System32Problems3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

System32Problems3.zip
Size

88.9MB
MD5

571dfa8c5000f0b59bf1f6bb5f7d98bf
SHA1

f7028f650a5fccd426f50afeb37f8c10921cd475
SHA256

ac630ba09593b923cabc70b35c918aee6b801885c1225b81551f4c88087da888
SHA512

1296f42e07e4f15d5a531da9766341bee078a761f6038943e30396e6503ed4d9705f0485479e964e5a974e04c8f4978b8a29ca834b17df88cf304bbdd06a11aa
SSDEEP

1572864:88Qs119HxoR2PYG1XXHHrIi2i4gMKVyFYXrnCjLuOItoLuV9naxxBvkBoh8Q/aGp:VQs119RoR2PYeX3HrZ2MVyFYuXudtoLr

Score

3^/10

Malware Config

Signatures

Unsigned PE 68 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IESettingSync.exe
unpack001/ISM.exe
unpack001/InfDefaultInstall.exe
unpack001/InputSwitchToastHandler.exe
unpack001/LanguageComponentsInstallerComHandler.exe
unpack001/LaunchTM.exe
unpack001/LaunchWinApp.exe
unpack001/LegacyNetUXHost.exe
unpack001/LicenseManagerShellext.exe
unpack001/LiveCaptions.exe
unpack001/LocationNotificationWindows.exe
unpack001/Locator.exe
unpack001/LogonUI.exe
unpack001/MBR2GPT.EXE
unpack001/MDEServer.exe
unpack001/MDMAgent.exe
unpack001/MDMAppInstaller.exe
unpack001/MRINFO.EXE
unpack001/MSchedExe.exe
unpack001/Magnify.exe
unpack001/MdRes.exe
unpack001/MdSched.exe
unpack001/MdmDiagnosticsTool.exe
unpack001/MicrosoftEdgeBCHost.exe
unpack001/MicrosoftEdgeCP.exe
unpack001/MicrosoftEdgeDevTools.exe
unpack001/MicrosoftEdgeSH.exe
unpack001/MoNotificationUxStub.exe
unpack001/MsSpellCheckingHost.exe
unpack001/MuiUnattend.exe
unpack001/ie4ushowIE.exe
unpack001/ieUnatt.exe
unpack001/iexpress.exe
unpack001/immersivetpmvscmgrsvr.exe
unpack001/ipconfig.exe
unpack001/iscsicli.exe
unpack001/iscsicpl.exe
unpack001/isoburn.exe
unpack001/klist.exe
unpack001/ksetup.exe
unpack001/ktmutil.exe
unpack001/la57setup.exe
unpack001/label.exe
unpack001/licensingdiag.exe
unpack001/lodctr.exe
unpack001/logagent.exe
unpack001/logman.exe
unpack001/lpkinstall.exe
unpack001/lpksetup.exe
unpack001/lpremove.exe
unpack001/makecab.exe
unpack001/manage-bde.exe
unpack001/mblctr.exe
unpack001/mcbuilder.exe
unpack001/mmc.exe
unpack001/mmgaserver.exe
unpack001/mobsync.exe
unpack001/mountvol.exe
unpack001/mpnotify.exe
unpack001/msconfig.exe
unpack001/msdt.exe
unpack001/msdtc.exe
unpack001/msfeedssync.exe
unpack001/mshta.exe
unpack001/msiexec.exe
unpack001/msinfo32.exe
unpack001/msra.exe
unpack001/mtstocom.exe

Files

System32Problems3.zip
.zip
IESettingSync.exe
.exe windows:10 windows x64 arch:x64

d4afe2bb98f5c7a053170c5fdb8c0e43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

IESettingSync.pdb

Imports

advapi32

EventUnregister
EventSetInformation
EventRegister
EventWriteEx
SetSecurityInfo
RegSetKeyValueW
GetSecurityInfo
GetNamedSecurityInfoW
OpenProcessToken
SetNamedSecurityInfoW

kernel32

GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetSystemTimeAsFileTime
DebugBreak
IsDebuggerPresent
CreateThreadpoolTimer
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
HeapAlloc
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
Sleep
CreateEventW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameA
RaiseException
ReleaseSRWLockShared
OpenSemaphoreW
SetThreadpoolTimer
CloseHandle
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
CreateMutexW
LeaveCriticalSection
WaitForMultipleObjects
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
?_Xbad_function_call@std@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
_Cnd_wait
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswalnum
_o_malloc
_o_pow
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o__exit
_o___std_exception_copy
_o__errno
_o___p__commode
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
__std_type_info_compare
wcsrchr
wcschr
wcsstr
_o__wcsicmp
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

shlwapi

ord647
ord599
PathGetDriveNumberW
PathIsUNCW
PathStripPathW
PathFindFileNameW
PathRemoveFileSpecW
ord187
PathGetCharTypeW
UrlEscapeW
AssocGetPerceivedType
SHStrDupW
ord212
SHCreateStreamOnFileEx
SHRegGetValueW
ord219
ord568
ord213
ord12
ord184
ord214
SHOpenRegStream2W
PathRelativePathToW
ord600
PathFileExistsW

ntdll

RtlNtStatusToDosError
RtlMapGenericMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosErrorNoTeb
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
TerminateProcess
CreateProcessW
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchRemoveFileSpec
PathAllocCombine
PathAllocCanonicalize

api-ms-win-core-file-l1-1-0

CompareFileTime
SetFileAttributesW
DeleteFileW
FindFirstFileW
GetTempFileNameW
FindNextFileW
SetFileTime
GetFileAttributesExW
GetFileTime
GetDriveTypeW
RemoveDirectoryW
GetFileAttributesW
FindClose
CreateFileW

api-ms-win-core-synch-l1-1-0

ResetEvent
CreateEventExW
InitializeSRWLock
SetEvent
InitializeCriticalSectionAndSpinCount

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegDeleteKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

sspicli

GetUserNameExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorControl
CopySid
IsValidSid
AddAccessAllowedAceEx
GetTokenInformation
EqualSid
GetAclInformation
GetAce
DeleteAce
GetLengthSid
InitializeAcl
AddAce
GetSecurityDescriptorSacl
AddAccessDeniedAceEx

crypt32

CryptProtectData
CryptUnprotectData

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
FindStringOrdinal

api-ms-win-core-localization-l1-2-0

LCMapStringEx

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateHardLinkW
CopyFileExW

api-ms-win-core-file-l1-2-4

GetTempPath2W

cabinet

ord40
ord33
ord35
ord43
ord45
ord30

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

mpr

WNetGetConnectionW

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRegister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate

iertutil

ord791
ord793
ord594
ord398
ord650
ord670
ord597
ord797
ord796
ord654

settingsyncdownloadhelper

DownloadSettingUnits

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ISM.exe
.exe windows:10 windows x64 arch:x64

1c3d589ac0441ee8f32ddf7e37bfbd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ISM.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
memcpy
_o_exit
_o_free
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___argv
_o___p___argc
_o___std_exception_destroy
__std_terminate
_o___std_exception_copy
__CxxFrameHandler4
_CxxThrowException
_o__set_new_mode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ExitProcess
SetProcessShutdownParameters
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenThread

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OpenSemaphoreW
CreateMutexExW

coremessaging

CoreUICreateEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ism

CreateSystemInputHost

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InfDefaultInstall.exe
.exe windows:10 windows x64 arch:x64

85e247ac00016c5d35435f22fc7ab82e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InfDefaultInstall.pdb

Imports

kernel32

LocalFree
GetNativeSystemInfo
GetLastError
FormatMessageW
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ext-ms-win-shell-shell32-l1-2-1

RestartDialogEx

shell32

CommandLineToArgvW

comctl32

TaskDialogIndirect

setupapi

SetupDiGetActualSectionToInstallW
InstallHinfSectionW
SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile

newdev

DiInstallDriverW

drvstore

DriverPackageGetPropertyW
DriverPackageClose
DriverPackageOpenW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputSwitchToastHandler.exe
.exe windows:10 windows x64 arch:x64

4e94265c72d3972c03a37a5c6c2ebef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

InputSwitchToastHandler.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__callnewh
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoRegisterClassObject
CoReleaseServerProcess
CoRevokeClassObject
CoAddRefServerProcess
CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

oleaut32

SysStringLen
SysFreeString
SetErrorInfo

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LanguageComponentsInstallerComHandler.exe
.exe windows:10 windows x64 arch:x64

5db2de71d938db914539313b4ab2eff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LanguageComponentsInstallerComHandler.pdb

Imports

msvcrt

_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_onexit
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__dllonexit
?terminate@@YAXXZ
_callnewh
??1type_info@@UEAA@XZ
__CxxFrameHandler4
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_purecall
??3@YAXPEAX@Z
__set_app_type
memset

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoAddRefServerProcess
CoCreateInstance
CoResumeClassObjects
CoRevokeClassObject
CoReleaseServerProcess

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateSemaphoreExW
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoUninitialize
RoInitialize
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW

oleaut32

SysFreeString
SysAllocString
VariantClear

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchTM.exe
.exe windows:10 windows x64 arch:x64

ad4cee994bce4bec755fc55c249b5c5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

launchtm.pdb

Imports

msvcrt

__set_app_type
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
_exit
exit
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
SetPriorityClass

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

ShellExecuteExW

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LaunchWinApp.exe
.exe windows:10 windows x64 arch:x64

8c737ba4ec48f66fd4105da3099e1b71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LaunchWinApp.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister

kernel32

GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
K32EnumProcessModulesEx
OpenProcess
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
InitOnceComplete
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent

msvcrt

_onexit
_purecall
__dllonexit
_unlock
_lock
memcpy_s
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
??1type_info@@UEAA@XZ
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_vsnwprintf
_XcptFilter
??3@YAXPEAX@Z
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__setusermatherr
memcmp
memmove
memcpy
__CxxFrameHandler4
memmove_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memset

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

iertutil

CreateUri

ntdll

NtQueryInformationProcess

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LegacyNetUXHost.exe
.exe windows:10 windows x64 arch:x64

f7db468261bd74b6df49b87f9ea0b19b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LegacyNetUXHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wtol
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wmemcpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__endthreadex
_o__crt_atexit
wcsrchr
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__beginthreadex
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

ntdll

EtwEventEnabled
EtwEventWriteTransfer
DbgPrint
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryWnfStateData
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleFileNameW
GetModuleHandleW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoTaskMemAlloc
CLSIDFromString
CoGetMalloc
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW
GetSystemDirectoryW
GetTickCount
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

wlanapi

WlanCloseHandle
WlanDisconnect
WlanSendUIResponse
WlanIsUIRequestPending
WlanOpenHandle

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForMultipleObjectsEx
CreateSemaphoreExW
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateMutexExW
ReleaseSemaphore
ReleaseMutex

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

oleaut32

SysFreeString
SysAllocString
GetErrorInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegLoadMUIStringW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LicenseManagerShellext.exe
.exe windows:10 windows x64 arch:x64

17394acac703bbecb7e84d10944cd305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicenseManagerShellExt.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
SetEvent
ReleaseMutex
CreateEventW
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess
GetCurrentThreadId

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-downlevel-shell32-l1-1-0

CommandLineToArgvW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LicensingUI.exe
.exe windows:10 windows x64 arch:x64

a011d6e5b92d33f037b40c12ae6babe9

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:ff:65:40:a2:7f:cb:65:29:96:66:ab:f6:6b:07:97:9f:be:3d:de:d6:4a:80:86:cd:1b:3e:92:13:95:a5:23
Signer

Actual PE Digest

ac:ff:65:40:a2:7f:cb:65:29:96:66:ab:f6:6b:07:97:9f:be:3d:de:d6:4a:80:86:cd:1b:3e:92:13:95:a5:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicensingUI.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

OpenMutexW
CreateMutexW
LocalFree
CompareStringW
GetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitOnceExecuteOnce
VirtualQuery
GetModuleHandleW
LockResource
LoadResource
FindResourceExW
GetDateFormatEx
FormatMessageW
WaitForSingleObject
ReleaseMutex
CloseHandle
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
DecodePointer
FreeLibrary

user32

PostQuitMessage
CharNextW
DispatchMessageW
GetMessageW
TranslateMessage

msvcrt

_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
swscanf_s
_wcsicmp
wcschr
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
memcpy
_amsg_exit
_XcptFilter
_purecall
memmove
memset
_commode
__CxxFrameHandler4
wcscmp

shell32

SHCreateItemInKnownFolder
ShellExecuteExW
SHGetIDListFromObject
CommandLineToArgvW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

dui70

?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiveCaptions.exe
.exe windows:10 windows x64 arch:x64

453fb88ac1858ad60abf5b3627a71e98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LiveCaptions.pdb

Imports

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
RaiseException
GetCommandLineW
LocalFree
FreeLibrary
InterlockedPushEntrySList
LoadLibraryW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-appmodel-runtime-internal-l1-1-7

AddDependencyToProcessPackageGraph

oleaut32

SetErrorInfo
SysStringLen
GetErrorInfo
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoInitializeEx

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LocationNotificationWindows.exe
.exe windows:10 windows x64 arch:x64

fea8d11d4d18f2b201b42ba5e072f492

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LocationNotificationWindows.pdb

Imports

advapi32

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

kernel32

SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
CreateSemaphoreExW
DebugBreak
IsDebuggerPresent
CreateMutexW
ExpandEnvironmentStringsW
LoadLibraryExW
FreeLibrary
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceExW
LocalFree
RaiseException
QueryFullProcessImageNameW
OpenProcess
GetPackageFamilyName
GetModuleFileNameA
HeapFree
GetModuleHandleW
InitializeSRWLock
TryAcquireSRWLockExclusive
WaitForThreadpoolTimerCallbacks
ReleaseSRWLockExclusive
CloseThreadpoolTimer
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
AcquireSRWLockShared

user32

GetSubMenu
TrackPopupMenuEx
InternalGetWindowText
GetWindow
GetWindowLongW
IsWindowVisible
GetWindowThreadProcessId
EnumWindows
IsImmersiveProcess
GetMessageW
TranslateMessage
SetForegroundWindow
LoadMenuW
GetCursorPos
GetSystemMetricsForDpi
UnregisterClassA
DestroyIcon
DestroyMenu
DispatchMessageW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetWindowLongPtrW
DefWindowProcW
PostMessageW
KillTimer
LoadImageW
SetTimer
PostQuitMessage
GetWindowLongPtrW
UnregisterClassW
RegisterWindowMessageW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__ultoa_s
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

shell32

Shell_NotifyIconW

ntdll

NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-shcore-scaling-l1-1-1

SetProcessDpiAwareness

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

shlwapi

ord348

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locator.exe
.exe windows:10 windows x64 arch:x64

cbecbdf0e16268273dca4cb132d15d23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

locator.pdb

Imports

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockAppHost.exe
.exe windows:10 windows x64 arch:x64

0b2b4ca354ffce7f30bd9ca7285a680c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:78:42:45:ef:15:88:1f:5d:17:e3:b8:60:0a:0a:dd:bb:e8:0e:77:73:03:72:1b:1c:33:34:e3:eb:fe:85:99
Signer

Actual PE Digest

06:78:42:45:ef:15:88:1f:5d:17:e3:b8:60:0a:0a:dd:bb:e8:0e:77:73:03:72:1b:1c:33:34:e3:eb:fe:85:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LockAppHost.pdb

Imports

user32

TranslateMessage
PostThreadMessageA
DispatchMessageA
GetMessageA

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__cexit
_o__callnewh
_o__crt_atexit
__std_terminate
_o__configure_wide_argv
_o__configthreadlocale
_o___stdio_common_vswprintf
__CxxFrameHandler4
_o___stdio_common_vsnprintf_s
memcmp
_o___std_exception_destroy
_o___std_exception_copy
memcpy
_o___p__commode
memmove

api-ms-win-crt-string-l1-1-0

memset

lockhostingframework

StartLockAppHostServer
ShutdownLockAppHostServer

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateMutexExW
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
CreateSemaphoreExW
LeaveCriticalSection
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

imm32

ImmDisableIME

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockScreenContentServer.exe
.exe windows:10 windows x64 arch:x64

e441628266f72396b90dbb4176d0a3bd

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:a6:7a:5f:3c:84:34:f8:19:59:1b:c2:88:d3:6e:51:50:cf:2e:bf:30:94:a0:48:34:dd:30:3c:07:06:e4:46
Signer

Actual PE Digest

13:a6:7a:5f:3c:84:34:f8:19:59:1b:c2:88:d3:6e:51:50:cf:2e:bf:30:94:a0:48:34:dd:30:3c:07:06:e4:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LockScreenContentServer.pdb

Imports

kernel32

DecodePointer
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitOnceExecuteOnce
ReleaseSRWLockExclusive
GetCurrentThreadId
EncodePointer
AcquireSRWLockShared

user32

PostThreadMessageW
EnableWindow
PostQuitMessage
RegisterClassExW
LoadCursorW
MonitorFromWindow
UnregisterClassW
SendMessageW
PostMessageW
TranslateMessage
DispatchMessageW
GetMessageW

msvcrt

_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_cexit
free
_purecall
?terminate@@YAXXZ
malloc
_wcmdln
_fmode
__setusermatherr
__C_specific_handler
_commode
__CxxFrameHandler3
_initterm
__dllonexit
_unlock
memset
_lock
_XcptFilter
_callnewh
_onexit

api-ms-win-core-com-l1-1-0

CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoRegisterClassObject
CoResumeClassObjects
CoInitializeEx
CoRevokeClassObject
CoCreateInstance
StringFromGUID2

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoRevokeActivationFactories

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
CreateThread
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
OpenEventW
CreateEventW
SetEvent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc

ntdll

NtQuerySystemInformation

dui70

?WndProc@NativeHWNDHost@DirectUI@@SA_JPEAUHWND__@@I_K_J@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
??1TouchHWNDElement@DirectUI@@UEAA@XZ
??0TouchHWNDElement@DirectUI@@QEAA@XZ
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
UnInitProcessPriv
UnInitThread
RegisterPVLBehaviorFactory
InitThread
InitProcessPriv
?WndProc@TouchHWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?Initialize@TouchHWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
?_OnUIStateChanged@TouchHWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?IsMSAAEnabled@TouchHWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetClassInfoW@TouchHWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@TouchHWNDElement@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@TouchHWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@TouchHWNDElement@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@TouchHWNDElement@DirectUI@@UEAAXPEAVElement@2@0@Z
?OnInput@TouchHWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@TouchHWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Create@FillLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?Create@FlowLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?_CreateAndSetLayout@DirectUI@@YAJPEAVElement@1@P6AJHPEAHPEAPEAVValue@1@@ZH1@Z
StartMessagePump
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetWidth@Element@DirectUI@@QEAAJH@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
DuiCreateObject
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetForegroundStdColor@Element@DirectUI@@QEAAJH@Z
?SetBackgroundStdColor@Element@DirectUI@@QEAAJH@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ

duser

AddLayeredRef
GetGadgetVisual
SetMinimumDCompVersion
SetHardwareDeviceUsage
SetGadgetFlags

dwmapi

DwmSetWindowAttribute

gdi32

GetStockObject

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogonUI.exe
.exe windows:10 windows x64 arch:x64

