersonateSelf
RevertToSelf
LookupAccountSidW
CryptGetProvParam
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
CryptSetProvParam
CryptGenRandom
CryptCreateHash
CryptVerifySignatureW
CryptHashData
CryptDestroyHash
CryptSetKeyParam
CryptDecrypt
CryptImportKey
RegDeleteTreeW
RegOpenKeyW
CryptGetHashParam
CryptDuplicateKey
CryptEncrypt
CryptGenKey
CryptContextAddRef
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
SetNamedSecurityInfoW
AddAccessDeniedAce
AddAccessAllowedAce
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAce
InitializeAcl
LsaStorePrivateData
LsaRetrievePrivateData
RegConnectRegistryW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptEnumProvidersA
CryptGetDefaultProviderW
LogonUserExW
ImpersonateLoggedOnUser
CreateWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
LsaClose
LsaFreeMemory
LsaOpenPolicy
FreeSid
CheckTokenMembership
DuplicateToken
OpenThreadToken
ConvertStringSidToSidW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
DeleteAce
EqualSid
GetAce
GetAclInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CryptSignHashW
CryptSetHashParam
CryptExportKey
CryptDuplicateHash

kernel32

GetFullPathNameW
CloseThreadpoolTimer
CloseThreadpoolWait
FindCloseChangeNotification
FindNextChangeNotification
SetThreadpoolWait
SetThreadpoolTimer
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
LeaveCriticalSection
SetConsoleCtrlHandler
EnterCriticalSection
SetEndOfFile
WriteFile
LockResource
SizeofResource
LoadResource
FindResourceW
GetVersionExW
GetComputerNameExW
GetComputerNameW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstChangeNotificationW
Sleep
GetTickCount
LoadLibraryW
DecodePointer
EncodePointer
GetFileAttributesExW
GetCurrentProcess
QueryFullProcessImageNameW
GetProcessTimes
OpenProcess
GetLastError
GetTickCount64
PulseEvent
OpenEventW
GetUserDefaultUILanguage
LocalReAlloc
LocalFileTimeToFileTime
GetModuleHandleW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
FormatMessageW
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
CreateThreadpoolTimer
FindFirstFileW
CreateThreadpoolWait
SetEvent
ReleaseSemaphore
TrySubmitThreadpoolCallback
CreateSemaphoreW
DeleteFileW
GetFileSize
CreateFileW
CreateEventW
GetEnvironmentVariableW
GetSystemDefaultUILanguage
GetTempFileNameW
GetProcAddress
SetLastError
SetConsoleMode
LocalFree
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalAlloc
GetFileAttributesW
FreeLibrary
CompareFileTime
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetConsoleMode
GetFileType
GetStdHandle
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
DelayLoadFailureHook
ResolveDelayLoadedAPI
FindResourceExW
LCIDToLocaleName
GetLocaleInfoW
GetLocaleInfoEx
SearchPathW
LoadLibraryExA
GetProfileStringA
ResetEvent
GetFileTime
lstrlenW
VirtualFree
VirtualAlloc
GetTempPathW
GetLocalTime
K32GetProcessImageFileNameW
HeapSetInformation
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
GetCurrentThread
CreateDirectoryW
RemoveDirectoryW
GetConsoleOutputCP
CompareStringW
FoldStringW
GetTimeFormatW
GetDateFormatW
FileTimeToLocalFileTime
LoadLibraryExW
GetSystemDirectoryW
GetCommandLineW
FileTimeToSystemTime
WriteConsoleW
GetACP
WideCharToMultiByte
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

msvcrt

??1type_info@@UEAA@XZ
wcstok
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
realloc
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_errno
_wcmdln
_itoa_s
memcmp
memset
wcscpy_s
towupper
iswlower
towlower
iswupper
sscanf_s
strpbrk
strcat_s
strcpy_s
strspn
getenv
fwrite
ftell
_wgetenv
_fileno
strcmp
wcstoul
fgetws
feof
fgetc
_wfopen
fputws
atoi
iswalpha
_wsetlocale
isxdigit
gmtime
iswxdigit
vfwprintf
iswspace
__iob_func
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
fprintf
_strlwr
_swab
ferror
fseek
fputs
strchr
fgets
fopen
calloc
bsearch
?terminate@@YAXXZ
_setmode
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler4
_purecall
_vsnwprintf
iswdigit
wcsrchr
wcschr
fwprintf
_wfopen_s
fclose
fflush
_fgetwchar
wcsspn
_wcsnicmp
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
qsort
wcscspn
free
wcscmp
__isascii
isdigit
_strnicmp
swscanf
_stricmp
_wtoi
_vsnprintf
_wcslwr
strncmp
strcspn
wcsstr
strstr
wcsncmp
_ultow
_wcsicmp

certcli

CAEnumCertTypesEx
ord356
ord205
ord213
ord254
ord360
ord223
ord256
ord246
ord225
ord358
ord207
ord359
ord217
ord258
CAGetCertTypeFlagsEx
CAGetCertTypePropertyEx
CAFreeCertTypeProperty
CAGetCertTypeKeySpec
ord357
CACertTypeGetSecurity
CAGetCertTypeExtensions
CAFreeCertTypeExtensions
CAEnumCertTypesForCAEx
CAGetCertTypeProperty
CACertTypeAccessCheckEx
CAEnumNextCertType
CACloseCertType
ord373
CAEnumFirstCA
CAFindByName
CAGetCAProperty
CAFreeCAProperty
CAEnumNextCA
CACloseCA
ord362
CAGetCAFlags
CAGetCAExpiration
CAAccessCheck
ord361
CAGetCACertificate
CAGetCASecurity
CASetCAProperty
CAUpdateCAEx
CAFindByCertType
ord257
ord218
ord255
CAEnumCertTypesForCA
CACountCertTypes
CACertTypeAccessCheck
CACountCAs
CARemoveCACertificateTypeEx
CAAddCACertificateTypeEx
CAUpdateCA
ord260
ord366
ord252
ord261
ord253
ord203
ord247
ord210
CASetCASecurity
CASetCACertificate
CASetCAFlags
CACreateNewCA
CAFindCertTypeByName
ord370
ord245
CAGetCertTypeExpiration

crypt32

CryptFindOIDInfo
CertGetCertificateContextProperty
CertFindExtension
CryptEncodeObjectEx
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateContext
CertEnumCRLsInStore
CertFreeCRLContext
CertCreateCRLContext
CryptExportPKCS8
PFXExportCertStoreEx
PFXExportCertStore
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertStrToNameW
CryptDecryptMessage
CryptEncryptMessage
CryptSignMessage
CryptFormatObject
CertAddCertificateLinkToStore
CertGetIntendedKeyUsage
CryptHashPublicKeyInfo
CryptStringToBinaryW
CryptMsgOpenToDecode
CertNameToStrW
CryptSignCertificate
CryptExportPublicKeyInfoEx
CryptSignAndEncodeCertificate
CertDuplicateStore
CryptMsgUpdate
CryptMsgOpenToEncode
CryptBinaryToStringW
CertOpenServerOcspResponse
I_CryptWalkAllLruCacheEntries
I_CryptRemoveLruEntry
I_CryptGetLruEntryData
I_CryptFindLruEntry
I_CryptReleaseLruEntry
I_CryptInsertLruEntry
I_CryptCreateLruEntry
CertCloseServerOcspResponse
I_CryptFreeLruCache
I_CryptCreateLruCache
CryptMsgEncodeAndSignCTL
CertGetNameStringA
CertSetCertificateContextPropertiesFromCTLEntry
CertCreateContext
I_CertProtectFunction
CertAddStoreToCollection
CertVerifyCertificateChainPolicy
CryptMemFree
CertVerifySubjectCertificateContext
CryptVerifyCertificateSignatureEx
CertGetEnhancedKeyUsage
CertVerifyCRLTimeValidity
CertVerifyRevocation
CertVerifyTimeValidity
CryptEnumKeyIdentifierProperties
CryptImportPublicKeyInfo
CertDuplicateCRLContext
CertDeleteCRLFromStore
CertAddCTLContextToStore
CertAddCRLContextToStore
CertEnumSystemStore
CertEnumSystemStoreLocation
CertEnumPhysicalStore
CertControlStore
CertSaveStore
CertAddSerializedElementToStore
CertAddEncodedCTLToStore
CertAddEncodedCRLToStore
CertAddEncodedCertificateToStore
CertSetCTLContextProperty
CertSetCRLContextProperty
CryptFindCertificateKeyProvInfo
CryptAcquireCertificatePrivateKey
CertEnumCertificateContextProperties
CertGetCRLContextProperty
CertEnumCRLContextProperties
CertGetCTLContextProperty
CertEnumCTLContextProperties
CertSetStoreProperty
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertFreeCTLContext
CertCreateCTLContext
CertEnumCTLsInStore
CertDeleteCertificateFromStore
CertGetNameStringW
CryptDecodeObjectEx
CryptQueryObject
CryptMsgGetParam
CryptVerifyDetachedMessageSignature
CryptMsgGetAndVerifySigner
CryptMsgControl
PFXIsPFXBlob
PFXImportCertStore
CryptImportPKCS8
CertGetPublicKeyLength
CryptMsgClose
CertAddCertificateContextToStore
CertSetCertificateContextProperty
CryptGetKeyIdentifierProperty
CertFindAttribute
CryptHashCertificate
CryptDecodeObject
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CryptFindLocalizedName
CryptVerifyCertificateSignature
CertCompareCertificateName
CertFreeCertificateChain
CertGetCertificateChain
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CryptRegisterOIDInfo
CertCreateCertificateContext
CryptEnumOIDInfo

cabinet

ord20
ord21
ord22
ord23

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

NCryptFreeObject
BCryptVerifySignature
BCryptDestroyKey
NCryptOpenStorageProvider
NCryptImportKey
NCryptSetProperty
NCryptFinalizeKey
BCryptSetProperty
BCryptGetProperty
BCryptCloseAlgorithmProvider
SslEnumProtocolProviders
SslOpenProvider
SslFreeBuffer
SslFreeObject
NCryptGetProperty
BCryptFreeBuffer
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDecrypt
BCryptEncrypt
BCryptExportKey
BCryptGenRandom
BCryptSignHash
NCryptCreatePersistedKey
NCryptDecrypt
NCryptDeleteKey
NCryptDeriveKey
NCryptEncrypt
NCryptExportKey
NCryptOpenKey
NCryptSecretAgreement
NCryptSignHash
NCryptVerifySignature
NCryptEnumAlgorithms
NCryptIsAlgSupported
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptFreeBuffer
BCryptEnumAlgorithms
BCryptGenerateKeyPair
BCryptQueryProviderRegistration
BCryptEnumContexts
BCryptQueryContextConfiguration
BCryptEnumContextFunctions
BCryptResolveProviders
NCryptIsKeyHandle

netapi32

DsGetDcNameW
NetApiBufferFree
NetUserGetGroups
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
DsGetSiteNameW

normaliz

IdnToUnicode
IdnToAscii

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemTime
RtlTimeToSecondsSince1970
NtQuerySystemInformationEx
WinSqmIncrementDWORD

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW
DsGetDomainControllerInfoW

setupapi

SetupFindNextLine
SetupGetFieldCount
SetupGetStringFieldW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineCountW
SetupCloseInfFile
SetupGetIntField

shell32

SHGetFolderPathW
SHGetKnownFolderPath

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wldap32

ord16
ord208
ord14
ord145
ord13
ord210
ord65
ord12
ord18
ord27
ord73
ord113
ord140
ord224
ord142
ord79
ord127
ord167
ord147
ord155
ord206
ord135
ord203
ord36
ord26
ord41
ord191

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
ProgIDFromCLSID
CoTaskMemAlloc
CoCreateInstanceEx
CoSetProxyBlanket
CoCreateInstance
StgOpenStorageEx
PropVariantClear

oleaut32

SetErrorInfo
CreateErrorInfo
VariantCopyInd
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringLen
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
VariantInit
SysStringByteLen
SafeArrayUnaccessData
SysFreeString
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayGetElement

rpcrt4

NdrClientCall3
I_RpcExceptionFilter
UuidCreate

secur32

TranslateNameW
GetUserNameExW
GetComputerObjectNameW

user32

GetDlgItemTextW
GetDesktopWindow
DialogBoxParamW
SetWindowTextW
GetWindowLongPtrW
CharLowerW
SetCursor
SetFocus
GetWindowTextW
ShowWindow
LoadStringW
UpdateWindow
SetWindowLongPtrW
IsDlgButtonChecked
GetDlgItemInt
LoadCursorW
SetDlgItemTextW
CallWindowProcW
SendMessageW
GetDlgItem
EnableWindow
EndDialog
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
CreateWindowExW
RegisterClassW
LoadIconW
DefWindowProcW
PostQuitMessage
SetDlgItemInt
CheckDlgButton
MessageBoxW
SendDlgItemMessageA

shlwapi

PathFindFileNameW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
changepk.exe
.exe windows:10 windows x64 arch:x64

3355c9f07ccd675cc3347c47324fd1f8

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:f9:0e:49:3a:e8:62:be:19:b5:b8:a7:6d:14:7e:14:2a:10:3a:6d:7e:f1:bf:56:be:ec:94:af:09:b8:3a:ef
Signer

Actual PE Digest

bd:f9:0e:49:3a:e8:62:be:19:b5:b8:a7:6d:14:7e:14:2a:10:3a:6d:7e:f1:bf:56:be:ec:94:af:09:b8:3a:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

changepk.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
EventWriteTransfer
EventActivityIdControl

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CompareStringW
LocalFree

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
charmap.exe
.exe windows:10 windows x64 arch:x64

22674d4ddfb5c628ba4946277740f0fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

CharMap.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

WaitForSingleObject
OpenSemaphoreW
RegisterApplicationRestart
LoadLibraryW
GetThreadLocale
FindResourceW
LoadResource
SizeofResource
LockResource
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
LocalFree
LocalAlloc
IsValidLanguageGroup
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
FindClose
AcquireSRWLockExclusive
ReleaseSemaphore
SetLastError
WaitForSingleObjectEx
IsDebuggerPresent
HeapAlloc
GetLocaleInfoW
HeapSetInformation
FreeLibrary
GetProcessHeap
HeapFree
GetLastError
GetCurrentThreadId
lstrcmpW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
IsDBCSLeadByteEx
GetCPInfo
CloseHandle
DecodePointer
EncodePointer
MulDiv
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
FormatMessageW
OutputDebugStringW
GlobalFree
GlobalAlloc
GetACP
lstrlenW
GlobalLock
WideCharToMultiByte
GlobalUnlock
IsValidCodePage
EnumSystemCodePagesW
CompareStringW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetStringTypeW
MultiByteToWideChar
ReleaseMutex

gdi32

GetLayout
ExtTextOutW
CreateDIBitmap
SetTextAlign
GetTextAlign
BitBlt
GetTextExtentPointW
GetStockObject
PatBlt
CreateSolidBrush
UnrealizeObject
GetObjectW
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
DeleteDC
TranslateCharsetInfo
CreatePen
SetTextColor
LineTo
MoveToEx
GetTextExtentPoint32W
TextOutW
SetBkColor
GetTextMetricsW
CreateFontW
GetCharWidth32W
EnumFontFamiliesExW
GetFontData
SelectObject
CreateFontIndirectW
DeleteObject

user32

GetMonitorInfoW
GetWindowRect
SetThreadDpiAwarenessContext
GetWindowLongW
CreateWindowExW
GetSystemMetrics
GetClientRect
ShowWindow
GetDpiForSystem
InvalidateRect
CallWindowProcW
RegisterClassW
DefWindowProcW
GetSysColor
SetDlgItemTextW
EnableWindow
SetScrollInfo
SetRect
AdjustWindowRectEx
GetAsyncKeyState
PtInRect
SetCapture
ReleaseCapture
GetScrollInfo
DrawFocusRect
UnregisterClassW
SetTimer
KillTimer
GetParent
GetWindowTextLengthW
GetWindowTextW
PostMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
GetMessageW
IsDialogMessageW
CreateDialogParamW
UpdateWindow
ClientToScreen
GetAncestor
MapDialogRect
SetWindowPos
MapWindowPoints
MoveWindow
GetDpiForWindow
GetClassNameW
SetWindowLongW
LoadIconW
EnumChildWindows
ScreenToClient
SetDialogControlDpiChangeBehavior
GetKeyboardLayout
GetMessagePos
FillRect
GetFocus
GetDlgItemTextW
GetUpdateRect
ShowCursor
WindowFromPoint
GetCursorPos
GetMessageTime
ValidateRect
SetScrollPos
SetScrollRange
NotifyWinEvent
GetWindowInfo
IsWindowEnabled
GetDlgCtrlID
SetWindowTextW
BeginPaint
GetDC
EndPaint
SetWindowLongPtrW
GetWindowLongPtrW
DestroyWindow
LoadCursorW
ReleaseDC
GetWindowDC
SendMessageW
GetDlgItem
SendDlgItemMessageW
RegisterClipboardFormatW
LoadStringW
MonitorFromWindow
SetFocus

msvcrt

_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
?terminate@@YAXXZ
_initterm
__set_app_type
memcpy
__setusermatherr
__getmainargs
_ismbblead
_cexit
_exit
exit
__C_specific_handler
_XcptFilter
_callnewh
_amsg_exit
_vsnwprintf
free
_wtol
towupper
_wcsupr
swscanf_s
wcsncpy_s
memcpy_s
wcsstr
calloc
realloc
malloc
memset

getuname

GetUName

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoGetMalloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord17

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkdsk.exe
.exe windows:10 windows x64 arch:x64

7de8e5ca5fc1515b950abcd411d3a9e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

chkdsk.pdb

Imports

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

ntdll

NtTerminateProcess
RtlUnhandledExceptionFilter

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ulib

?IsGuidVolName@PATH@@QEAAEXZ
?AppendString@PATH@@QEAAEPEBVWSTRING@@@Z
?IsDrive@PATH@@QEBAEXZ
??1PATH@@UEAA@XZ
Get_Standard_Input_Stream
??0PATH@@QEAA@XZ
?MakeFileToken@MESSAGE@@SA_KPEBD@Z
?QueryPackedLog@MESSAGE@@QEAAEPEAVHMEM@@PEAK@Z
?Log@MESSAGE@@QEAAEPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@KPEBDZZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Resize@HMEM@@QEAAEKK@Z
?Initialize@HMEM@@QEAAEXZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0HMEM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0CHKDSK_MESSAGE@@QEAA@XZ
?DisplayMsg@MESSAGE@@QEAAEK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
??1STRING_ARGUMENT@@UEAA@XZ
??1CHKDSK_MESSAGE@@UEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?Initialize@CHKDSK_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Set@CHKDSK_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?QueryNextLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEAXPEBVWSTRING@@@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??0PATH_ARGUMENT@@QEAA@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??1HMEM@@UEAA@XZ
?SqmExportOnError@SQMEXPORT@@SAXKKEE_KU_GUID@@@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z

ifsutil

?GetSnapshotErrorMessage@SNAPSHOT@@SAEJPEAVWSTRING@@@Z
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryVolumeSize@IFS_SYSTEM@@SAEPEBVWSTRING@@PEA_K@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?GetSnapshotNtDeviceName@SNAPSHOT@@QEAAPEAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QEAAEPEAVWSTRING@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SAJPEAVWSTRING@@PEAPEAV1@@Z
?ReleaseVolumeSnapshot@SNAPSHOT@@SAEPEAV1@@Z
?IsFatalError@SNAPSHOT@@SAEJ@Z
?QueryID@DP_DRIVE@@QEAAEPEAU_GUID@@PEBVWSTRING@@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chkntfs.exe
.exe windows:10 windows x64 arch:x64

d41bf2f313e9ee8cbb20ef9ad2025250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

chkntfs.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
exit

ulib

?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??0PATH@@QEAA@XZ
??1PATH@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z

ifsutil

??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?IsFrontEndPresent@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@E@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@00@Z
?PushEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
??0MOUNT_POINT_MAP@@QEAA@XZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryIsSystemUEFI@IFS_SYSTEM@@SAEXZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
??0MOUNT_POINT_TUPLE@@QEAA@XZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1MOUNT_POINT_MAP@@UEAA@XZ
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SAEK@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SAEPEAK@Z