0ef1a1fbf5fa5b3737a8d19c60f416a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logonui.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
wcstoul
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__setusermatherr
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncmp
wcschr
_initterm

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
SetPriorityClass
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LsaIso.exe
.exe windows:10 windows x64 arch:x64

fef21769044f4c03e7700d815c371987

Code Sign

33:00:00:04:8e:16:55:47:b1:c3:02:85:03:00:00:00:00:04:8e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/05/2024, 23:19

Not After

14/05/2025, 23:19

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:20:14:c1:1d:61:a6:a9:7b:3b:56:6f:54:d2:2f:7e:63:4a:3c:79:f2:91:f2:7c:10:93:99:e6:89:61:49:d9
Signer

Actual PE Digest

eb:20:14:c1:1d:61:a6:a9:7b:3b:56:6f:54:d2:2f:7e:63:4a:3c:79:f2:91:f2:7c:10:93:99:e6:89:61:49:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LsaIso.pdb

Imports

msvcrt

_initterm
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memset
__setusermatherr
_cexit
_exit
exit
__set_app_type
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
??1type_info@@UEAA@XZ
memcmp
?terminate@@YAXXZ
wcscmp
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
__C_specific_handler

iumcrypt

iumCryptSignAndEncodeCertificate
iumCryptExportPublicKeyInfoFromBCryptKeyHandle
iumCryptMsgUpdate
iumCryptEncodeObjectEx
iumCryptMsgOpenToEncode
iumCryptMsgGetParam

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalReAlloc
LocalFree

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-eventing-obsolete-l1-1-0

RegisterTraceGuidsA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadStackGuarantee
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
InitializeSRWLock
CreateSemaphoreExW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

kerbclientshared

KerbClientBuildFastArmoredKdcRequest
KerbDHGetSharedSecretFromCapiKeyBuffer
KerbDHGetLittleEndianPublicKey
KerbClientTransformStoredCred
KerbClientBuildKeyList
KerbClientSharedInit
KerbPackKdcReplyWithEncryptedSessionKey
KerbClientPackAsn1Buffer
KerbClientDecryptApReply
KerbClientVerifyFastArmoredKerbError
KerbClientBuildEncryptedAuthData
KerbClientPackApReply
KerbClientBuildAsReqAuthenticator
KerbClientSharedCleanup
KerbClientAlloc
KerbClientVerifyFastArmoredTgsReply
KerbClientDecryptPacCredentials
KerbClientFreeStoredCred
KerbClientVerifyFastArmoredKdcReply
KerbClientVerifyEncryptedChallengePaData
KerbClientUnpackKdcReplyBody
KerbClientVerifyChecksum
KerbClientUpdateSharedConfiguration
KerbClientBuildTicketArmorKey
KerbClientFree
KerbClientUnpackAsn1BufferVoid
KerbGetFlagsForKdcReply
KerbClientBuildExplicitArmorKey
KerbClientComputeTgsChecksum
KerbDHCreateBCryptKey
KerbDHGetLegacyDHParameters

ntlmshared

MsvpPutClearOwfsInPrimaryCredential
MsvpLm20GetNtlm3ChallengeResponse
MsvpMakeSecretPasswordNT5
MsvpDecryptDpapiMasterKey
MsvpCompareCredentials
MsvpDeriveSecureCredKey
NtlmSharedInit
MsvpValidateSupplementalCredsBuffer
MsvpCredentialToCachePasswords
MsvpGMSACred
MsvpPasswordValidate
MsvpUpdateSharedConfiguration

msasn1

ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BEREncU32
ASN1DecSetError
ASN1octetstring_free
ASN1BERDecSXVal
ASN1BERDecOpenType2
ASN1_CloseDecoder
ASN1intx_free
ASN1_CreateDecoder
ASN1intx_setuint32
ASN1_Decode
ASN1_CreateEncoder
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1_Encode
ASN1_CloseEncoder
ASN1BERDecPeekTag
ASN1BERDecOctetString
ASN1BERDecNotEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecEndOfContents
ASN1BERDecBool
ASN1objectidentifier_free
ASN1EncSetError
ASN1BEREncS32
ASN1DEREncCharString
ASN1BEREncEndOfContents
ASN1BEREncBool
ASN1BERDecSkip
ASN1Free
ASN1DecAlloc
ASN1BEREncSX
ASN1BEREncOpenType
ASN1BERDecS32Val
ASN1DEREncOctetString
ASN1charstring_free
ASN1BERDecBitString
ASN1BEREncObjectIdentifier
ASN1BERDecZeroCharString
ASN1DEREncBitString
ASN1BERDecU32Val
ASN1BERDecObjectIdentifier
ASN1_CreateModule
ASN1BERDecCharString
ASN1bitstring_free
ASN1ztcharstring_free
ASN1BERDecExplicitTag

iumbase

GetSignedReport
GetTaggedData
GetTaggedDataSize
IsSecureProcess
GetSecureIdentitySigningKey
EncryptData
DecryptData

ntdll

RtlImageNtHeader
RtlLengthSid
RtlTimeToTimeFields
RtlTimeFieldsToTime
RtlFreeHeap
RtlAvlRemoveNode
RtlEqualUnicodeString
RtlAvlInsertNodeEx
memmove_s
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitializeCriticalSection
_vsnprintf_s
RtlEnterCriticalSection
memcpy_s
RtlDeleteCriticalSection
_vsnwprintf
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetEvent
NtCreateEvent
RtlSetProcessIsCritical
NtClose
RtlInitUnicodeString
NtOpenEvent
NtQuerySystemInformation
RtlAllocateHeap

rpcrt4

NdrMesTypeAlignSize3
MesEncodeDynBufferHandleCreate
NdrMesTypeEncode3
MesHandleFree
RpcMgmtWaitServerListen
MesDecodeBufferHandleCreate
NdrMesTypeDecode3
RpcExceptionFilter
I_RpcMapWin32Status
NdrServerCallAll
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
NdrServerCall2
RpcServerRegisterIf

bcrypt

BCryptGenerateSymmetricKey
BCryptHash
BCryptSecretAgreement
BCryptSetProperty
BCryptSignHash
BCryptDestroySecret
BCryptDeriveKey
BCryptImportKey
BCryptDecrypt
BCryptDuplicateKey
BCryptVerifySignature
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptDestroyKey
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptOpenAlgorithmProvider
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptImportKeyPair
BCryptGenRandom
BCryptEncrypt
BCryptKeyDerivation

cryptdll

CDLocateCheckSum
CDLocateCSystem
CDGenerateRandomBits

cryptsp

SystemFunction009
SystemFunction007
SystemFunction011

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MBR2GPT.EXE
.exe windows:10 windows x64 arch:x64

bfce5638936595ff0bfe97345d1551ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

MBR2GPT.pdb

Imports

advapi32

RegEnumValueW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
TraceMessage
EventWrite
RegGetValueW
SetThreadToken
DuplicateTokenEx
OpenThreadToken
RegQueryValueExW

kernel32

CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
OpenSemaphoreW
WaitForSingleObjectEx
CloseThreadpoolTimer
OutputDebugStringW
ReleaseMutex
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection
GetModuleFileNameA
SetFilePointer
GetVolumeInformationW
WriteFile
SetEndOfFile
CreateMutexExW
AcquireSRWLockShared
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
DebugBreak
IsDebuggerPresent
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcessHeap
GetWindowsDirectoryW
HeapAlloc
CloseHandle
GetLastError
GetVolumeNameForVolumeMountPointW
CreateFileW
GetVolumePathNameW
GetTempPathW
DeviceIoControl
ExpandEnvironmentStringsW
GetCurrentProcess
SetLastError
HeapFree
SetConsoleCtrlHandler
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetLogicalDrives
FindFirstVolumeW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
CreateDirectoryW
CompareStringW
GetFullPathNameW
GetLongPathNameW
GetFinalPathNameByHandleW
GetModuleFileNameW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetProcAddress
FreeLibrary
LoadLibraryExW
FormatMessageW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryW
GetCurrentThread
VirtualAlloc
ReadFile
VirtualFree
GetModuleHandleExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlCompareMemory
GetFileAttributesExW
GetDiskFreeSpaceExW
GetFileSize
MultiByteToWideChar

msvcrt

__set_app_type
_exit
??1type_info@@UEAA@XZ
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_amsg_exit
memcpy_s
wcsstr
__wgetmainargs
_XcptFilter
memmove_s
fwprintf
_cexit
__setusermatherr
_initterm
_atoi64
atol
wcsrchr
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??_V@YAXPEAX@Z
_unlock
_lock
?terminate@@YAXXZ
_commode
malloc
??3@YAXPEAX@Z
_purecall
__CxxFrameHandler3
_vscwprintf
_vsnprintf
wcsncmp
_fmode
iswctype
__iob_func
__dllonexit
_onexit
_vsnwprintf
exit
wprintf
__C_specific_handler
memcmp
memcpy
memset
_wcsnicmp
wcschr
_wtoi
_wcsicmp
towlower

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenFile
NtQueryObject
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
RtlSetThreadErrorMode
RtlGUIDFromString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
NtQuerySystemInformation
RtlGetThreadErrorMode
RtlDosPathNameToNtPathName_U
RtlCaptureContext

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromGUID2

rpcrt4

UuidFromStringW

bcd

BcdQueryObject
BcdGetElementData
BcdCloseStore
BcdOpenStoreFromFile
BcdForciblyUnloadStore
BcdCreateObject
BcdCloseObject
BcdOpenObject
BcdSetLogging
SyspartGetSystemDisk
BcdOpenStore
BcdGetElementDataWithFlags
BcdSetElementData
BcdOpenSystemStore

wdscore

WdsTerminate
WdsSetupLogMessageW
ConstructPartialMsgVW
CurrentIP
WdsInitialize

bootsvc

BfsUnregisterLogCallback
BfsServiceBootFilesEx
BfsRegisterLogCallback
BfsInitializeSystemVolume
BfsInitializeBcdStore

wimgapi

WIMApplyImage
WIMLoadImage
WIMCaptureImage
WIMCloseHandle
WIMCreateFile
WIMSetTemporaryPath

user32

LoadStringW

servicingcommon

RtlCreateMicrodom
RtlFreeLUtf8String
RtlCreateUtf8UCSStringBuilder
RtlCreateDefaultXmlWriter
RtlCompareLUtf8Strings
RtlInitLUnicodeStringFromNullTerminatedString
RtlDuplicateLUnicodeStringToLUtf8String

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDEServer.exe
.exe windows:10 windows x64 arch:x64

56d10c6c4991da3babb3a94b859a1245

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MDEServer.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset
strnlen
wcscmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__ltow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__errno
memmove
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wsplitpath_s
_o_calloc
_o_ceil
_o_exit
_o_floor
_o_free
_o_iswalpha
_o_iswdigit
_o_iswxdigit
_o_log
_o_malloc
_o_qsort
_o_sqrt
_o_strncpy_s
_o_terminate
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstol
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o__exit
_o___p__commode
wcsrchr
wcsstr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapDestroy
HeapFree
HeapSize

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
SizeofResource
GetModuleFileNameW
FreeLibrary
LockResource
GetModuleHandleW
LoadResource
GetModuleFileNameA
GetProcAddress
FindResourceExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
CreateEventW
ResetEvent
SetEvent
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObjectEx
WaitForSingleObject
CreateSemaphoreExW
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-0

CharNextW
CharUpperBuffW
CharUpperW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
SetProcessMitigationPolicy

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerClearRequest
PowerSetRequest

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathIsRelativeW
PathRemoveFileSpecW
PathCombineW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSize

api-ms-win-core-timezone-l1-1-0

GetDynamicTimeZoneInformation

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

winmde

MFCreateNetVRoot
MFCreateWinMDEOpCenter

api-ms-win-core-localization-l1-2-0

IsValidLocaleName
FormatMessageW

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureUsage
SubscribeFeatureStateChangeNotification
UnsubscribeFeatureStateChangeNotification

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 380KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDMAgent.exe
.exe windows:10 windows x64 arch:x64

3869e103ee10dda6ec9428bad4a16117

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MDMAgent.pdb

Imports

msvcp110_win

?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

msvcrt

memcpy
memcmp
_CxxThrowException
memmove
??3@YAXPEAX@Z
__CxxFrameHandler4
_vsnwprintf
memcpy_s
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_wcsicmp
memmove_s
memset
sprintf_s
free
__CxxFrameHandler3
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIsStateSeparationEnabled

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

oleaut32

SafeArrayGetUBound
SafeArrayUnlock
SafeArrayCreate
SysAllocString
VariantInit
SysFreeString
SafeArrayDestroy
VariantClear
SafeArrayLock
SafeArrayGetLBound

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
OpenEventW
WaitForSingleObjectEx
InitializeCriticalSectionEx
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObject
OpenSemaphoreW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemTime

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
Sleep
InitOnceBeginInitialize
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

dmcmnutils

HexStringToBinary
UnicodeToMB
DmRevertToSelf
DmImpersonate
OmaDmRegistryGetString
DmIsSystemOrAdmin
IsWvdFeatureAllowed
OmaDmRegistryGetDWORD
DmDeleteTask
DmDisableTask
DmIsTaskScheduled
InvStrCmpIW

omadmapi

ord104

dmenrollengine

GetEnrollmentSID
GetEnrollmentCertStore
GetEnrollmentType

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MDMAppInstaller.exe
.exe windows:10 windows x64 arch:x64

1bae9143ec23084a6fb1eb1c289387d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdmappinstaller.pdb

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
SetThreadToken
RevertToSelf
CreateProcessAsUserW
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyExW
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
ImpersonateLoggedOnUser
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
TraceMessage
OpenThreadToken

kernel32

CreateProcessW
GetTempFileNameW
GetSystemDirectoryW
CreateThread
LeaveCriticalSection
InitializeCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateThreadpoolTimer
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
GetExitCodeProcess
LocalFree
InitOnceComplete
InitOnceBeginInitialize
GetTickCount
DelayLoadFailureHook
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WakeAllConditionVariable
SleepConditionVariableSRW
DeleteFileW
CreateFileW
ReadFile
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetSystemTimeAsFileTime
SetThreadpoolTimer
ResolveDelayLoadedAPI
GetLastError
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
Sleep
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

msvcrt

_wcsicmp
toupper
??_V@YAXPEAX@Z
??1type_info@@UEAA@XZ
_CxxThrowException
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
memcpy_s
_vsnwprintf
_purecall
__CxxFrameHandler4
??3@YAXPEAX@Z
free
memcmp
memcpy
memmove
?terminate@@YAXXZ
memmove_s
_wcsnicmp
swprintf_s
wcscat_s
memset

dmenrollengine

GetEnrollmentType
GetEnrollmentAadResourceUrl
ord7
GetEnrollmentSID
ord18

crypt32

CertFreeCertificateContext
CertCloseStore

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsExW
WTSFreeMemoryExW
WTSQueryUserToken

msi

ord70
ord177
ord6

declaredconfiguration

DMOrchestratorUpdateDocStatus

omadmapi

ord38
ord34
ord40
ord39

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MRINFO.EXE
.exe windows:10 windows x64 arch:x64

5c469a86bbf49e6e0233ee6dd4b37aaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mrinfo.pdb

Imports

msvcrt

_cexit
_exit
_initterm
__set_app_type
__wgetmainargs
__C_specific_handler
_amsg_exit
_XcptFilter
_fmode
_commode
?terminate@@YAXXZ
exit
malloc
fwprintf
free
fgetpos
wcschr
_fileno
_write
_setmode
_wtoi
fflush
_wcsicmp
__setusermatherr
_get_osfhandle
__iob_func
memset

ws2_32

socket
setsockopt
GetAddrInfoW
recvfrom
bind
FreeAddrInfoW
htonl
htons
sendto
GetNameInfoW
select
WSAStartup
WSACleanup

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

ntdll

RtlIpv4AddressToStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MRT.exe
.exe windows:10 windows x64 arch:x64

420b13899575174cb326af2567a9da60

Code Sign

33:00:00:04:64:6a:33:6b:06:bc:9f:b3:0d:00:00:00:00:04:64
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:bd:4b:cb:b1:db:e8:bc:c8:47:e7:b9:54:bc:1b:49:12:e7:ff:4a:88:d0:1c:77:b8:3a:18:68:25:64:05:6f
Signer

Actual PE Digest

0c:bd:4b:cb:b1:db:e8:bc:c8:47:e7:b9:54:bc:1b:49:12:e7:ff:4a:88:d0:1c:77:b8:3a:18:68:25:64:05:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

mrt.pdb

Imports

advapi32

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
EventActivityIdControl
InitiateSystemShutdownExW
RegCloseKey
EventWriteTransfer
CloseServiceHandle
AllocateAndInitializeSid
CopySid
ConvertStringSidToSidW
FreeSid
CheckTokenMembership
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
QueryServiceStatus
OpenSCManagerW
StartServiceW
QueryServiceConfigW
OpenServiceW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
EventRegister
EventUnregister
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