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
Sleep
HeapSetInformation
GetLastError
GetVersionExW
SetErrorMode
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

user32

ExitWindowsEx

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
choice.exe
.exe windows:10 windows x64 arch:x64

ff7589a0ec4eb53bb14d713605ab2eb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

choice.pdb

Imports

kernel32

ReadFile
SetConsoleCtrlHandler
SetLastError
GetStdHandle
SetConsoleMode
WaitForSingleObject
GetConsoleMode
GetLastError
ReadConsoleW
HeapSetInformation
FlushConsoleInputBuffer
PeekConsoleInputW
Beep
GetFileType
GetTickCount
GetCurrentProcess
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
SetThreadUILanguage
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetModuleHandleW
TerminateProcess

msvcrt

fflush
fprintf
_get_osfhandle
_fileno
wcstoul
wcstod
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr
_errno
wcstol
_vsnwprintf
exit
__iob_func
_memicmp
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

CharUpperBuffW
LoadStringW
CharNextW
CharUpperW

ws2_32

WSACleanup

shlwapi

StrChrW

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cipher.exe
.exe windows:10 windows x64 arch:x64

fe142a8422afb09c003cf4a177e3972a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cipher.pdb

Imports

advapi32

EncryptFileW
CryptReleaseContext
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
RemoveUsersFromEncryptedFile
RegOpenKeyExW
QueryUsersOnEncryptedFile
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
ConvertStringSidToSidW
QueryRecoveryAgentsOnEncryptedFile
EncryptedFileKeyInfo
FlushEfsCache
FreeEncryptionCertificateHashList
EqualSid
CryptAcquireContextW
RegCloseKey
SetUserFileEncryptionKey
FreeEncryptedFileKeyInfo
DecryptFileW
CryptGetUserKey
CryptDestroyKey

kernel32

SetLastError
VirtualFree
GetFullPathNameW
FindNextFileW
GetDiskFreeSpaceW
SetConsoleMode
DeviceIoControl
VirtualAlloc
GetProcessHeap
SetErrorMode
SetFilePointer
SetEndOfFile
FindClose
GetVolumePathNameW
CreateFileW
GetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
ReadConsoleW
CloseHandle
HeapSetInformation
FindFirstFileW
SetCurrentDirectoryW
VerSetConditionMask
GetComputerNameW
FindVolumeClose
VerifyVersionInfoW
GetTempFileNameW
FindNextVolumeW
lstrcmpW
GetDriveTypeW
FlushFileBuffers
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
ResolveDelayLoadedAPI
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetVolumeInformationW
QueryDosDeviceW
CreateDirectoryW
FindFirstVolumeW
GetFileType
WideCharToMultiByte
GetCurrentDirectoryW
GetModuleHandleW
LocalFree
GetProcAddress
WriteConsoleW
HeapAlloc
GetLastError
FormatMessageW
GetConsoleMode
WriteFile
GetStdHandle
lstrlenW
HeapFree
RemoveDirectoryW
DelayLoadFailureHook

msvcrt

_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
strcmp
memset
memcpy
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towupper
_wcsnicmp
_putws
getchar
printf
fgetws
wcschr
_get_osfhandle
_vsnwprintf
__iob_func
_wcsicmp
wcscmp

ntdll

RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
RtlVirtualUnwind

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

user32

MessageBoxW

ntdsapi

DsUnBindW
DsBindW
DsCrackNamesW
DsFreeNameResultW

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CryptQueryObject
CertCloseStore
PFXExportCertStoreEx
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
CertGetCertificateContextProperty
CryptBinaryToStringW

bcrypt

BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt

efsutil

EfsUtilGetSmartcardProviderName
EfsUtilCreateSelfSignedCertificate
EfsUtilGetCurrentUserInformation

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cleanmgr.exe
.exe windows:10 windows x64 arch:x64

ea41beff168cae33c5af261bc77e40b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cleanmgr.pdb

Imports

gdi32

GetLayout
ExtTextOutW
SetBkMode
SetTextColor
SetBkColor
GetTextExtentPoint32W

user32

GetSysColor
SetFocus
EndDialog
DialogBoxParamW
DestroyWindow
CreateDialogParamW
IsDialogMessageW
DestroyIcon
LoadIconW
GetWindowLongPtrW
EnableWindow
GetWindowLongW
GetSystemMetrics
GetClientRect
SetDlgItemTextW
GetParent
SendDlgItemMessageW
SetWindowLongPtrW
GetDlgItem
SendMessageW
SetForegroundWindow
GetWindowTextW
MessageBoxW
LoadStringW
PostMessageW
EnumWindows
DrawFocusRect
GetMessageW
DrawIconEx
ShowWindow
TranslateMessage
DispatchMessageW

msvcrt

_i64toa_s
memcpy_s
_vsnwprintf
memset
sqrt
_wcsicmp
toupper
__C_specific_handler
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
wcscmp
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

comctl32

ImageList_Create
PropertySheetW
CreatePropertySheetPageW
ord345
ord17
ImageList_ReplaceIcon

shell32

ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ord680

shlwapi

SHDeleteKeyW
ord487
StrFormatByteSizeW
ord271
StrCmpNW
StrCmpW
StrToIntW
StrStrIW
PathStripToRootW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
SetEvent
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventUnregister
EventRegister

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoUninitialize

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
CheckTokenMembership

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount64
GetWindowsDirectoryW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDriveTypeW
GetVolumeInformationW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

oleaut32

VariantInit
SysStringLen
VariantClear

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

CheckElevationEnabled
GetStartupInfoA
MulDiv
lstrlenW

ntdll

RtlNtStatusToDosError
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken

ole32

CoInitialize

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cliconfg.exe
.exe windows:10 windows x64 arch:x64

e0a4a433a88e43cfe20831b905227e5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cliconfg.pdb

Imports

kernel32

FormatMessageW
GetLastError
GetProcAddress
LoadLibraryExW
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

user32

LoadIconW
TranslateMessage
RegisterClassW
DispatchMessageW
ShowWindow
CreateWindowExW
SetWindowLongPtrW
MessageBoxW
PostMessageW
DefWindowProcW
GetMessageW
PostQuitMessage
LoadCursorW

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_commode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_ismbblead

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clip.exe
.exe windows:10 windows x64 arch:x64

ffedf33a1af6412e26f1f659c12d5ff7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

clip.pdb

Imports

advapi32

IsTextUnicode

kernel32

HeapSetInformation
SetLastError
GetStdHandle
GetFileType
MultiByteToWideChar
GetConsoleOutputCP
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
GetLastError
ReadFile
UnhandledExceptionFilter
GetModuleFileNameW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
GetConsoleMode
WideCharToMultiByte
FindStringOrdinal
LocalFree
FormatMessageW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
SetThreadUILanguage
GetCurrentProcess

msvcrt

memcpy
fflush
fprintf
_get_osfhandle
_fileno
wcstoul
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__iob_func
_memicmp
_vsnwprintf
_errno
wcstod
wcstol
memset

ntdll

RtlVirtualUnwind
VerSetConditionMask
RtlVerifyVersionInfo
RtlLookupFunctionEntry
RtlCaptureContext

user32

LoadStringW
OpenClipboard
EmptyClipboard
CharUpperW
SetClipboardData
CloseClipboard

ws2_32

WSACleanup

version

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

shlwapi

StrChrW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmd.exe
.exe windows:10 windows x64 arch:x64

d73e39dab3c8b57aa408073d01254964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmd.pdb

Imports

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
memset
wcsspn

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__get_osfhandle
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__open_osfhandle
_o__pclose
_o__pipe
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__tell
_o__ultoa
_o__ultoa_s
__intrinsic_setjmp
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wcsupr
_o__wpopen
_o__wtol
_o_calloc
_o_exit
_o_feof
_o_ferror
_o_fflush
_o_fgets
_o_free
_o_iswalpha
_o_iswdigit
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_rand
_o_realloc
_o_setlocale
_o_srand
_o_terminate
_o_towlower
_o_towupper
_o_wcstol
_o_wcstoul
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__dup2
_o__dup
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__close
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcsrchr
wcschr
longjmp
__C_specific_handler
_local_unwind
memcmp
memcpy
memmove

ntdll

RtlCreateUnicodeStringFromAsciiz
RtlDosPathNameToNtPathName_U
NtOpenProcessToken
NtQueryInformationToken
NtCancelSynchronousIoFile
NtOpenThreadToken
RtlNtStatusToDosError
NtQueryInformationProcess
NtFsControlFile
NtSetInformationProcess
RtlFreeHeap
NtQueryVolumeInformationFile
NtSetInformationFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenFile
RtlReleaseRelativeName
RtlFreeUnicodeString
NtClose
RtlFindLeastSignificantBit