WaitForMultipleObjects
FileTimeToSystemTime
GetExitCodeProcess
GetSystemWindowsDirectoryW
VirtualLock
DecodePointer
CreateThread
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetExitCodeThread
ResumeThread
SuspendThread
GetSystemPowerStatus
FreeLibrary
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetDriveTypeW
GetLogicalDrives
GetSystemTimeAsFileTime
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetDiskFreeSpaceExW
GetTickCount
DeleteFileW
GetTempFileNameW
GetModuleHandleW
CloseHandle
FindClose
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetSystemDefaultUILanguage
GetLastError
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryExW
CompareStringW
LCMapStringW
ExitProcess
GetModuleHandleExW
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceCounter
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
UnmapViewOfFile
SetEvent
LocalFree
SetErrorMode
WaitForSingleObject
GetSystemTime
FileTimeToLocalFileTime
MoveFileExW
EnumResourceNamesW
RemoveDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpA
LocalAlloc
FormatMessageW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
CreateEventW
LoadLibraryW
CreateFileMappingW
MapViewOfFile
OpenEventW
OpenFileMappingW
GetSystemDirectoryW
GetNativeSystemInfo
HeapSetInformation
CreateProcessW
SetEndOfFile

user32

KillTimer
DestroyIcon
EnableWindow
GetDesktopWindow
SendInput
PostMessageW
LoadImageW
GetWindowRect
MapWindowPoints
ShowWindow
SetTimer
MoveWindow
DefWindowProcW
PostQuitMessage
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
UnregisterClassW
RegisterClassW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetScrollBarInfo
MessageBoxW
GetForegroundWindow
DialogBoxParamW
SetDlgItemTextW
SetWindowTextW
LoadIconW
GetDlgItem
EndDialog
SendDlgItemMessageW
CheckRadioButton
CheckDlgButton
CopyRect
GetWindowTextLengthW
GetWindowTextW
GetDC
DrawTextW
ReleaseDC
GetParent
SetFocus
SetRectEmpty
DrawTextExW
ScreenToClient
GetKeyState
SetWindowLongPtrW
GetWindowLongPtrW
SendMessageW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderLocation
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW

ole32

CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemAlloc

oleaut32

SysStringLen
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement

rpcrt4

UuidFromStringW

ntdll

RtlCaptureContext
RtlNtStatusToDosError
RtlGetVersion
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlUnwind
RtlPcToFileHeader

gdi32

SelectObject

comctl32

InitCommonControlsEx
PropertySheetW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptMsgGetParam
CryptDecodeObject
CertVerifyCertificateChainPolicy
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188.3MB - Virtual size: 188.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSchedExe.exe
.exe windows:10 windows x64 arch:x64

9bb805d1418f5443c74b46538e23aa97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MSchedExe.pdb

Imports

kernel32

CompareStringOrdinal
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

?terminate@@YAXXZ
_XcptFilter
_amsg_exit
__wgetmainargs
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

maintenanceui

StopMaintenance
StartMaintenance

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Magnify.exe
.exe windows:10 windows x64 arch:x64

040c0d0cb06c9061bf366d53eabd8db9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Magnify.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventWriteTransfer
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegGetValueW
EventSetInformation
RegQueryValueExW
RegDeleteTreeW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryValueW
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegEnumValueW

kernel32

GetTickCount64
SetProcessShutdownParameters
RegisterApplicationRestart
CreateEventExW
DeleteCriticalSection
InitializeCriticalSectionEx
TerminateProcess
GetCurrentProcess
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAddAtomW
GlobalDeleteAtom
SetEvent
GetUserDefaultLCID
LoadLibraryExW
FreeLibrary
ResetEvent
VirtualQuery
Sleep
HeapSetInformation
OpenMutexW
CompareStringW
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
CreateMutexW
GetSystemInfo
LoadLibraryExA
VirtualProtect
InitOnceComplete
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
GetFileAttributesW
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
ExpandEnvironmentStringsW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
LocalFree
GetLocaleInfoEx
LoadLibraryW
InterlockedPushEntrySList
GlobalAlloc
OOBEComplete
LoadResource
FindResourceExW
CreateThread
LockResource
ProcessIdToSessionId
IsProcessInJob
OpenJobObjectW
CompareStringOrdinal
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
SizeofResource

gdi32

FillRgn
GetObjectW
CreateCompatibleDC
DeleteDC
LineTo
MoveToEx
SelectObject
GetStockObject
CreateSolidBrush
CreateBrushIndirect
CreateBitmap
DeleteObject
CombineRgn
CreateRectRgn

user32

DestroyCursor
SetWindowsHookExW
CallNextHookEx
GetUserObjectInformationW
GetWindowRgn
SetFullscreenMagnifierOffsetsDWMUpdated
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
WindowFromPhysicalPoint
ReleaseDC
UnregisterClassA
CloseDesktop
UpdateLayeredWindow
LoadImageW
GetDC
RegisterClassW
FillRect
SetCursor
GetMessagePos
RemovePropW
SetPropW
SetWindowPlacement
RealGetWindowClassW
GetDoubleClickTime
SendMessageTimeoutW
SetRectEmpty
GetClassNameW
GetForegroundWindow
IsIconic
PostQuitMessage
DispatchMessageW
TranslateMessage
UnregisterHotKey
OpenInputDesktop
UpdateWindow
GetWindow
AdjustWindowRectEx
IsWindowVisible
SendMessageW
LoadIconW
SetWindowLongW
SetPhysicalCursorPos
MapWindowPoints
GetPointerFrameInfoHistory
GetPointerInfo
GetWindowTextW
GetWindowThreadProcessId
ShowWindow
InvalidateRect
GetCursorPos
SetWindowRgn
SetWindowPos
GetSysColor
GetClientRect
SetWinEventHook
SetLayeredWindowAttributes
LoadCursorW
SetActiveWindow
EndPaint
BeginPaint
GetPointerDeviceRects
GetParent
UnhookWinEvent
SetWindowLongPtrW
GetWindowLongPtrW
InflateRect
SetRect
GetGUIThreadInfo
DefWindowProcW
MonitorFromRect
RegisterClassExW
SetSystemCursor
RegisterHotKey
GetAsyncKeyState
GetKeyboardLayout
GetMessageW
MapVirtualKeyExW
UnionRect
RegisterPointerDeviceNotifications
CreateWindowExW
GetPhysicalCursorPos
DestroyWindow
IsWindow
ClipCursor
EnumDisplayMonitors
KillTimer
SystemParametersInfoW
LoadStringW
FindWindowW
PostMessageW
UnhookWindowsHookEx
GetSystemMetrics
GetWindowLongW
GetAncestor
IntersectRect
EqualRect
GetDesktopWindow
GetWindowRect
IsRectEmpty
OffsetRect
PtInRect
SendInput
MonitorFromPoint
GetMonitorInfoW
CopyRect
GetPointerDevices
GetDpiForWindow
AdjustWindowRectExForDpi
GetFocus
SetFocus
GetKeyState
GetShellWindow
SendNotifyMessageW
SetDesktopColorTransform
GetProcessDefaultLayout
GetThreadDesktop
SetTimer

msvcp_win

_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
_Thrd_detach
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Unlock_shared_ptr_spin_lock
_Lock_shared_ptr_spin_lock
?_Xbad_function_call@std@@YAXXZ
_Thrd_id
_Thrd_join
_Mtx_unlock
_Mtx_lock
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

api-ms-win-crt-string-l1-1-0

wcsncmp
memmove_s
memset
wcsspn
strncmp
wcscmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswscanf
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__hypot
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__ltow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_atan2
_o_atan2f
_o_ceil
_o_ceilf
_o_cosf
_o_exit
_o_floorf
_o_fmod
_o_free
_o_iswspace
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_realloc
_o_sinf
_o_sqrt
_o_sqrtf
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___p__commode
__std_terminate
__CxxFrameHandler4
_o___std_exception_destroy
_o___std_exception_copy
wcschr
wcsrchr
memcmp
memcpy
memmove

ole32

CoUninitialize
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

oleacc

AccessibleObjectFromEvent
AccessibleObjectFromWindow

comctl32

ord17
InitCommonControlsEx

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantClear
SafeArrayGetLBound
SysFreeString
SafeArrayGetDim
SafeArrayGetVartype
SafeArrayAccessData
SafeArrayUnaccessData
SetErrorInfo
SysStringLen
GetErrorInfo
SafeArrayGetUBound
SafeArrayPutElement

gdiplus

GdipSetSmoothingMode
GdipFree
GdipAlloc
GdipCloneBrush
GdipStringFormatGetGenericTypographic
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawLine
GdipDeletePen
GdipDeleteBrush
GdipCreatePen1
GdipFillRectangle
GdipSetInterpolationMode

shell32

ShellExecuteW
SHGetKnownFolderPath
SHAppBarMessage

ntdll

NtQueryWnfStateData
WinSqmSetDWORD
WinSqmIsOptedIn
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlCaptureContext
RtlPublishWnfStateData
RtlVirtualUnwind
WinSqmAddToStream

dwmapi

DwmSetWindowAttribute
DwmIsCompositionEnabled

magnification

MagSetInputTransform
MagSetLensUseBitmapSmoothing
MagSetWindowTransform
MagSetWindowSource
MagSetFullscreenUseBitmapSmoothing
MagSetFullscreenColorEffect
MagSetFullscreenTransform
MagInitialize
MagUninitialize
MagShowSystemCursor

uiautomationcore

UiaRaiseStructureChangedEvent
UiaRaiseAutomationEvent
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaReturnRawElementProvider

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-crt-math-l1-1-0

_isnan
_finite

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdRes.exe
.exe windows:10 windows x64 arch:x64

3d553fef2350214df4679f35ff59a173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdres.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
CompareStringW
HeapSetInformation
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime

user32

GetMessageW
DispatchMessageW
LoadStringW
DefWindowProcW
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW
LoadIconW
PostQuitMessage
TranslateMessage

msvcrt

_amsg_exit
_cexit
free
_callnewh
malloc
__wgetmainargs
_exit
__setusermatherr
__set_app_type
__C_specific_handler
_fmode
_commode
_XcptFilter
?terminate@@YAXXZ
exit
_initterm
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

shell32

Shell_NotifyIconW

comctl32

ord345

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
VariantInit
SysFreeString

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdSched.exe
.exe windows:10 windows x64 arch:x64

a4bb20aeb8afa2bf97327d41b25c5c30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mdsched.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
EventWrite
InitiateShutdownW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
GetSystemTimeAsFileTime
CloseHandle
GetCurrentProcess
HeapSetInformation
GetLastError
GetModuleHandleW
GetCurrentThreadId
CompareStringW
GetTickCount
UnhandledExceptionFilter
TerminateProcess

user32

LoadStringW

msvcrt

_cexit
_exit
__C_specific_handler
_initterm
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
?terminate@@YAXXZ
_commode
_fmode
__setusermatherr
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

comctl32

ord345

bcd

BcdOpenObject
BcdCloseObject
BcdSetElementData
BcdCloseStore
BcdOpenSystemStore

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MdmDiagnosticsTool.exe
.exe windows:10 windows x64 arch:x64

9b2aa36f56a7f70d879ec5a882e7bc90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MdmDiagnosticsTool.pdb

Imports

msvcrt

_callnewh
malloc
??0exception@@QEAA@AEBQEBD@Z
wcsncmp
wcsrchr
_XcptFilter
_amsg_exit
??3@YAXPEAX@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__wgetmainargs
??0exception@@QEAA@AEBQEBDH@Z
_vsnprintf_s
exit
_exit
memmove
_cexit
??0exception@@QEAA@AEBV0@@Z
__setusermatherr
??0exception@@QEAA@XZ
_initterm
__C_specific_handler
_fmode
??1exception@@UEAA@XZ
_commode
?terminate@@YAXXZ
_lock
__set_app_type
__CxxFrameHandler3
_unlock
memcpy
__dllonexit
_onexit
_purecall
_wcsicmp
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
wprintf
__CxxFrameHandler4
??1type_info@@UEAA@XZ
memset

ntdll

RtlIsStateSeparationEnabled
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
FindClose
FindFirstFileW
CreateFileW
CreateDirectoryW
GetFileAttributesW
SetFileInformationByHandle
FindNextFileW
SetFileAttributesW
GetFullPathNameW
DeleteFileW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW
GetModuleHandleW

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-path-l1-1-0

PathAllocCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

mdmdiagnostics

ord2
ord1
ord5
ord3
ord4

omadmapi

ord104

dmcmnutils

DmInitializeContainer
DmStopContainerActivity
DmStartContainerActivity
DmExecuteProcessAndCollect
DmGetActiveUserSid

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeBCHost.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeCP.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeDevTools.exe
.exe windows:10 windows x64 arch:x64

72cfe4b53f527af5f154a65ef34d5c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeCP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_exception_destroy
_o__configure_wide_argv
_o__configthreadlocale
_o___std_exception_copy
_o___p__commode
_o__cexit
_o__callnewh
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy
_o___stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetErrorMode
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoGetApartmentType

edgeiso

ord224

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

ntdll

NtQuerySystemInformation

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

wintrust

WTGetSignatureInfo

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MicrosoftEdgeSH.exe
.exe windows:10 windows x64 arch:x64

4f297c9cdce9606a6d53083f755d899c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MicrosoftEdgeSH.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
wcschr
_CxxThrowException
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrW

iertutil

ord797
ord870
ord792
ord650

edgeiso

ord130

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

userenv

GetAppContainerRegistryLocation

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-2

SetProtectedPolicy

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

ntdll

NtQuerySystemInformation

wintrust

WTGetSignatureInfo

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MoNotificationUxStub.exe
.exe windows:10 windows x64 arch:x64

5bfdddaae63404f97690259c00047081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MoNotificationUxStub.pdb

Imports

msvcp_win

?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memmove
_o__callnewh
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
FormatMessageA

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MpSigStub.exe
.exe windows:10 windows x64 arch:x64

73d10f665b566678ac1ddf9942fdaea0

Code Sign

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:50

Not After

16/10/2024, 19:50

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:6a:96:a7:30:1c:f9:79:3c:6e:91:d2:ea:6b:df:59:06:96:8f:32:23:43:c2:30:89:37:e5:43:80:7f:94:88
Signer

Actual PE Digest

cd:6a:96:a7:30:1c:f9:79:3c:6e:91:d2:ea:6b:df:59:06:96:8f:32:23:43:c2:30:89:37:e5:43:80:7f:94:88

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MpSigStub.pdb

Imports

advapi32

EnumerateTraceGuids
ControlTraceW
TraceMessage
EventWriteTransfer
StartTraceW
EnableTrace
CloseServiceHandle
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
CopySid
FreeSid
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW
QueryServiceStatus
EventUnregister
EventRegister
OpenThreadToken
OpenProcessToken
DecryptFileW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
GetTokenInformation
GetLengthSid
AddAccessAllowedAce

kernel32

GetCurrentProcessId
GetLastError
SetEndOfFile
SetLastError
IsWow64Process
GetCurrentProcess
FreeLibrary
Sleep
CloseHandle
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThread
GetCurrentThreadId
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetModuleFileNameW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW
RaiseException
QueryPerformanceCounter
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
SetFileAttributesW
CopyFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcessTimes
GetCommandLineW
SetWaitableTimer
CreateWaitableTimerW
CreateDirectoryW
CancelIo
CreateNamedPipeW
InitializeProcThreadAttributeList
GetNamedPipeClientProcessId
PeekNamedPipe
DisconnectNamedPipe
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
VirtualQuery
ConnectNamedPipe
GetThreadTimes
SizeofResource
SetFileTime
VirtualUnlock
SetFilePointer
LockResource
LoadResource
FindResourceW
SystemTimeToFileTime
GetSystemTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
DeleteFileW
GetEnvironmentVariableW
GetSystemDirectoryW
FormatMessageW
GetNativeSystemInfo
HeapSetInformation
GetCurrentDirectoryW
LocalFree
CreateProcessW
GetSystemWindowsDirectoryW
GetExitCodeProcess
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
RemoveDirectoryW
FindClose
WaitForSingleObject
GetFileAttributesW
OpenProcess
CreateEventW
SetEvent
WaitForSingleObjectEx
ResetEvent
QueryFullProcessImageNameW
QueryPerformanceFrequency
VirtualLock
WaitForMultipleObjects
FindFirstFileExW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

rpcrt4

UuidCreate
UuidFromStringW

ntdll

RtlNtStatusToDosError
NtQueryInformationFile
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetVersion
NtSetInformationFile

Sections

.text
Size: 704KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MsSpellCheckingHost.exe
.exe windows:10 windows x64 arch:x64

5923bcb9135c79a044f2309bba8c7190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msspellcheckinghost.pdb

Imports

user32

UnregisterClassA
CharUpperW
DispatchMessageW
CharNextW
TranslateMessage
GetMessageW
PostThreadMessageW

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
__dllonexit
_lock
_onexit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_errno
realloc
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_cexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_unlock
??0exception@@QEAA@XZ
memmove
??3@YAXPEAX@Z
memcpy
__CxxFrameHandler3
exit
_CxxThrowException
_exit
_callnewh
_purecall
wcscat_s
wcscpy_s
malloc
wcsncpy_s
free
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler4
memset

oleaut32

SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
UnRegisterTypeLi

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemAlloc
CoResumeClassObjects
CoTaskMemFree
CoRevokeClassObject
CoSuspendClassObjects
CoCreateInstance
CoRegisterClassObject
CoUninitialize
CoInitializeEx
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
OpenThreadToken
CreateThread
GetCurrentThreadId
GetStartupInfoW
GetCurrentThread

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
SizeofResource
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
LoadResource

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
DeleteCriticalSection
WaitForSingleObject
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
OpenMutexW
ReleaseMutex
EnterCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MuiUnattend.exe
.exe windows:10 windows x64 arch:x64

9fe402ca9e5c96d9217350e15adc4887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MUIUnattend.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
memmove_s
__setusermatherr
__C_specific_handler
wcschr
_purecall
??3@YAXPEAX@Z
wcsncmp
_initterm
__wgetmainargs
memmove
?terminate@@YAXXZ
_wcsicmp
_onexit
memcpy_s
_vsnwprintf
_wcsnicmp
__dllonexit
__set_app_type
wcsrchr
_vsnprintf
exit
memcmp
memcpy
_unlock
_lock
_commode
_fmode
_cexit
wprintf
_exit
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegUnLoadKeyW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateSemaphoreExW
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSemaphore
InitializeCriticalSectionEx
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObject
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-localization-l1-2-0

SetUserGeoID
FormatMessageW
LocaleNameToLCID
GetUserDefaultLocaleName
GetLocaleInfoEx

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

sspicli

GetUserNameExW

api-ms-win-core-localization-l1-2-2

GetSystemDefaultLocaleName

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-private-l1-1-0

NlsUpdateLocale

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlpSetPreferredUILanguages
RtlNtStatusToDosError
RtlGetUILanguageInfo

api-ms-win-core-file-l1-1-0

CreateDirectoryW
CreateFileW
FindNextFileW
FindFirstFileW
GetFullPathNameW
FindClose
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-security-base-l1-1-0

PrivilegeCheck
AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ie4ushowIE.exe
.exe windows:10 windows x64 arch:x64

7c773635e988a2c9f0162df72b65d60d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ie4ushowIE.pdb

Imports

advapi32

RegSetValueW
RegQueryValueExW
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
EventUnregister
EventRegister
CryptDestroyKey
CryptDestroyHash
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptGetKeyParam
CryptEncrypt
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
EventWriteTransfer
GetSecurityDescriptorSacl
GetAce
SetNamedSecurityInfoW
CopySid
GetNamedSecurityInfoW
ConvertStringSidToSidW
IsValidSid
OpenProcessToken
GetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid

kernel32

HeapSetInformation
RaiseException
GetEnvironmentVariableW
SetErrorMode
GetModuleHandleExW
LocalFree
GetLocalTime
CreateThread
SetEvent
FormatMessageW
CreateEventW
WaitForSingleObject
DelayLoadFailureHook
LoadLibraryExA
AcquireSRWLockShared
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
AcquireSRWLockExclusive
CloseThreadpoolTimer
ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FlushViewOfFile
SystemTimeToFileTime
GetSystemTime
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
SetEndOfFile
LCMapStringW
GetFullPathNameW
DuplicateHandle
CreateMutexW
OpenMutexW
GetFileSizeEx
SetFileTime
UnmapViewOfFile
IsDebuggerPresent
DebugBreak
CreateMutexExW
HeapAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
ReleaseMutex
LocalAlloc
ReleaseSemaphore
SetFilePointer
LoadLibraryExW
lstrcmpW
GetTickCount
FreeLibrary
GetModuleHandleW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
DeleteFileW
LockResource
GetVersionExA
GetLastError
Sleep
SetFileAttributesW
GetVersionExW
CreateFileW
FindClose
GetModuleFileNameW
GetShortPathNameW
WriteFile
FindNextFileW
FindFirstFileExW
FindFirstFileW
SizeofResource
ReadFile
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsWow64Process
ExpandEnvironmentStringsW
GetNativeSystemInfo
WideCharToMultiByte
InitOnceExecuteOnce
HeapFree
GetProcessHeap
GetModuleFileNameA
CreateSemaphoreExW
SetLastError

user32

LoadStringW
PostThreadMessageW
PostMessageW
GetMessageW

msvcrt

memset
wcspbrk
iswalpha
wcschr
wcsncmp
wcscat_s
_purecall
memmove_s
_initterm
__setusermatherr
_cexit
_exit
_lock
_onexit
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
wcsrchr
_wcsnicmp
memcpy_s
_vsnwprintf
_commode
?terminate@@YAXXZ
_wcsicmp
__C_specific_handler
_wcmdln
__set_app_type
__dllonexit
exit
_fmode
memcmp
_unlock

shell32

SHCreateItemFromParsingName
SHChangeNotify
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord190
ord155
SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetKnownFolderPath
SHSetLocalizedName
ord165
SHCreateDirectoryExW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

shlwapi

PathRemoveBlanksW
StrCmpIW
PathRemoveExtensionW
SHGetValueW
SHSetValueW
ord158
PathFindFileNameW
SHDeleteValueW
StrCmpNIW
PathIsNetworkPathW
StrTrimW
StrStrIW
PathFileExistsW

oleaut32

SysAllocString
SysFreeString

ole32

OleInitialize
PropVariantClear
CoInitializeEx
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
OleUninitialize

crypt32

CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptImportPublicKeyInfo

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ieUnatt.exe
.exe windows:10 windows x64 arch:x64

1e4db10099a98336fe15aa0094b09cac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ieUnAtt.pdb

Imports

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW

kernel32

GetModuleHandleExW
ReleaseSemaphore
CreateSemaphoreExW
GetModuleFileNameA
FormatMessageW
WaitForSingleObject
ExpandEnvironmentStringsW
ReleaseMutex
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
LoadLibraryExW
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapAlloc
CloseHandle
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
IsDebuggerPresent
lstrcmpiW
LocalFree
GetLastError
GetCommandLineW
WritePrivateProfileStringW
LocalAlloc
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection

msvcrt

_vsnprintf
wcsrchr
wcschr
memcpy_s
wcspbrk
iswalpha
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsncmp
_wcsnicmp
_itow_s
iswspace
_vsnwprintf
memset

shell32

SHGetFolderPathW
CommandLineToArgvW

shlwapi

ord158
StrCmpW
StrChrW

user32

LoadStringW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iexpress.exe
.exe windows:10 windows x64 arch:x64

eb7245009d5161bc32c51ea9dcb81d49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iexpress.pdb

Imports

kernel32

CloseHandle
GetSystemInfo
WritePrivateProfileStringA
SetFileAttributesA
GetProcAddress
LocalFree
GetModuleHandleW
lstrcmpiA
CreateProcessA
CreateDirectoryA
FormatMessageA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileSectionA
GetExitCodeProcess
EnumResourceLanguagesA
SizeofResource
MoveFileA
SetLastError
LoadLibraryExA
EnumResourceNamesA
EnumResourceTypesA
UnmapViewOfFile
FreeResource
_llseek
GetFileInformationByHandle
GetTempPathA
FindResourceExA
CreateFileA
GlobalAlloc
GlobalFree
LoadResource
GlobalLock
CreateFileMappingA
_lread
FreeLibrary
_lclose
GetTempFileNameA
MapViewOfFile
GetTickCount
GlobalUnlock
_lwrite
GetCurrentDirectoryA
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
GetLastError
CopyFileA
CompareStringA
GetVersion
DeleteFileA
GetPrivateProfileSectionA
lstrcmpA
LocalAlloc
FindClose
GetFullPathNameA
GetUserDefaultUILanguage
WriteFile
FindFirstFileA
GetModuleFileNameA
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetVersionExA
IsDBCSLeadByte
ReadFile
LockResource
GetShortPathNameA

gdi32

CreateFontIndirectA
DeleteObject
GetObjectA
GetDeviceCaps
CreateFontIndirectW
GetStockObject

user32

GetDlgItemTextA
ShowWindow
CheckRadioButton
GetWindowRect
SystemParametersInfoW
CharPrevA
CheckDlgButton
CharNextA
DispatchMessageA
GetDC
LoadStringA
PostMessageA
GetSystemMetrics
MessageBeep
IsDlgButtonChecked
CallWindowProcA
MessageBoxA
SetFocus
SendDlgItemMessageA
SendMessageA
GetDlgItem
PeekMessageA
GetWindowLongPtrA
GetParent
SetWindowLongPtrA
ReleaseDC
EnableWindow
MsgWaitForMultipleObjects
SetDlgItemTextA

msvcrt

_itoa_s
strtok
toupper
_commode
memcpy
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_fmode
?terminate@@YAXXZ
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
wcsncmp
mbstowcs
malloc
_splitpath_s
strchr
free
strtoul
_vsnprintf
memcpy_s
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

comctl32

CreatePropertySheetPageA
PropertySheetA
DestroyPropertySheetPage

comdlg32

GetOpenFileNameA
GetSaveFileNameA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

CheckSumMappedFile

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immersivetpmvscmgrsvr.exe
.exe windows:10 windows x64 arch:x64

30e06e4a84d544725801993d6c1fac32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ImmersiveTpmVscMgrSvr.pdb

Imports

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
GetCommandLineW
SetEvent
DeleteCriticalSection
RaiseException
Sleep
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateThread
RaiseFailFastException
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

PostThreadMessageW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
UnregisterClassA
CharNextW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
_CxxThrowException
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
__C_specific_handler_noexcept
_o___stdio_common_vswprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vsnprintf_s
memcpy
_o___p__commode
memmove

oleaut32

SysAllocString
LoadTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoResumeClassObjects
StringFromGUID2
CoGetMalloc
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoSetProxyBlanket
CoTaskMemFree
CoCreateGuid

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

LockResource
FindResourceExW
FreeLibrary
LoadResource

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchRemoveFileSpec

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

CreateDirectoryW

bcrypt

BCryptDestroyKey
BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptCloseAlgorithmProvider

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-heap-l1-1-0

HeapReAlloc

profapi

ord104

ntdll

RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupGetInfDriverStoreLocationW
SetupDiGetDevicePropertyW
SetupDiCreateDeviceInfoList
SetupDiSetDevicePropertyW

winscard

SCardEstablishContext
SCardGetReaderDeviceInstanceIdW
SCardReleaseStartedEvent
SCardListReadersW
SCardAccessStartedEvent
SCardListReadersWithDeviceInstanceIdW
SCardDisconnect
SCardConnectW
SCardReleaseContext
SCardGetStatusChangeW
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardBeginTransaction
SCardReconnect
SCardEndTransaction
SCardFreeMemory

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ipconfig.exe
.exe windows:10 windows x64 arch:x64

ab420ecb16a81fbe9863414ae68c8445

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ipconfig.pdb

Imports

msvcrt

wcschr
_write
_initterm
toupper
exit
fflush
?terminate@@YAXXZ
_XcptFilter
__C_specific_handler
memcpy
_amsg_exit
__setusermatherr
__wgetmainargs
__iob_func
_fileno
_wcsicmp
_setmode
fgetpos
__set_app_type
_exit
_fmode
_commode
_cexit
setlocale
_vsnwprintf
fwprintf
_get_osfhandle
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW

iphlpapi

ConvertGuidToStringW
ConvertInterfaceLuidToGuid
FreeInterfaceDnsSettings
GetAdaptersAddresses
SetCurrentThreadCompartmentId
GetCurrentThreadCompartmentId
GetNetworkParams
ConvertInterfaceLuidToNameW
GetInterfaceDnsSettings
ConvertLengthToIpv4Mask
ConvertInterfaceIndexToLuid

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileType

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

dhcpcsvc

DhcpEnumClasses
DhcpHandlePnPEvent
DhcpReleaseParameters
DhcpAcquireParameters

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

ntdll

RtlIpv4AddressToStringExW
RtlIpv6AddressToStringW
RtlFreeUnicodeString
RtlIpv6AddressToStringExW
RtlStringFromGUID

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount

dhcpcsvc6

Dhcpv6AcquireParameters
Dhcpv6SetUserClass
Dhcpv6GetUserClasses
Dhcpv6IsEnabled
Dhcpv6ReleaseParameters

ws2_32

InetNtopW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

dnsapi

DnsFree
DnsFreeConfigStructure
DnsQueryConfigAllocEx
DnsGetCacheDataTableEx
DnsQuery_W
DnsRecordStringForType
DnsResolverOp
DnsFlushResolverCache

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

nsi

NsiSetAllParameters
NsiGetAllParameters
NsiFreeTable
NsiAllocateAndGetTable

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicli.exe
.exe windows:10 windows x64 arch:x64

40b046298a14421629c4c5b5fea9f90e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iscsicli.pdb

Imports

msvcrt

memcpy
?terminate@@YAXXZ
_wcsicmp
_fmode
_initterm
__setusermatherr
_cexit
_exit
__iob_func
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wcstoui64
feof
fgetws
vswprintf_s
_wtoi
_vsnwprintf
__C_specific_handler
_commode
memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileType
WriteFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ws2_32

WSAStartup
WSACleanup
WSAStringToAddressA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

iscsidsc

LogoutIScsiTarget
GetIScsiSessionListW
ReportIScsiInitiatorListW
RemoveIScsiStaticTargetW
RefreshISNSServerW
RemoveIScsiConnection
ClearPersistentIScsiDevices
SetupPersistentIScsiVolumes
ReportIScsiPersistentLoginsW
SendScsiInquiry
AddISNSServerW
RemoveISNSServerW
RefreshIScsiSendTargetPortalW
SetIScsiIKEInfoW
LoginIScsiTargetW
SetIScsiInitiatorCHAPSharedSecret
GetDevicesForIScsiSessionW
AddIScsiStaticTargetW
RemoveIScsiPersistentTargetW
SendScsiReadCapacity
SetIScsiGroupPresharedKey
GetIScsiVersionInformation
ReportISNSServerListW
AddIScsiConnectionW
ReportIScsiSendTargetPortalsExW
RemovePersistentIScsiDeviceW
AddPersistentIScsiDeviceW
SetIScsiTunnelModeOuterAddressW
SendScsiReportLuns
ReportIScsiTargetsW
GetIScsiInitiatorNodeNameW
GetIScsiIKEInfoW
SetIScsiInitiatorNodeNameW
RemoveIScsiSendTargetPortalW
GetIScsiTargetInformationW
AddIScsiSendTargetPortalW
ReportPersistentIScsiDevicesW
ReportActiveIScsiTargetMappingsW

iscsium

DiscpFreeMemory
DiscpFreeDeviceInterfaceList
DiscpSetRegistryValue
DiscpAllocMemory
DiscpExecuteMethod
DiscpEnumerateDeviceInterfaces
DiscpTextAddrToBinary

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iscsicpl.exe
.exe windows:10 windows x64 arch:x64

23b7709c37b2c36ea9464f15dea83d64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iscsicpl.pdb

Imports

kernel32

GetCurrentProcessId
lstrcmpW
UnhandledExceptionFilter
GetLocaleInfoW
EnumUILanguagesW
GetUserDefaultUILanguage
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess
GetCurrentProcess

gdi32

GetStockObject

user32

RegisterClassW
DestroyIcon
GetWindowLongPtrW
LoadCursorW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
CharNextW
CharUpperBuffW
GetClassNameW
DefWindowProcW
GetWindow

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__setusermatherr
memset

shell32

Control_RunDLL

shlwapi

ord10

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isoburn.exe
.exe windows:10 windows x64 arch:x64

3e37124ba821088b03aee74827d76a53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

isoburn.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventWrite
EventEnabled
RegCloseKey
RegOpenKeyExW
RegEnumKeyW

kernel32

GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
GetLastError
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
GetModuleHandleExW
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
LeaveCriticalSection
CreateThread
PowerCreateRequest
PowerSetRequest
PowerClearRequest
CompareStringOrdinal
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSection
LocalFree
GetTickCount64
GetVolumePathNamesForVolumeNameW
RaiseException
HeapDestroy
GetCommandLineW
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
EnterCriticalSection

user32

SetWindowLongPtrW
MessageBoxW
EndDialog
SetTimer
GetDlgItem
EnableWindow
IsDlgButtonChecked
SendDlgItemMessageW
ShowWindow
GetDesktopWindow
KillTimer
PostMessageW
SetFocus
SetDlgItemTextW
RegisterWindowMessageW
LoadIconW
SetWindowTextW
LoadStringW
DialogBoxParamW
SendMessageW

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_XcptFilter
_ismbblead
_callnewh
__setusermatherr
_initterm
_acmdln
memcmp
_cexit
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
malloc
free
isalpha
memcpy_s
_vsnwprintf
__C_specific_handler
toupper
memset

shlwapi

SHRegGetValueW
ord158
ord388
PathFindFileNameW

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
DispCallFunc

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

comctl32

ord386
ord329
ord328
ord332
ord334

uxtheme

EnableThemeDialogTexture

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
klist.exe
.exe windows:10 windows x64 arch:x64

85207cdd890ace87bf7ef7906d90318b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

klist.pdb

Imports

msvcrt

_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
memcpy
?terminate@@YAXXZ
_vsnwprintf
_XcptFilter
free
_callnewh
malloc
wcstoul
wcstol
_wcsicmp
fwprintf
sprintf_s
_snwprintf_s
exit
_wsetlocale
_amsg_exit
__iob_func
memset

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

EqualSid
GetLengthSid
SetKernelObjectSecurity
GetTokenInformation
IsValidSid
CreateWellKnownSid
SetSecurityDescriptorDacl
CopySid
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
DuplicateTokenEx
GetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidLengthRequired

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadStringW
GetProcAddress

api-ms-win-core-file-l1-1-0

WriteFile
FileTimeToLocalFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

sspicli

LsaEnumerateLogonSessions

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
GetCurrentThreadId
GetCurrentThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

ext-ms-win-advapi32-lsa-l1-1-2

LsaNtStatusToWinError

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-security-trustee-l1-1-0

BuildTrusteeWithSidW

ntdll

RtlIpv6StringToAddressExW
RtlInitUnicodeString
RtlAdjustPrivilege
RtlInitString
RtlInitUnicodeStringEx
NtQueryInformationToken
NtDuplicateToken
NtOpenThreadToken
NtSetInformationThread
RtlIpv4StringToAddressExW
NtClose

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ksetup.exe
.exe windows:10 windows x64 arch:x64

5527a2a68b8c18db5e49e2664c4a8b67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ksetup.pdb

Imports

msvcrt

_amsg_exit
_XcptFilter
wcsncmp
fgetws
__wgetmainargs
_exit
_snwprintf_s
_cexit
wcsncat_s
wcschr
fwprintf
_wsetlocale
?terminate@@YAXXZ
realloc
_initterm
memcpy
_commode
_wcsicmp
__set_app_type
__C_specific_handler
_fmode
_wcsdup
wcstoul
exit
wcscpy_s
free
_vsnprintf
fprintf
wcsstr
malloc
isspace
getchar
iswalpha
iswupper
printf
__setusermatherr
_vsnwprintf
__iob_func
memset

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

wldap32

ord50
ord34
ord41
ord27
ord26
ord211
ord146
ord30
ord156
ord73
ord13
ord170

api-ms-win-core-sysinfo-l1-2-0

SetComputerNameExW

logoncli

DsGetDcNameW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

sspicli

LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaFreeReturnBuffer

srvcli

NetServerGetInfo

netutils

NetApiBufferFree

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
SetConsoleMode

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-file-l1-1-0

WriteFile

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

advapi32

LsaSetTrustedDomainInfoByName
LsaFreeMemory
LsaSetInformationPolicy
RegDeleteKeyW
LsaClose
LsaQueryTrustedDomainInfoByName
RegConnectRegistryW
LsaQueryInformationPolicy
LsaOpenPolicy
LsaStorePrivateData

kernel32

lstrcmpiW
lstrcmpW
GetComputerNameW

ntdll

RtlInitString
RtlInitUnicodeString
RtlCompareUnicodeString

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ktmutil.exe
.exe windows:10 windows x64 arch:x64

af7b616a91124c80d5ac086429b5fd63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ktmutil.pdb

Imports

msvcrt

_wcsicmp
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__wgetmainargs
_amsg_exit
_XcptFilter
exit
wprintf
free
malloc
__C_specific_handler
setlocale
__set_app_type

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlCompareMemory
NtQueryInformationEnlistment
NtOpenEnlistment
NtOpenResourceManager
NtQueryInformationTransactionManager
NtOpenTransactionManager
NtEnumerateTransactionObject
NtQueryInformationTransaction
NtOpenTransaction
RtlStringFromGUID
RtlNtStatusToDosError
RtlFreeUnicodeString

ktmw32

OpenEnlistment
CommitEnlistment
RollbackEnlistment
CommitComplete
RecoverEnlistment
OpenResourceManager
OpenTransactionManagerById

kernel32

GetCurrentProcess
GetModuleHandleW
LocalFree
FormatMessageW
WriteFile
GetConsoleOutputCP
WideCharToMultiByte
WriteConsoleW
GetConsoleMode
GetFileType
CloseHandle
GetLastError
GetVersionExW
HeapSetInformation
SetThreadUILanguage
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetStdHandle
UnhandledExceptionFilter
TerminateProcess