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSection
TryAcquireSRWLockExclusive
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
GetCurrentProcessId
GetStartupInfoW
CreateProcessAsUserW
CreateProcessW
UpdateProcThreadAttribute
GetCurrentProcess
ResumeThread
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
InitializeProcThreadAttributeList
OpenThread

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetCPInfo
GetThreadLocale
GetLocaleInfoW
GetACP
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualAlloc
ReadProcessMemory
VirtualQuery
VirtualFree

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
ReadConsoleW
WriteConsoleW
SetConsoleMode

api-ms-win-core-file-l1-1-0

FindNextFileW
SetFileTime
DeleteFileW
CreateFileW
SetFileAttributesW
GetFileSize
CreateDirectoryW
FindClose
FindFirstFileW
GetFullPathNameW
ReadFile
FlushFileBuffers
SetFilePointer
RemoveDirectoryW
CompareFileTime
FindFirstFileExW
GetVolumePathNameW
SetEndOfFile
GetFileAttributesW
GetFileAttributesExW
GetDriveTypeW
GetFileType
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetVolumeInformationW
WriteFile
SetFilePointerEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetCommandLineW
SetEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-console-l2-1-0

FlushConsoleInputBuffer
SetConsoleCursorPosition
ScrollConsoleScreenBufferW
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetFileSecurityW
GetSecurityDescriptorOwner

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersion
SetLocalTime
GetLocalTime
GetSystemTime
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MoveFileExW
MoveFileWithProgressW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-misc-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdkey.exe
.exe windows:10 windows x64 arch:x64

03ad7a1af78bf7a500fb199cabe4c34a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmdkey.pdb

Imports

msvcrt

__C_specific_handler
_resetstkoflw
malloc
?terminate@@YAXXZ
_commode
_fmode
free
_wcsicmp
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memset

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-security-credentials-l1-1-0

CredWriteW
CredFree
CredGetSessionTypes
CredIsMarshaledCredentialW
CredEnumerateW
CredUnmarshalCredentialW
CredDeleteW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-file-l1-1-0

WriteFile
GetFileType

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmdl32.exe
.exe windows:10 windows x64 arch:x64

056f4ad9405ed9764a5eed3ad07a7804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmdl32.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

GetTempPath2A
GetLastError
CreateFileA
CloseHandle
SetFileAttributesA
lstrcmpiA
GetTempFileNameA
DosDateTimeToFileTime
FindFirstFileA
lstrlenW
LoadLibraryExA
FindNextFileA
FindClose
WaitForSingleObject
lstrcmpA
GetModuleHandleA
SetCurrentDirectoryA
GetCommandLineA
Sleep
CopyFileA
ConvertDefaultLocale
SetEvent
GetVersionExA
DeleteFileA
GetSystemInfo
WritePrivateProfileStringA
ReadFile
GetProcAddress
lstrlenA
GetCurrentProcessId
FreeLibrary
CreateEventA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTickCount
FlushFileBuffers
GetPrivateProfileSectionA
GlobalFree
CreateMutexA
ReleaseMutex
GetFileSize
CreateDirectoryA
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
WriteFile
RemoveDirectoryA
SetLastError
CreateThread
GetProcessHeap

user32

EnableMenuItem
KillTimer
GetWindowLongPtrA
SystemParametersInfoA
GetWindowRect
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
MoveWindow
SetWindowLongPtrA
GetDlgItemTextA
RegisterWindowMessageA
GetClassInfoExA
PostMessageA
EndDialog
CharNextA
GetSystemMetrics
DialogBoxParamA
ShowWindow
RegisterClassExA
SetWindowTextA

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnprintf
_cexit
memset

cmpbk32

PhoneBookMergeChanges
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookUnload
PhoneBookParseInfoA

cmutil

CmFmtMsgA
CmLoadSmallIconA
CmCompareStringA
IsLogonAsSystem
CmStrCpyAllocW
?SetParams@CmLogFile@@QEAAJHKPEBD@Z
CmStrrchrA
?Stop@CmLogFile@@QEAAJXZ
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmBuildFullPathFromRelativeA
CmRealloc
CmFree
CmStrchrA
CmStrCpyAllocA
CmMalloc
WzToSzWithAlloc
SzToWzWithAlloc
CmLoadIconA
??0CmLogFile@@QEAA@XZ
??1CmLogFile@@QEAA@XZ
?Start@CmLogFile@@QEAAJH@Z
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBD@Z
?DeInit@CmLogFile@@QEAAJXZ

comctl32

ord17

cabinet

ord20
ord23
ord22
ord21

rasapi32

RasEnumConnectionsA

winhttp

WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpQueryHeaders
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmmon32.exe
.exe windows:10 windows x64 arch:x64

99ee87fb928dfe3dea854430cda54850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmmon32.pdb

Imports

kernel32

FreeLibrary
SetProcessWorkingSetSize
lstrcmpiW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
LoadLibraryExA
OpenEventW
GetModuleHandleA
SetEvent
GetCurrentProcessId
lstrlenA
Sleep
GetLocaleInfoW
GetNumberFormatW
MapViewOfFile
GetProcAddress
GetProcessHeap
UnmapViewOfFile
OpenFileMappingW
WaitForSingleObject
WideCharToMultiByte
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
CreateThread
CloseHandle
GetLastError
CreateEventW
OpenProcess
GetCurrentThreadId
lstrlenW
lstrcmpW

gdi32

DeleteObject

user32

CreateWindowExW
PostMessageW
DefWindowProcW
SendDlgItemMessageW
SetDlgItemTextW
RegisterWindowMessageW
GetDlgItem
SetWindowTextW
SetWindowLongPtrW
RegisterClassExW
EnableWindow
SetForegroundWindow
SystemParametersInfoW
PostThreadMessageW
TranslateMessage
GetThreadDesktop
PeekMessageW
IsDialogMessageW
DispatchMessageW
IsWindow
ShowWindow
MsgWaitForMultipleObjects
SendMessageW
SetWindowPos
IsWindowVisible
DestroyWindow
GetWindowRect
GetLastActivePopup
GetMessageW
CreateDialogParamW
GetProcessWindowStation
GetWindowLongPtrW
PostQuitMessage
GetUserObjectInformationW

msvcrt

memmove
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_exit
_vsnprintf
memcpy
memset

cmutil

?SetParams@CmLogFile@@QEAAJHKPEBG@Z
?Init@CmLogFile@@QEAAJPEAUHINSTANCE__@@HPEBG@Z
??1CmLogFile@@QEAA@XZ
??0CmLogFile@@QEAA@XZ
?GPPB@CIniW@@QEBAHPEBG0H@Z
?GPPI@CIniW@@QEBAKPEBG0K@Z
?GPPS@CIniW@@QEBAPEAGPEBG00@Z
?GetPrimaryRegPath@CIniW@@QEBAPEBGXZ
?GetFile@CIniW@@QEBAPEBGXZ
?SetPrimaryRegPath@CIniW@@QEAAXPEBG@Z
?SetPrimaryFile@CIniW@@QEAAXPEBG@Z
?SetFile@CIniW@@QEAAXPEBG@Z
?SetHInst@CIniW@@QEAAXPEAUHINSTANCE__@@@Z
?Clear@CIniW@@QEAAXXZ
??1CIniW@@QEAA@XZ
??0CIniW@@QEAA@PEAUHINSTANCE__@@PEBG111@Z
IsLogonAsSystem
CmLoadSmallIconW
CmStrCpyAllocW
CmBuildFullPathFromRelativeW
CmFmtMsgW
CmLoadStringW
ReleaseBold
MakeBold
CmIsDigitW
CmAtolW
?Stop@CmLogFile@@QEAAJXZ
?DeInit@CmLogFile@@QEAAJXZ
?Log@CmLogFile@@QEAAXW4_CMLOG_ITEM@@ZZ
CmFree
CmMalloc
?Start@CmLogFile@@QEAAJH@Z
CmLoadIconW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cmstp.exe
.exe windows:10 windows x64 arch:x64

109ba8ed3c458360a74ea1216207ca09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cmstp.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyW
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
AdjustTokenPrivileges
InitiateSystemShutdownW
LookupPrivilegeValueW
RegEnumValueW

kernel32

FreeLibrary
LoadLibraryExW
FindFirstFileW
WritePrivateProfileStringW
CompareStringW
FindNextFileW
GetCurrentProcess
lstrlenW
GetPrivateProfileIntW
GetPrivateProfileSectionW
FindClose
CreateFileW
SetFileAttributesW
GetLastError
CloseHandle
GetWindowsDirectoryW
WritePrivateProfileSectionW
GetCurrentProcessId
lstrcmpW
ExpandEnvironmentStringsW
LoadLibraryExA
lstrlenA
GetSystemDirectoryW
GetModuleHandleA
GetWindowsDirectoryA
LocalFree
CopyFileW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetProcessHeap
HeapAlloc
HeapFree
GetSystemInfo
GetVersionExW
SetCurrentDirectoryW
CreateDirectoryW
WideCharToMultiByte
LocalAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetFileType
RtlCaptureContext
GetStartupInfoW
Sleep
GetProcAddress
GetCurrentDirectoryW
GetPrivateProfileStringW
GetCommandLineW
GetModuleHandleW
lstrcmpiW

user32

GetDlgItemTextW
IsWindow
SetWindowTextW
EndDialog
CheckRadioButton
LoadStringW
MessageBoxW
CharPrevW
MessageBoxExW
IsDlgButtonChecked
SetFocus
GetDlgItem
CheckDlgButton
DialogBoxParamW
CharNextW

msvcrt

_exit
_amsg_exit
_vsnwprintf
__set_app_type
exit
_cexit
__C_specific_handler
_ismbblead
__setusermatherr
_initterm
_vsnprintf
__getmainargs
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_XcptFilter
wcscmp

cmutil

CmFree
WzToSzWithAlloc
GetOSVersion
GetOSMajorVersion
SzToWzWithAlloc
CmRealloc
CmMalloc

ole32

CoInitialize
CoUninitialize

shell32

SHGetDesktopFolder
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetFolderPathW
SHGetMalloc
SHChangeNotify

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cofire.exe
.exe windows:10 windows x64 arch:x64

49c319693a3f09328afcb91c7f2e2cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cofire.pdb

Imports

advapi32

EventUnregister
EventRegister
EventWrite
CheckTokenMembership
FreeSid
OpenProcessToken
AllocateAndInitializeSid
InitiateShutdownW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetLastError
HeapSetInformation
RegisterApplicationRestart
FindFirstFileW
HeapFree
CreateMutexW
FindClose
OpenProcess
FileTimeToSystemTime
CloseHandle
HeapAlloc
GetTimeFormatW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetSystemTimeAsFileTime
GetDateFormatW
Sleep
SetUnhandledExceptionFilter
WaitForSingleObject
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetThreadLocale

msvcrt

_vsnprintf
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
__C_specific_handler
?terminate@@YAXXZ
_fmode
_commode
exit
_initterm
__setusermatherr
_XcptFilter
memset

ntdll

WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrintEx

wdi

WdiResolve
WdiGetResult
WdiGetParameterByName
WdiGetParameterDataLength
WdiCreateInstance
WdiGetParameterData
WdiAddParameter
WdiDiagnose
WdiCloseInstance

comctl32

ord345

user32

LoadStringW
MessageBoxW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
colorcpl.exe
.exe windows:10 windows x64 arch:x64

bf699192bc903253be75cbd63776138c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

colorcpl.pdb

Imports

kernel32

HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

colorui

LaunchColorCpl

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comp.exe
.exe windows:10 windows x64 arch:x64

a0490e6736bafc5ba5569d1b32266468

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

comp.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
towupper
_wcsicmp
__C_specific_handler

ulib

?IsValueSet@ARGUMENT@@QEAAEXZ
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?QueryResourceString@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDZZ
?QueryFsnodeArray@FSN_DIRECTORY@@QEBAPEAVARRAY@@PEAVFSN_FILTER@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
??0STREAM_MESSAGE@@QEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?IsCorrectVersion@SYSTEM@@SAEXZ
?SetName@PATH@@QEAAEPEBVWSTRING@@@Z
?QueryWCExpansion@PATH@@QEAAPEAV1@PEAV1@@Z
?QueryFullPathString@PATH@@QEBAPEAVWSTRING@@XZ
?QueryFullPath@PATH@@QEBAPEAV1@XZ
?IsDrive@PATH@@QEBAEXZ
?HasWildCard@PATH@@QEBAEXZ
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??1FSN_FILTER@@UEAA@XZ
??0FSN_FILTER@@QEAA@XZ
?FillAndReadByte@BYTE_STREAM@@AEAAEPEAE@Z
?Initialize@BYTE_STREAM@@QEAAEPEAVSTREAM@@K@Z
??1BYTE_STREAM@@UEAA@XZ
??0BYTE_STREAM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?QueryNumber@WSTRING@@QEBAEPEAJKK@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Strcspn@WSTRING@@QEBAKPEBV1@K@Z
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?TruncateBase@PATH@@QEAAEXZ
Get_Standard_Error_Stream
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetFileAttributesW
HeapSetInformation
IsDBCSLeadByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
compact.exe
.exe windows:10 windows x64 arch:x64

a3a16123a174639264764355d4a40ced

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

compact.pdb

Imports

kernel32

GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
GetLocaleInfoW
GetConsoleMode
FormatMessageW
WriteConsoleW
WideCharToMultiByte
GetFileType
GetFullPathNameW
GetLastError
HeapSetInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetThreadPreferredUILanguages
GetSystemTimeAsFileTime
Sleep
PowerCreateRequest
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
RtlLookupFunctionEntry
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetTickCount

ntdll

RtlDecompressBufferEx
RtlCompressBuffer
RtlAcquirePrivilege
NtPowerInformation
RtlFreeHeap
RtlGetNtProductType
NtSetInformationThread
RtlRandom
RtlAllocateHeap
RtlGetCompressionWorkSpaceSize
RtlNtStatusToDosError
NtQueryVolumeInformationFile

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesW
GetVolumePathNameW
FindNextFileW
FindClose
FindFirstFileW

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegUnLoadKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegLoadKeyW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenThreadToken
GetCurrentThread
GetCurrentProcess
OpenProcessToken

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

api-ms-win-security-base-l1-1-0

RevertToSelf
AdjustTokenPrivileges
ImpersonateLoggedOnUser
PrivilegeCheck

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncmp
swprintf_s
memcpy_s
_wcsnicmp
_wcsicmp
wcschr
wcscat_s
wcscpy_s
_get_osfhandle
exit
?terminate@@YAXXZ
__setusermatherr
_commode
_fmode
_initterm
__C_specific_handler
_cexit
printf
memcpy
_exit
memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
conhost.exe
.exe windows:10 windows x64 arch:x64

8bae99e04ca5a443cf138dc9f6cdd0c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

conhost.pdb

Imports

msvcp_win

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Query_perf_counter
_Query_perf_frequency
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QEBAHXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?setf@ios_base@std@@QEAAHH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_exit
_o_free
_o_iswdigit
_o_iswspace
_o_lround
_o_malloc
_o_strcpy_s
_o_terminate
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcschr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
LoadLibraryExW
LockResource
GetModuleHandleW
LoadResource
FindResourceExW
LoadStringW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
CreateEventW
ResetEvent
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseMutex
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

DeleteProcThreadAttributeList
CreateThread
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetProcessTimes
CreateProcessW
OpenProcessToken
GetCurrentProcessId
ProcessIdToSessionId
ExitThread
SetProcessShutdownParameters
GetCurrentThreadId
GetCurrentThread
InitializeProcThreadAttributeList
ExitProcess

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
IsValidCodePage
GetOEMCP
GetACP

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
WakeByAddressAll
InitOnceBeginInitialize
Sleep
SignalObjectAndWait

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineW
SearchPathW

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegOpenKeyExW
RegOpenCurrentUser
RegGetValueW
RegQueryValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathIsSameRootW
PathFindFileNameW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

ntdll

NtAlpcSendWaitReceivePort
NtAlpcQueryInformationMessage
AlpcGetMessageAttribute
RtlFreeHeap
CsrClientCallServer
NtAlpcConnectPort
AlpcInitializeMessageAttribute
NtQueryVolumeInformationFile
RtlQueryPackageClaims
RtlAllocateHeap

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetTokenInformation
GetSidSubAuthorityCount

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-namedpipe-l1-1-0

CreatePipe

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-util-l1-1-0

Beep

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-path-l1-1-0

PathCchRemoveExtension

api-ms-win-shell-shellcom-l1-1-0

SHCoCreateInstance

Sections

.text
Size: 724KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
consent.exe
.exe windows:10 windows x64 arch:x64

5d0c875dbd930a73d5a983016e384930

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:77:11:9c:de:59:c6:25:07:9a:2b:bc:d8:3e:12:b7:11:a0:c9:8c:8d:3b:3c:81:55:34:cc:e6:fa:15:c7:0c
Signer

Actual PE Digest

85:77:11:9c:de:59:c6:25:07:9a:2b:bc:d8:3e:12:b7:11:a0:c9:8c:8d:3b:3c:81:55:34:cc:e6:fa:15:c7:0c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

consent.pdb

Imports

gdi32

CreateCompatibleDC
BitBlt
DeleteObject
SelectObject
CreateDIBSection
PatBlt
GetLayout
GetStockObject
DeleteDC
SetDCBrushColor
CreateCompatibleBitmap

user32

ShowWindow
GetThreadDesktop
SetThreadDesktop
GetShellWindow
UnregisterClassW
CreateWindowExW
FillRect
GetPropW
SetDisplayAutoRotationPreferences
GetDC
DestroyWindow
SendMessageTimeoutW
GetWindowRect
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
SendMessageW
EndPaint
LoadStringW
BeginPaint
DispatchMessageW
ReleaseDC
RegisterClassW
LoadIconW
CloseDesktop
PostThreadMessageW
ord2513
GetWindowBand
ord2574
GetAncestor
GetParent
DestroyIcon
OpenDesktopW
GetDesktopWindow
GetForegroundWindow
OpenInputDesktop
SetPropW
TranslateMessage
LoadCursorW
GetWindowDC
GetUserObjectInformationW
FlashWindowEx
SetWindowLongW
PostQuitMessage
GetSystemMetrics

msvcrt

memcmp
memcpy_s
__CxxFrameHandler3
??1type_info@@UEAA@XZ
memcpy
_onexit
__dllonexit
_unlock
_purecall
??1exception@@UEAA@XZ
__CxxFrameHandler4
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_CxxThrowException
?terminate@@YAXXZ
_callnewh
malloc
_vsnprintf_s
wcsrchr
wcsncpy_s
_wtoi
_errno
_wtol
memmove_s
swscanf_s
wcschr
__C_specific_handler
_wcsicmp
free
_XcptFilter
memset
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_lock
_commode
_fmode
_acmdln
_initterm

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindResourceExW
GetModuleHandleExW
GetProcAddress
LockResource
GetModuleHandleA
LoadLibraryExW
LoadResource
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseMutex
DeleteCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
ReleaseSemaphore
CreateEventW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoTaskMemFree
StringFromGUID2
CoCancelCall
CoEnableCallCancellation
CoInitializeEx
CoDisableCallCancellation

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
ResumeThread
CreateThread
TerminateProcess
GetExitCodeThread
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
QueueUserAPC
TerminateThread
GetPriorityClass
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

SetProcessPreferredUILanguages
GetLocaleInfoW
GetUserPreferredUILanguages
FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
RevertToSelf
GetSidSubAuthorityCount
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSid
GetSidLengthRequired
GetSidSubAuthority

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegCloseKey
RegGetValueW

sspicli

LsaLogonUser
LsaDeregisterLogonProcess
LsaRegisterLogonProcess
SeciAllocateAndSetCallFlags
LogonUserExExW
SeciAllocateAndSetIPAddress
LsaFreeReturnBuffer
SeciFreeCallContext
GetUserNameExW
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage

samcli

NetLocalGroupAddMembers
NetUserGetInfo
NetUserAdd

netutils

NetApiBufferFree

crypt32

CertFreeCertificateContext

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

GetFileType
CreateFileW
GetDriveTypeW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

userenv

LoadUserProfileW
UnloadUserProfile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

wmsgapi

WmsgSendMessage

ntdll

EtwEventWrite
NtQueryVolumeInformationFile
EtwEventUnregister
NtWriteVirtualMemory
EtwSendNotification
EtwUnregisterTraceGuids
NtDuplicateObject
NtReadVirtualMemory
EtwGetTraceEnableFlags
NtOpenProcess
RtlAllocateHeap
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwEventRegister
RtlLengthSid
RtlNtStatusToDosError
RtlFreeHeap
RtlInitString
RtlAdjustPrivilege
NtClose
RtlLengthRequiredSid
NtQueryInformationToken
RtlSubAuthoritySid
NtDuplicateToken
RtlInitializeSid
NtAllocateLocallyUniqueId
RtlNtStatusToDosErrorNoTeb
EtwTraceMessage
EtwRegisterTraceGuidsW
RtlEqualSid

amsi

AmsiUninitialize
AmsiUacInitialize
AmsiUacScan

comctl32

ord345

msctfmonitor

UninitLocalMsCtfMonitor

msimg32

AlphaBlend

winsta

WinStationQueryInformationW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

consent
Size: 4KB - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
control.exe
.exe windows:10 windows x64 arch:x64

8da21f5ac3ed3474562a273f937bbf3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

control.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegEnumValueW

kernel32

GetStartupInfoW
GetCommandLineW
lstrlenW
ExpandEnvironmentStringsW
HeapSetInformation
GetModuleHandleW

user32

AllowSetForegroundWindow

msvcrt

_ismbblead
__setusermatherr
_initterm
_vsnwprintf
exit
_exit
_XcptFilter
_amsg_exit
__getmainargs
__C_specific_handler
_cexit
?terminate@@YAXXZ
_commode
__set_app_type
_fmode
_acmdln
memset

shlwapi

ord437
ord158
StrTrimW
ord154

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

shell32

ShellExecuteExW

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
convert.exe
.exe windows:10 windows x64 arch:x64

fdaa0fb05267a94298dc4e75a02b82e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

convert.pdb

Imports

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
SetErrorMode
Sleep
SetUnhandledExceptionFilter
CompareStringW
GetModuleHandleW

ulib

?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?QueryWindowsErrorMessage@SYSTEM@@SAEKPEAVWSTRING@@@Z
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
??0PATH@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0DSTRING@@QEAA@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0PROGRAM@@IEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
?QuerySystemDirectory@SYSTEM@@SAPEAVPATH@@XZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryVolumeLabel@SYSTEM@@SAPEAVWSTRING@@PEAVPATH@@PEAU_VOL_SERIAL_NUMBER@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??1DSTRING@@UEAA@XZ
?IsGuidVolName@PATH@@QEAAEXZ

ifsutil

?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?GenerateLabelNotification@SUPERAREA@@SAJPEBVWSTRING@@PEAV2@PEAU_FILE_FS_SIZE_INFORMATION@@PEAU_FILE_FS_VOLUME_INFORMATION@@@Z
?IsArcSystemPartition@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAE@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z

ntdll

NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlUnhandledExceptionFilter

scecli

SceConfigureConvertedFileSecurity

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__setusermatherr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
convertvhd.exe
.exe windows:10 windows x64 arch:x64

b63b40f99153f5d7e1c762eb815e48a1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-11-2023 19:20

Not After

14-11-2024 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:71:3d:a6:1d:1e:ca:02:bc:28:b5:35:2f:b8:1b:be:0f:75:78:3f:d7:88:14:42:7e:4b:d8:f7:ce:b5:ca:34
Signer

Actual PE Digest

db:71:3d:a6:1d:1e:ca:02:bc:28:b5:35:2f:b8:1b:be:0f:75:78:3f:d7:88:14:42:7e:4b:d8:f7:ce:b5:ca:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ConvertVhd.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memmove
_o__wcsicmp
_o_exit
_o_qsort
_o_terminate
_o_wcstoull
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___p___wargv
_o__callnewh
_o___p___argc
_o__crt_atexit
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o__configthreadlocale
_o___acrt_iob_func
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
__C_specific_handler
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
memcmp
memcpy
_o___p__commode

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSemaphore
DeleteCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
InitializeSRWLock
LeaveCriticalSection
CreateEventW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
WakeAllConditionVariable

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
FlushFileBuffers
WriteFile
WriteFileGather
CreateFileW
SetFileInformationByHandle
ReadFileScatter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventEnabled
EventSetInformation
EventRegister
EventWrite

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent
SetProcessMitigationPolicy
GetProcessMitigationPolicy

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
CreateThreadpoolTimer
CloseThreadpoolWork
CancelThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolIo
SubmitThreadpoolWork
SetThreadpoolTimer
StartThreadpoolIo
CreateThreadpoolWork

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitializeBitMap
RtlGetVersion
RtlFindSetBits
RtlAreBitsClear
RtlWriteNonVolatileMemory
RtlFlushNonVolatileMemory
RtlRandomEx
RtlSetBits
RtlClearBits
RtlFindLastBackwardRunClear
RtlAreBitsSet
RtlSetAllBits
RtlClearAllBits

api-ms-win-core-processtopology-obsolete-l1-1-0

GetActiveProcessorCount

api-ms-win-core-io-l1-1-0

GetOverlappedResult

rpcrt4

UuidCreate

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coredpussvr.exe
.exe windows:10 windows x64 arch:x64

b9aaf86f95efce460f0c2cf04200a652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

coredpussvr.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoUninitialize
CoRevokeClassObject
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoRegisterClassObject
CoReleaseServerProcess

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

combase

ord69

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
credwiz.exe
.exe windows:10 windows x64 arch:x64

e80772fea0650454a7ed9f9f4597b0d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

credwiz.pdb

Imports

advapi32

GetTokenInformation
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
CredBackupCredentials
CredRestoreCredentials
CredpEncodeSecret
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetOverlappedResult
LocalFree
SleepEx
GetTempFileNameW
GetTempPath2W
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GlobalFree
GetCurrentThreadId
ReleaseMutex
ReleaseSRWLockExclusive
HeapSetInformation
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeleteFileW
CreateThread
OutputDebugStringW
CloseHandle
GetModuleHandleA
SetEvent
GetLastError
FormatMessageW
CreateEventW
OpenProcess
DuplicateHandle
CreateFileW
LocalAlloc
WaitForMultipleObjects
WriteFile
GetCommandLineW
SetLastError
GetFileSizeEx
CancelIo
ReadFile
WaitForSingleObject

gdi32

CreateFontIndirectW
GetObjectW

user32

EnableWindow
GetParent
GetDlgItem
SetFocus
SendDlgItemMessageW
GetDlgItemTextW
ShowWindow
LoadStringW
GetWindowLongPtrW
SetWindowTextW
SendMessageW
SetWindowLongPtrW
GetMessageW
CheckRadioButton
PostMessageW
PostThreadMessageW
TranslateMessage
DispatchMessageW

msvcrt

_amsg_exit
__getmainargs
__set_app_type
memmove_s
_purecall
??3@YAXPEAX@Z
memcpy_s
wcsncmp
swscanf
__C_specific_handler
_XcptFilter
_exit
_initterm
_cexit
__CxxFrameHandler4
_ismbblead
__setusermatherr
memcmp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
exit
_vsnwprintf
memset

rpcrt4

RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
Ndr64AsyncClientCall
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcStringFreeW
I_RpcExceptionFilter
RpcBindingFree

crypt32

CryptProtectData
CryptUnprotectData

samcli

NetValidatePasswordPolicy

netutils

NetApiBufferFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtAdjustPrivilegesToken
TpWaitForWait
RtlNtStatusToDosError
TpAllocWait
NtPrivilegeCheck
NtClose
TpReleaseWait
TpSetWait
NtOpenProcessToken

comctl32

CreatePropertySheetPageW
PropertySheetW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

shell32

CommandLineToArgvW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cscript.exe
.exe windows:10 windows x64 arch:x64

b9e6820a671e967d1a371a5bcabc76b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cscript.pdb

Imports

msvcrt

free
_callnewh
memcpy
memmove_s
memcmp
_wcsicmp
wcsncmp
wcscpy_s
memcpy_s
_vsnwprintf
memmove
malloc
swprintf_s
sprintf_s
__C_specific_handler
_vsnprintf
_swab
strcpy_s
wcsrchr
_itow
_itow_s
wcscat_s
_wcsnicmp
memset

oleaut32

CreateErrorInfo
SetErrorInfo
SysFreeString
SysStringLen
LoadRegTypeLi
SafeArrayCopy
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayCreate
VariantClear
LoadTypeLi
SafeArrayGetElement
SysAllocStringLen
VariantChangeType
VariantCopy
VariantInit
SysAllocString

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
ReleaseSemaphore
WriteConsoleW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetLastError
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetPrivateProfileStringW
LocalAlloc
GetConsoleMode
WriteFile
LocalFree
GetPrivateProfileIntW
FormatMessageA
LoadLibraryExW
FindFirstFileW
FindFirstFileA
FindClose
GetFileAttributesW
GetACP
GetFileAttributesA
GetStdHandle
GetCPInfo
GetModuleFileNameA
GetPrivateProfileIntA
GetModuleFileNameW
HeapReAlloc
GetPrivateProfileStringA
InitializeCriticalSection
LoadLibraryW
CreateFileW
GetLocaleInfoA
GetLocaleInfoW
GetFullPathNameA
UnmapViewOfFile
FreeLibrary
GetFullPathNameW
CreateFileMappingA
GetFileSize
GetSystemDefaultUILanguage
MapViewOfFile
GetLocaleInfoEx
CreateFileMappingW
WideCharToMultiByte
GetUserDefaultUILanguage
GetVersionExW
LCIDToLocaleName
FlushFileBuffers
LoadResource
GetTempFileNameA
GetVersionExA
SearchPathW
GetSystemDirectoryA
CreateFileA
GetTempPath2A
RtlLookupFunctionEntry
LoadLibraryExA
FindResourceExW
GetUserDefaultLCID
CreateEventA
CreateThread
SetEvent

ole32

CLSIDFromProgID
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoRegisterMessageFilter
MkParseDisplayName
CoGetTreatAsClass
CreateFileMoniker
CreateBindCtx
CoUninitialize
CoInitialize
CoInitializeSecurity

advapi32

ReportEventW
IsTextUnicode
DeregisterEventSource
GetUserNameW
RegisterEventSourceW
LookupAccountNameW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegSetValueExW
ImpersonateLoggedOnUser
RegCreateKeyExW
RegCreateKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA

user32

PostQuitMessage
KillTimer
GetWindowLongPtrA
PeekMessageA
MsgWaitForMultipleObjectsEx
GetActiveWindow
EnumThreadWindows
GetMessageA
DispatchMessageA
SendMessageA
GetParent
PostMessageA
GetClassNameA
MsgWaitForMultipleObjects
LoadStringW
LoadStringA
GetClassInfoA
CreateWindowExA
SetTimer
CharNextA
TranslateMessage
IsWindowVisible
RegisterClassA
DefWindowProcA
SetWindowLongPtrA

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
csrss.exe
.sys windows:10 windows x64 arch:x64

a96fa9912e09e361274ad77f1a4b252c

Code Sign

33:00:00:03:72:31:35:9d:93:ab:3e:7b:1a:00:00:00:00:03:72
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-01-2022 19:31

Not After

26-01-2023 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:cb:25:83:78:17:f1:f6:8c:4a:25:38:d8:4b:5b:37:78:68:8b:aa:28:1d:4b:60:49:0e:82:0d:d1:e9:f9:ef
Signer

Actual PE Digest

05:cb:25:83:78:17:f1:f6:8c:4a:25:38:d8:4b:5b:37:78:68:8b:aa:28:1d:4b:60:49:0e:82:0d:d1:e9:f9:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace

csrsrv

CsrUnhandledExceptionFilter
CsrServerInitialization

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ctfmon.exe
.exe windows:10 windows x64 arch:x64

6fd43544fb51c12382cad7c88f550240

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ctfmon.pdb

Imports

kernel32

HeapSetInformation
GetStartupInfoW
WerSetFlags
GetCommandLineW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_fmode
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
?terminate@@YAXXZ
_commode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

msctfmonitor

DoMsCtfMonitor

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttune.exe
.exe windows:10 windows x64 arch:x64

28de9d4102f9fc7ea4cd73838208e26b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cttune.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWriteTransfer
EventRegister
EventUnregister
OpenProcessToken
GetTokenInformation
CreateWellKnownSid
CheckTokenMembership
RegCreateKeyExW
RegSetValueExW

kernel32

GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
CreateMutexW
GetLastError

gdi32

SetBkColor
Polyline
CreatePen
GetTextMetricsW
SetBkMode
SetStretchBltMode
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
CreateSolidBrush
PatBlt
CreateDIBSection
CreateCompatibleBitmap
StretchBlt

user32

FindWindowW
SetForegroundWindow
EndDialog
SetTimer
KillTimer
DialogBoxParamW
ShowWindow
EnableWindow
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetSysColor
DestroyWindow
CopyImage
CreateWindowExW
DrawTextW
GetFocus
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
GetWindowLongPtrW
RegisterClassExW
GetDC
LoadStringW
ReleaseDC
GetProcessDefaultLayout
GetSystemMetrics
GetWindowRect
PtInRect
SetWindowPos
SendMessageTimeoutW
SendDlgItemMessageW
MapDialogRect
GetClientRect
GetDlgItem
SetDlgItemTextW
SetWindowLongPtrW
PostMessageW
GetParent
SetWindowLongW
SetFocus
SystemParametersInfoW
MessageBoxW
SetWindowTextW
InvalidateRect
GetWindowLongW
DrawFocusRect
BeginPaint
FrameRect
GetSysColorBrush
EndPaint
SendMessageW
TrackMouseEvent
DefWindowProcW
LoadCursorW

msvcrt

memcmp
_initterm
_ismbblead
__setusermatherr
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_cexit
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
wcschr
realloc
free
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_purecall
_vsnwprintf
__C_specific_handler
_wtoi
memset

oleaut32

VariantClear
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
StringFromGUID2

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord381
PropertySheetW
InitCommonControlsEx

dwrite

DWriteCreateFactory

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoGetObject

oleacc

CreateStdAccessibleObject
LresultFromObject

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

uxtheme

IsThemeActive
DrawThemeParentBackground
OpenThemeData
GetThemeFont
GetThemeColor
GetThemeSysColor
CloseThemeData
GetThemeSysFont

shlwapi

ord628

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cttunesvr.exe
.exe windows:10 windows x64 arch:x64

63e0f36e5be79863e59c107043030e89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cttunesvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW

kernel32

FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
RaiseException
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
SetEvent
GetCurrentThreadId
Sleep
CreateEventW
CreateThread
CloseHandle
WaitForSingleObject
GetStartupInfoW
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

user32

GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
CharNextW
UnregisterClassA
PostThreadMessageW

msvcrt

__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_wcmdln
_callnewh
wcscat_s
wcscpy_s
_purecall
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
memcmp
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_initterm
_lock
realloc
_errno
_commode
_fmode
_XcptFilter
memset

ole32

CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoRegisterClassObject
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString
SysStringLen

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
curl.exe
.exe windows:6 windows x64 arch:x64

ffa8318f7e18c6edf2120c5324e45f9f

Code Sign

33:00:00:03:84:d9:68:7d:66:cc:75:4b:a1:00:00:00:00:03:84
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13-07-2023 23:45

Not After

15-09-2024 23:45

Subject

CN=Microsoft 3rd Party Application Component,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:1c:c3:5e:88:e8:a6:83:08:53:6b:31:95:34:44:4b:b6:18:0d:3c:2a:54:5e:53:37:70:32:66:9f:ba:0b:1b
Signer

Actual PE Digest

7d:1c:c3:5e:88:e8:a6:83:08:53:6b:31:95:34:44:4b:b6:18:0d:3c:2a:54:5e:53:37:70:32:66:9f:ba:0b:1b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\__w\1\s\_build\src\RelWithDebInfo\curl.pdb

Imports

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableA
SearchPathW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-console-l1-1-0

SetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleMode

api-ms-win-core-toolhelp-l1-1-0

Module32FirstW
Module32NextW
CreateToolhelp32Snapshot

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFileTime
CreateFileW
GetFileTime
SetEndOfFile
GetFileSizeEx
GetFileType
ReadFile

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockExclusive
InitializeCriticalSectionEx
SetEvent
WaitForSingleObjectEx
SleepEx
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
CreateEventW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

ws2_32

inet_pton
htonl
getsockopt
WSAWaitForMultipleEvents
send
WSAResetEvent
WSAEventSelect
freeaddrinfo
WSACloseEvent
ioctlsocket
accept
listen
getaddrinfo
WSAStartup
recvfrom
sendto
bind
WSACleanup
ntohs
WSASetLastError
WSAGetLastError
inet_ntop
select
getpeername
getsockname
connect
recv
__WSAFDIsSet
socket
WSACreateEvent
gethostname
WSAEnumNetworkEvents
setsockopt
WSAIoctl
htons
closesocket

api-ms-win-core-localization-l1-2-0

IdnToAscii
FormatMessageW
IdnToUnicode

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

bcrypt

BCryptGenRandom

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptDestroyKey
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObjectEx
CertFindExtension
CertGetCertificateChain
CertGetNameStringW
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
GetCurrentProcessId

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
free
malloc

api-ms-win-crt-stdio-l1-1-0

ftell
ferror
getc
fread
__stdio_common_vsscanf
_get_osfhandle
_lseeki64
_read
_write
puts
fputs
fwrite
fflush
__acrt_iob_func
fputc
_close
fclose
_set_fmode
_isatty
_setmode
_fileno
_fseeki64
__stdio_common_vswprintf
feof
fgets
_wfopen
_wopen
freopen
fseek
__stdio_common_vsprintf
__p__commode

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_time64
_localtime64

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoll
strtod
strtol
atoi
strtoul

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__sys_errlist
_initialize_onexit_table
__sys_nerr
_c_exit
__p___wargv
__p___argc
_beginthreadex
_crt_atexit
_exit
terminate
_set_app_type
abort
_register_onexit_function
_configure_wide_argv
_errno
_seh_filter_exe
exit
strerror
_initialize_wide_environment
_get_initial_wide_environment
_cexit
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

strtok
strpbrk
_strdup
strncmp
strcspn
strncpy
_stricmp
wcsncmp
wcsncpy
wcspbrk
strspn
strcmp
_wcsdup
wcscmp

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_wstat64
_fstat64

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlVirtualUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcess
InitializeSListHead
RtlCaptureContext
GetSystemTimeAsFileTime
RtlLookupFunctionEntry

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dasHost.exe
.exe windows:10 windows x64 arch:x64

27885cacc6ee39b866942a47cd01c180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dasHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__configure_wide_argv
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__cexit
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseMutex
LeaveCriticalSection
ResetEvent
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
SetEvent
CreateEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

I_RpcBindingInqLocalClientPID
RpcBindingFromStringBindingW
RpcBindingSetOption
NdrClientCall3
RpcBindingFree
RpcStringFreeW
NdrMesTypeEncode3
NdrMesTypeAlignSize3
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
RpcSsDestroyClientContext
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcServerRegisterIf3
RpcServerUnregisterIfEx
RpcAsyncCompleteCall
MesEncodeIncrementalHandleCreate
MesIncrementalHandleReset
RpcExceptionFilter
MesHandleFree
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
UuidFromStringW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

wpprecorderum

WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWorkCallbacks
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolWork

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-base-l1-1-0

DuplicateToken

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlInitUnicodeString

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-devices-query-l1-1-0

DevFreeObjectProperties

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dccw.exe
.exe windows:10 windows x64 arch:x64

c8c68c157371d344e62e727bcf3331c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

dccw.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegQueryValueExW

kernel32

CreateMutexW
HeapSetInformation
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
ReleaseMutex
CloseHandle
CreateFileW
GetTickCount
LockResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
FormatMessageW
WriteFile
GetSystemDirectoryW
WideCharToMultiByte
GetSystemTime
CopyFileW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
HeapFree
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
HeapAlloc
DecodePointer
GetProcessHeap
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
GetStartupInfoW
UnhandledExceptionFilter
GetSystemTimeAsFileTime

gdi32

StretchBlt
CreateCompatibleBitmap
SetStretchBltMode
SelectObject
CreateCompatibleDC
GetObjectW
GetTextExtentPoint32W
SetDeviceGammaRamp
GetDeviceGammaRamp
GetStockObject
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
GetDeviceCaps
CreateDCW
DeleteDC
DeleteObject

user32

LoadStringW
GetWindowLongW
GetWindow
ShowWindow
MessageBoxW
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetDC
KillTimer
SetTimer
SetWindowTextW
PostMessageW
MapDialogRect
EnumChildWindows
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetDisplayConfigBufferSizes
EnumDisplayDevicesW
ShowCursor
LoadCursorW
SetCursor
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
GetParent
InvalidateRect
MapWindowPoints
GetWindowRect
GetDlgItem
DefWindowProcW
SendMessageW
CallWindowProcW
SetWindowPos
SetForegroundWindow
OpenIcon
SetWindowLongPtrW
GetWindowLongPtrW
MonitorFromRect
SendMessageTimeoutW
AllowSetForegroundWindow
GetWindowThreadProcessId
FindWindowW
RegisterWindowMessageW
GetActiveWindow
GetSystemMetrics
CharNextW
DestroyWindow
UnregisterClassA
MoveWindow

msvcrt

iswupper
towlower
_vsnwprintf
memset
?terminate@@YAXXZ
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
swscanf_s
wcsstr
_wcsupr
_purecall
memcpy_s
malloc
wcsncpy_s
free
__C_specific_handler
memcpy
powf

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
WinSqmAddToStream

dxva2

GetNumberOfPhysicalMonitorsFromHMONITOR
GetPhysicalMonitorsFromHMONITOR
DestroyPhysicalMonitors
GetMonitorBrightness
SetMonitorBrightness
GetMonitorContrast
SetMonitorContrast
SetVCPFeature
GetVCPFeatureAndVCPFeatureReply

mscms

GetColorProfileFromHandle
DccwReleaseDisplayProfileAssociationList
WcsCreateIccProfile
InstallColorProfileW
SetColorProfileElement
CloseColorProfile
DccwSetDisplayProfileAssociationList
WcsGetUsePerUserProfiles
WcsGetDefaultColorProfile
WcsOpenColorProfileW
DccwGetGamutSize
DccwCreateDisplayProfileAssociationList
SetColorProfileElementSize
WcsGetCalibrationManagementState
WcsDisassociateColorProfileFromDevice
WcsSetDefaultColorProfile
UninstallColorProfileW
DccwGetDisplayProfileAssociationList
GetColorDirectoryW
WcsSetCalibrationManagementState

shell32

ShellExecuteW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCloneImage
GdipFree
GdipCreateLineBrushI
GdipFillRectangleI
GdipAlloc
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream

comctl32

TaskDialogIndirect
DestroyPropertySheetPage
CreatePropertySheetPageW
PropertySheetW

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dcomcnfg.exe
.exe windows:10 windows x64 arch:x64

4c7f165da8da80935d61c0512a3469c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DCOMCnfg.pdb

Imports

kernel32

GetCurrentProcess
GetSystemDirectoryW
FormatMessageW
GetLastError
CloseHandle
HeapSetInformation
LocalFree
CreateProcessW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
TerminateProcess

user32

MessageBoxW

msvcrt

__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
_initterm
_cexit
__setusermatherr
memset

ntdll

RtlCaptureContext
NtQueryInformationProcess
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ddodiag.exe
.exe windows:10 windows x64 arch:x64

835450f6c906da1e68b05e2c968111e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DDODiag.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_wcsicmp
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_vsnwprintf
_exit
memset

kernel32

SetFilePointerEx
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
FileTimeToSystemTime
GetTempPath2W
CloseHandle
GetLastError
DuplicateHandle
CreateFileW
WriteFile
GetCurrentProcess
GetFileSizeEx
ReadFile

ole32

PropVariantClear
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID

xmllite

CreateXmlWriter

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deploymentcsphelper.exe
.exe windows:10 windows x64 arch:x64

00ce3786dcafa2e99b11b366862e0269

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

deploymentcsphelper.pdb

Imports

msvcrt

_initterm
__setusermatherr
_cexit
??1type_info@@UEAA@XZ
_unlock
_fmode
exit
__set_app_type
_commode
_amsg_exit
_XcptFilter
memmove
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
??0exception@@QEAA@AEBQEBD@Z
wcsncmp
_lock
_callnewh
_onexit
__dllonexit
memcpy
_wcmdln
__CxxFrameHandler4
__wgetmainargs
malloc
_exit
wcsstr
_purecall
??3@YAXPEAX@Z
_wcsnicmp
_vsnprintf
wcschr

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

kernel32

UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcessHeap
GetLastError
HeapFree
TerminateProcess
CompareStringW
GetCurrentProcess

wdscore

ConstructPartialMsgVW
WdsSetupLogMessageW
WdsTerminate
WdsInitialize
CurrentIP

shell32

CommandLineToArgvW

dismapi

DismCloseSession
DismShutdown
DismEnableFeature
DismDisableFeature
DismGetCapabilities
DismGetFeatures
DismInitialize
DismRemoveCapability
DismOpenSession
DismAddCapability

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
GetFileAttributesW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktopimgdownldr.exe
.exe windows:10 windows x64 arch:x64

42f92d2a7592cb75be2bde3c4bc27707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

desktopimgdownldr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_isalnum
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__cexit
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThread
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-security-base-l1-1-0

IsValidSid
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid

crypt32

CryptBinaryToStringW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-file-l1-1-0

CreateFileW
FindClose
FindFirstFileExW
GetFileSize
DeleteFileW
FindNextFileW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
PropVariantClear
CoTaskMemFree
CoDisconnectObject

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
SHExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

oleaut32

SysStringLen
SysFreeString

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

ntdll

RtlPublishWnfStateData

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW
GetPersistedFileLocationW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-shell-shdirectory-l1-1-0

ord292

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-path-l1-1-0

PathCchCombine

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48a4d83e58f21e6758c9f94526fbb940

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

ws2_32

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

snmpapi

api-ms-win-security-base-l1-1-0

iphlpapi

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 468B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 48B

207487943eb7fd46bd62ed964afec4dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l2-1-0

ntdll

api-ms-win-core-psapi-ansi-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 468B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 48B

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 12KB - Virtual size: 9KB

.didat
Size: 4KB - Virtual size: 248B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 4KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 416B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

dc:02:15:1a:8a:90:8a:3d:90:19:c2:69:eb:a8:40:89:1f:82:39:86:59:bc:c4:f8:3b:b6:44:53:00:ac:3f:77
Signer