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid

ole32

IIDFromString

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
la57setup.exe
.exe windows:10 windows x64 arch:x64

f4691b4f528785bb036c81d887aea94e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

la57setup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o__set_new_mode

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

dismapi

DismCloseSession
DismOpenSession
DismInitialize
DismGetCapabilityInfo
DismDelete
DismGetLastErrorMessage
_DismRemoveCapabilityEx
DismShutdown

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
label.exe
.exe windows:10 windows x64 arch:x64

0381b464ac6986b68e15a9101f16060a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

label.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter
exit
__set_app_type
__getmainargs
_exit
_amsg_exit

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
HeapSetInformation
GetVolumeInformationW

ulib

?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0FLAG_ARGUMENT@@QEAA@XZ
??0REST_OF_LINE_ARGUMENT@@QEAA@XZ
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??1STREAM_MESSAGE@@UEAA@XZ
??0STREAM_MESSAGE@@QEAA@XZ
Get_Standard_Error_Stream
?QueryCurrentDosDriveName@SYSTEM@@SAEPEAVWSTRING@@@Z
?IsValueSet@ARGUMENT@@QEAAEXZ
??1OBJECT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?IsGuidVolName@PATH@@QEAAEXZ
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?DeleteChAt@WSTRING@@QEAAXKK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@WSTRING@@QEAAEXZ
??1DSTRING@@UEAA@XZ
?Initialize@REST_OF_LINE_ARGUMENT@@QEAAEXZ
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
?IsYesResponse@STREAM_MESSAGE@@UEAAEE@Z

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z

ntdll

RtlFreeHeap
NtClose
NtOpenFile
NtQueryVolumeInformationFile
NtSetVolumeInformationFile

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
licensingdiag.exe
.exe windows:10 windows x64 arch:x64

af7931716d1c144815c5675cdc706f28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

LicensingDiag.pdb

Imports

msvcrt

_wsetlocale
_fileno
_setmode
_getwch
_unlock
_lock
_open
_amsg_exit
memset
__wgetmainargs
_commode
__set_app_type
_onexit
wprintf
_exit
_fmode
_wtoi
_cexit
__setusermatherr
memmove
_wcsicmp
_vsnwprintf
_sopen_s
free
_tempnam
remove
_XcptFilter
exit
_lseek
_close
memcpy
_initterm
__C_specific_handler
__dllonexit
_write
_wcmdln
__iob_func
_read
_errno
?terminate@@YAXXZ
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime
GetComputerNameW
CopyFileW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
SizeofResource
GetProcAddress
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
LoadResource
FreeLibrary
LockResource

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
GetFileAttributesA
GetFileInformationByHandle
GetFileAttributesW
CreateFileA
GetFileSizeEx
CreateFileW
SetFileAttributesW
GetFullPathNameW
WriteFile
RemoveDirectoryW
DeleteFileW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

cabinet

ord13
ord10
ord14
ord11

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

clipc

ClipGenerateDeviceLicenseRequest
ClipGetLicenseAndPolicyForPfn
ClipOpen
ClipClose
ClipGatherDiagnostics

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedFileLocationW
GetPersistedRegistryLocationW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lodctr.exe
.exe windows:10 windows x64 arch:x64

58bf4d65108383678188a386decc65c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lodctr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsnicmp
_o__wsplitpath_s
_o__wtof
_o_exit
_o_floor
_o_terminate
_o_wcstoul
__current_exception
__current_exception_context
_o___stdio_common_vfprintf
_o___p__commode
_o___p___wargv
_o___stdio_common_vswprintf
_o___p___argc
_o___acrt_iob_func
wcschr
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle
GetCurrentDirectoryW
SearchPathW

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

loadperf

LpReleaseInstallationMutex
LpAcquireInstallationMutex
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
BackupPerfRegistryToFileW
RestorePerfRegistryFromFileW
SetServiceAsTrustedW

api-ms-win-core-file-l1-1-0

GetFileSize
ReadFile
GetFileType
WriteFile
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-base-util-l1-1-0

IsTextUnicode

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logagent.exe
.exe windows:10 windows x64 arch:x64

b444f839d6baa9cffd50de43e20af8fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logagent.pdb

Imports

advapi32

RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegCloseKey
RegDeleteValueW
OpenProcessToken
GetTokenInformation
GetAclInformation
GetAce
EqualSid
DeleteAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

kernel32

RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
lstrlenW
GetModuleFileNameW
GetComputerNameW
LoadLibraryA
UnhandledExceptionFilter
HeapFree
GetLastError
LoadLibraryW
CreateEventW
WaitForSingleObject
GetVersionExW
LocalAlloc
LocalFree
CloseHandle
CreateThread
HeapAlloc
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
RtlLookupFunctionEntry
CreateEventA
WaitForSingleObjectEx
SetEvent
HeapSize
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CreateSemaphoreA
RtlVirtualUnwind
GetModuleFileNameA
SizeofResource
VirtualProtect
VirtualAlloc
VirtualQuery
lstrcmpiA
FreeLibrary
lstrcpynA
GetProcAddress
LoadResource
IsDBCSLeadByte
HeapSetInformation
GetSystemInfo
FindResourceExA
GetCommandLineA
GetModuleHandleA
GetCurrentThreadId
LoadLibraryExA

user32

DispatchMessageA
CharPrevA
PostThreadMessageA
SetWindowLongPtrA
PostQuitMessage
GetWindowLongPtrA
CreateWindowExA
DefWindowProcA
RegisterClassA
PostMessageA
DestroyWindow
CharNextA
GetMessageA

msvcrt

iswdigit
swscanf
_wtoi
_ultow_s
_stricmp
_vsnprintf
_ultow
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
wcsrchr
iswalpha
_beginthreadex
towupper
iswcntrl
iswascii
wcsspn
wcscspn
wcschr
strchr
_strnicmp
sscanf_s
_wcsicmp
_vsnwprintf
__CxxFrameHandler4
memcpy
memset
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
strcat_s
_purecall
realloc
__C_specific_handler
malloc
_wcsnicmp
free
wcscmp

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemRealloc
CoRevokeClassObject
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionA
HttpEndRequestA
InternetOpenW
InternetErrorDlg
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestW
InternetQueryOptionA

wsock32

getsockopt
getpeername
inet_ntoa
getsockname
closesocket
bind
socket
WSACleanup
WSAStartup
setsockopt
WSAGetLastError
ntohl
htons
ntohs
WSAAsyncSelect
inet_addr
shutdown

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logman.exe
.exe windows:10 windows x64 arch:x64

eb3fed89e97c57f1b41ae544cc3ca475

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logman.pdb

Imports

msvcrt

wcsncmp
_wcsnicmp
iswspace
??3@YAXPEAX@Z
_wmakepath_s
wprintf
memmove
?terminate@@YAXXZ
wcstok
_wsplitpath_s
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsrchr
isspace
fgetws
wcsstr
_wfopen
wcschr
_errno
qsort
fseek
_wtoi
fclose
__CxxFrameHandler3
_wcsicmp
towlower
ferror
_vsnwprintf
_commode
malloc
_callnewh
memcpy
memset

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetTokenInformation
GetSecurityDescriptorOwner

api-ms-win-core-file-l1-1-0

SetFilePointerEx
ReadFile
CreateFileW
FindFirstFileW
FindNextFileW
WriteFile
FindClose
GetFullPathNameW
GetFileType

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadResource
FreeResource
FindResourceExW
SizeofResource
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
LockResource
LoadStringW

oleaut32

VarBstrFromDate
VariantClear
VarDateFromStr
VariantChangeType
SystemTimeToVariantTime
SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
SysFreeString
SafeArrayAccessData
SafeArrayCreateVector
SysAllocString
VariantTimeToSystemTime

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetStdHandle
SearchPathW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
SetConsoleMode

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoInitializeSecurity

sspicli

GetUserNameExW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpkinstall.exe
.exe windows:10 windows x64 arch:x64

746ac32b0dc9db8451eec7938bc2161a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpkinstall.pdb

Imports

user32

MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW

msvcrt

_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__dllonexit
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
__CxxFrameHandler4
??1type_info@@UEAA@XZ
free
_onexit
abort
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
malloc
_purecall

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionEx

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantInit
SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

ntdll

NtGetMUIRegistryInfo

ole32

CoInitialize

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpksetup.exe
.exe windows:10 windows x64 arch:x64

69653c3a7e8474cf47adc92d06cb4e66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpksetup.pdb

Imports

advapi32

EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EventUnregister
EventRegister
EventSetInformation
InitiateShutdownW
RegQueryInfoKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
InitializeSecurityDescriptor
CreateWellKnownSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegDeleteKeyW
RegGetValueW
RegEnumValueW
RegDeleteTreeW
OpenProcessToken
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges

kernel32

OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TerminateThread
GetWindowsDirectoryW
K32EnumProcesses
OpenProcess
QueryFullProcessImageNameW
GetExitCodeProcess
Sleep
MulDiv
WaitForMultipleObjectsEx
CreateEventW
GetCurrentThreadId
CreateMutexW
CreateThread
GetLocaleInfoEx
GetVersionExW
LocalFree
CreateFileW
WriteFile
GetLocalTime
RaiseException
FreeLibrary
HeapSetInformation
ExitProcess
LoadLibraryW
WaitForSingleObjectEx
GetCommandLineW
InitOnceComplete
GetModuleFileNameW
LoadLibraryExW
GetFileAttributesW
GetFileAttributesExW
GetTickCount64
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetLocaleInfoW
GetSystemDefaultUILanguage
GetProductInfo
LocaleNameToLCID
EnumUILanguagesW
GetUserPreferredUILanguages
SetProcessPreferredUILanguages
NotifyUILanguageChange
GetExitCodeThread
GetDiskFreeSpaceExW
EnterCriticalSection
LeaveCriticalSection
GetTempPath2W
CreateProcessW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetCurrentProcess
GetUILanguageInfo
IsValidLocaleName
GetSystemDirectoryW
GetFileMUIPath
WaitForSingleObject
OutputDebugStringW
GetLastError
FormatMessageW
InitOnceBeginInitialize
ReleaseMutex
InitializeCriticalSection
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
SetEvent
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExA
GetSystemInfo
VirtualQuery

gdi32

SetTextColor
SetBkMode
CreateRectRgn
SelectObject

user32

FindWindowW
UnregisterClassA
CreateWindowExW
SetWindowLongPtrW
GetWindowLongPtrW
DestroyIcon
LoadImageW
GetSystemMetrics
EndPaint
SetActiveWindow
BeginPaint
InvalidateRect
GetWindowRect
SetWindowPos
GetClientRect
RegisterWindowMessageW
GetSysColor
SendMessageW
GetParent
LoadStringW
GetAncestor
ShowWindow
GetWindowLongW
GetFocus
SetWindowLongW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItem
EnableWindow
GetDlgItemTextW
PostMessageW
SetForegroundWindow
DefWindowProcW
SetDlgItemTextW
SendNotifyMessageW
SetTimer
KillTimer
SystemParametersInfoW
PostThreadMessageW
GetMessageW
CharNextW
UnregisterClassW
AllowSetForegroundWindow
RegisterClassExW
MessageBoxW
ExitWindowsEx
SetWindowRgn
LoadIconW
CharUpperW
DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
DestroyWindow
DrawTextW
MapWindowPoints

msvcrt

_wsetlocale
__CxxFrameHandler3
__uncaught_exception
_errno
__pctype_func
free
??0bad_cast@@QEAA@PEBD@Z
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
___mb_cur_max_func
__crtLCMapStringW
_wgetcwd
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
wcscpy_s
_lock
wcscat_s
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
malloc
wcsncpy_s
sprintf_s
_initterm
__setusermatherr
_cexit
rand
_exit
exit
__set_app_type
towlower
tolower
__wgetmainargs
_amsg_exit
_wgetenv
_XcptFilter
abort
_wcsicoll
fclose
_wcsnicmp
fgetws
_wfopen
wcstol
wcstoul
_wcsicmp
wcsstr
wcschr
_unlock
memmove
memcpy
memchr
ceil
towupper
iswctype
iswspace
toupper
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
__CxxFrameHandler4
__crtGetStringTypeW
memmove_s
_isctype
wcscmp

shell32

ord51
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateItemInKnownFolder
SHBindToFolderIDListParent
SHGetIDListFromObject
SHGetDataFromIDListW
ord28

shlwapi

ord158
StrStrNW
StrStrIW
StrCmpIW
PathFileExistsW
PathRemoveFileSpecW
StrRetToStrW
ord219
PathMatchSpecExW
PathIsDirectoryW
PathRemoveBackslashW
PathFindExtensionW

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoGetCallContext
CoWaitForMultipleHandles
CoCreateInstance

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchCanonicalize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord17
PropertySheetW
CreatePropertySheetPageW
ord345
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
ord344

dpx

DpxNewJob

ntdll

RtlGetUILanguageInfo
RtlNtStatusToDosError
RtlpSetPreferredUILanguages
NtIsUILanguageComitted
NtGetMUIRegistryInfo
RtlGetNtProductType

ole32

CoInitialize
CoGetObject

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpremove.exe
.exe windows:10 windows x64 arch:x64

e3fa2980e95beaaf4ea84962d2493198

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lpremove.pdb

Imports

advapi32

EventWriteTransfer
EventRegister
EventUnregister
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventSetInformation
EventActivityIdControl
RegQueryInfoKeyW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
SetLastError
CloseHandle
GetCurrentThreadId
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
FormatMessageW
GetTickCount64
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
EnumUILanguagesW
InitOnceBeginInitialize
GetCurrentProcessId
CreateMutexExW
InitOnceComplete
CreateSemaphoreExW
ReleaseSRWLockExclusive
OutputDebugStringW
GetProcAddress
OpenSemaphoreW
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleHandleW
GetLastError
ReleaseSemaphore

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o___p__commode
_o__set_new_mode
_o__wcsdup
_o__wcsicmp
_o__wgetenv_s
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
_o__set_fmode
wcschr
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-localization-l1-2-0

GetSystemPreferredUILanguages

api-ms-win-core-heap-l2-1-0

LocalFree

bcp47langs

Bcp47GetMuiForm
GetUserLanguagesForUser

ntdll

NtIsUILanguageComitted
RtlNtStatusToDosError

appxdeploymentclient

ord34
ord30

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lsass.exe
.exe windows:10 windows x64 arch:x64

3bdaf07fd26e433f565a3c3ab5543b25

Code Sign

33:00:00:04:50:0d:a4:5d:0a:6c:7a:8a:57:00:00:00:00:04:50
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/08/2023, 18:38

Not After

07/08/2024, 18:38

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:5d:0b:f4:2a:44:12:23:09:69:2f:c6:50:6c:6f:fc:9a:f9:37:f4:00:7f:fa:01:56:dd:20:aa:a8:7f:84:1f
Signer

Actual PE Digest

44:5d:0b:f4:2a:44:12:23:09:69:2f:c6:50:6c:6f:fc:9a:f9:37:f4:00:7f:fa:01:56:dd:20:aa:a8:7f:84:1f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

lsass.pdb

Imports

api-ms-win-core-crt-l1-1-0

wcsncmp
wcschr
_wcsicmp
wcstol
_vsnprintf_s
strcpy_s
memcpy
memset

api-ms-win-core-crt-l2-1-0

_initterm_e
exit
_initterm

ntdll

RtlLeaveCriticalSection
NtSetInformationThread
NtFreeVirtualMemory
NtConnectPort
NtAllocateVirtualMemory
RtlReleaseResource
NtRequestWaitReplyPort
NtClose
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlCaptureContext
NtListenPort
RtlLookupFunctionEntry
RtlVirtualUnwind
NtCompleteConnectPort
NtCreatePort
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeHeap
RtlSetSaclSecurityDescriptor
NtDeviceIoControlFile
RtlSetProcessIsCritical
RtlFreeSid
RtlDeriveCapabilitySidsFromName
RtlLengthRequiredSid
RtlAddMandatoryAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
RtlAllocateHeap
RtlUnhandledExceptionFilter
RtlCreateAndSetSD
RtlInitializeSid
RtlEnterCriticalSection
RtlNtStatusToDosError
RtlAcquireResourceExclusive
NtSetInformationProcess
RtlCreateAcl
RtlCreateSecurityDescriptor
NtOpenFile
RtlInitializeResource
RtlAcquireResourceShared
DbgPrintEx
RtlAddAccessAllowedAce
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetInformationFile
RtlInitUnicodeString
RtlMakeSelfRelativeSD

rpcrt4

RpcServerUseProtseqEpW
RpcServerRegisterIf3
RpcServerListen
NdrServerCallAll
NdrServerCall2
I_RpcMapWin32Status

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetErrorMode
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

ExitProcess
ExitThread
OpenProcessToken
TlsSetValue
TlsAlloc
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
TlsGetValue

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetEnvironmentVariableW

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
OpenEventW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
CreateThreadpoolIo
CreateThreadpool
StartThreadpoolIo
TrySubmitThreadpoolCallback
CancelThreadpoolIo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-windowserrorreporting-l1-1-0

WerSetFlags

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

Exports

Exports

LsaGetInterface
LsaImpersonateKsecCaller
LsaRegisterExtension
LsaRegisterInterface

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
makecab.exe
.exe windows:10 windows x64 arch:x64

a9326a6f3c34256d97d8cd7972acc242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

makecab.pdb

Imports

msvcrt

__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_amsg_exit
_commode
?terminate@@YAXXZ
memcpy
_XcptFilter
fread
feof
tolower
fwrite
ferror
memmove_s
_mkdir
_tempnam
_stat
_unlink
_vsnprintf
__doserrno
_open_osfhandle
_eof
_lseek
ctime
setvbuf
time
_ltoa_s
_errno
_open
_strnicmp
_write
_close
fprintf
_read
remove
fclose
fopen
clock
exit
isdigit
atol
strchr
strspn
atoi
_stricmp
strncmp
printf
toupper
strpbrk
malloc
free
_fmode
_strdup
__iob_func
memset

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-versionansi-l1-1-0

VerQueryValueA

user32

CharNextExA

kernel32

GetFileAttributesExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FileTimeToDosDateTime
DosDateTimeToFileTime
GetCurrentProcessId
GetFileSize
FileTimeToLocalFileTime
SetFileAttributesA
GetVersion
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
SetFileTime
GetFullPathNameW
GetFileAttributesExA
CreateDirectoryW
GetModuleHandleW
GetProcAddress
CloseHandle
CreateFileA
GetLastError
Sleep
CreateFileW

cabinet

ord14
ord10
ord12
ord13
ord11

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manage-bde.exe
.exe windows:10 windows x64 arch:x64

407deb72ce02369dd4b5a8ed2ff6a0b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

manage-bde.pdb

Imports

advapi32

EventUnregister
EventWriteTransfer
ConvertStringSidToSidW
LookupAccountNameW
ConvertSidToStringSidW
LookupAccountSidW
EventRegister

kernel32

GetModuleHandleExW
GetProcAddress
FreeLibrary
HeapSetInformation
GetLastError
GetProcessHeap
SetThreadPreferredUILanguages
HeapFree
FormatMessageW
LoadLibraryExW
LocalFree
GetStdHandle
GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
HeapAlloc
WriteFile
SetConsoleMode
ReadConsoleW
HeapSize
GetFullPathNameW
CreateFileW
CloseHandle
LocalAlloc
LoadLibraryExA
GetModuleHandleExA
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
DelayLoadFailureHook
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount

msvcrt

__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
free
memmove
_onexit
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
wcstok_s
_wtoi64
_wcsicmp
??_V@YAXPEAX@Z
swprintf_s
_XcptFilter
memcpy_s
_vsnwprintf
_wsplitpath_s
towupper
wcsncmp
wcstoul
_wsetlocale
__CxxFrameHandler3
??3@YAXPEAX@Z
_exit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysAllocStringLen
VariantCopy
SafeArrayPutElement
SysStringByteLen
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantInit
SysFreeString
VariantClear
SysStringLen
SysAllocString

ole32

CoInitializeSecurity
CoInitializeEx

profapi

ord103

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mblctr.exe
.exe windows:10 windows x64 arch:x64

4c05bba1330e0de78edf4eda8c5ed71c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mblctr.pdb

Imports

gdi32

SetLayout
SetViewportOrgEx
SetBrushOrgEx
BitBlt
SetTextColor
GetBkColor
SelectClipRgn
GetDeviceCaps
GdiAlphaBlend
SetBkMode
Polygon
GetStockObject
GetObjectW
GetLayout
CreateRectRgn
GdiGradientFill
LineTo
MoveToEx
SetDCPenColor
SetBkColor
CreateDIBSection
GetTextMetricsW
CreateCompatibleDC
CreateFontIndirectW
DeleteDC
DeleteObject
GetTextExtentPoint32W
SelectObject

user32

SetWindowsHookExW
NotifyWinEvent
SendDlgItemMessageW
SetWindowPos
SetTimer
FillRect
IsWindowEnabled
DrawTextW
DrawFocusRect
OffsetRect
DrawIconEx
GetKeyState
GetDlgCtrlID
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetTopWindow
GetDpiForWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetDC
ReleaseDC
KillTimer
CallWindowProcW
SetDlgItemTextW
GetWindowTextW
EnableWindow
EnumChildWindows
SetWindowTextW
FrameRect
GetClassLongPtrW
DestroyWindow
QueryDisplayConfig
SetClassLongPtrW
PtInRect
ValidateRect
EndPaint
BeginPaint
SetRect
DrawEdge
GetWindowLongW
UnregisterClassA
CreateDialogParamW
UnregisterClassW
UnhookWindowsHookEx
GetActiveWindow
UpdateWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
MoveWindow
GetWindowInfo
CopyRect
GetWindowRect
GetMonitorInfoW
MonitorFromRect
GetWindowPlacement
GetNextDlgTabItem
IsDialogMessageW
GetMessageW
LoadIconW
RegisterClassW
GetClassInfoW
ShowWindow
IsIconic
GetForegroundWindow
SetForegroundWindow
FindWindowW
DispatchMessageW
TranslateMessage
EnumDisplayDevicesW
PostQuitMessage
GetIconInfo
AllowSetForegroundWindow
LoadImageW
DestroyIcon
InvalidateRect
GetFocus
DefWindowProcW
GetWindowLongPtrW
MapWindowPoints
GetClientRect
CreateWindowExW
GetDisplayConfigBufferSizes
GetParent
SendMessageW
GetDlgItem
PostMessageW
ChangeDisplaySettingsExW
LoadStringW
EnumDisplaySettingsExW
GetSysColorBrush
GetSystemMetrics
GetSysColor
SystemParametersInfoW
LoadCursorW
SetWindowLongPtrW
InflateRect

msvcrt

memset
?terminate@@YAXXZ
wcstok
realloc
_errno
_onexit
memcpy
ceilf
__RTDynamicCast
__CxxFrameHandler3
__CxxFrameHandler4
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
malloc
_purecall
wcscspn
wcstol
_wcsicmp
free
memmove_s
memcpy_s
_vsnwprintf
wcscmp

batmeter

UnsubscribeBatteryUpdateNotification
UpdateBatteryDataAsync
QueryBatteryData
GetBatteryStatusText
BatMeterIconThemeReset
GetBatteryImmersiveIcon
CreateBatteryData
SubscribeBatteryUpdateNotification
CleanupBatteryData
SetBatteryLevel
BatMeterOnDeviceChange

shlwapi

PathFileExistsW
ord618
ord437
PathGetArgsW
ord219
PathRemoveBlanksW
StrTrimW

uxtheme

DrawThemeText
GetThemeTextExtent
GetThemeBackgroundContentRect
GetThemePartSize
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeTextEx
BeginBufferedPaint
GetThemeColor
BufferedPaintInit
OpenThemeData
CloseThemeData
BufferedPaintUnInit
DrawThemeBackground

oleaut32

SysAllocString
SysFreeString

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerSetActiveScheme
PowerReadDCValue
PowerWriteACValueIndex
PowerWriteDCValueIndex
PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
GlobalAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceEvent
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CLSIDFromString
CreateStreamOnHGlobal
CoUninitialize

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
CreateProcessW
TerminateProcess
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
LoadResource
GetModuleHandleExW
GetModuleHandleW
SizeofResource
LockResource

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
WaitForSingleObjectEx
SetEvent
CreateMutexW
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
CreateEventW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

rpcrt4

UuidFromStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

powrprof

PowerApplySettingChanges
PowerDeterminePlatformRole
PowerReadFriendlyName
PowerSettingAccessCheck

comctl32

ord344
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ImageList_Destroy
ord345

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

gdiplus

GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreatePen1
GdipAlloc
GdipSetSmoothingMode
GdipDrawLine
GdipCreateSolidFill
GdipDeleteBrush
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipFillPath
GdipCreateLineBrush
GdipFillRectangle
GdipDisposeImage
GdipFree
GdipDeletePen
GdiplusStartup
GdiplusShutdown

kernel32

lstrcmpW
GlobalLock
GlobalUnlock
MulDiv
RegisterApplicationRestart

ntdll

EtwTraceMessage
NtPowerInformation

ole32

CoInitialize

shell32

ord100
SHGetKnownFolderIDList
ShellExecuteW
ord155
DuplicateIcon
ShellExecuteExW

winmm

PlaySoundW
waveOutGetNumDevs

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mcbuilder.exe
.exe windows:10 windows x64 arch:x64

62fe98d3687a2bdc3dd4016edc5e5149

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mcbuilder.pdb

Imports

kernel32

LCMapStringW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
FreeLibrary
GetProcAddress
CompareStringW
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetLastError
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
RaiseException
HeapFree
GetModuleHandleExW
GetCurrentThread
CloseHandle
HeapAlloc
LocalFree
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
WriteConsoleW

ntdll

RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlFreeHeap
RtlReAllocateHeap
EtwEventEnabled
RtlAllocateHeap

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
PrivilegeCheck
RegFlushKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegQueryValueExW

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfpmp.exe
.exe windows:10 windows x64 arch:x64

4026f56715ff1b2a293fa3e6fadb2a72

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33
Signer

Actual PE Digest

05:32:b3:9c:3b:b5:6a:7b:9f:5e:0e:0c:9a:40:dc:66:7b:a0:09:31:33:67:82:6a:09:bb:c5:0b:11:fe:2f:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MFPMP.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_strncpy_s
_o_terminate
_o_towupper
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o__callnewh
_o__cexit

api-ms-win-crt-string-l1-1-0

memset
strnlen

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
SetErrorMode
GetErrorMode
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
IIDFromString
CoFreeUnusedLibraries
CoCreateFreeThreadedMarshaler
CoInitializeEx
StringFromCLSID
CoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
DeleteCriticalSection
ResetEvent
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEvent
WaitForMultipleObjectsEx

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsGetValue
TlsSetValue
TerminateProcess
GetStartupInfoW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading

mfcore

MFCreatePMPHost

mfplat

MFStartup
MFGetCallStackTracingWeakReference
MFGetSystemTime
MFShutdown

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmc.exe
.exe windows:10 windows x64 arch:x64

68776a124cce309893e4625fe8cbd948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmc.pdb

Imports

gdi32

GetTextExtentPoint32W
SelectObject
GetStockObject
PtInRegion
CreatePolygonRgn
FillRgn
GetTextMetricsW
GetLayout
SetLayout
BitBlt
GetObjectW
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DeleteObject
GetDeviceCaps
CreateFontIndirectW

user32

GetClassNameW
wsprintfW
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
InvalidateRgn
CallWindowProcW
RegisterClassExW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetDoubleClickTime
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
UnionRect
GetMessageTime
CopyImage
DrawIconEx
CharUpperW
GetSubMenu
DestroyIcon
DrawFrameControl
SetMenu
GetMenu
ChangeClipboardChain
SetForegroundWindow
SetActiveWindow
EnumThreadWindows
GetWindowTextW
SetClipboardViewer
KillTimer
SetTimer
SetWindowPos
DefWindowProcW
DrawFocusRect
IsWindowEnabled
TrackPopupMenuEx
GetNextDlgTabItem
GetDlgItem
CharLowerW
SetMenuDefaultItem
GetForegroundWindow
NotifyWinEvent
ReleaseCapture
GetCapture
AdjustWindowRectEx
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
IsZoomed
GetSystemMenu
BringWindowToTop
EnableMenuItem
SetWindowLongPtrW
GetWindowPlacement
SetWindowLongW
GetWindowLongW
SetWindowPlacement
SetParent
DrawTextW
SetWinEventHook
IsChild
LoadImageW
DrawEdge
GetSysColor
DestroyMenu
SetMenuItemInfoW
AppendMenuW
GetMenuStringW
GetMenuItemInfoW
GetMenuItemCount
SetWindowTextW
GetDesktopWindow
MoveWindow
EnumChildWindows
LoadCursorW
SetCursor
GetMessagePos
ClientToScreen
GetDlgCtrlID
ModifyMenuW
InsertMenuW
GetMenuState
DeleteMenu
SetFocus
GetFocus
ChildWindowFromPointEx
IsIconic
MapWindowPoints
ScreenToClient
GetCursorPos
GetKeyState
SetCapture
InflateRect
IsRectEmpty
InvalidateRect
ShowWindow
PtInRect
GetClientRect
GetWindowRect
GetClassInfoW
GetSysColorBrush
GetWindowTextLengthW
IsMenu
TabbedTextOutW
GrayStringW
SendMessageW
IsWindow
DestroyAcceleratorTable
DestroyWindow
CharNextW
GetParent
LoadStringW
PostMessageW
IsWindowVisible
UpdateWindow
LoadIconW
MessageBeep
GetIconInfo
PrivateExtractIconsW
CopyIcon
LoadMenuW
GetWindowLongPtrW
SendMessageTimeoutW
MessageBoxW
OffsetRect
MonitorFromPoint
GetMonitorInfoW
CopyRect
SystemParametersInfoW
SetRect
RedrawWindow
FindWindowExW
GetWindowThreadProcessId
GetWindow
EnableWindow
SetRectEmpty
GetSystemMetrics
LoadAcceleratorsW
FillRect
GetMenuItemID
RegisterWindowMessageW
TranslateAcceleratorW
IntersectRect
CreatePopupMenu
PeekMessageW

mfc42u

ord6832
ord5815
ord6821
ord5804
ord426
ord921
ord4205
ord3585
ord5920
ord1584
ord1225
ord4506
ord3038
ord6099
ord6607
ord6096
ord6599
ord4668
ord6603
ord6407
ord6138
ord5896
ord5886
ord6448
ord6228
ord3747
ord4061
ord1562
ord1869
ord3310
ord6130
ord4595
ord1056
ord3911
ord3413
ord3419
ord4858
ord4596
ord1943
ord3912
ord3532
ord5681
ord1445
ord3873
ord568
ord2122
ord6708
ord6705
ord5925
ord1006
ord629
ord1043
ord3754
ord996
ord3867
ord5584
ord5585
ord5583
ord5304
ord5114
ord5382
ord5352
ord4699
ord4722
ord5709
ord5227
ord1698
ord5710
ord4787
ord2059
ord4779
ord5980
ord4602
ord6050
ord6767
ord6418
ord5246
ord4582
ord2384
ord2328
ord2325
ord822
ord3743
ord4741
ord2586
ord999
ord549
ord1906
ord2532
ord4583
ord5082
ord1365
ord1003
ord559
ord1908
ord2517
ord1966
ord1568
ord4122
ord2145
ord2406
ord3141
ord4818
ord1316
ord2397
ord4785
ord4775
ord4947
ord3099
ord5175
ord5309
ord5269
ord4463
ord5706
ord5523
ord4852
ord6762
ord2661
ord5677
ord4806
ord428
ord4677
ord2921
ord4601
ord4570
ord1857
ord984
ord6886
ord6887
ord2629
ord1126
ord5637
ord5635
ord2781
ord3468
ord1471
ord287
ord1450
ord2408
ord1574
ord286
ord3830
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord4082
ord4083
ord4077
ord3164
ord4371
ord1040
ord4770
ord2906
ord318
ord834
ord5615
ord6632
ord438
ord933
ord2210
ord1498
ord2211
ord6317
ord4211
ord1463
ord1677
ord2676
ord2002
ord1947
ord4598
ord4970
ord4972
ord4976
ord659
ord1063
ord4544
ord2595
ord3820
ord2449
ord2441
ord624
ord5873
ord626
ord2846
ord6750
ord6510
ord1430
ord4472
ord1337
ord6056
ord6055
ord2653
ord5723
ord347
ord859
ord1287
ord1284
ord1441
ord2752
ord2909
ord5711
ord6842
ord3682
ord2975
ord5887
ord620
ord1122
ord5730
ord5065
ord4424
ord1650
ord4539
ord2801
ord1264
ord1519
ord852
ord912
ord4983
ord6053
ord4368
ord5724
ord5722
ord2412
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord3766
ord1336
ord3279
ord3592
ord5872
ord5612
ord6069
ord2001
ord3622
ord4835
ord4969
ord4971
ord5636
ord3826
ord4772
ord3484
ord4475
ord3277
ord3590
ord1339
ord5944
ord3192
ord4533
ord6070
ord5062
ord1821
ord4561
ord351
ord863
ord6464
ord1606
ord6021
ord4436
ord3282
ord3601
ord5213
ord6610
ord6769
ord2414
ord4473
ord4766
ord1499
ord2545
ord4124
ord4773
ord4984
ord6586
ord4732
ord5988
ord3254
ord5894
ord1752
ord5665
ord3140
ord5063
ord6880
ord1483
ord1286
ord4946
ord5297
ord4682
ord4690
ord5090
ord5285
ord4886
ord4901
ord4899
ord4881
ord4884
ord4879
ord5370
ord5367
ord4405
ord6440
ord4365
ord1778
ord5662
ord2399
ord5586
ord6812
ord4694
ord5712
ord4017
ord5229
ord4789
ord2670
ord2060
ord6814
ord3932
ord5484
ord1735
ord2457
ord2140
ord5699
ord4988
ord4780
ord1061
ord3933
ord1736
ord5683
ord1067
ord665
ord3397
ord3410
ord6386
ord4181
ord3647
ord4375
ord2900
ord3177
ord1946
ord4597
ord2393
ord4974
ord4975
ord657
ord3417
ord2540
ord5682
ord1536
ord4813
ord2132
ord3473
ord1389
ord2242
ord2925
ord6202
ord5974
ord6612
ord6817
ord6815
ord4612
ord4177
ord6351
ord4859
ord4623
ord622
ord3652
ord1581
ord3407
ord5467
ord6102
ord3234
ord4752
ord3920
ord408
ord904
ord2427
ord3790
ord1647
ord4945
ord4712
ord5288
ord5496
ord5663
ord3535
ord3894
ord1035
ord3783
ord4609
ord2464
ord2466
ord1648
ord5687
ord4721
ord5245
ord5406
ord5077
ord6437
ord1777
ord5702
ord4771
ord3761
ord337
ord2593
ord4747
ord3501
ord3806
ord2329
ord2371
ord4557
ord6328
ord4131
ord2857
ord6614
ord4257
ord2902
ord4262
ord660
ord1064
ord6133
ord4297
ord2776
ord6577
ord6243
ord3740
ord599
ord6734
ord2421
ord1489
ord2105
ord2594
ord4887
ord4748
ord5675
ord3502
ord3807
ord328
ord4014
ord2591
ord4745
ord3794
ord899
ord4599
ord4568
ord6754
ord310
ord826
ord6076
ord6238
ord303
ord3742
ord6015
ord3174
ord3624
ord6446
ord6661
ord6393
ord3396
ord1124
ord2876
ord2121
ord3799
ord2903
ord1856
ord4569
ord427
ord890
ord5676
ord2919
ord1548
ord4807
ord5093
ord5659
ord1476
ord1575
ord4851
ord4759
ord5522
ord5468
ord5412
ord5147
ord5176
ord1317
ord2395
ord4774
ord2456
ord4784
ord1674
ord2671
ord5705
ord2396
ord4364
ord4462

msvcrt

__setusermatherr
memset
memcmp
__RTDynamicCast
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
wcsncmp
_ltow
wcstoul
_ultow
wcsrchr
iswspace
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
__C_specific_handler
_wcsnicmp
_wcsicmp
malloc
free
memmove_s
swscanf
__wargv
__argc
wcscpy_s
realloc
wcstol
_mbsnbcnt
_mbslen
wcsstr
_wtoi
wcschr
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
wcscmp
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3

ntdll

EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

mmcbase

?SetMainThreadID@SC@mmcerror@@SAXK@Z
?ReleaseSnapinInterface@BookKeeping@@SAJPEAUIUnknown@@H@Z
?SetHWnd@SC@mmcerror@@SAXPEAUHWND__@@@Z
?AddSnapinInterface@BookKeeping@@SA_NPEAUIUnknown@@PEBGAEAH@Z
??8SC@mmcerror@@QEBA_NJ@Z
?MMCErrorBox@@YAHVSC@mmcerror@@I@Z
?ScFromMMC@@YA?AVSC@mmcerror@@J@Z
?GetSnapinName@BookKeeping@@SAPEBGH@Z
?LastRefReleased@CMMCStrongReferences@@SA_NXZ
GetComObjectEventSource
?FromLastError@SC@mmcerror@@QEAAAEAV12@XZ
?TraceAndClear@SC@mmcerror@@QEAAXXZ
?MMCErrorBox@@YAHPEBGVSC@mmcerror@@I@Z
?InvalidInterface@BookKeeping@@SAXHPEBG0@Z
??8SC@mmcerror@@QEBA_NAEBV01@@Z
?GetHelpID@SC@mmcerror@@QEAAKXZ
?GetErrorMessage@SC@mmcerror@@QEBAXIPEAG@Z
?Release@CMMCStrongReferences@@SAKXZ
GetEventBuffer
?AddRef@CMMCStrongReferences@@SAKXZ
?IsError@SC@mmcerror@@QEBA_NXZ
?FatalError@SC@mmcerror@@QEBAXXZ
?MMCErrorBox@@YAHPEBGI@Z
MMCUpdateRegistry
?FromWin32@SC@mmcerror@@QEAAAEAV12@J@Z
?InterfaceMethodException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?MMCNullInterface@BookKeeping@@SAXHPEBG0@Z
?GetHWnd@SC@mmcerror@@SAPEAUHWND__@@XZ
?ToHr@SC@mmcerror@@QEBAJXZ
??4SC@mmcerror@@QEAAAEAV01@J@Z
??0SC@mmcerror@@QEAA@AEBV01@@Z
?TraceSnapinError@@YAXPEBGAEBVSC@mmcerror@@@Z
??4SC@mmcerror@@QEAAAEAV01@AEBV01@@Z
?Throw@SC@mmcerror@@QEAAXXZ
?Throw@SC@mmcerror@@QEAAXJ@Z
?InterfaceMethodActivationContextException@BookKeeping@@SAXHPEBG0KPEAU_EXCEPTION_POINTERS@@@Z
?AddSnapin@BookKeeping@@SAJPEBGAEAH@Z
?SetFunctionName@SC@mmcerror@@QEAAXPEBG@Z
??BSC@mmcerror@@QEBA_NXZ
??0?$CEventLock@UAppEvents@@@@QEAA@XZ
??1?$CEventLock@UAppEvents@@@@QEAA@XZ
?FindItem@BookKeeping@@SAPEAVItemHandle@@PEAX@Z
?Clear@SC@mmcerror@@QEAAXXZ
?FromMMC@SC@mmcerror@@QEAAAEAV12@J@Z
??7SC@mmcerror@@QEBAHXZ
GetStringModule
?TraceError@@YAXPEBGAEBVSC@mmcerror@@@Z
??1SC@mmcerror@@QEAA@XZ
??0SC@mmcerror@@QEAA@J@Z
?LKResult2HRESULT@BookKeeping@@SAJ_J@Z
?RemoveItem@BookKeeping@@SAJPEAX@Z
LoadStandardOverlays
?AddItem@BookKeeping@@SAJAEAVItemHandle@@@Z
??9SC@mmcerror@@QEBA_NJ@Z
?FindAllSnapinUIThreads@BookKeeping@@SAJPEAPEAKPEAK@Z
InsideModalLoop
MMC_PickIconDlg
?ScEmitOrPostpone@CEventBuffer@@QEAA?AVSC@mmcerror@@PEAUIDispatch@@JPEAVCComVariant@ATL@@H@Z
?MMCErrorBox@@YAHII@Z
?GetHelpFile@SC@mmcerror@@SAPEBGXZ
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SA?AVSC@mmcerror@@PEAVCConsoleEventDispatcher@@@Z

ole32

CoCreateInstance
CoDisconnectObject
CoRegisterClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoRevokeClassObject
OleRun
CoTaskMemFree
ProgIDFromCLSID
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
DoDragDrop
CoGetClassObject
CoTaskMemAlloc
StringFromCLSID
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoGetMalloc
GetHGlobalFromStream
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2

shlwapi

PathFindFileNameW
ord176
ord503
ord500
ord225

uxtheme

SetWindowTheme
IsAppThemed
IsThemeActive
CloseThemeData
OpenThemeData
DrawThemeBackground

duser

SetGadgetStyle
GetGadgetRect

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

uiautomationcore

UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening
UiaRaiseAutomationEvent
UiaDisconnectProvider

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryExA
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapCreate
HeapDestroy
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
CreateProcessW
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetFileMUIPath

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCommandLineW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
DeleteFileW
GetFullPathNameW
GetFileTime
ReadFile
CreateDirectoryW
FindNextFileW
GetFileAttributesW
FindFirstFileW
WriteFile
GetLongPathNameW
GetFileSize

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetVersionExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObject
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

lstrcmpW
DeactivateActCtx
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
lstrlenW
lstrcpyW
AddAtomW
DeleteAtom
ReleaseActCtx
GlobalReAlloc
lstrcmpiW
GlobalUnlock
GlobalLock

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mmgaserver.exe
.exe windows:10 windows x64 arch:x64

d3b0ea9cfac9ed7b047f67686954cfd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mmgaserver.pdb

Imports

user32

TranslateMessage
PostThreadMessageA
GetMessageA
DispatchMessageA
PeekMessageA

msvcp_win

_Cnd_broadcast
_Mtx_unlock
_Thrd_detach
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_ceilf
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
CreateEventExW
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateEventW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-path-l1-1-0

PathCchCombine

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 988KB - Virtual size: 986KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mobsync.exe
.exe windows:10 windows x64 arch:x64

f247d587e13b170d2246bd033539dbfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mobsync.pdb

Imports

advapi32

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

kernel32

lstrlenW
LocalAlloc
LocalFree
GetCommandLineW
HeapSetInformation
ResolveDelayLoadedAPI
DelayLoadFailureHook

user32

GetMessageW
TranslateMessage
DispatchMessageW

msvcrt

?terminate@@YAXXZ
_lock
_initterm
_commode
_fmode
__setusermatherr
_cexit
_unlock
__dllonexit
__C_specific_handler
_wcmdln
_onexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsstr
towupper
wcschr
_vsnwprintf
memcpy_s
memset

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

shell32

CommandLineToArgvW

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mountvol.exe
.exe windows:10 windows x64 arch:x64

72d2cd1301a2466a3d1834dc3b95be3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mountvol.pdb

Imports

msvcrt

_commode
_initterm
?terminate@@YAXXZ
_fmode
_vsnwprintf
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
_exit
__set_app_type
_cexit
exit
__setusermatherr
memcpy

api-ms-win-core-file-l1-1-0

FindFirstVolumeW
FindVolumeClose
WriteFile
QueryDosDeviceW
DefineDosDeviceW
DeleteVolumeMountPointW
RemoveDirectoryW
FindNextVolumeW
CreateFileW

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW
FindFirstVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

ntdll

NtQuerySystemInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mpnotify.exe
.exe windows:10 windows x64 arch:x64

cd22ac47106d5026ea3b26ded33e58cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mpnotify.pdb

Imports

advapi32

CredIsProtectedW
RegOpenKeyExW
CheckTokenMembership
CredUnprotectW
RegCloseKey
RegQueryValueExW

kernel32

HeapFree
ExpandEnvironmentStringsW
WaitForSingleObject
LocalAlloc
CreateEventW
Sleep
GetLastError
SetEvent
CloseHandle
LoadLibraryW
HeapSetInformation
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
FreeLibrary
ResolveDelayLoadedAPI
DelayLoadFailureHook

msvcrt

_initterm
_acmdln
_vsnwprintf
__setusermatherr
_ismbblead
_amsg_exit
__getmainargs
__set_app_type
_fmode
_commode
?terminate@@YAXXZ
memset
exit
_cexit
_exit
memcpy
__C_specific_handler
_XcptFilter

rpcrt4

NdrServerCall2
NdrServerCallAll
RpcServerInqBindings
RpcEpRegisterW
RpcEpUnregister
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqW
I_RpcBindingIsClientLocal
UuidFromStringW
RpcBindingInqAuthClientW
RpcBindingVectorFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msconfig.exe
.exe windows:10 windows x64 arch:x64

52975457dfbf0935e2d90ce7a5e5b12f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msconfig.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
OpenSCManagerW
EnumServicesStatusW
OpenServiceW
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
EventSetInformation
EventRegister
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateShutdownW
EventUnregister
EventWriteTransfer

kernel32

WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
WaitForThreadpoolTimerCallbacks
AcquireSRWLockExclusive
FreeResource
GlobalUnlock
GlobalFree
FindFirstFileW
FindClose
GetSystemInfo
GetPhysicallyInstalledSystemMemory
GlobalMemoryStatusEx
RtlCompareMemory
FormatMessageW
FreeLibrary
DeleteFileW
LocalAlloc
LocalFree
HeapSetInformation
RegisterApplicationRestart
OpenProcess
GetCommandLineW
CompareStringW
CreateDirectoryW
CreateSemaphoreW
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiW
GetModuleFileNameA
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GlobalLock
CreateSemaphoreExW
QueryDosDeviceW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
GetLastError
ReleaseMutex
GetCurrentThreadId
LoadLibraryW
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
GlobalAlloc

gdi32

GetTextMetricsW
SelectObject
GetTextExtentPoint32W

user32

SetFocus
SetWindowLongW
GetWindowLongW
GetClientRect
GetSystemMetrics
BeginPaint
EndPaint
GetAsyncKeyState
LoadCursorW
SendMessageTimeoutW
ShowWindow
IsDlgButtonChecked
EndDialog
SetWindowTextW
LoadStringW
MessageBoxW
SendMessageW
SetCursor
LoadIconW
CharNextW
FindWindowW
SetForegroundWindow
IsIconic
GetLastActivePopup
GetActiveWindow
GetDlgItem
GetDlgItemTextW
CheckDlgButton
EnableWindow
CallWindowProcW
GetFocus
SetDlgItemInt
SetDlgItemTextW
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
SetWindowLongPtrW
GetDC
ReleaseDC
GetKeyState
GetWindowLongPtrW

mfc42u

ord1584
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord6887
ord337
ord852
ord2328
ord4557
ord5049
ord3761
ord4771
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5702
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5077
ord5406
ord5245
ord4721
ord5687
ord3174
ord6243
ord1040
ord6886
ord1906
ord1126
ord2948
ord1287
ord549
ord999
ord628
ord1042
ord626
ord4582
ord3177
ord1122
ord4473
ord620
ord4647
ord1463
ord1781
ord5967
ord4826
ord2898
ord4860
ord4521
ord2783
ord624
ord2629
ord644
ord6418
ord6705
ord2785
ord5937
ord2408
ord1358
ord4344
ord1259
ord1262
ord1284
ord4046
ord3458
ord3183
ord2979
ord5887
ord4601
ord5227
ord5709
ord5246
ord4722
ord5352
ord5382
ord5114
ord5304
ord5583
ord5585
ord5584
ord1787
ord2923
ord1749
ord1264
ord2784
ord2846
ord2661
ord6326
ord3180
ord4548
ord622
ord2845
ord1124
ord1908
ord559
ord1003
ord4583
ord5082
ord1441
ord3630
ord6199
ord4779
ord2059
ord4787
ord5710
ord1778
ord6440
ord2532
ord1698
ord4598
ord5039
ord659
ord1063
ord1430
ord318
ord834
ord5630
ord2801
ord6641
ord6708
ord4436
ord4609
ord1365
ord2752
ord6021
ord2906
ord6632
ord3916
ord4770
ord4983
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
iswdigit
wcsrchr
_fmode
_commode
?terminate@@YAXXZ
_lock
_wtoi
?what@exception@@UEBAPEBDXZ
memcmp
wcscat_s
wcscpy_s
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
_CxxThrowException
_unlock
__CxxFrameHandler3
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
calloc
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_wcmdln
_wtol
_itow_s
_wcsicoll
_wcsicmp
free
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
wcscmp

atl

ord35
ord44
ord20
ord21
ord16
ord23
ord57
ord18
ord17
ord43

shell32

SHEvaluateSystemCommandTemplate
ShellExecuteW

comctl32

ord410
ord412
ord413

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

ord437

ntdll

RtlVirtualUnwind
RtlNtStatusToDosError
RtlCaptureContext
WinSqmAddToStream
WinSqmIncrementDWORD
RtlLookupFunctionEntry
RtlInitUnicodeString

bcd

BcdExportStore
BcdOpenObject
BcdCloseObject
BcdSetElementData
BcdCreateObject
BcdDeleteObjectReferences
BcdOpenSystemStore
BcdDeleteObject
BcdOpenStoreFromFile
BcdCloseStore
BcdEnumerateObjects
BcdImportStoreWithFlags
BcdDeleteElement
BcdGetElementData
BcdQueryObject

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemFree

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdt.exe
.exe windows:10 windows x64 arch:x64

ae54c63c1a8c4d651508ddf79983e3ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msdt.pdb

Imports

advapi32

EventRegister
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CheckTokenMembership
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventSetInformation
RegLoadMUIStringW

kernel32

HeapFree
SetLastError
EnterCriticalSection
CreateSemaphoreExW
GetModuleFileNameA
LocalAlloc
OpenEventW
ConnectNamedPipe
CreateNamedPipeW
GetSystemTime
LoadLibraryExW
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
DosDateTimeToFileTime
FileTimeToLocalFileTime
CopyFileW
RemoveDirectoryW
SetFileAttributesW
CreateDirectoryW
GetCurrentProcess
GetCurrentThread
GetTempPath2W
GetTempFileNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
LocalFileTimeToFileTime
GetFileInformationByHandle
SetFileTime
MoveFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
FreeResource
GetUserPreferredUILanguages
ExpandEnvironmentStringsW
FreeLibrary
LocalFree
GetFileSizeEx
SizeofResource
GetFullPathNameW
GetFileAttributesW
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
ReadFile
Sleep
DecodePointer
EncodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
HeapSetInformation
GetExitCodeProcess
LoadLibraryW
TlsGetValue
TlsAlloc
TlsFree
TlsSetValue
GetTickCount64
InitializeCriticalSection
SetDllDirectoryW
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEvent
ResetEvent
HeapReAlloc
WaitForMultipleObjects
CreateEventW
CreateThread
GetModuleFileNameW
CreateFileW
WriteFile
FileTimeToDosDateTime

user32

SendMessageW
GetClientRect
GetSystemMetrics
SetWindowLongPtrW
CreateWindowExW
PostMessageW
SetWindowLongW
GetWindowLongW
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
SetWindowsHookExW
GetFocus
IsChild
EnableWindow
SetForegroundWindow
AllowSetForegroundWindow
LoadStringW
MessageBoxW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ShowScrollBar
IsWindow
GetWindowLongPtrW
LoadImageW

msvcrt

wcstombs_s
malloc
_wcslwr_s
wcsncmp
iswdigit
wcstol
calloc
_wtol
wcschr
wcstok
mbstowcs_s
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
setlocale
___lc_collate_cp_func
_errno
_lock
_unlock
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
memcmp
abort
memset
??0bad_cast@@QEAA@PEBD@Z
__crtCompareStringW
free
_wsetlocale
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcmdln
_fmode
??0exception@@QEAA@AEBQEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
_wcsdup
realloc
_read
rand
_close
_write
time
_lseek
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
strchr
?what@exception@@UEBAPEBDXZ
wcsstr
towlower
_wcsicmp
_wcsnicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler4
__crtLCMapStringW
wcscmp
_vsnprintf
wcstok_s
_get_osfhandle
_wopen
srand
_wremove

ntdll

WinSqmAddToStreamEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeStringEx
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlDestroyEnvironment
RtlExpandEnvironmentStrings
RtlCreateEnvironment
RtlSubAuthoritySid
RtlSetEnvironmentVariable
RtlNtStatusToDosError
RtlInitializeSid
DbgPrintEx

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetKnownFolderIDList

comctl32

ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
ImageList_Create

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement

uxtheme

SetWindowTheme

atl

ord40
ord42

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoInitializeEx
CoCreateInstance
OleInitialize
StringFromGUID2
GetHGlobalFromStream
CoCreateGuid
PropVariantClear
CreateStreamOnHGlobal

comdlg32

CommDlgExtendedError
GetOpenFileNameW

rpcrt4

UuidCreate

duser

GetGadgetFocus
ForwardGadgetMessage

wer

WerReportAddFile
WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportCreate

secur32

GetUserNameExW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CryptHashCertificate
CertDuplicateCertificateContext

dui70

?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Release@Value@DirectUI@@QEAAXXZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?DestroyCP@TaskPage@DirectUI@@EEAAXXZ
?CreateParserCP@TaskPage@DirectUI@@EEAAJPEAPEAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EEAAJPEAVHWNDElement@2@PEAUHWND__@@1PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?OnQueryInitialFocus@TaskPage@DirectUI@@MEAAPEAVElement@2@XZ
?OnWizFinish@TaskPage@DirectUI@@MEAA_JXZ
?OnReset@TaskPage@DirectUI@@MEAA_JXZ
?OnKillActive@TaskPage@DirectUI@@MEAA_JXZ
?InitPropSheetPage@TaskPage@DirectUI@@MEAAXPEAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MEAAJPEAVHWNDElement@2@PEAUHINSTANCE__@@PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MEAAJPEAPEAVDUIXmlParser@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?OnListenerDetach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenerAttach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?SetTooltipMaxWidth@Element@DirectUI@@QEAAJH@Z
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?PropSheet_SendMessage@TaskPage@DirectUI@@IEAA_JI_K_J@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
??1TaskPage@DirectUI@@UEAA@XZ
??0TaskPage@DirectUI@@QEAA@XZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetClassInfoW@HWNDHost@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
??1HWNDHost@DirectUI@@UEAA@XZ
??0HWNDHost@DirectUI@@QEAA@XZ
??1CCListView@DirectUI@@UEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?GetClassInfoW@CCListView@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetClassInfoW@CCBase@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0CCListView@DirectUI@@QEAA@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@CCBase@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@CCBase@DirectUI@@SAJXZ
?Register@HWNDElement@DirectUI@@SAJXZ
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Register@Edit@DirectUI@@SAJXZ
??0Edit@DirectUI@@QEAA@XZ
??1Edit@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?AttachCtrlSubclassProc@HWNDHost@DirectUI@@KAXPEAUHWND__@@@Z
?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ
?GetMultiline@Edit@DirectUI@@QEAA_NXZ
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QEAAJH@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?DirectionProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
??1CCBase@DirectUI@@UEAA@XZ
??0CCBase@DirectUI@@QEAA@KPEBG@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QEAAJPEAUHINSTANCE__@@@Z
InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetNote@CCCommandLink@DirectUI@@QEAAJPEBG@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ

shlwapi

SHCreateStreamOnFileEx

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl

cabinet

ord10
ord23
ord14
ord11
ord20
ord22
ord13

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msdtc.exe
.exe windows:10 windows x64 arch:x64

15cd66f4b745b4dd6e6afeaeb7a98111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msdtcexe.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
GetCommandLineA

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetObjectContext

msvcrt

_fmode
_commode
memcpy
_wcmdln
__C_specific_handler
memcmp
?terminate@@YAXXZ
_lock
_unlock
_initterm
__setusermatherr
__dllonexit
_cexit
_exit
exit
_onexit
wcschr
_CxxThrowException
__set_app_type
_local_unwind
__wgetmainargs
_amsg_exit
_XcptFilter
fopen
fflush
fclose
fprintf
fwprintf
__CxxFrameHandler4
_vsnwprintf
memcpy_s
_wcsicmp
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_stricmp
memmove_s
wcsrchr
_waccess
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
strchr
_wfopen
??1type_info@@UEAA@XZ
_callnewh
malloc
free
memset

msdtctm

ord4

ntdll

RtlVirtualUnwind
RtlReportException
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
OpenProcessToken
GetStartupInfoW
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
LoadResource
GetProcAddress
GetModuleFileNameA
FindResourceExW
LockResource
GetModuleHandleW
LoadStringW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetLocalTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ResetEvent
ReleaseSemaphore
CreateEventA
ReleaseSRWLockShared
EnterCriticalSection
ReleaseMutex
DeleteCriticalSection
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
OpenSemaphoreW
LeaveCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-file-l1-1-0

GetFullPathNameW
FindFirstFileW
SetFileAttributesW
CreateDirectoryW
DeleteFileW
FindClose
CreateFileW
FindNextFileW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

kernel32

QueueUserWorkItem
UnregisterWaitEx

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msfeedssync.exe
.exe windows:10 windows x64 arch:x64

f168f4d8233b707acea545ecd8dfe920

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msfeedssync.pdb

Imports

kernel32

GetVersion
GetProcAddress
LocalFree
GetModuleHandleW
GetStartupInfoW
LocalAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep

msvcrt

_initterm
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcstoul

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromString

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mshta.exe
.exe windows:10 windows x64 arch:x64

dcdee2ff2311b9ae7c4d768fa56524dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mshta.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
malloc
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_callnewh
_ismbblead

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
UnhandledExceptionFilter
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
MultiByteToWideChar
GetCurrentProcess
LoadLibraryA
ExpandEnvironmentStringsA
TerminateProcess
GetCurrentProcessId
FreeLibrary
LoadLibraryW
GetVersion
GetModuleHandleW
GetProcAddress

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msiexec.exe
.exe windows:10 windows x64 arch:x64

0990a9500ff8df93e0e059ee13e7c796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msiexec.pdb

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
GetSecurityDescriptorLength
GetLengthSid
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetThreadToken
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
GetAce
SetSecurityDescriptorOwner
RegEnumKeyW
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW

kernel32

CompareStringW
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
lstrlenW
GetStdHandle
WriteFile
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
GetLocaleInfoW
WaitForSingleObject
OpenEventW
GetVersionExW
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
SetProcessMitigationPolicy
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
GetCurrentThread
GlobalAlloc
GlobalFree
CloseHandle
LoadLibraryW
CreateThread
SetCurrentDirectoryW
GetProcAddress
DeleteCriticalSection
ExitProcess
UnhandledExceptionFilter
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetFileType
lstrcmpW
LoadLibraryExW
GetSystemDirectoryW
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
DelayLoadFailureHook
GetStartupInfoW

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
IsCharAlphaNumericW
TranslateMessage
PostThreadMessageW
PostQuitMessage
GetMessageW

msvcrt

_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
?terminate@@YAXXZ
_vsnprintf
_wcsicmp
__C_specific_handler
_vsnwprintf

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoUninitialize
CoRegisterClassObject
StgOpenStorage
CoRevokeClassObject
CoInitialize

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msinfo32.exe
.exe windows:10 windows x64 arch:x64

2baa5bdc086eb19266bee49d1a07cabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

msinfo32.pdb

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
RegSetValueExW
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

kernel32

HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
MulDiv
DnsHostnameToComputerNameW
GetVersionExW
GetTickCount
CreateEventW
InitializeCriticalSection
ResetEvent
CreateThread
SetEvent
TerminateThread
GetLocaleInfoW
GetNumberFormatW
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateThreadpoolTimer
GetModuleFileNameA
GetVolumePathNameW
GetFirmwareType
GetPhysicallyInstalledSystemMemory
WaitForThreadpoolTimerCallbacks
CreateFileW
ReadFile
SetFilePointer
FindFirstFileW
FindNextFileW
FindClose
GetTempPath2W
CreateDirectoryExW
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryW
GlobalLock
GlobalUnlock
GetFileSize
LocalFree
GlobalAlloc
GetComputerNameW
GetCommandLineW
HeapSetInformation
RegisterApplicationRestart
InitializeCriticalSectionEx
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
LoadLibraryExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
WaitForSingleObject
HeapFree
GlobalMemoryStatusEx
CreateSemaphoreExW
FreeLibrary

gdi32

CreateSolidBrush
SetTextColor
EndDoc
EndPage
StartDocW
CreateFontW
TextOutW
StartPage
GetTextExtentPoint32W
DeleteObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW

user32

SetClipboardData
EmptyClipboard
SetMenuItemInfoW
GetSubMenu
CheckDlgButton
DrawFocusRect
GetDCEx
ClientToScreen
SetFocus
ReleaseCapture
SetCapture
PtInRect
OffsetRect
InflateRect
DestroyIcon
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
IsWindowEnabled
IsWindowVisible
GetFocus
LoadCursorW
SetCursor
ShowWindow
UpdateWindow
InvalidateRect
EndPaint
CopyRect
GetClientRect
SetClassLongPtrW
LoadIconW
SetWindowPlacement
SystemParametersInfoW
LoadAcceleratorsW
MoveWindow
GetWindowRect
SetRect
GetWindowLongW
GetSysColor
FillRect
RedrawWindow
IsDlgButtonChecked
ReleaseDC
GetDC
EnumChildWindows
GetDpiForSystem
SetWindowPos
GetMenu
AdjustWindowRectEx
LoadStringW
PostMessageW
MessageBoxW
LoadMenuW
PostQuitMessage
SendInput
SetMenu
NotifyWinEvent
GetKeyState
BeginPaint
GetWindowTextW
EnableWindow
CheckRadioButton
SetDlgItemTextW
SetWindowTextW
SendMessageW
GetDlgItem
SetWindowLongPtrW
FrameRect
GetSysColorBrush
CreateDialogParamW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
DestroyAcceleratorTable
ScreenToClient
KillTimer
SetTimer
DialogBoxParamW
EndDialog
SetWindowLongW

mfc42u

ord1586
ord812
ord288
ord1082
ord2463
ord6127
ord6133
ord6243
ord6577
ord6138
ord2574
ord851
ord6707
ord6704
ord5979
ord1358
ord5927
ord2781
ord5951
ord2785
ord1042
ord1059
ord655
ord4502
ord1383
ord1221
ord628
ord5916
ord917
ord422
ord2461
ord1471
ord287
ord1647
ord3790
ord286
ord1574
ord2427
ord3783
ord1646
ord336
ord1124
ord2801
ord2855
ord1287
ord2849
ord4046
ord622
ord369
ord2408
ord6887
ord626
ord1040
ord1122
ord1126
ord2975
ord5887
ord2900
ord4436
ord2629
ord624
ord620
ord6545
ord6226
ord1286
ord2846
ord1284
ord6705
ord6886
ord4473
ord1463
ord2783
ord1259
ord6050
ord1606
ord424
ord919
ord4504
ord1223
ord2845
ord1006
ord420
ord915
ord568
ord1355
ord5950
ord4500
ord1219
ord1381
ord5925
ord3579
ord5914
ord6641
ord4523
ord4521
ord6708
ord1264
ord1262
ord1095
ord2841
ord6216
ord2794
ord6880
ord1483
ord3581
ord366
ord3830
ord5986
ord3221
ord3777

msvcrt

_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
_lock
?terminate@@YAXXZ
memcmp
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
__CxxFrameHandler3
wcsncpy_s
iswascii
wcstod
_wtol
_wcsupr
free
wcstoul
wcstol
_wcsicmp
swprintf_s
_wcsicoll
_wtoi
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler4
iswalpha
wcscmp

atl

ord30

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQuerySystemInformation

oleaut32

SysAllocString
VariantInit
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoCreateGuid
CoCreateInstance

shlwapi

StrFormatByteSizeEx

setupapi

SetupIterateCabinetW

comdlg32

PrintDlgExW
GetOpenFileNameW
GetSaveFileNameW

shell32

CommandLineToArgvW
ShellAboutW

comctl32

ord410
ord412
ord413
InitCommonControlsEx

powrprof

PowerDeterminePlatformRoleEx

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msra.exe
.exe windows:10 windows x64 arch:x64

31b682d0384dc895e6d219a73dc8aede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MSRA.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetUserNameW
AllocateAndInitializeSid
CheckTokenMembership
OpenProcessToken
GetTokenInformation
FreeSid
RegQueryValueExW
CryptReleaseContext
GetLengthSid
EventActivityIdControl
CryptExportKey
CryptGenKey
CryptImportKey
EventUnregister
EventRegister
EventWrite
RegDeleteKeyValueW
RegEnumKeyW
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptEncrypt
CryptDecrypt
CryptGenRandom
CryptGetHashParam
CryptGetUserKey

kernel32

LockResource
LoadResource
FindResourceExW
GlobalUnlock
GlobalLock
MulDiv
lstrcmpW
LoadLibraryExW
lstrcmpiW
MultiByteToWideChar
SizeofResource
FindResourceW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetComputerNameW
CreateFileW
GetFileSizeEx
ReadFile
FindFirstFileW
FindClose
GetCurrentProcess
GetTickCount
GlobalAlloc
MoveFileExW
DeleteFileW
WaitForMultipleObjects
GetModuleFileNameA
GlobalFree
GlobalHandle
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
ResetEvent
QueueUserWorkItem
RegisterApplicationRestart
RaiseException
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
SetErrorMode
SetProcessMitigationPolicy
GetFullPathNameW
CreateSemaphoreExW
LocalFree
CompareStringW
GetModuleFileNameW
FreeLibrary
SetWaitableTimer
CreateWaitableTimerW
LoadLibraryW
GetTimeFormatW
GetDateFormatW
GetLocalTime
SetEvent
CreateThread
CreateMutexW
CreateEventW
CreateDirectoryW
ResolveDelayLoadedAPI
DelayLoadFailureHook
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
WriteFile
GetFileSize
GetSystemTime
CreateTimerQueue
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteTimerQueueEx
CreateSemaphoreW
OpenMutexW
GetTempPath2W
OutputDebugStringA
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
Sleep

gdi32

DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
CreateFontIndirectW
SetBkColor
SetTextColor
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC

user32

FlashWindowEx
EndDialog
GetSysColorBrush
MessageBeep
ShowWindow
SendMessageW
LoadStringW
SetDlgItemTextW
MapWindowPoints
CreateWindowExW
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
LoadIconW
LoadAcceleratorsW
CopyAcceleratorTableW
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
CreateDialogIndirectParamW
AllowSetForegroundWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetDlgItem
ShowScrollBar
GetDialogBaseUnits
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuW
GetCaretPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
UnregisterHotKey
RegisterHotKey
SystemParametersInfoW
FrameRect
GetSystemMetrics
DialogBoxIndirectParamW
PostQuitMessage
OpenIcon
IsIconic
RegisterClassExW
LoadCursorW
DrawFocusRect
GetDCEx
SetCursor
PtInRect
IsWindowEnabled
LoadImageW
GetWindowInfo
GetActiveWindow
SetWindowContextHelpId
SetTimer
KillTimer
MapDialogRect
PostMessageW
SetForegroundWindow
SendDlgItemMessageW
UpdateWindow
EnableWindow
CharUpperW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
IsWindow
GetClassNameW
GetSysColor
CharNextW
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassA

msvcrt

__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
__dllonexit
??0exception@@QEAA@AEBQEBD@Z
memcpy
_callnewh
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
memcmp
_purecall
_wcsicmp
_wtoi
_vsnprintf
_time64
malloc
swprintf_s
_fmode
_XcptFilter
_commode
?terminate@@YAXXZ
free
calloc
_amsg_exit
__wgetmainargs
__C_specific_handler
_vsnprintf_s
__set_app_type
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
srand
memcpy_s
_vsnwprintf
exit
_exit
time
_cexit
iswdigit
??_V@YAXPEAX@Z
memmove
__setusermatherr
_lock
__CxxFrameHandler4
??3@YAXPEAX@Z
_wtol
wcsncmp
towupper
_initterm
_itow
wcstok
swscanf_s
_wcmdln
_unlock
??0exception@@QEAA@AEBQEBDH@Z
wcsncpy_s
memset

ws2_32

WSAStartup
WSAGetLastError
socket
connect
closesocket
WSACleanup
GetAddrInfoW
WSAIoctl
WSASocketW
FreeAddrInfoW

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
WinSqmAddToStream
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv4AddressToStringW
NtOpenThreadToken

ole32

GetHGlobalFromStream
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
MkParseDisplayName
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
CoCreateInstance
CreateBindCtx
CoCreateInstanceEx
CoGetObject
CoCreateGuid
CoInitializeEx
StringFromIID
CLSIDFromString

oleaut32

SysAllocStringByteLen
VariantInit
SysStringLen
SysAllocStringLen
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
VarBstrCat
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysReAllocString
DispCallFunc
SysAllocString
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathFindExtensionW
PathFindFileNameW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

comctl32

CreatePropertySheetPageW
ord410
ord345
ord413
ImageList_LoadImageW
ord344
InitCommonControlsEx
PropertySheetW

shell32

CommandLineToArgvW
ord258
SHGetSpecialFolderPathW
ord261
ShellExecuteW

uxtheme

CloseThemeData
OpenThemeData
GetThemeColor
IsAppThemed
GetThemeFont

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

ndfapi

NdfCloseIncident
NdfExecuteDiagnosis
NdfCreateIncident

sspicli

GetUserNameExW

userenv

GetProfileType

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFree
RpcStringFreeW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-registry-l1-1-0

RegGetValueW

iphlpapi

CancelMibChangeNotify2
NotifyStableUnicastIpAddressTable
FreeMibTable

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtstocom.exe
.exe windows:10 windows x64 arch:x64

8458c4a2aedbacae0ec6bae61c08339e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

mtstocom.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegisterEventSourceW
RegConnectRegistryW
BuildSecurityDescriptorW
BuildTrusteeWithNameW
BuildTrusteeWithSidW
LsaLookupNames
ReportEventW
DeregisterEventSource

kernel32

GetWindowsDirectoryA
GetLocalTime
MoveFileExW
GetFileSize
HeapSetInformation
CloseHandle
DelayLoadFailureHook
GetVersionExA
SetEvent
CreateFileA
GetLastError
OpenEventW
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
GetComputerNameW
LocalSize
ResolveDelayLoadedAPI

msvcrt

_fmode
_commode
_initterm
__setusermatherr
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
memset
_cexit
_exit
exit
__set_app_type
memcpy
memcmp
_local_unwind
__getmainargs
_amsg_exit
_XcptFilter
_strtime
_stricmp
wcsstr
wcschr
wcstombs
_wcsicmp
clock
_vsnwprintf
__C_specific_handler
__CxxFrameHandler4
realloc
free
malloc
_waccess
wcscmp

clbcatq

ServerGetApplicationType

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

api-ms-win-core-com-l1-1-0

CoGetObjectContext
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitializeEx

api-ms-win-core-string-l2-1-0

CharNextW
IsCharAlphaW
IsCharAlphaNumericW
CharPrevW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
OpenThreadToken
GetCurrentProcess
SetThreadToken
TerminateProcess
GetCurrentThread
OpenProcessToken

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindResourceExW
LoadLibraryExW
FreeLibrary
GetProcAddress
LockResource
LoadResource
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegFlushKey
RegDeleteTreeW
RegEnumKeyExW
RegOpenKeyExW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
FindNextFileW
FindFirstFileW
DeleteFileW
FindClose
SetFileAttributesW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalAlloc
LocalFree

sspicli

LogonUserExExW

api-ms-win-security-base-l1-1-0

IsWellKnownSid
FreeSid
GetSidLengthRequired
GetSidSubAuthority
GetTokenInformation
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreatePrivateObjectSecurityEx
GetSidSubAuthorityCount
CopySid
DestroyPrivateObjectSecurity
AddAce
IsValidSecurityDescriptor
InitializeAcl
GetSecurityDescriptorLength

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW
LookupAccountSidLocalW

api-ms-win-security-lsapolicy-l1-1-0

LsaAddAccountRights
LsaQueryInformationPolicy
LsaEnumerateAccountRights
LsaRemoveAccountRights
LsaClose
LsaFreeMemory
LsaStorePrivateData
LsaRetrievePrivateData
LsaOpenPolicy

user32

CharNextA
CharPrevA

ntdll

wcsrchr
_wcsnicmp

Exports

Exports

?GetRegNodeDispenser@@YAJPEAPEAUIRegNodeDispenser@@@Z

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4afe2bb98f5c7a053170c5fdb8c0e43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

shlwapi

ntdll

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

sspicli

api-ms-win-security-base-l1-1-0

crypt32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l1-2-4

cabinet

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-synch-l1-2-0

mpr

bcrypt

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-apiquery-l1-1-0

umpdc

iertutil

settingsyncdownloadhelper

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 8KB - Virtual size: 19KB

.pdata Size: 24KB - Virtual size: 22KB

.didat Size: 4KB - Virtual size: 568B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

1c3d589ac0441ee8f32ddf7e37bfbd9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

coremessaging

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 8KB - Virtual size: 19KB

.pdata
Size: 24KB - Virtual size: 22KB

.didat
Size: 4KB - Virtual size: 568B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 88B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 264B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 48B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB