System32Problems4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

System32Problems4.zip
Size

62.8MB
MD5

71bbca24bb7d2a03c526c949b9a8ba9a
SHA1

386068ba74e75cf2cb037bee0df788985370db0d
SHA256

af5331cb2d0fc6d4af50d792f12a91ab0ebaf647566e1c332018b369bd71b351
SHA512

89baab5ef783785b6d1bef6983a247e61280668d8ade9a5ecb9fada097f41364702b9bc3cd87e884549d0872953e3bd2adeac2039eab6421dfc7c95c2fb15d24
SSDEEP

1572864:Tpo6bgNaGN3m4T0L+49qZ46EbWVbVY7WFI4LX/9qxA/N8:TGNaGNYva46EbWVJY7gDJ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 80 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MultiDigiMon.exe
unpack001/NETSTAT.EXE
unpack001/Narrator.exe
unpack001/NetCfgNotifyObjectHost.exe
unpack001/NetEvtFwdr.exe
unpack001/NetHost.exe
unpack001/Netplwiz.exe
unpack001/OptionalFeatures.exe
unpack001/PATHPING.EXE
unpack001/PING.EXE
unpack001/PackagedCWALauncher.exe
unpack001/PinEnrollmentBroker.exe
unpack001/PkgMgr.exe
unpack001/PnPUnattend.exe
unpack001/PresentationHost.exe
unpack001/PrintIsolationHost.exe
unpack001/RdpSa.exe
unpack001/RdpSaProxy.exe
unpack001/RdpSaUacHelper.exe
unpack001/ReAgentc.exe
unpack001/RecoveryDrive.exe
unpack001/Register-CimProvider.exe
unpack001/RelPost.exe
unpack001/RemotePosWorker.exe
unpack001/nbtstat.exe
unpack001/ndadmin.exe
unpack001/net.exe
unpack001/net1.exe
unpack001/netbtugc.exe
unpack001/netcfg.exe
unpack001/netiougc.exe
unpack001/netsh.exe
unpack001/newdev.exe
unpack001/nltest.exe
unpack001/notepad.exe
unpack001/nslookup.exe
unpack001/ntprint.exe
unpack001/odbcad32.exe
unpack001/odbcconf.exe
unpack001/ofdeploy.exe
unpack001/omadmclient.exe
unpack001/omadmprc.exe
unpack001/openfiles.exe
unpack001/osk.exe
unpack001/pcalua.exe
unpack001/pcaui.exe
unpack001/pcwrun.exe
unpack001/perfmon.exe
unpack001/plasrv.exe
unpack001/pnputil.exe
unpack001/poqexec.exe
unpack001/pospaymentsworker.exe
unpack001/powercfg.exe
unpack001/prevhost.exe
unpack001/print.exe
unpack001/printfilterpipelinesvc.exe
unpack001/printui.exe
unpack001/proquota.exe
unpack001/provlaunch.exe
unpack001/provtool.exe
unpack001/psr.exe
unpack001/pwlauncher.exe
unpack001/rasautou.exe
unpack001/rasdial.exe
unpack001/raserver.exe
unpack001/rasphone.exe
unpack001/rdpclip.exe
unpack001/rdpinput.exe
unpack001/rdrleakdiag.exe
unpack001/readCloudDataSettings.exe
unpack001/recdisc.exe
unpack001/recover.exe
unpack001/refsutil.exe
unpack001/reg.exe
unpack001/regedt32.exe
unpack001/regini.exe
unpack001/regsvr32.exe
unpack001/rekeywiz.exe
unpack001/relog.exe
unpack001/repair-bde.exe

Files

System32Problems4.zip
.zip
MultiDigiMon.exe
.exe windows:10 windows x64 arch:x64

d912785ee3106afa32d10c36e887032f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MultiDigiMon.pdb

Imports

gdi32

GetDeviceCaps
CreateFontIndirectW
SelectObject
SetBkColor
SetTextColor
DeleteObject

user32

SendMessageTimeoutW
EnumDisplayDevicesW
EnumDisplayMonitors
LoadStringW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongPtrW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetMonitorInfoW
GetPointerDevices
ord2532
GetRawInputDeviceInfoW
GetPointerDevice
EndPaint
DrawTextExW
GetSysColor
SendMessageW
UnregisterClassW
BeginPaint
SkipPointerFrameMessages
GetPointerFrameInfoHistory
GetPointerInfo
DefWindowProcW
PostQuitMessage
DestroyWindow
MoveWindow
InvalidateRect
ShowCursor

msvcrt

_vsnwprintf
?terminate@@YAXXZ
__CxxFrameHandler4
_fmode
__CxxFrameHandler3
memcpy
_commode
free
_wcmdln
malloc
_callnewh
_XcptFilter
_amsg_exit
__wgetmainargs
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memset

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

imm32

ImmDisableIME

ninput

DestroyInteractionContext
CreateInteractionContext
SetInteractionConfigurationInteractionContext
SetPropertyInteractionContext
RegisterOutputCallbackInteractionContext
ProcessPointerFramesInteractionContext

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NDKPerfCmd.exe
.exe windows:10 windows x64 arch:x64

7da48a208498a9fa7b90d053471c59d9

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9a
Signer

Actual PE Digest

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDKPerfCmd.pdb

Imports

advapi32

OpenServiceW
CloseServiceHandle
StartServiceW
ControlService
OpenSCManagerW

kernel32

FormatMessageW
GetLastError
Sleep
CreateFileW
DeviceIoControl
CloseHandle

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_s
_o___stdio_common_vswprintf_s
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o___p___wargv
_o__set_new_mode
_o__setmode
_o__wcsicmp
_o__wfopen_s
_o__wfullpath
_o__wremove
_o__wtoi
_o_exit
_o_fclose
_o_fgetws
_o_getenv
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o__set_app_type
_o___acrt_iob_func
_o___p___argc
_o___p__commode
_o__set_fmode

api-ms-win-crt-string-l1-1-0

memset

ws2_32

WSAStartup
WSAStringToAddressW
WSAGetLastError
InetNtopW
WSACleanup

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NDKPing.exe
.exe windows:10 windows x64 arch:x64

17f5437822db9af8e58ae3971b905f6c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:ea:c6:d9:80:4a:12:b8:17:7c:2d:5a:d9:b5:9d:76:9b:7e:27:bd:04:66:2a:30:b6:e5:de:dc:d6:16:06:28
Signer

Actual PE Digest

f5:ea:c6:d9:80:4a:12:b8:17:7c:2d:5a:d9:b5:9d:76:9b:7e:27:bd:04:66:2a:30:b6:e5:de:dc:d6:16:06:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDKPing.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_s
_o___stdio_common_vswprintf_s
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__wcsicmp
_o__wfopen_s
_o__wfullpath
_o__wremove
_o__wtoi
_o_exit
_o_fclose
_o_fgetws
_o_getenv
_o_terminate
_o_wcsncpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-localization-l1-2-0

FormatMessageW

ws2_32

WSAStartup
WSACleanup
WSAStringToAddressW
WSAGetLastError
InetNtopW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NETSTAT.EXE
.exe windows:10 windows x64 arch:x64

44159a75d63569050dd7973f8d92278f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netstat.pdb

Imports

msvcrt

__getmainargs
malloc
fwprintf
__set_app_type
_strupr
_amsg_exit
memcpy
memset
free
exit
_XcptFilter
fgetpos
wcschr
_wcsicmp
_fileno
fflush
sscanf_s
wcscpy_s
?terminate@@YAXXZ
_vsnwprintf
_wsystem
qsort
_commode
_fmode
__C_specific_handler
_setmode
_initterm
toupper
__setusermatherr
_cexit
_get_osfhandle
_write
__iob_func
fprintf
time
_exit
strcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCreateHashTableEx
RtlEnumerateEntryHashTable
RtlEndEnumerationHashTable
RtlRemoveEntryHashTable
RtlDeleteHashTable
RtlLookupEntryHashTable
RtlGetNextEntryHashTable
RtlInsertEntryHashTable
RtlInitEnumerationHashTable

nsi

NsiFreeTable
NsiAllocateAndGetTable

iphlpapi

GetUdpStatisticsEx
GetTcpStatisticsEx
GetIcmpStatisticsEx
InternalGetBoundTcpEndpointTable
InternalGetBoundTcp6EndpointTable
InternalGetTcpTable2
InternalGetTcp6TableWithOwnerModule
InternalGetUdpTable2
InternalGetTcp6Table2
InternalGetTcpTableWithOwnerModule
InternalGetUdp6Table2
GetIpStatisticsEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
OpenProcessToken
GetCurrentProcessId

ws2_32

GetHostNameW
WSAStartup
GetNameInfoW
htons
ntohs
ntohl

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-psapi-l1-1-0

K32GetModuleBaseNameW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExA
LoadLibraryExW
GetProcAddress

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-security-base-l1-1-0

FreeSid
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

snmpapi

SnmpUtilMemAlloc
SnmpUtilMemFree
SnmpUtilOidCpy
SnmpUtilVarBindFree

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Narrator.exe
.exe windows:10 windows x64 arch:x64

c26f75d5b9663548ec24cd6d8a5b1cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Narrator.pdb

Imports

advapi32

EventUnregister
EventRegister
EventSetInformation
RegCloseKey
RegCreateKeyExW
RegSetValueExW
EventWrite
RegOpenKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExW
RegGetValueW

kernel32

CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DeactivateActCtx
ReleaseActCtx
GetCurrentActCtx
GetModuleFileNameW
CreateActCtxW
GetModuleFileNameA
OpenMutexW
LoadLibraryExW
DeleteCriticalSection
RaiseException
InitializeCriticalSection
LoadLibraryW
RegisterApplicationRestart
SizeofResource
LockResource
VirtualQuery
LoadResource
FindResourceExW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
QueryPerformanceCounter
MulDiv
GetSystemInfo
VirtualProtect
ActivateActCtx

gdi32

DeleteDC
StretchBlt
SetStretchBltMode
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW
GetTextExtentPoint32W
SetTextColor
SetBkColor
CreateFontW
CreateSolidBrush
SelectObject
FillRgn
CreateRectRgn
DeleteObject
GetCurrentObject
CreateDIBSection
GdiAlphaBlend
GetDeviceCaps
SetBkMode
ExcludeClipRect
CreateFontIndirectW
GetObjectW

user32

UnregisterHotKey
DispatchMessageW
TranslateMessage
PostQuitMessage
BlockInput
MsgWaitForMultipleObjects
RegisterHotKey
SendInput
DestroyWindow
SetClipboardData
OpenClipboard
CloseClipboard
GetDCEx
GetSystemMetrics
DrawTextExW
InflateRect
EndPaint
GetWindowRgn
BeginPaint
MonitorFromWindow
SetWinEventHook
RegisterPointerDeviceNotifications
InitializeTouchInjection
PostMessageW
IsWindow
FindWindowExW
UnhookWinEvent
GetForegroundWindow
GetAsyncKeyState
MapVirtualKeyExW
LoadImageW
SendMessageW
SystemParametersInfoW
GetWindowRect
SetWindowPos
GetClassNameW
GetParent
GetPropW
WindowFromPoint
WindowFromDC
EnumWindows
SetPropW
FindWindowW
SetWindowLongW
DrawTextW
DrawIconEx
SetMenuInfo
SetMenuItemInfoW
RemovePropW
GetCurrentInputMessageSource
SetMessageExtraInfo
MonitorFromPoint
GetMessageExtraInfo
GetMenuItemInfoW
GetDpiForSystem
GetWindowDpiAwarenessContext
AreDpiAwarenessContextsEqual
SetDesktopColorTransform
SendNotifyMessageW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
MessageBoxW
CreateDialogParamW
AdjustWindowRectExForDpi
PostThreadMessageW
SendMessageTimeoutW
ReleaseDC
GetDC
GetComboBoxInfo
EnableWindow
LoadIconW
CallWindowProcW
GetAncestor
GetGUIThreadInfo
GetWindowTextW
EqualRect
IntersectRect
IsWindowVisible
CopyRect
SetTimer
KillTimer
GetMonitorInfoW
SetWindowTextW
SendDlgItemMessageW
SetFocus
ShowWindow
DestroyMenu
TrackPopupMenuEx
GetWindowLongW
GetDpiForWindow
GetSystemMetricsForDpi
GetSubMenu
LoadMenuW
LoadStringW
RegisterWindowMessageW
EndDialog
GetDlgCtrlID
GetFocus
GetDlgItem
SetDlgItemTextW
DialogBoxParamW
DefWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
GetKeyboardLayout
CreateWindowExW
RegisterClassExW
GetUserObjectInformationW
GetThreadDesktop
UnregisterClassA
SetForegroundWindow
GetMessageW
GetMenuInfo

msvcp_win

_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Mtx_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

wcsspn
wcscspn
wcsncmp
memmove_s
wcscmp
memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wtoi
_o_abort
_o_exit
_o_floorf
_o_free
_o_iswprint
_o_iswspace
_o_malloc
_o_memcpy_s
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__ltow_s
_o__itow_s
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
_o__get_errno
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
wcsstr
wcschr
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy
memmove

uiautomationcore

UiaRaiseNotificationEvent

ntdll

WinSqmIsOptedIn
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData
WinSqmAddToStream

oleacc

AccSetRunningUtilityState
AccNotifyTouchInteraction

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SetErrorInfo

shlwapi

ord12
ord219
ord199
PathRemoveFileSpecW
PathFileExistsW

shell32

Shell_NotifyIconW
SHGetStockIconInfo
ShellExecuteW

dui70

InitProcessPriv
InitThread
UnInitThread
UnInitProcessPriv
StartMessagePump
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Release@Element@DirectUI@@QEAAKXZ
?Release@Value@DirectUI@@QEAAXXZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?GetInt@Value@DirectUI@@QEAAHXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Create@TableLayout@DirectUI@@SAJHPEAHPEAPEAVValue@2@@Z
?SetAccItemStatus@Element@DirectUI@@QEAAJPEBG@Z
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
?GetSelection@Combobox@DirectUI@@QEAAHXZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetID@Element@DirectUI@@QEAAGXZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetKeyFocusedElement@HWNDElement@DirectUI@@SAPEAVElement@2@XZ
?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?HideWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?DestroyAll@Element@DirectUI@@QEAAJ_N@Z
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?LayoutProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?Create@Element@DirectUI@@SAJIPEAV12@PEAKPEAPEAV12@@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?SetContentAlign@Element@DirectUI@@QEAAJH@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetVisible@Element@DirectUI@@QEAA_NXZ
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
?GetInvokeHelper@InvokeManager@DirectUI@@SAJPEAPEAVInvokeHelper@2@@Z
?DestroyMsg@NativeHWNDHost@DirectUI@@SAIXZ
?AddRef@Element@DirectUI@@QEAAKXZ
??1DUIFactory@DirectUI@@QEAA@XZ
?Create@NativeHWNDHost@DirectUI@@SAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@IPEAPEAV12@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
??0DUIFactory@DirectUI@@QEAA@PEAUHWND__@@@Z
?LoadFromResource@DUIFactory@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG1PEAVElement@2@PEAKPEAPEAV42@1@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?DestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
??0RefcountBase@DirectUI@@QEAA@XZ
??1RefcountBase@DirectUI@@UEAA@XZ
??1ElementProvider@DirectUI@@UEAA@XZ
?InvokePattern@Schema@DirectUI@@2HA
?SelectionItemPattern@Schema@DirectUI@@2HA
??0Element@DirectUI@@QEAA@XZ
??1Element@DirectUI@@UEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?SetAbsorbsShortcut@Element@DirectUI@@QEAAJ_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetProperty@ElementProxy@DirectUI@@IEAAJPEAUtagVARIANT@@H@Z
?DoMethod@ElementProxy@DirectUI@@UEAAJHPEAD@Z
?Init@ElementProxy@DirectUI@@MEAAXPEAVElement@2@@Z
?PatternFromPatternId@Schema@DirectUI@@SA?AW4Pattern@12@H@Z
?DoInvoke@ElementProvider@DirectUI@@IEAAJHZZ
?Init@ElementProvider@DirectUI@@MEAAJPEAVElement@2@PEAVInvokeHelper@2@@Z
?Release@ElementProvider@DirectUI@@UEAAKXZ
?Release@RefcountBase@DirectUI@@QEAAJXZ
?AddRef@RefcountBase@DirectUI@@QEAAJXZ
?GetElement@ElementProvider@DirectUI@@UEAAPEDVElement@2@XZ
?DoInvokeArgs@ElementProvider@DirectUI@@QEAAJHP6APEAVProviderProxy@2@PEAVElement@2@@ZPEAD@Z
?TossPatternProvider@ElementProvider@DirectUI@@QEAAXW4Pattern@Schema@2@@Z
?AddRef@ElementProvider@DirectUI@@UEAAKXZ
?Register@Element@DirectUI@@SAJXZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??1CritSecLock@DirectUI@@QEAA@XZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?IsPatternSupported@ElementProxy@DirectUI@@IEAAJW4Pattern@Schema@2@PEA_N@Z
?CreatePatternProvider@Schema@DirectUI@@SAJW4Pattern@12@PEAVElementProvider@2@PEAPEAUIUnknown@@@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?TossElement@ElementProvider@DirectUI@@UEAAXXZ
?QueryInterface@ElementProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?get_ProviderOptions@ElementProvider@DirectUI@@UEAAJPEAW4ProviderOptions@@@Z
?GetPropertyValue@ElementProvider@DirectUI@@UEAAJHPEAUtagVARIANT@@@Z
?get_HostRawElementProvider@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderSimple@@@Z
?ShowContextMenu@ElementProvider@DirectUI@@UEAAJXZ
?Navigate@ElementProvider@DirectUI@@UEAAJW4NavigateDirection@@PEAPEAUIRawElementProviderFragment@@@Z
?GetRuntimeId@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?get_BoundingRectangle@ElementProvider@DirectUI@@UEAAJPEAUUiaRect@@@Z
?GetEmbeddedFragmentRoots@ElementProvider@DirectUI@@UEAAJPEAPEAUtagSAFEARRAY@@@Z
?SetFocus@ElementProvider@DirectUI@@UEAAJXZ
?get_FragmentRoot@ElementProvider@DirectUI@@UEAAJPEAPEAUIRawElementProviderFragmentRoot@@@Z
?AdviseEventAdded@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AdviseEventRemoved@ElementProvider@DirectUI@@UEAAJHPEAUtagSAFEARRAY@@@Z
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
??0IProvider@DirectUI@@QEAA@XZ
??0ElementProvider@DirectUI@@QEAA@XZ
??0ElementProxy@DirectUI@@IEAA@XZ
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
?GetSelected@Element@DirectUI@@QEAA_NXZ
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SyncDestroyWindow@NativeHWNDHost@DirectUI@@QEAAXXZ
?CreateStyleParser@HWNDElement@DirectUI@@UEAAJPEAPEAVDUIXmlParser@2@@Z
?WndProc@NativeHWNDHost@DirectUI@@SA_JPEAUHWND__@@I_K_J@Z
StopMessagePump
??0Combobox@DirectUI@@QEAA@XZ
??1Combobox@DirectUI@@UEAA@XZ
?GetContentSize@Combobox@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?OnHosted@Combobox@DirectUI@@UEAAXPEAVElement@2@@Z
?OnAdjustWindowSize@Combobox@DirectUI@@UEAAHHHI@Z
?CreateHWND@Combobox@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Combobox@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Register@Combobox@DirectUI@@SAJXZ
?SyncRect@HWNDHost@DirectUI@@IEAAXI_N@Z
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?FireEvent@Element@DirectUI@@QEAAXPEAUEvent@2@_N1@Z
?GetBool@Value@DirectUI@@QEAA_NXZ
?EnabledProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?SelectionProp@Combobox@DirectUI@@SAPEBUPropertyInfo@2@XZ
?OnInput@Combobox@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Register@Edit@DirectUI@@SAJXZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
??1Edit@DirectUI@@UEAA@XZ
??0Edit@DirectUI@@QEAA@XZ
??0AutoLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1AutoLock@DirectUI@@QEAA@XZ

api-ms-win-core-com-l1-1-0

CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoUninitialize
CoGetMalloc
CoTaskMemRealloc
CoWaitForMultipleHandles
CoCreateInstance
CoCreateFreeThreadedMarshaler

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
AcquireSRWLockExclusive
SetEvent
CreateEventExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
ReleaseSRWLockExclusive
ResetEvent
CreateEventW

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetStartupInfoW
OpenProcessToken
ProcessIdToSessionId
TerminateProcess
GetCurrentProcess
CreateThread
DeleteProcThreadAttributeList
InitializeProcThreadAttributeList
GetProcessId
GetCurrentThread
UpdateProcThreadAttribute
CreateProcessW

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegDeleteTreeW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegEnumValueW

api-ms-win-core-job-l2-1-0

OpenJobObjectW

api-ms-win-core-job-l1-1-0

IsProcessInJob

sspicli

GetUserNameExW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-registry-l2-1-0

RegQueryValueW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-shcore-scaling-l1-1-2

GetDpiForShellUIComponent

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
DeleteFileW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses
K32EnumProcessModules
K32GetModuleBaseNameW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary

dwmapi

DwmSetWindowAttribute

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
ord244

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

Sections

.text
Size: 308KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetCfgNotifyObjectHost.exe
.exe windows:10 windows x64 arch:x64

7f990e89ef0fbc9f060b374e41557971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NetCfgNotifyObjectHost.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_thread_local_exe_atexit_callback
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr
__std_terminate
__CxxFrameHandler4
memcpy
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtSetInformationProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlReportException
RtlCaptureStackBackTrace
EtwTraceMessage

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObject
ReleaseMutex
CreateEventW
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance
CoFreeUnusedLibraries

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

rpcrt4

RpcServerInterfaceGroupDeactivate
NdrServerCallAll
NdrServerCall2
RpcServerInterfaceGroupClose
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupActivate

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetEvtFwdr.exe
.exe windows:10 windows x64 arch:x64

b194e8cee136f2419eb0d33c5ac52e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NetEvtFwdr.pdb

Imports

msvcrt

_fmode
_commode
__setusermatherr
_cexit
_exit
exit
??1type_info@@UEAA@XZ
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
?terminate@@YAXXZ
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memmove
memcpy
__C_specific_handler
free
malloc
__CxxFrameHandler4
swscanf_s
_initterm
memset

ntdll

RtlCaptureContext
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

rpcrt4

NdrServerCallAll
Ndr64AsyncServerCallAll
RpcServerRegisterAuthInfoW
NdrAsyncServerCall
NdrServerCall2
RpcServerRegisterIfEx
RpcServerInqBindings
RpcEpRegisterW
RpcServerListen
RpcServerInqDefaultPrincNameW
RpcEpUnregister
RpcServerUnregisterIf
RpcStringFreeW
RpcBindingInqAuthClientW
RpcServerSubscribeForNotification
RpcRevertToSelfEx
RpcAsyncCompleteCall
RpcServerUnsubscribeForNotification
RpcImpersonateClient
I_RpcServerInqRemoteConnAddress
RpcMgmtStopServerListening
RpcBindingVectorFree
RpcServerUseProtseqW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

oleaut32

SysAllocString
SysFreeString

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
ProcessTrace
CloseTrace

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

umpdc

PdcActivationClientActivityRequest
PdcActivationClientRegister
PdcActivationClientUnregister

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetHost.exe
.exe windows:10 windows x64 arch:x64

68873b7b30277427484800907f68e033

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nethost.pdb

Imports

msvcrt

_commode
_amsg_exit
__C_specific_handler
_initterm
__setusermatherr
_fmode
_cexit
_exit
?terminate@@YAXXZ
exit
__set_app_type
__wgetmainargs
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netplwiz.exe
.exe windows:10 windows x64 arch:x64

33207161f1f01d54e759e316f16998d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netplwiz.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetUserDefaultUILanguage
CompareStringOrdinal
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetModuleFileNameA

gdi32

GetStockObject

user32

GetWindowLongPtrW
SendMessageW
CreateWindowExW
DestroyIcon
DestroyWindow
GetWindow
DefWindowProcW
RegisterClassW
GetClassNameW
LoadCursorW
SetWindowLongPtrW

msvcrt

__C_specific_handler
_initterm
__setusermatherr
_cexit
?terminate@@YAXXZ
_onexit
_wcmdln
_commode
_fmode
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__dllonexit
_lock
_unlock
_exit
memcpy_s
_vsnwprintf
memset

netplwiz

UsersRunDllW

shlwapi

ord10

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NgcIso.exe
.exe windows:10 windows x64 arch:x64

a40109f5b05a25db1cd3b6f7b263a78b

Code Sign

33:00:00:04:8d:7b:46:06:30:18:cc:48:62:00:00:00:00:04:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/05/2024, 23:19

Not After

14/05/2025, 23:19

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:10:24:50:6b:9e:37:cd:c9:ae:d8:05:ff:71:7d:eb:0e:b4:ec:0e:5a:35:16:cf:6b:e8:1c:3a:6c:b2:b1:ae
Signer

Actual PE Digest

0c:10:24:50:6b:9e:37:cd:c9:ae:d8:05:ff:71:7d:eb:0e:b4:ec:0e:5a:35:16:cf:6b:e8:1c:3a:6c:b2:b1:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NgcIso.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?setf@ios_base@std@@QEAAHHH@Z
?setf@ios_base@std@@QEAAHH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__dclass
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__cexit
_o__wcsicmp
_o_ceilf
_o_exit
_o_free
_o_ldexp
_o_malloc
_o_memcpy_s
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
memcmp
memcpy
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o__callnewh
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__RTDynamicCast

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
LocalAlloc
LocalFree

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
AcquireSRWLockExclusive
OpenEventW
SetEvent
DeleteCriticalSection
CreateEventExW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

rpcrt4

NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqIfW
RpcExceptionFilter
RpcRaiseException
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
RpcServerRegisterIf

iumsdk

DecryptData
GetTaggedDataSize
EncryptData
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
InitializeSListHead
GetTpmBindingInfo
RtlNtStatusToDosError
GetSecureIdentitySigningKey
GetSignedReport
GetTaggedData

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

__ImagePolicyMetadata

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OOBE-Maintenance.exe
.exe windows:10 windows x64 arch:x64

e177744ee905124d86f35d2b80a0e4cd

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:0c:7c:93:c0:c7:22:c0:93:b9:9d:93:d5:6a:22:42:4d:45:73:92:f5:87:fb:63:68:30:07:e8:54:0b:1b:20
Signer

Actual PE Digest

7f:0c:7c:93:c0:c7:22:c0:93:b9:9d:93:d5:6a:22:42:4d:45:73:92:f5:87:fb:63:68:30:07:e8:54:0b:1b:20

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OOBE-Maintenance.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

kernel32

GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitOnceBeginInitialize
InitOnceComplete

msvcrt

_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
exit
memmove
memcpy
__CxxFrameHandler3
_callnewh
malloc
_purecall
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
memcpy_s
??0exception@@QEAA@AEBQEBD@Z
??1type_info@@UEAA@XZ
_vsnwprintf
__CxxFrameHandler4
_CxxThrowException
memset

shcore

SHRegGetValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OneDriveSetup.exe
.exe windows:6 windows x64 arch:x64

e35861eff59498a8462b8c59a7cde298

Code Sign

33:00:00:04:24:2a:2c:31:dc:36:18:25:58:00:00:00:00:04:24
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:25

Not After

01/09/2022, 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:54:2e:65:aa:19:76:36:6b:4b:fb:82:5b:f0:36:0f:e9:f7:30:85:49:3b:67:7a:ce:e5:e7:72:d0:95:d3:4f
Signer

Actual PE Digest

fc:54:2e:65:aa:19:76:36:6b:4b:fb:82:5b:f0:36:0f:e9:f7:30:85:49:3b:67:7a:ce:e5:e7:72:d0:95:d3:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\dbs\sh\odct\0207_214413\client\onedrive\Setup\Standalone\exe\obj\amd64\OneDriveSetup.pdb

Imports

bcrypt

BCryptGenRandom
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
RtlUnwind
VerSetConditionMask
RtlCaptureContext

wer

WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportCreate

kernel32

QueueUserWorkItem
SetThreadPriority
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileType
GetVolumePathNameW
GetUserDefaultUILanguage
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
WriteConsoleW
GetFileSizeEx
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
ExpandEnvironmentStringsW
GetLongPathNameW
VerifyVersionInfoW
LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
K32GetModuleFileNameExW
GetUserDefaultLocaleName
GetUserDefaultLCID
MoveFileW
GetModuleHandleW
GetProductInfo
GetVersionExW
GetSystemTimeAsFileTime
OpenProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
CreateMutexW
WaitForSingleObject
GetModuleFileNameW
WerUnregisterFile
WerRegisterFile
LoadLibraryW
GetProcAddress
DeviceIoControl
FindNextFileW
FindFirstFileW
FindClose
Process32NextW
CompareStringW
UnlockFileEx
LockFileEx
SystemTimeToFileTime
MoveFileExW
CopyFileW
FreeLibrary
Sleep
CloseHandle
GetTempPathW
SetFileTime
RemoveDirectoryW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
SetLastError
WriteFile
DeleteFileW
GetUserGeoID
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetStdHandle
CompareStringOrdinal
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
RemoveDirectoryA
GetShortPathNameW
CreateDirectoryA
CreateSymbolicLinkW
OpenFileById
GetFileInformationByHandleEx
RegisterApplicationRestart
GetComputerNameW
ReadDirectoryChangesW
SetDllDirectoryW
LoadLibraryExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetStdHandle
ExitProcess
VirtualAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
Process32FirstW
GetCommandLineW
GetDriveTypeW
GetSystemDefaultLCID
FreeLibraryAndExitThread
ExitThread
IsWow64Process
GetSystemTimes
GetExitCodeProcess
GetProcessTimes
ReleaseMutex
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
LoadLibraryExA
VirtualProtect
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
GetTickCount64
CreateEventExW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CreateHardLinkW
SetFilePointerEx
SetFileAttributesW
FindFirstFileExW
CreateFileW
CompareFileTime
DeleteCriticalSection
InitializeCriticalSectionEx
GetCurrentDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentVariableW
GetTempFileNameA
CompareStringA
FileTimeToLocalFileTime
FileTimeToDosDateTime
WaitForMultipleObjectsEx
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
PostQueuedCompletionStatus
WaitForMultipleObjects
GlobalMemoryStatusEx
GetLocalTime
CreateToolhelp32Snapshot
GetQueuedCompletionStatus
CreateIoCompletionPort
IsDebuggerPresent
SetFilePointer
SetFileInformationByHandle
ReadFile
GetConsoleMode
GlobalLock
GlobalAlloc
AcquireSRWLockShared
GetComputerNameExW
GetSystemDefaultUILanguage
GetFinalPathNameByHandleW
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleExW
GetTimeZoneInformation
GetNativeSystemInfo
GetSystemPowerStatus
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
VirtualQuery
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetStringTypeW
SwitchToThread
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
QueryPerformanceFrequency
ReleaseSRWLockShared

user32

PostQuitMessage
AllowSetForegroundWindow
GetShellWindow
GetSystemMetrics
SendMessageW
AttachThreadInput
IsWindow
SetWindowPos
IsWindowVisible
BringWindowToTop
CreateDialogParamW
DialogBoxParamW
GetDlgItem
SetActiveWindow
PostThreadMessageW
SetForegroundWindow
SetWindowTextW
GetClientRect
GetWindowRect
MapWindowPoints
GetWindowLongW
SetWindowLongW
SetWindowLongPtrW
GetParent
GetWindow
LoadIconW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
DestroyWindow
GetForegroundWindow
RegisterClassW
SendMessageTimeoutW
SystemParametersInfoW
LoadCursorW
SetCursor
MsgWaitForMultipleObjectsEx
PeekMessageW
UnregisterClassW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
GetWindowThreadProcessId
EnumWindows
GetClassNameW
CreateWindowExW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidAcl
MapGenericMask
RegGetValueA
EventRegister
EventWriteTransfer
EventUnregister
EventWrite
CredWriteW
CredReadW
CredEnumerateW
CredDeleteW
CredFree
CreateProcessWithTokenW
RegOverridePredefKey
LookupAccountNameW
CryptDestroyKey
CryptSetHashParam
CryptImportKey
AddAce
DeleteAce
GetAce
InitializeAcl
ConvertStringSidToSidW
ImpersonateLoggedOnUser
RevertToSelf
AccessCheck
OpenThreadToken
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegDeleteTreeW
RegUnLoadKeyW
RegLoadKeyW
RegEnumKeyW
RegDeleteKeyExW
RegCreateKeyTransactedW
GetUserNameW
SetFileSecurityW
GetAclInformation
FreeSid
DuplicateTokenEx
CreateWellKnownSid
AllocateAndInitializeSid
CreateProcessAsUserW
DuplicateToken
RegGetValueW
RegSetKeyValueW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
LookupPrivilegeValueW
IsValidSid
InitializeSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
EqualSid
CopySid
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHLoadNonloadedIconOverlayIdentifiers
ShellExecuteW
SHGetFolderPathW
SHGetFolderPathA
ShellExecuteExW
SHGetKnownFolderPath
CommandLineToArgvW
SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
SHChangeNotify
SHParseDisplayName
SHCreateItemFromParsingName
SHGetFolderPathAndSubDirW
SHSetKnownFolderPath
ord526

ole32

CoSetProxyBlanket
CLSIDFromString
CreateBindCtx
StringFromGUID2
StringFromCLSID
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
GetRunningObjectTable
CoGetObject
CoInitialize
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CreateItemMoniker
CreateStreamOnHGlobal
PropVariantClear
CoTaskMemAlloc

oleaut32

SetErrorInfo
GetErrorInfo
SysAllocString
VarBstrCmp
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
GetRecordInfoFromTypeInfo
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen

iphlpapi

GetAdaptersInfo

rstrtmgr

RmGetList
RmStartSession
RmRegisterResources
RmEndSession

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptBinaryToStringW
CryptStringToBinaryW

rpcrt4

RpcStringBindingComposeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterIfEx
UuidToStringW
RpcBindingFree
RpcBindingFromStringBindingW
RpcExceptionFilter
RpcStringFreeW
RpcServerUnregisterIf
RpcServerInqCallAttributesW
RpcEpUnregister
RpcEpRegisterW
RpcBindingSetAuthInfoExW
RpcServerUseProtseqW

secur32

GetUserNameExW

shlwapi

SHRegGetBoolUSValueW
SHRegGetValueW
StrStrIW
PathIsPrefixW
PathStripToRootW
PathStripPathW
PathSkipRootW
SHGetValueW
PathFindFileNameW
PathIsRelativeW
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
ord219
SHCreateStreamOnFileA
SHSetValueW
SHDeleteKeyW
SHRegGetPathW
SHDeleteValueW
PathFindExtensionW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsA
PathFindFileNameA
PathGetDriveNumberA
PathIsDirectoryA
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetQueryOptionW
HttpQueryInfoA
InternetConnectA
HttpOpenRequestA
InternetOpenW
InternetCrackUrlA
InternetCheckConnectionW
InternetSetStatusCallbackW
HttpAddRequestHeadersA
InternetCloseHandle
HttpSendRequestW
InternetReadFile

ws2_32

accept
bind
closesocket
htonl
htons
listen
setsockopt
socket
WSAStartup
WSAGetLastError
send

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
GetDefaultUserProfileDirectoryW
UnloadUserProfile

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrustEx

gdi32

CreateCompatibleDC
CreateDIBSection
SetDIBColorTable
SelectObject
GetObjectW
DeleteDC
DeleteObject

urlmon

URLOpenStreamW

gdiplus

GdipDeleteGraphics
GdipGetImagePixelFormat
GdipGetImageHeight
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImageWidth
GdipGetImagePalette

comctl32

ord345

cabinet

ord23
ord14
ord13
ord11
ord10
ord20
ord22

Exports

Exports

?$TSS0@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4HA
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventDispatcher@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventListener@Events@Applications@Microsoft@@QEAA@XZ
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0DebugEventSource@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@E@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@5@@Z
??0EventProperties@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@NV?$allocator@N@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEAV?$vector@_JV?$allocator@_J@std@@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@CW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@EW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@FW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@GW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@HW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@IW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@NW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Events@Applications@Microsoft@@QEAA@_JW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_KW4PiiKind@123@W4DataCategory@123@@Z
??0EventProperty@Events@Applications@Microsoft@@QEAA@_NW4PiiKind@123@W4DataCategory@123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Events@Applications@Microsoft@@QEAA@XZ
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IAuthTokensController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@AEBV?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@std@@@Z
??0ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??0ILogController@Events@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogController@Events@Applications@Microsoft@@QEAA@XZ
??0ILogManager@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogManager@Events@Applications@Microsoft@@QEAA@XZ
??0ILogger@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Events@Applications@Microsoft@@QEAA@XZ
??0IModule@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0IModule@Events@Applications@Microsoft@@QEAA@XZ
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ISemanticContext@Events@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Events@Applications@Microsoft@@QEAA@_K@Z
??1DebugEventDispatcher@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventListener@Events@Applications@Microsoft@@UEAA@XZ
??1DebugEventSource@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperties@Events@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Events@Applications@Microsoft@@UEAA@XZ
??1IAuthTokensController@Events@Applications@Microsoft@@UEAA@XZ
??1ILogConfiguration@Events@Applications@Microsoft@@QEAA@XZ
??1ILogManager@Events@Applications@Microsoft@@UEAA@XZ
??1ILogger@Events@Applications@Microsoft@@UEAA@XZ
??1IModule@Events@Applications@Microsoft@@UEAA@XZ
??1ISemanticContext@Events@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??4DebugEventDispatcher@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventListener@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4DebugEventSource@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@NV?$allocator@N@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@AEBV?$vector@_JV?$allocator@_J@std@@@std@@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Events@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4IAuthTokensController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogController@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogManager@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ILogger@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4IModule@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4ISemanticContext@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@$$QEAU0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4LogManagerProvider@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4time_ticks_t@Events@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??8EventProperty@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??8GUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??AILogConfiguration@Events@Applications@Microsoft@@QEAAAEAVVariant@123@PEBD@Z
??DILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@VVariant@Events@Applications@Microsoft@@@std@@@2@@std@@XZ
??MGUID_t@Events@Applications@Microsoft@@QEBA_NAEBU0123@@Z
??YEventProperties@Events@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7DebugEventDispatcher@Events@Applications@Microsoft@@6B@
??_7DebugEventListener@Events@Applications@Microsoft@@6B@
??_7DebugEventSource@Events@Applications@Microsoft@@6B@
??_7EventProperties@Events@Applications@Microsoft@@6B@
??_7EventProperty@Events@Applications@Microsoft@@6B@
??_7IAuthTokensController@Events@Applications@Microsoft@@6B@
??_7ILogController@Events@Applications@Microsoft@@6B@
??_7ILogManager@Events@Applications@Microsoft@@6BDebugEventDispatcher@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BIContextProvider@123@@
??_7ILogManager@Events@Applications@Microsoft@@6BILogController@123@@
??_7ILogger@Events@Applications@Microsoft@@6B@
??_7IModule@Events@Applications@Microsoft@@6B@
??_7ISemanticContext@Events@Applications@Microsoft@@6B@
?AddEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?AddModule@ILogConfiguration@Events@Applications@Microsoft@@QEAAXPEBDAEBV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@@Z
?AttachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?ClearExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXXZ
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBDAEAW4status_t@234@_K@Z
?CreateLogManager@LogManagerProvider@Events@Applications@Microsoft@@SAPEAVILogManager@234@PEBD_NAEAVILogConfiguration@234@AEAW4status_t@234@_K@Z
?DecrementActiveHydrationsCount@QoS@@YAXXZ
?DestroyLogManager@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?DetachEventSource@DebugEventSource@Events@Applications@Microsoft@@UEAA_NAEAV1234@@Z
?DispatchEvent@DebugEventSource@Events@Applications@Microsoft@@UEAA_NVDebugEvent@234@@Z
?DispatchEventBroadcast@ILogManager@Events@Applications@Microsoft@@SA_NVDebugEvent@234@@Z
?FromJSON@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@PEBD@Z
?FromLogConfiguration@Events@Applications@Microsoft@@YA?AVILogConfiguration@123@AEAULogConfiguration@Telemetry@23@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@AEAVILogConfiguration@234@AEAW4status_t@234@@Z
?Get@LogManagerProvider@Events@Applications@Microsoft@@CAPEAVILogManager@234@PEBDAEAW4status_t@234@@Z
?GetActiveHydrationsCount@QoS@@YAIXZ
?GetApplicationPropertyId@QoS@@YA?AW4Id@PropertyId@TelemetryConstants@@XZ
?GetDefaultConfiguration@Events@Applications@Microsoft@@YAAEBVILogConfiguration@123@XZ
?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JI@Z
?GetErrorType@QoS@@YA?AW4Type@ErrorType@TelemetryConstants@@JIAEBV?$set@IU?$less@I@std@@V?$allocator@I@2@@std@@@Z
?GetInstance@Telemetry@@CAPEAV1@XZ
?GetLatency@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventLatency@234@XZ
?GetLogObfuscationKeyManger@@YAJPEAPEAVILogObfuscationKeyManager@@@Z
?GetLogObfuscatorAes@@YAJPEAPEAVILogObfuscatorAes@@@Z
?GetModule@ILogConfiguration@Events@Applications@Microsoft@@QEAA?AV?$shared_ptr@VIModule@Events@Applications@Microsoft@@@std@@PEBD@Z
?GetModules@ILogConfiguration@Events@Applications@Microsoft@@QEAAAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$shared_ptr@VIModule@Events@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetName@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPersistence@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPersistence@234@XZ
?GetPiiProperties@EventProperties@Events@Applications@Microsoft@@QEBA?BV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Events@Applications@Microsoft@@@2@@std@@@2@@std@@W4DataCategory@234@@Z
?GetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEBA_KXZ
?GetPopSample@EventProperties@Events@Applications@Microsoft@@QEBANXZ
?GetPriority@EventProperties@Events@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Events@Applications@Microsoft@@@std@@@2@@std@@W4DataCategory@234@@Z
?GetResultType@QoS@@YAPEB_WJI@Z
?GetResultType@QoS@@YAPEB_WW4Type@ErrorType@TelemetryConstants@@@Z
?GetTimestamp@EventProperties@Events@Applications@Microsoft@@QEBA_JXZ
?GetType@EventProperties@Events@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?HasConfig@ILogConfiguration@Events@Applications@Microsoft@@QEAA_NPEBD@Z
?Hash@GUID_t@Events@Applications@Microsoft@@QEBA_KXZ
?IncrementActiveHydrationsCount@QoS@@YAXXZ
?Initialize@IModule@Events@Applications@Microsoft@@UEAAXPEAVILogManager@234@@Z
?InsertIntoIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?IsAnyLibraryIrmEnabled@QoS@@YA_NXZ
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@AEAVILogConfiguration@234@@Z
?Release@LogManagerProvider@Events@Applications@Microsoft@@SA?AW4status_t@234@PEBD@Z
?RemoveEventListener@DebugEventSource@Events@Applications@Microsoft@@UEAAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?RemoveFromIrmEnabledLibrarySet@QoS@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SetAppEnv@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentETag@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppExperimentImpressionId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetAppVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetApplicationId@QoS@@YAXI@Z
?SetCommercialId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetCommonField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetCustomField@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBUEventProperty@234@@Z
?SetDeviceClass@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceMake@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceModel@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetDeviceOrgId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetEventExperimentIds@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetLatency@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventLatency@234@@Z
?SetLevel@EventProperties@Events@Applications@Microsoft@@QEAAXE@Z
?SetName@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkCost@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkCost@234@@Z
?SetNetworkProvider@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetNetworkType@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4NetworkType@234@@Z
?SetOsBuild@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsName@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetOsVersion@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPersistence@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPersistence@234@@Z
?SetPolicyBitFlags@EventProperties@Events@Applications@Microsoft@@QEAAX_K@Z
?SetPopsample@EventProperties@Events@Applications@Microsoft@@QEAAXN@Z
?SetPriority@EventProperties@Events@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@NV?$allocator@N@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@UGUID_t@Events@Applications@Microsoft@@V?$allocator@UGUID_t@Events@Applications@Microsoft@@@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAV?$vector@_JV?$allocator@_J@std@@@6@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@W4DataCategory@234@@Z
?SetProperty@EventProperties@Events@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@W4DataCategory@234@@Z
?SetTicket@ISemanticContext@Events@Applications@Microsoft@@UEAAXW4TicketType@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetTimestamp@EventProperties@Events@Applications@Microsoft@@QEAAX_J@Z
?SetType@EventProperties@Events@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserANID@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserAdvertisingId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@234@@Z
?SetUserLanguage@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserMsaId@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUserTimeZone@ISemanticContext@Events@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SizeUnknown@QoS@@YAIXZ
?Teardown@IModule@Events@Applications@Microsoft@@UEAAXXZ
?TryGetLevel@EventProperties@Events@Applications@Microsoft@@QEBA?AV?$tuple@_NE@std@@XZ
?clear@EventProperty@Events@Applications@Microsoft@@QEAAXXZ
?convertUintVectorToGUID@GUID_t@Events@Applications@Microsoft@@SA?AU_GUID@@AEBV?$vector@EV?$allocator@E@std@@@std@@@Z
?copydata@EventProperty@Events@Applications@Microsoft@@AEAAXPEBU1234@@Z
?empty@EventProperty@Events@Applications@Microsoft@@QEAA_NXZ
?erase@EventProperties@Events@Applications@Microsoft@@QEAA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4DataCategory@234@@Z
?lock@?1??stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ@4V67@A
?pack@EventProperties@Events@Applications@Microsoft@@QEAAPEAUevt_prop@@XZ
?stateLock@DebugEventSource@Events@Applications@Microsoft@@KAAEAVrecursive_mutex@std@@XZ
?to_bytes@GUID_t@Events@Applications@Microsoft@@QEBAXAEAY0BA@E@Z
?to_string@EventProperty@Events@Applications@Microsoft@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?to_string@GUID_t@Events@Applications@Microsoft@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Events@Applications@Microsoft@@SAPEBDI@Z
?unpack@EventProperties@Events@Applications@Microsoft@@QEAA_NPEAUevt_prop@@_K@Z
evt_api_call_default

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43.3MB - Virtual size: 43.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenWith.exe
.exe windows:10 windows x64 arch:x64

c9d688e9591d69636f921914b8c58481

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:7c:38:ea:07:54:fe:c0:67:88:8b:82:19:8e:64:25:e5:65:52:92:1a:b0:0e:18:8e:51:18:91:a9:1a:5e:c7
Signer

Actual PE Digest

d5:7c:38:ea:07:54:fe:c0:67:88:8b:82:19:8e:64:25:e5:65:52:92:1a:b0:0e:18:8e:51:18:91:a9:1a:5e:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OpenWith.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
LocalFree
CompareStringOrdinal
ReleaseSRWLockExclusive
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
CreateThreadpoolTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
ResolveDelayLoadedAPI
DelayLoadFailureHook
AcquireSRWLockExclusive
GetModuleFileNameA

user32

GetMessageW
TranslateMessage
DispatchMessageW
KillTimer
PostQuitMessage
SetTimer
DestroyMenu
CreatePopupMenu
GetMenuDefaultItem
PostThreadMessageW
ord2521

msvcp_win

?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

shcore

IUnknown_Set
IUnknown_QueryService
SHSetThreadRef
SHCreateThreadRef
SetProcessReference
IUnknown_GetSite
IUnknown_SetSite
SHStrDupA

shell32

ord764

shlwapi

ord172
PathIsURLW
ord219

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoCopyProxy
CoUninitialize
CoRevokeClassObject
CoGetCallContext
CoInitializeEx

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord236

oleaut32

SysFreeString
SysStringLen
SetErrorInfo

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OptionalFeatures.exe
.exe windows:10 windows x64 arch:x64

b1da23e5bf146552e38fa70dee47601e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OptionalFeatures.pdb

Imports

kernel32

HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
GetUserDefaultUILanguage
CompareStringOrdinal
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
CreateSemaphoreExW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
GetModuleFileNameA

gdi32

GetStockObject

user32

GetUserObjectInformationW
GetClassNameW
LoadCursorW
RegisterClassW
DestroyIcon
CloseDesktop
GetThreadDesktop
OpenDesktopW
GetWindowLongPtrW
SendMessageW
CreateWindowExW
SetWindowLongPtrW
DestroyWindow
GetWindow
DefWindowProcW
SwitchDesktop
SetThreadDesktop

msvcrt

memcpy_s
_vsnwprintf
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsstr
memset

appwiz.cpl

RunOCMW

shlwapi

ord10

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ole32

CoInitialize

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PATHPING.EXE
.exe windows:10 windows x64 arch:x64

1a0378360a885737213846e9571a1e47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pathping.pdb

Imports

msvcrt

__setusermatherr
_cexit
_exit
__set_app_type
_initterm
__C_specific_handler
_fmode
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
fgetpos
wcschr
_fileno
_write
_setmode
wcstoul
fflush
_commode
?terminate@@YAXXZ
_wcsicmp
exit
_get_osfhandle
memcpy
__iob_func
memset

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

iphlpapi

IcmpCreateFile
Icmp6CreateFile
Icmp6SendEcho2
IcmpSendEcho2
IcmpParseReplies
IcmpCloseHandle
Icmp6ParseReplies

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

ws2_32

WSAStartup
closesocket
GetNameInfoW
socket
WSACleanup
FreeAddrInfoW
GetAddrInfoW
WSAIoctl

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-console-l1-1-0

GetConsoleMode

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-1-0

SleepEx

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PING.EXE
.exe windows:10 windows x64 arch:x64

52182582db3fc49e327853c5e45e3fb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ping.pdb

Imports

msvcrt

__setusermatherr
_cexit
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_get_osfhandle
_wcsicmp
exit
_exit
fflush
__set_app_type
iswctype
__wgetmainargs
_amsg_exit
_XcptFilter
fwprintf
wcstoul
fgetpos
_setmode
memcpy
_write
_fileno
__iob_func
wcschr
memset

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

iphlpapi

IcmpSendEcho2Ex
GetIpErrorString
Icmp6CreateFile
GetIpForwardTable
SetCurrentThreadCompartmentId
Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
InternalIcmpCreateFileEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

ws2_32

WSAStartup
GetNameInfoW
GetAddrInfoW
WSACleanup
InetNtopW
FreeAddrInfoW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

ntdll

RtlIpv4StringToAddressW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-1-0

GetFileType

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PackagedCWALauncher.exe
.exe windows:10 windows x64 arch:x64

7417db9eac14d3383f0430e33081c07e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PackagedCWALauncher.pdb

Imports

msvcrt

__CxxFrameHandler4
_initterm
_fmode
_lock
__setusermatherr
_cexit
_exit
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_unlock
_commode
_vsnprintf_s
__dllonexit
_onexit
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??3@YAXPEAX@Z
?terminate@@YAXXZ
memcpy_s
_vsnwprintf
__C_specific_handler
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ext-ms-win-com-sta-l1-1-0

CoInitialize

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PasswordOnWakeSettingFlyout.exe
.exe windows:10 windows x64 arch:x64

efbb2ae327c24ac043ba293919f6dedd

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:77:62:30:de:ba:1d:47:75:a3:24:99:24:9c:ea:8d:75:17:95:76:64:25:dd:c0:a3:30:39:6a:bc:e0:5e:54
Signer

Actual PE Digest

c6:77:62:30:de:ba:1d:47:75:a3:24:99:24:9c:ea:8d:75:17:95:76:64:25:dd:c0:a3:30:39:6a:bc:e0:5e:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PasswordOnWakeSettingFlyout.pdb

Imports

kernel32

GetLastError

user32

LoadStringW

msvcrt

__C_specific_handler
_callnewh
malloc
memcpy_s
_vsnwprintf
_wtoi
_purecall
free
_XcptFilter
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
memset
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemAlloc

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentThreadId
TlsFree
TerminateProcess
TlsAlloc
GetCurrentProcessId
TlsGetValue
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-synch-l1-1-0

ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shell32

CommandLineToArgvW

shlwapi

SHGetThreadRef
PathRemoveFileSpecW
PathAppendW

uxtheme

GetCurrentThemeName

dui70

InitThread
UnInitProcessPriv
UnInitThread
?GetSheet@DUIXmlParser@DirectUI@@QEAAJPEBGPEAPEAVValue@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?SetRootWindowForTheming@DUIXmlParser@DirectUI@@QEAAXPEAUHWND__@@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
InitProcessPriv
?SetXMLFromResourceWithTheme@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@00@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJPEBGPEAUHINSTANCE__@@1@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
StartMessagePump

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PickerHost.exe
.exe windows:10 windows x64 arch:x64

400808860662ea1c9f82731f5f32d9c6

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:53:21:24:e6:8c:73:0b:e1:10:6a:2b:8d:cd:83:86:73:b5:94:59:76:58:5a:4e:29:7d:d5:49:ea:de:29:97
Signer

Actual PE Digest

9d:53:21:24:e6:8c:73:0b:e1:10:6a:2b:8d:cd:83:86:73:b5:94:59:76:58:5a:4e:29:7d:d5:49:ea:de:29:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PickerHost.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
_XcptFilter
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
?terminate@@YAXXZ
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_lock
_vsnwprintf
_purecall
??3@YAXPEAX@Z
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
__CxxFrameHandler4
__set_app_type
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoAddRefServerProcess
CoRevokeClassObject
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoUninitialize
CoReleaseServerProcess
CoGetCallContext
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
OpenSemaphoreW
ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegGetValueW
RegCloseKey

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoRegisterActivationFactories
RoGetActivationFactory

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-rtcore-ntuser-window-l1-1-0

PostThreadMessageW
TranslateMessage
DispatchMessageW
GetMessageW

api-ms-win-shcore-thread-l1-1-0

SHSetThreadRef

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PinEnrollmentBroker.exe
.exe windows:10 windows x64 arch:x64

2b15d9d2e88543c98e5f44a260b577e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PinEnrollmentBroker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__exit
_o__configthreadlocale
_o__cexit
_o__callnewh
__CxxFrameHandler4
__std_terminate
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__errno
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateString
WindowsCompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentThread
GetStartupInfoW
TerminateProcess
GetCurrentProcess
OpenThreadToken

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
PropVariantClear
CoDecrementMTAUsage
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree
CoResumeClassObjects
CoReleaseServerProcess
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoIncrementMTAUsage
CoCreateInstance
CoRevokeClassObject
CoGetMalloc
CoAddRefServerProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventExW
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW
SetEvent
ReleaseMutex

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-l1-1-0

RoRevokeActivationFactories
RoActivateInstance
RoRegisterActivationFactories
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetComputerNameExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

combase

ord69
ord99

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

sspicli

LsaConnectUntrusted
LogonUserExExW
LsaLookupAuthenticationPackage
LsaDeregisterLogonProcess

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
CopySid

api-ms-win-security-lsapolicy-l1-1-0

LsaFreeMemory
LsaLookupSids
LsaLookupNames2
LsaClose
LsaOpenPolicy

ntdll

RtlInitUnicodeString

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

propsys

PropVariantToBoolean

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PkgMgr.exe
.exe windows:10 windows x64 arch:x64

1a5f3792f2ccf80b306e2859d468bc56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

pkgmgr.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
memmove
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strcmp
memset

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
CompareFileTime
FindClose
DeleteFileW
CreateDirectoryW
GetFullPathNameW
RemoveDirectoryW
CreateFileW
GetFileAttributesW
GetFileAttributesExW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
GetCurrentThreadId
InitializeProcThreadAttributeList
GetCurrentProcessId
TerminateProcess
UpdateProcThreadAttribute
CreateProcessW
GetExitCodeProcess
DeleteProcThreadAttributeList

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
StartTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-eventing-consumer-l1-1-0

CloseTrace

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSetInformation
HeapAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObject

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
LoadLibraryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateGuid
StringFromGUID2
CoGetMalloc

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l2-1-0

RegOpenKeyTransactedW

user32

MessageBoxW

ntdll

RtlFreeHeap
DbgPrintEx
RtlRaiseStatus
NtClose

api-ms-win-core-file-l1-2-0

GetTempPathW

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PktMon.exe
.exe windows:10 windows x64 arch:x64

4b36a74a32d9b6c294ccb7a0c40d71f1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:01:62:af:61:2e:ad:3a:de:92:7a:a2:22:08:19:bf:f8:29:56:5a:09:ab:e0:50:66:5a:72:47:78:42:fe:f7
Signer

Actual PE Digest

aa:01:62:af:61:2e:ad:3a:de:92:7a:a2:22:08:19:bf:f8:29:56:5a:09:ab:e0:50:66:5a:72:47:78:42:fe:f7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PktMon.pdb

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Xlength_error@std@@YAXPEBD@Z
?width@ios_base@std@@QEAA_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?unsetf@ios_base@std@@QEAAXH@Z
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@PEAV32@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?sync_with_stdio@ios_base@std@@SA_N_N@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
_Xtime_get_ticks
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?width@ios_base@std@@QEBA_JXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z

api-ms-win-crt-string-l1-1-0

wcscspn
strnlen
wcsncmp
memset
wcscmp
wcsnlen
wcsspn

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__create_locale
_o__crt_atexit
_o__errno
_o__exit
_o__fileno
_o__free_locale
_o__get_initial_wide_environment
_o__gmtime32
_o__gmtime64
_o__i64toa_s
_o__i64tow_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__memicmp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__setmode
_o__strdup
memmove
_o__ui64toa_s
_o__ui64tow_s
_o__ultow_s
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wcstoui64
_o__wfopen_s
_o__wtoi
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_fclose
_o_fputc
_o_free
_o_isdigit
_o_isprint
_o_isspace
_o_iswdigit
_o_iswxdigit
_o_malloc
_o_putwchar
_o_realloc
_o_strftime
_o_strncpy_s
_o_terminate
_o_toupper
_o_towlower
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstol
_o_wcstoul
_o_wmemcpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o___acrt_iob_func
wcsrchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___p__commode
wcschr
strrchr
wcsstr
_o___p___wargv
_o___p___argc
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwprintf_p
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o__stricmp
__C_specific_handler_noexcept
memchr
memcmp
memcpy

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

ntdll

RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
RtlIpv4AddressToStringA
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlGetVersion
RtlEthernetStringToAddressW
RtlImageDirectoryEntryToData
RtlImageRvaToVa
RtlEthernetAddressToStringW
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
CreateSemaphoreExW
CreateMutexExW
CreateEventW
OpenSemaphoreW
ReleaseMutex
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
EnterCriticalSection

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString
CoCreateInstance
CoCreateGuid
StringFromGUID2

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemInfo
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW
EnumerateTraceGuidsEx
StartTraceW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-eventing-tdh-l1-1-0

TdhEnumerateProviders
TdhGetEventInformation
TdhGetEventMapInformation
TdhFormatProperty
TdhGetProperty
TdhGetPropertySize

api-ms-win-eventing-consumer-l1-1-0

OpenTraceW
CloseTrace
ProcessTrace

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
SetConsoleWindowInfo
SetConsoleCursorInfo
SetConsoleActiveScreenBuffer
CreateConsoleScreenBuffer
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
LockResource
SizeofResource
LoadStringW
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary

ws2_32

ntohs
ntohl
htonl
htons

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
StartServiceW
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-file-l1-1-0

DeleteFileW
GetTempFileNameW
FindFirstFileW
GetFileSize
FindNextFileW
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
FindClose
WriteFile
GetFullPathNameW
ReadFile
GetFileAttributesW
SetFilePointer
SetFilePointerEx
CreateDirectoryW
GetFinalPathNameByHandleW
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegEnumKeyExW
RegGetValueA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
GetProcessHeap
HeapFree

bcrypt

BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider

netsetupapi

NetSetupFreeObjectProperties
NetSetupClose
NetSetupInitialize
NetSetupFreeObjects
NetSetupGetObjects
NetSetupGetObjectProperties

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PnPUnattend.exe
.exe windows:10 windows x64 arch:x64

b785fc9feca50acb62b3378712b6bda0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PnPUnattend.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
CheckTokenMembership
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
ConvertStringSidToSidW
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent

kernel32

CreateEventW
SetEvent
OpenEventW
WaitForSingleObject
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
LoadLibraryExW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapAlloc
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SetLastError
HeapFree
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetCurrentProcess
FormatMessageW
GetLastError
lstrcmpW
lstrcmpiW
FreeLibrary
FindClose
ExpandEnvironmentStringsW
FindNextFileW
CompareStringW
FindFirstFileW
GetModuleHandleW
LocalFree
GetVersionExW

msvcrt

wprintf
_XcptFilter
wcschr
realloc
__set_app_type
free
_wcsicmp
__CxxFrameHandler4
__wgetmainargs
_amsg_exit
malloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
_vsnwprintf
_vsnprintf
wcsrchr
_wcsnicmp
wcsncmp
memset

user32

LoadStringW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap

setupapi

SetupFindFirstLineW
SetupGetStringFieldW
pSetupStringTableLookUpString
pSetupGetFileTitle
SetupFindNextLine
SetupCloseInfFile
SetupDiGetActualModelsSectionW
SetupOpenInfFileW
SetupGetFieldCount
SetupDiGetINFClassW
pSetupStringTableDestroy
pSetupStringTableInitialize
pSetupIsUserAdmin
pSetupIsLocalSystem
pSetupStringTableAddString

newdev

DiInstallDriverW

rpcrt4

UuidToStringW
RpcStringFreeW

mpr

WNetAddConnection2W
WNetCancelConnection2W

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PresentationHost.exe
.exe windows:10 windows x64 arch:x64

b1c8422be3a752bdad4e20658b636e91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PresentationHost.pdb

Imports

msvcrt

__getmainargs
_amsg_exit
_XcptFilter
__setusermatherr
?what@exception@@UEBAPEBDXZ
_initterm
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_fmode
_commode
memmove
memcpy
__CxxFrameHandler3
__set_app_type
_callnewh
memmove_s
isdigit
tolower
_purecall
?terminate@@YAXXZ
_lock
iswdigit
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
_wcsnicmp
wcscat_s
exit
_exit
_cexit
_CxxThrowException
_ismbblead
realloc
memset
_acmdln
wcscpy_s
memcpy_s
malloc
wcsncpy_s
__C_specific_handler
_wcsicmp
free
_vsnwprintf
wcsncmp
__CxxFrameHandler4
wcscmp

oleaut32

SysAllocStringLen
VarUI4FromStr
SysFreeString

kernel32

HeapSize
HeapReAlloc
LocalAlloc
OpenProcess
HeapFree
CreateTimerQueueTimer
TerminateProcess
ExpandEnvironmentStringsW
IsWow64Process
HeapAlloc
GetProcessHeap
HeapDestroy
FreeLibrary
OutputDebugStringW
FindFirstFileW
FindClose
GetLastError
GetTempPathW
GetTempFileNameW
CreateFileW
WriteFile
GetNativeSystemInfo
CloseHandle
GetEnvironmentVariableW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateEventW
ResetEvent
SetEvent
DeactivateActCtx
ActivateActCtx
CreateActCtxW
ReleaseActCtx
FormatMessageW
LocalFree
SwitchToThread
GetFileAttributesExW
FileTimeToSystemTime
LoadLibraryW
MultiByteToWideChar
OpenEventW
IsDebuggerPresent
HeapSetInformation
ExitProcess
GetCurrentProcess
Sleep
RtlCaptureContext
GetStartupInfoW
GetCommandLineW
GetModuleFileNameW
RtlLookupFunctionEntry
InitializeCriticalSection
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetLocaleInfoW
GetUserDefaultUILanguage
GetCurrentProcessId
DeleteCriticalSection
FindResourceExW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetLocaleInfoEx
GetSystemDefaultUILanguage
lstrcmpiW
SetLastError
LoadResource
GetVersionExW
RaiseException
SizeofResource
SearchPathW

advapi32

RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
AddAce
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetAclInformation
SetTokenInformation
GetSecurityDescriptorDacl
GetKernelObjectSecurity
CopySid
LsaClose
LsaNtStatusToWinError
LsaLookupPrivilegeValue
LsaOpenPolicy
CreateWellKnownSid
EqualSid
CreateProcessAsUserW
CreateRestrictedToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegisterTraceGuidsW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
GetTraceLoggerHandle
GetTraceEnableLevel
TraceEvent
RegEnumKeyW
RegEnumValueW
GetSidSubAuthority
GetSidSubAuthorityCount

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW

ole32

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromProgID
CreateBindCtx
CoMarshalInterThreadInterfaceInStream
CoRevokeClassObject
CoRegisterClassObject
CoReleaseMarshalData

user32

MessageBeep
PostQuitMessage
DispatchMessageW
TranslateMessage
LoadStringW
MsgWaitForMultipleObjects
MessageBoxW
PeekMessageW
WaitForInputIdle
GetMessageW
CharNextW
PostMessageW
UnregisterClassA

shlwapi

PathFindExtensionW
AssocQueryStringW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlInitUnicodeString

api-ms-win-core-path-l1-1-0

PathCchAppend

mscoree

CoEEShutDownCOM
LoadLibraryShim

wininet

InternetCreateUrlW
InternetCrackUrlW

urlmon

URLDownloadToCacheFileW
CreateURLMonikerEx
GetClassFileOrMime
RegisterBindStatusCallback
CoInternetCreateSecurityManager
CoInternetCombineUrl
CoInternetParseUrl

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PrintIsolationHost.exe
.exe windows:10 windows x64 arch:x64

6ac27955c1a84b7a0ea061ecfa67d8dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintIsolationHost.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

HeapSetInformation
GetLastError
SetErrorMode
GetErrorMode
TlsAlloc
TlsFree
LoadLibraryW
GetProcAddress
DeleteCriticalSection
RaiseException
InitializeCriticalSection
CloseHandle
SetEvent
WaitForSingleObject
ExitProcess
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleW
Sleep
AddVectoredExceptionHandler
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW

user32

DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
__C_specific_handler
exit

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException
EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoFreeUnusedLibraries
CoUninitialize
CoResumeClassObjects
CoCreateInstance

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProximityUxHost.exe
.exe windows:10 windows x64 arch:x64

12efa0b6ab4ac41a85e8f25950d0cbe8

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:a0:53:4f:e9:29:70:2d:b1:e8:e3:a6:c6:22:d0:f6:af:07:04:1f:96:a7:6a:42:50:1d:7e:cd:f3:ed:4c:bd
Signer

Actual PE Digest

a4:a0:53:4f:e9:29:70:2d:b1:e8:e3:a6:c6:22:d0:f6:af:07:04:1f:96:a7:6a:42:50:1d:7e:cd:f3:ed:4c:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ProximityUxHost.pdb

Imports

msvcrt

memset
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
rand
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsrchr
_wcmdln
memcpy_s
_vsnwprintf
malloc
free
__dllonexit
srand
_purecall
memcmp
memcpy
_callnewh
qsort_s
wcscmp

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
SetEvent
TryEnterCriticalSection
ResetEvent
AcquireSRWLockExclusive
LeaveCriticalSection
CreateMutexW
WaitForMultipleObjectsEx
CreateEventExW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockShared
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventW
WaitForSingleObject

api-ms-win-core-com-l1-1-0

CoDisableCallCancellation
CoEnableCallCancellation
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemFree
CoWaitForMultipleHandles
CoTaskMemRealloc
CoGetApartmentType
CoResumeClassObjects
CoRegisterClassObject
CoCancelCall
CoRevokeClassObject
CoGetMalloc
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemAlloc
CoCreateInstance

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
TlsSetValue
TlsFree
TlsAlloc
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
TlsGetValue
GetStartupInfoW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoUninitialize
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsCreateStringReference
WindowsCreateString
WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsGetStringLen

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameA
LockResource
FreeLibrary
GetProcAddress
LoadResource
GetModuleHandleW
GetModuleHandleExW
FindResourceExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

proximitycommon

ord21
ord20
ord22
ord24

proximityservicepal

PAL_RegisterConsoleDisplayStateNotifications
PAL_UnregisterConsoleDisplayStateNotifications

gdi32

D3DKMTNetDispQueryMiracastDisplayDeviceSupport

user32

DefWindowProcW
SendMessageW
SetForegroundWindow
KillTimer
GetMessageW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
GetWindowLongPtrW
SetTimer
PostMessageW
IsWindowVisible
DestroyWindow
LoadStringW
MsgWaitForMultipleObjectsEx
PeekMessageW
DispatchMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-appmodel-runtime-l1-1-0

GetPackagesByPackageFamily

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegGetValueW

api-ms-win-shlwapi-winrt-storage-l1-1-1

SHCreateWorkerWindowW
IUnknown_GetWindow
AssocQueryStringW
ord237

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW
RemoveDirectoryW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-devices-query-l1-1-0

DevCreateObjectQuery
DevFreeObjectProperties
DevCloseObjectQuery
DevCreateObjectQueryFromId

propsys

PropVariantToStringAlloc

api-ms-win-devices-query-l1-1-1

DevGetObjectPropertiesEx

api-ms-win-shcore-sysinfo-l1-1-0

SetCurrentProcessExplicitAppUserModelID

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerSetRequest
PowerClearRequest

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileEx

bcrypt

BCryptEncrypt
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptGetProperty

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolGetUniqueContext
SHTaskPoolQueueTask

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

ws2_32

ntohl
ntohs

shell32

SHCreateAssociationRegistration
ShellExecuteExW
SHCreateItemInKnownFolder

ole32

CoAllowSetForegroundWindow

dwmapi

DwmGetWindowAttribute

winmm

PlaySoundW

deviceassociation

DafCloseAssociationContext
DafStartReadCeremonyData
DafSelectCeremony
DafStartEnumCeremonies
DafStartFinalize
DafStartRemoveAssociation
DafCreateAssociationContext
DafStartDeviceStatusNotification
DafMemFree
DafCreateAssociationContextFromOobBlob
DafCloseChallengeContext
DafChallengeDevicePresence
DafCreateChallengeContext

opcservices

ord7
ord4

dui70

?GetClassInfoPtr@ModernProgressBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?StateProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
?PositionProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?DeterminateProp@ModernProgressBar@DirectUI@@SAPEBUPropertyInfo@2@XZ
DuiCreateObject
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?AccessibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
StrToID
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?Click@Button@DirectUI@@SA?AVUID@@XZ
?CreateBool@Value@DirectUI@@SAPEAV12@_N@Z
?VisibleProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateInt@Value@DirectUI@@SAPEAV12@HW4DynamicScaleValue@@@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?_ZeroRelease@Value@DirectUI@@AEAAXXZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z

api-ms-win-rtcore-ntuser-private-l1-1-0

CreateWindowInBand

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveBackslashW

api-ms-win-core-url-l1-1-0

UrlUnescapeW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSa.exe
.exe windows:10 windows x64 arch:x64

ea2d56d44b563d355630390df8e80581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSa.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
RegOpenKeyExW
RegNotifyChangeKeyValue
RegGetValueW
GetTokenInformation
GetSecurityInfo
GetLengthSid
SetSecurityInfo
AddAce
GetAce
AddAccessDeniedAce
InitializeAcl

kernel32

LocalFree
HeapFree
GetProcessHeap
FormatMessageW
UnmapViewOfFile
HeapAlloc
FreeLibrary
GetProcAddress
GetModuleHandleExA
LocalAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetLastError
HeapReAlloc
SetProcessMitigationPolicy
SetEvent
HeapSetInformation
GetCurrentProcess
CloseHandle
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
Sleep
WaitForSingleObject
MapViewOfFile

user32

DispatchMessageW
PostQuitMessage
TranslateMessage
GetMessageW
LoadStringW
GetWindowLongPtrW
SetTimer
RegisterClassExW
CreateWindowExW
KillTimer
SetWindowLongPtrW
DestroyWindow
DefWindowProcW

msvcrt

??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
_callnewh
??1exception@@UEAA@XZ
memcmp
memcpy
memmove
??1type_info@@UEAA@XZ
malloc
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??3@YAXPEAX@Z
_vsnwprintf
memset
??_V@YAXPEAX@Z
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_purecall

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

ntdll

EtwEventWriteFull
EtwEventUnregister
EtwEventRegister

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
StringFromCLSID
CoCreateInstance

sspicli

GetUserNameExW

ws2_32

FreeAddrInfoW
GetAddrInfoW
GetNameInfoW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

winsta

WinStationSendMessageW
WinStationShadowStop2

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSaProxy.exe
.exe windows:10 windows x64 arch:x64

38572cf26926c24efb1fba5e5629f252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSaProxy.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenProcessToken
OpenThreadToken
GetTokenInformation
GetAce
AddAccessDeniedAce
InitializeAcl
GetLengthSid
GetSecurityInfo
SetSecurityInfo
CreateWellKnownSid
EqualSid
AddAccessAllowedAce
AddAce

kernel32

GetCurrentThread
GetCurrentProcessId
ProcessIdToSessionId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LocalAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
InitializeSRWLock
CloseHandle
GetCurrentProcess
HeapSetInformation
GetModuleHandleExA
GetProcAddress
FreeLibrary
GetLastError
SetProcessMitigationPolicy
LocalFree

user32

GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage

msvcrt

_callnewh
??0exception@@QEAA@AEBQEBD@Z
?terminate@@YAXXZ
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
__dllonexit
_unlock
??0exception@@QEAA@AEBV0@@Z
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
??3@YAXPEAX@Z
malloc
_purecall
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
memcmp
??1type_info@@UEAA@XZ
_lock
_onexit
memset

ntdll

EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoRevertToSelf
CoImpersonateClient
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

oleaut32

SysStringByteLen
SysFreeString
SysAllocStringByteLen

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-path-l1-1-0

PathCchCombine

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RdpSaUacHelper.exe
.exe windows:10 windows x64 arch:x64

8af12edd150a1168dc2b3c264d8f5383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RdpSaUacHelper.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegDeleteKeyValueW
RegSetKeyValueW
OpenProcessToken
AdjustTokenPrivileges
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
SetSecurityDescriptorDacl
EventUnregister
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
CreateWellKnownSid
StartServiceW
OpenServiceW

kernel32

UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcess
LocalAlloc
LocalFree
SetProcessMitigationPolicy
HeapSetInformation
GetCommandLineW
SetEvent
CreateEventW
GetLastError
FreeLibrary
GetProcAddress
GetModuleHandleExA
CloseHandle
OpenProcess
QueryFullProcessImageNameW
CreateFileMappingW
MapViewOfFile
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetCurrentProcessId
OpenEventW
DuplicateHandle
ProcessIdToSessionId

msvcrt

_wcsicmp
_vsnwprintf
_XcptFilter
_amsg_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
memset

ntdll

EtwEventRegister
EtwEventUnregister

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
StringFromCLSID
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetStartupInfoW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

rpcrt4

RpcStringBindingComposeW
NdrClientCall3
RpcBindingFree
RpcStringFreeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingSetAuthInfoExW

winsta

WinStationGetAllProcesses
WinStationFreeGAPMemory

api-ms-win-core-path-l1-1-0

PathCchCombine

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReAgentc.exe
.exe windows:10 windows x64 arch:x64

498a49f8301ecece04f6a27c7229ca18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ReAgentc.pdb

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegQueryValueExW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey

kernel32

GetSystemInfo
RaiseException
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
GetVersionExW
ExpandEnvironmentStringsW
GetFullPathNameW
CreateDirectoryW
GetFileAttributesW
DeleteCriticalSection
CloseHandle
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
HeapSetInformation
SetThreadPreferredUILanguages
GetCommandLineW
GetTempPathW
FreeLibrary
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
WriteFile
LocalAlloc
WriteConsoleW
FormatMessageW
GetConsoleMode
GetFileType
GetStdHandle
GetProcAddress
GetLastError
LoadLibraryExW
GetModuleHandleW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualQuery

msvcrt

__CxxFrameHandler3
wcsncmp
_wcsnicmp
_wtoi
wcstoul
_wcsicmp
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_vsnwprintf
_vsnprintf
wcsrchr
wcschr
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap

user32

CharToOemBuffW

ole32

CoUninitialize
CoInitializeEx

rpcrt4

UuidFromStringW

reagent

WinReInstall
WinReSetError
WinReInitiateOfflineScanning
WinReSetupMigrateData
WinReValidateRecoveryWim
WinReConfigureTask
WinReRepair
WinReGetConfig
WinReGetError
WinReClearError
WinReInstallOnTargetOS
WinRECheckGuid
WinReIsWinPE
WinReQueueRecoveryBoot
WinReSetRecoveryAction

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RecoveryDrive.exe
.exe windows:10 windows x64 arch:x64

143219cce86ad5386e385de7a80166c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

RecoveryDrive.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
RegDeleteKeyW
RegGetKeySecurity

kernel32

SetLastError
CreateEventW
CreateThread
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
GetCommandLineW
GetTempPathW
GetSystemTimeAsFileTime
ResetEvent
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetLogicalDriveStringsW
GetTimeZoneInformation
Sleep
CreateFileW
GetFileSizeEx
GetLocaleInfoW
GetNumberFormatW
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualProtect
SetFilePointer
ReadFile
WritePrivateProfileStringW
SetErrorMode
OutputDebugStringW
IsDebuggerPresent
PowerClearRequest
SetThreadExecutionState
PowerSetRequest
PowerCreateRequest
CreateDirectoryW
GetFileAttributesW
GetSystemWindowsDirectoryW
GetSystemTime
GetCurrentThreadId
FreeLibrary
LoadLibraryExW
SetEvent
CloseHandle
FindResourceExW
SizeofResource
LockResource
LoadResource
GetLastError
SystemTimeToTzSpecificLocalTime
LocalFree
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
GetVolumeInformationW
GetSystemInfo
VirtualQuery
AcquireSRWLockExclusive

user32

SetWindowLongPtrW
GetSystemMetrics
UnregisterClassA
GetWindowRect
CreateWindowExW
GetWindowTextW
SetActiveWindow
SetWindowTextW
EnableWindow
SetForegroundWindow
GetDlgItem
SendMessageW
ShowWindow
PostMessageW
GetParent
LoadStringW

msvcrt

free
memcpy_s
memmove_s
_wcsicmp
__CxxFrameHandler4
_vscwprintf
vswprintf_s
_vsnwprintf
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_CxxThrowException
wcsncmp
_wcsnicmp
wcschr
memcpy
memmove
wcsrchr
_onexit
__dllonexit
_unlock
_lock
_commode
memset
_purecall
wcstoul
sprintf_s
__C_specific_handler
_fmode
_wcmdln
calloc
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
malloc

ntdll

NtPowerInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlGetVersion
RtlFreeHeap

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetLongPathNameW
GetFullPathNameW
DeleteFileW
FindClose
FindFirstFileW
SetFileAttributesW
FindNextFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegDeleteTreeW
RegSetKeySecurity
RegEnumKeyExW

unattend

UnattendCtxGetUlong
UnattendCtxDeserializeBuffer
UnattendCtxCleanup

wimgapi

WIMCloseHandle
WIMCreateFile
WIMUnregisterLogFile
WIMGetImageInformation
WIMGetAttributes
WIMRegisterLogFile

comctl32

CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage
InitCommonControlsEx

uxtheme

SetWindowTheme

vssapi

CreateVssBackupComponentsInternal

reagent

WinReIsWimBootEnabled
WinReGetConfig

windlp

CreateDlpManager

wdscore

CurrentIP
WdsTerminate
ConstructPartialMsgVW
WdsSetupLogMessageW
WdsInitialize

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

wofutil

WofEnumEntries

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfacePropertyW

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Register-CimProvider.exe
.exe windows:10 windows x64 arch:x64

37fcce5845a29682f27dd5ddac6aa7ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Register-CimProvider.pdb

Imports

msvcrt

_unlock
_lock
_onexit
??1type_info@@UEAA@XZ
__CxxFrameHandler4
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBD@Z
_purecall
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_wcsicmp
setlocale
_vsnwprintf
exit
wprintf
__dllonexit

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleW

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

prvdmofcomp

GetProviderSchema
CompileSchemaToWMI
CreateRegisterParameter

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RelPost.exe
.exe windows:10 windows x64 arch:x64

8e846e5c63eccf919d49ea27dd263ef6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RelPost.pdb

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
RegCreateKeyExW
RegCloseKey
EventWrite
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW

kernel32

OutputDebugStringW
ReleaseSRWLockExclusive
FormatMessageW
ReleaseMutex
WaitForThreadpoolTimerCallbacks
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
IsDebuggerPresent
CloseThreadpoolTimer
GetModuleFileNameA
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
GlobalMemoryStatusEx
GetSystemTime
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
DebugBreak
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemWindowsDirectoryW
GetProcessHeap
HeapSetInformation
CloseHandle
DeleteFileW
GetLastError
GetPrivateProfileStringW
GetFileAttributesW
CreateFileW
GetVolumePathNameW
FindClose
FindNextFileW
HeapFree
GetFileSizeEx
FindFirstFileW
ReadFile
InitializeCriticalSectionEx
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetFileSize
GetProcAddress
GetWindowsDirectoryW
WaitForSingleObject
GetStdHandle
GetFileType
WriteFile
WriteConsoleW
CreateDirectoryW
HeapAlloc

msvcrt

_purecall
memcpy_s
memmove_s
_wcsicmp
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
wcstoul
_wcsnicmp
wcschr
free
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
qsort
_errno
_wtol
malloc
_callnewh
_fmode
_vsnwprintf
memcmp
memcpy
_commode
wcstol
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStream
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmSetDWORD
WinSqmSetDWORD64

reagent

WinReGetConfig
WinReSetTriggerFile
WinReGetLogDirPath

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitializeSecurity
CoInitializeEx

user32

LoadStringW

oleaut32

SysFreeString
VariantInit
VariantChangeType
SysAllocString

wer

WerReportSetUIOption
WerReportAddFile
WerReportSetParameter
WerReportCreate
WerReportSubmit
WerReportCloseHandle

version

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

bcd

BcdOpenObject
BcdCloseObject
BcdCloseStore
BcdOpenSystemStore
BcdGetElementData
BcdSetElementData

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RemotePosWorker.exe
.exe windows:10 windows x64 arch:x64

c6e4fb88aba54e5e339120511bb8f20d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RemotePosWorker.pdb

Imports

msvcrt

_commode
_fmode
_wcmdln
wcsncmp
?terminate@@YAXXZ
_initterm
__setusermatherr
_cexit
_exit
exit
__C_specific_handler
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
SetEvent

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nbtstat.exe
.exe windows:10 windows x64 arch:x64

cde20737aa225d4df469dded810acf10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nbtstat.pdb

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

LocalAlloc
Sleep
GetConsoleMode
GetEnvironmentVariableW
GetLastError
HeapSetInformation
LocalFree
WideCharToMultiByte
GetFileType
GetSystemTimeAsFileTime
GetCurrentThreadId
SetThreadUILanguage
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount

msvcrt

__set_app_type
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
fgetpos
__iob_func
wcschr
_vscwprintf
_fileno
_write
_setmode
iswprint
vswprintf_s
_wtoi
fflush
_wcsicmp
_get_osfhandle
_vsnwprintf
_XcptFilter
_amsg_exit
memmove
fwprintf
exit
__wgetmainargs
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlVirtualUnwind
NtClose
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
RtlIpv4StringToAddressW

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ndadmin.exe
.exe windows:10 windows x64 arch:x64

64f3eecff5f5a778f51d1aa0187df5c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NDAdmin.pdb

Imports

kernel32

CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
HeapAlloc
HeapFree
GetProcessHeap
FreeLibrary
ExitProcess
GetProcAddress
HeapSetInformation
LoadLibraryW
GetLastError
GetCommandLineW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateEventW
WaitForSingleObjectEx
CloseHandle
SetEvent
ExpandEnvironmentStringsW
SetLastError
GetSystemWindowsDirectoryW
RaiseException

msvcrt

wcsrchr
wcschr
?terminate@@YAXXZ
_commode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
swscanf
__C_specific_handler
_fmode
_resetstkoflw
memcpy

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlNtStatusToDosError

shell32

CommandLineToArgvW

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net.exe
.exe windows:10 windows x64 arch:x64

d45c37a5c97135204ad6e116c34946c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

net.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_commode
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
wcsncat_s
_wcsdup
wcstok
_XcptFilter
wcsrchr
?terminate@@YAXXZ
wcsncpy_s
wcsncmp
wcspbrk
exit
qsort
memset
_wcsupr
wcscspn
calloc
iswctype
wcsspn
_ultow
memmove
_wcsicmp
memcpy
sprintf_s
_wcsnicmp
wcschr
_fmode
_local_unwind
_fileno
_setmode
wcscat_s
wcscpy_s
malloc
free
putchar
_vsnwprintf_s
_snwprintf_s
__iob_func
setlocale
_amsg_exit
wcscmp

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

SetConsoleMode
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadUILanguage
GetCPInfo

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
OpenThreadToken
CreateProcessW
GetExitCodeProcess
GetCurrentThread
TerminateProcess

mpr

WNetCloseEnum
WNetCancelConnection2W
WNetEnumResourceW
WNetGetConnectionW
WNetOpenEnumW
WNetGetLastErrorW
WNetAddConnection4W

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
ImpersonateSelf
RevertToSelf

sspicli

SspiEncodeStringsAsAuthIdentity
SspiLocalFree
SspiFreeAuthIdentity
SspiMarshalAuthIdentity

wkscli

NetUseGetInfo
NetUseEnum
NetWkstaUserGetInfo
NetWkstaGetInfo

netutils

NetpwNameValidate
NetapipBufferAllocate
NetpwPathType
NetApiBufferReallocate
NetApiBufferFree
NetApiBufferAllocate

samcli

NetUserGetInfo

api-ms-win-core-file-l1-1-0

GetDriveTypeW
WriteFile
GetFileType

srvcli

NetServerGetInfo
NetShareEnum

iphlpapi

GetCurrentThreadCompartmentId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
FreeLibrary
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

ntdll

RtlAllocateHeap

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net1.exe
.exe windows:10 windows x64 arch:x64

76ee66a0f294eab08dcaef5e64fbf02f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

net1.pdb

Imports

msvcrt

_snwprintf_s
_vsnwprintf_s
putchar
_wcsdup
wcspbrk
wcstok
_local_unwind
memcpy
memmove
_wcsicmp
memset
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__iob_func
__getmainargs
_amsg_exit
_XcptFilter
wcscspn
iswctype
wcsrchr
calloc
_wcsrev
malloc
free
realloc
swprintf_s
_ultow
wcsstr
wcsncat_s
_vsnwprintf
wcschr
sprintf_s
_wcsnicmp
_fileno
_setmode
setlocale
exit
wcsspn
qsort
wcsncmp
wcscpy_s
_wcsupr
wcsncpy_s
__set_app_type
_wcslwr
wcscat_s
wcstod
wcscmp

samcli

NetGroupGetInfo
NetGroupSetInfo
NetUserDel
NetGroupAdd
NetGroupGetUsers
NetGroupEnum
NetGroupAddUser
NetGroupDel
NetUserAdd
NetUserSetInfo
NetUserGetGroups
NetUserEnum
NetUserGetInfo
NetUserModalsSet
NetUserModalsGet
NetGroupDelUser

netutils

NetApiBufferAllocate
NetpwNameValidate
NetapipBufferAllocate
NetApiBufferFree
NetpwListCanonicalize
NetpwNameCompare
NetpwListTraverse
NetpwPathType
NetpwNameCanonicalize
NetApiBufferReallocate

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
SetLocalTime
GetTickCount
GetComputerNameExW

api-ms-win-core-synch-l1-2-0

Sleep

srvcli

NetFileGetInfo
NetFileClose
NetFileEnum
NetSessionEnum
NetServerTransportEnum
NetServerSetInfo
NetServerGetInfo
NetConnectionEnum
NetSessionGetInfo
NetSessionDel
NetShareGetInfo
NetShareCheck
NetShareEnum
NetShareSetInfo
NetShareDel
NetShareAdd
NetShareDelSticky
NetRemoteTOD

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetCPInfo
FormatMessageW
SetThreadUILanguage
GetUserDefaultLCID

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetStdHandle

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
ReadConsoleW
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

wkscli

NetUseDel
NetWkstaUserGetInfo
NetWkstaTransportEnum
NetWkstaGetInfo
NetUseEnum
NetWkstaStatisticsGet

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LoadLibraryExW

api-ms-win-security-base-l1-1-0

InitializeAcl
GetLengthSid
CopySid
GetSidLengthRequired
AddAccessAllowedAce
CreateWellKnownSid
GetSidSubAuthority
GetAce
EqualSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthorityCount

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-file-l1-1-0

GetDriveTypeW
GetFileType
WriteFile

api-ms-win-core-sysinfo-l1-2-0

SetSystemTime

logoncli

DsGetDcNameW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

cryptbase

SystemFunction036

api-ms-win-service-management-l1-1-0

OpenSCManagerW
StartServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW
GetServiceDisplayNameW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW
EnumDependentServicesW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlCompareMemory
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-console-l1-2-0

PeekConsoleInputW

api-ms-win-core-privateprofile-l1-1-0

GetProfileStringW

api-ms-win-security-activedirectoryclient-l1-1-0

DsUnBindW
DsFreeNameResultW
DsBindWithSpnExW
DsCrackNamesW

ntdll

NtQuerySystemTime
RtlLengthSid
RtlTimeToSecondsSince1970
RtlAllocateHeap
RtlCopySid
RtlxOemStringToUnicodeSize
RtlInitString
RtlOemStringToUnicodeString
RtlInitUnicodeString
RtlInitAnsiString
RtlQueryTimeZoneInformation
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
RtlTimeFieldsToTime
RtlNtStatusToDosError
RtlSubAuthorityCountSid
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlGetNtProductType
NtOpenProcessToken
NtClose

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netbtugc.exe
.exe windows:10 windows x64 arch:x64

894a8067e3107b433f0e938d4efbb5bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netbtugc.pdb

Imports

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegSetValueExA

kernel32

GetFileAttributesW
LoadLibraryExW
FreeLibrary
CreateDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
FormatMessageA
MultiByteToWideChar
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetLastError
HeapAlloc
GetProcAddress
DeleteCriticalSection
GetProcessHeap

msvcrt

memcpy
memmove
_wcsnicmp
wcschr
wcsrchr
wcsncmp
malloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
_vsnprintf
memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlAllocateHeap
RtlFreeHeap

iphlpapi

ConvertInterfacePhysicalAddressToLuid
ConvertStringToInterfacePhysicalAddress
ConvertInterfaceAliasToLuid
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToGuid

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netcfg.exe
.exe windows:10 windows x64 arch:x64

f4666acbf024767fff0861a8ec8e8908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netcfg.pdb

Imports

advapi32

EventRegister
RegOpenKeyW
RegCloseKey
EventWriteTransfer
EventSetInformation

kernel32

FormatMessageW
SetThreadPreferredUILanguages
GetConsoleOutputCP
HeapSetInformation
GetModuleHandleW
GetLastError
ExitProcess
GetWindowsDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryExW
GetProcAddress
VirtualProtect
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
GetSystemInfo
FreeLibrary
VirtualQuery
LoadLibraryExA

msvcrt

_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__set_app_type
_unlock
__dllonexit
_onexit
_CxxThrowException
_callnewh
malloc
wprintf
__wgetmainargs
_amsg_exit
__CxxFrameHandler3
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
_lock
_purecall
_wcsicmp
wcschr
wcscpy_s
exit
tolower
iswprint
_wsetlocale
_putws
_vsnwprintf
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
__CxxFrameHandler4
memcpy
_XcptFilter
memset

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

setupapi

SetupCopyOEMInfW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netiougc.exe
.exe windows:10 windows x64 arch:x64

06f9626be5ae71582d4df67e4eba810d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netiougc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strnicmp
_o__wcsnicmp
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
wcsrchr
wcschr
_o___stdio_common_vsprintf
_o___p__commode
_o___p___argv
_o___p___argc

api-ms-win-crt-string-l1-1-0

wcsncmp
memset

ntdll

RtlAllocateHeap
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlFreeHeap

iphlpapi

ConvertStringToInterfacePhysicalAddress
ConvertInterfacePhysicalAddressToLuid
InitializeIpForwardEntry
InternalCreateIpForwardEntry2
ConvertInterfaceAliasToLuid
ConvertInterfaceNameToLuidW
InternalCreateUnicastIpAddressEntry
ParseNetworkString
ConvertInterfaceLuidToNameW
InitializeUnicastIpAddressEntry

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
OpenServiceA
OpenSCManagerA
StartServiceA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-service-management-l1-1-0

CloseServiceHandle

dhcpcsvc

DhcpEnableDhcp

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

nsi

NsiSetAllPersistentParametersWithMask
NsiSetAllParameters
NsiGetAllParameters
NsiGetAllPersistentParametersWithMask

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFullPathNameW
CreateDirectoryW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
netsh.exe
.exe windows:10 windows x64 arch:x64

06f091dbec9c3f0dd14808ffe59b95de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

netsh.pdb

Imports

msvcrt

wprintf
_wfopen
iswctype
_wcsnicmp
__setusermatherr
_initterm
wcspbrk
__C_specific_handler
fputwc
fflush
_fmode
_commode
wcstok
_wcslwr
fgets
_wcsicmp
_XcptFilter
?terminate@@YAXXZ
wcscpy_s
_amsg_exit
fclose
__wgetmainargs
wcschr
free
wcsrchr
__set_app_type
exit
memcpy
_exit
_cexit
_wcsdup
_wcsupr
_vsnwprintf
__iob_func
qsort
memset

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc
HeapSetInformation
HeapReAlloc

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFilePointer
WriteFile
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadStringW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetVersionExW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
ReadConsoleW
SetConsoleMode
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid

api-ms-win-core-synch-l1-1-0

OpenEventW
CreateEventW
WaitForSingleObject
ResetEvent
SetEvent

api-ms-win-core-console-l2-1-0

SetConsoleActiveScreenBuffer
FillConsoleOutputCharacterW
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer

oleaut32

VariantChangeType
SysFreeString
SysAllocString

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

ntdll

RtlGUIDFromString
WinSqmAddToStream

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ConvertGuidToString
ConvertStringToGuid
DisplayMessageM
DisplayMessageToConsole
FreeQuotedString
FreeString
GenericMonitor
GetEnumString
InitializeConsole
MakeQuotedString
MakeString
MatchCmdLine
MatchEnumTag
MatchTagsInCmdLine
MatchToken
PreprocessCommand
PrintError
PrintMessage
PrintMessageFromModule
ProcessCommand
RefreshConsole
RegisterContext
RegisterHelper

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
newdev.exe
.exe windows:10 windows x64 arch:x64

fdb0aac8ae8648b09599fa21e577d5b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NewDev.pdb

Imports

user32

PostMessageW
DispatchMessageW
GetMessageW
TranslateMessage

msvcrt

__getmainargs
_amsg_exit
_XcptFilter
swscanf
__C_specific_handler
exit
_initterm
wcschr
wcsrchr
__set_app_type
_exit
_cexit
_ismbblead
_acmdln
_fmode
_commode
?terminate@@YAXXZ
__setusermatherr
memcpy
_resetstkoflw

ntdll

RtlNtStatusToDosError
NtOpenKey
RtlInitUnicodeString
NtClose
RtlCaptureContext
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
RtlLookupFunctionEntry
RtlVirtualUnwind
NtQueryValueKey

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
CreateThread
GetCurrentProcessId
ExitProcess
GetCurrentProcess
TerminateProcess

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoInitializeEx

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

shell32

CommandLineToArgvW

kernel32

WaitForSingleObjectEx
CreateEventW
ExpandEnvironmentStringsW
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
GetSystemWindowsDirectoryW
RaiseException
SetEvent

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
CheckTokenMembership

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nltest.exe
.exe windows:10 windows x64 arch:x64

e6d22ecaa5772b23183363959c9f82b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nltest.pdb

Imports

msvcrt

__iob_func
qsort
_wsetlocale
fwprintf
_vsnprintf
memcpy
_vsnwprintf
memset
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
sprintf_s
strchr
strcat_s
_stricmp
printf
strtol
strcpy_s
_strnicmp
fprintf
strtoul
wcscat_s
wcscpy_s
iswctype
strncpy_s
__C_specific_handler

ntdsapi

DsFreeDomainControllerInfoW
DsUnBindW
DsBindW
DsGetDomainControllerInfoW

logoncli

NetLogonGetTimeServiceParentDomain
DsDeregisterDnsHostRecordsA
I_NetlogonGetTrustRid
DsGetForestTrustInformationW
I_NetlogonComputeServerSignature
DsAddressToSiteNamesExA
DsGetDcOpenA
DsGetDcSiteCoverageA
DsGetDcNameA
I_NetlogonComputeClientDigest
DsEnumerateDomainTrustsA
DsGetSiteNameA
DsGetDcCloseW
I_NetLogonControl2
DsGetDcNextA
I_NetLogonControl
I_NetlogonComputeServerDigest
DsGetDcNameW
DsGetDcNameWithAccountW
I_NetGetDCList
NetGetDCName
I_NetlogonComputeClientSignature

rpcrt4

UuidToStringA
UuidToStringW
RpcStringFreeW
UuidFromStringA
RpcStringFreeA

ws2_32

freeaddrinfo
ntohs
WSAGetLastError
htonl
WSACleanup
WSAStringToAddressA
getaddrinfo
WSAStartup
WSAAddressToStringA

ntdll

RtlInitAnsiString
RtlAllocateHeap
RtlFreeHeap
RtlCompareUnicodeString
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
RtlOemStringToUnicodeString
RtlInitString
RtlLengthSid
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlSystemTimeToLocalTime
RtlInitUnicodeString
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlTimeToTimeFields

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

kernel32

SetEvent
GetLocalTime
Sleep
CreateEventW
GetOverlappedResult
CloseHandle
CreateThread
GetProcAddress
LocalFree
DeleteCriticalSection
WaitForSingleObject
GetComputerNameW
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
FreeLibrary
SetMailslotInfo
WaitForMultipleObjects
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
EnterCriticalSection
GetCurrentThreadId
ReadFile
WideCharToMultiByte
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
HeapFree
GetConsoleOutputCP
GetStdHandle
WriteFile
SetThreadUILanguage
HeapAlloc
GetProcessHeap
MultiByteToWideChar
CreateFileW
CreateMailslotA
GetLastError

advapi32

TraceMessage
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
LsaClose
InitiateSystemShutdownExW
LsaOpenPolicy
SystemFunction025
SystemFunction027
RegConnectRegistryW
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
CryptAcquireContextW
GetAclInformation
RegOpenKeyExA
FreeSid
AbortSystemShutdownW
LsaFreeMemory
RegSetValueExA
LsaQueryForestTrustInformation
GetAce
RegSetKeySecurity
AllocateAndInitializeSid
RegQueryValueExA
EqualSid

user32

LoadStringW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nmbind.exe
.exe windows:10 windows x64 arch:x64

5b9bed4627214d7ad933eb9f17d888da

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:18:20:e7:a6:21:b4:97:39:91:6c:aa:d9:ce:fe:46:a3:b5:db:4d:a8:52:75:de:2e:d8:a7:c4:b6:c5:c9:9c
Signer

Actual PE Digest

4f:18:20:e7:a6:21:b4:97:39:91:6c:aa:d9:ce:fe:46:a3:b5:db:4d:a8:52:75:de:2e:d8:a7:c4:b6:c5:c9:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nmbind.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm
_initterm_e
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
__CxxFrameHandler3
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o__crt_atexit
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

netsetupapi

NetSetupSetObjectProperties
NetSetupFreeObjects
NetSetupCommit
NetSetupDeleteObject
NetSetupInitialize
NetSetupClose
NetSetupSynchronizeDevices
NetSetupFreeObjectProperties
NetSetupGetObjectProperties
NetSetupGetObjects

vmsif

VmsIfDriverOpen
VmsIfDriverClose
VmsIfNicDisableMiniport
VmsIfNicEnableMiniport

iphlpapi

SetCurrentThreadCompartmentScope
GetIfEntry2
ConvertInterfaceGuidToLuid

api-ms-win-core-synch-l1-2-0

Sleep

devobj

DevObjGetClassDevs
DevObjCreateDeviceInfoList
DevObjChangeState
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjGetDeviceProperty
DevObjOpenDeviceInfo
DevObjUninstallDevice
DevObjOpenDevRegKey

api-ms-win-core-com-l1-1-0

CLSIDFromString

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_Get_DevNode_Status

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-handle-l1-1-0

CloseHandle

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nmscrub.exe
.exe windows:10 windows x64 arch:x64

29fce0b185a9a33ad1ab22b207847f4f

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:0a:4f:b2:6d:e7:8e:d4:0a:bd:f5:8e:80:9e:a5:f8:e4:d2:2a:99:45:db:21:ac:fa:32:c3:b7:78:0b:52:d3
Signer

Actual PE Digest

c6:0a:4f:b2:6d:e7:8e:d4:0a:bd:f5:8e:80:9e:a5:f8:e4:d2:2a:99:45:db:21:ac:fa:32:c3:b7:78:0b:52:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nmscrub.pdb

Imports

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_initial_narrow_environment
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__stricmp
memmove
_o__wcsicmp
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o__exit
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

rpcrt4

UuidFromStringW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
OpenSemaphoreW
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
EnterCriticalSection
WaitForSingleObjectEx
LeaveCriticalSection
ReleaseSRWLockShared
CreateMutexExW

iphlpapi

GetIfTable2
FreeMibTable
GetAdaptersAddresses
ConvertCompartmentGuidToId
SetCurrentThreadCompartmentId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

ntdll

RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromGUID2
CLSIDFromString

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegDeleteTreeW
RegCloseKey
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

netmgmtif

NetMgmtGetVirtualSwitchPortProperty
NetMgmtDeleteVirtualSwitchPort
NetMgmtDeleteVirtualSwitch
NetMgmtEnumerateVirtualSwitch
NetMgmtFindInternalNicByName
NetMgmtEnumerateNic
NetMgmtEnumerateAdapter
NetMgmtGetPortHandleRefCount
NetMgmtSwitchExtensionFree
NetMgmtDeleteInternalEthernetAdapter
NetMgmtUnbindExternalAdapter
NetMgmtSwitchExtensionEnumerate
NetMgmtGetVmSwitchInitState
NetMgmtEnumerateVirtualSwitchPorts
NetMgmtPortPropertyListFree
NetMgmtIsInternalEthernetAdapterEnabledLW
NetMgmtGetNetworkAdapterType
NetMgmtFindExternalNicByName
NetMgmtDeleteInternalEthernetAdapterLW
NetMgmtEnumerateVirtualSwitchPortProperty
NetMgmtPortPropertyFree
NetMgmtGetMacAddressRange

vmsif

VmsIfDriverClose
VmsIfNicDeleteMiniport
VmsIfPortGetVlanSettings
VmsIfMemFree
VmsIfDriverOpen

netsetupapi

NetSetupGetObjects
NetSetupSynchronizeDevices
NetSetupCommit
NetSetupGetObjectProperties
NetSetupClose
NetSetupFreeObjects
NetSetupFreeObjectProperties
NetSetupSetObjectProperties
NetSetupDeleteObject
NetSetupInitialize

devobj

DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList
DevObjChangeState
DevObjUninstallDevice
DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList

nsi

NsiFreeTable
NsiAllocateAndGetTable

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Locate_DevNodeW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
notepad.exe
.exe windows:10 windows x64 arch:x64

0e6bccf88f4251909d1746dba78cba57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

notepad.pdb

Imports

gdi32

SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
TextOutW
AbortDoc
EndDoc
SetAbortProc
StartDocW
StartPage
CreateDCW
EnumFontsW
GetTextFaceW
GetDeviceCaps
DeleteDC
DeleteObject
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
EndPage
CreateFontIndirectW

user32

PostQuitMessage
BeginPaint
EndPaint
FillRect
DrawTextW
DrawFocusRect
DefWindowProcW
TrackMouseEvent
InvalidateRect
DestroyIcon
SetThreadDpiAwarenessContext
DialogBoxParamW
LoadIconW
GetFocus
MessageBoxW
ShowWindow
SetCursor
SetActiveWindow
EnableMenuItem
IsIconic
SetFocus
MessageBeep
GetForegroundWindow
GetDlgCtrlID
SetWindowPos
RedrawWindow
GetKeyboardLayout
CharNextW
SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
GetMenu
GetSubMenu
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
CheckMenuItem
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SetScrollPos
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
MonitorFromWindow
RegisterWindowMessageW
LoadCursorW
LoadImageW
RegisterClassExW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
IsWindow
CreateDialogIndirectParamW
GetPropW
SetPropW
GetDlgItem
RemovePropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
NotifyWinEvent
CreateWindowExW
GetWindowTextLengthW
GetClientRect
DestroyWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendMessageW
MoveWindow
GetDC
LoadStringW
PostMessageW
ReleaseDC

api-ms-win-crt-string-l1-1-0

wcscmp
wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o___std_exception_destroy
_o___std_exception_copy
_o__configthreadlocale
_o___p__commode
_o__exit
_o__cexit
_o__callnewh
_o__beginthreadex
_o__errno
wcsrchr
wcschr
__C_specific_handler
memcmp
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSemaphore
ReleaseSRWLockExclusive
EnterCriticalSection
SetEvent
CreateEventExW
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockShared
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSString
GetLocaleInfoW
GetACP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathIsFileSpecW
PathFileExistsW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegGetValueW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyExW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalUnlock
LocalFree
LocalLock
GlobalAlloc
GlobalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
SetEndOfFile
GetFileAttributesExW
GetFileInformationByHandle
FindClose
FindFirstFileW
CreateFileW
ReadFile
GetDiskFreeSpaceExW
GetFullPathNameW
CreateDirectoryW
WriteFile

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineW
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

FoldStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalLock
GlobalUnlock

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

ImageList_Create
ImageList_SetBkColor
ord381
ImageList_ReplaceIcon
ord410
ImageList_Draw
ImageList_GetIconSize
ord413
ImageList_Destroy
ord345
CreateStatusWindowW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nslookup.exe
.exe windows:10 windows x64 arch:x64

ec3e3c718c086fab4f7f35008a5e9116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nslookup.pdb

Imports

msvcrt

putc
_vsnprintf
malloc
sscanf_s
system
getenv
printf
fwrite
strchr
fputc
fprintf
memset
perror
exit
strcpy_s
fputs
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
strcat_s
gmtime
__setusermatherr
isspace
getc
_cexit
realloc
_exit
putchar
__set_app_type
ferror
__getmainargs
sprintf_s
fflush
_amsg_exit
_XcptFilter
_write
fclose
memcpy
strncmp
fgets
_strnicmp
free
strncpy_s
fread
fopen
__iob_func
strcmp

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSetInformation
GetProcessHeap

ws2_32

htonl
WSAStartup
select
getaddrinfo
gethostname
closesocket
send
socket
connect
recv
WSAGetLastError
getprotobynumber
getservbyport
ntohs
freeaddrinfo
inet_ntoa
htons

crypt32

CryptBinaryToStringA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

dnsapi

DnsQueryConfigAllocEx
DnsFreeConfigStructure

api-ms-win-core-localization-l1-2-0

FormatMessageA
SetThreadUILanguage

api-ms-win-core-registry-l1-1-0

RegCloseKey

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

mswsock

s_perror

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

NtQueryValueKey
RtlFreeHeap
RtlUnicodeStringToAnsiString
RtlFreeUnicodeString
NtOpenKey
RtlAllocateHeap
RtlAnsiStringToUnicodeString
RtlIpv6StringToAddressExA
RtlIpv4StringToAddressA
RtlIpv6AddressToStringA
RtlInitString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntkrla57.exe
.sys windows:10 windows x64 arch:x64

8a6a24dc179d1d583e1d3b5fddaea3d6

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:ce:b0:6f:8d:9d:9c:8f:59:a7:85:6c:7c:0d:12:8c:a2:53:ad:4e:c2:f0:96:b0:0a:05:89:84:f9:65:d6:75
Signer

Actual PE Digest

33:ce:b0:6f:8d:9d:9c:8f:59:a7:85:6c:7c:0d:12:8c:a2:53:ad:4e:c2:f0:96:b0:0a:05:89:84:f9:65:d6:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ntkrla57.pdb

Imports

ext-ms-win-ntos-processparameters-l1-1-0

PsDestroyProcessParameterOverrides
PsGetProcessParameterOverrides

ext-ms-win-ntos-tm-l1-1-0

TmIsKTMCommitCoordinator
TmInitializeTransactionManager
TmGetTransactionId
TmFreezeTransactions
TmEndPropagationRequest
TmEnableCallbacks
TmDereferenceEnlistmentKey
TmCurrentTransaction
TmCreateEnlistment
TmCommitTransaction
TmCommitEnlistment
TmCommitComplete
TmCancelPropagationRequest
NtThawTransactions
NtSetInformationTransaction
NtSetInformationResourceManager
NtSetInformationEnlistment
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtRegisterProtocolAddressInformation
TmIsTransactionActive
TmInitSystemPhase2
TmInitSystem
NtCommitComplete
NtCommitEnlistment
TmPrePrepareComplete
TmRecoverEnlistment
TmRecoverResourceManager
TmRecoverTransactionManager
TmReferenceEnlistmentKey
TmRenameTransactionManager
TmRequestOutcomeEnlistment
TmRollbackComplete
TmRollbackEnlistment
TmRollbackTransaction
TmSetCurrentTransaction
TmSinglePhaseReject
NtCommitTransaction
TmShutdownSystem
NtRollforwardTransactionManager
NtSinglePhaseReject
NtCreateEnlistment
NtCreateResourceManager
NtSetInformationTransactionManager
NtRenameTransactionManager
NtCreateTransaction
TmThawTransactions
NtCreateTransactionManager
NtEnumerateTransactionObject
NtFreezeTransactions
NtGetNotificationResourceManager
NtOpenEnlistment
NtOpenResourceManager
NtOpenTransaction
NtOpenTransactionManager
NtPrePrepareComplete
TmPrePrepareEnlistment
TmPrepareComplete
TmPrepareEnlistment
TmPropagationComplete
TmReadOnlyEnlistment
TmPropagationFailed
NtReadOnlyEnlistment
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationResourceManager
NtQueryInformationEnlistment
NtPropagationFailed
NtPropagationComplete
NtPrepareEnlistment
NtPrepareComplete
NtPrePrepareEnlistment

pshed

PshedGetBootErrorPacket
PshedInitialize
PshedGetAllErrorSources
PshedAttemptErrorRecovery
PshedWriteErrorRecord
PshedBugCheckSystem
PshedFreeMemory
PshedDoPluginCtl
PshedAllocateMemory
PshedDoPfa
PshedEnableErrorSource
PshedGetInjectionCapabilities
PshedInjectError
PshedSetErrorSourceInfo
PshedSetHalEnlightenments
PshedMarkHiberPhase
PshedInitProc
PshedIsSystemWheaEnabled
PshedClearErrorRecord
PshedArePluginsPresent
PshedReadErrorRecord
PshedInitGlobal
PshedDisableErrorSource
PshedInitAvailable
PshedGetErrorSourceInfo
PshedFinalizeErrorRecord
PshedRetrieveErrorInfo

bootvid

VidInitialize
VidBitBltEx
VidDisplayString
VidSetScrollRegion
VidSetTextColor
VidCleanUp
VidBitBlt
VidScreenToBufferBlt
VidBufferToScreenBlt
VidSolidColorFill
VidResetDisplay

ext-ms-win-ntos-clipsp-l1-1-0

ClipSpInitialize

kdcom

KdSetHiberRange
KdInitialize
KdSendPacket
KdReceivePacket
KdPower

ext-ms-win-ntos-kcminitcfg-l1-1-0

CmCompleteInitMachineConfig
CmSetInitMachineConfig

ext-ms-win-ntos-ksr-l1-1-4

KsrCleanupPageDatabase
KsrInitPageDatabase
KsrFreePersistedMemory
KsrInitSystem
KsrMdlToMemoryRuns
KsrFreePersistedMemoryBlock
KsrQueryMetadata
KsrEnumeratePersistedMemory
KsrGetFirmwareInformation
KsrClaimPersistedMemory
KsrPersistMemoryWithMetadata

ext-ms-win-ntos-trace-l1-1-0

TraceInitSystem

ext-ms-win-ntos-ksecurity-l1-1-1

QueryUpdateFileEaAllowedExt

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelSubmitReport
WerLiveKernelInitSystem
WerLiveKernelCreateReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile

ext-ms-win-ntos-ucode-l1-1-0

ExpMicrocodeInformationLoad
ExpMicrocodeInformationUnload
ExpMicrocodeInitialization

ext-ms-win-ntos-runlevels-l1-1-0

ExpInitializeRunLevel0

ext-ms-win-ntos-stateseparation-l1-1-0

ExpInitializeStateSeparationPhase1
ExpInitializeStateSeparationPhase0
ExpInitializeStateSeparationPhase2

ext-ms-win-fs-clfs-l1-1-0

ClfsMgmtInstallPolicy
ClfsCloseLogFileObject
ClfsMgmtDeregisterManagedClient
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsGetLogFileInformation
ClfsReadRestartArea
ClfsLsnEqual
ClfsReadLogRecord
ClfsReadNextLogRecord
ClfsTerminateReadLog
ClfsWriteRestartArea
ClfsDeleteLogByPointer
ClfsDeleteMarshallingArea
ClfsReserveAndAppendLog
ClfsLsnInvalid
ClfsFlushToLsn
ClfsLsnContainer
ClfsLsnLess
ClfsCreateMarshallingArea
ClfsAddLogContainer
ClfsLsnDifference

ci

CiInitialize

msrpc.sys

MesIncrementalHandleReset
NdrMesTypeDecode3
MesEncodeIncrementalHandleCreate
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesHandleFree
RpcExceptionFilter

cng.sys

BCryptExportKey

ext-ms-win-ntos-globmerger-l1-1-0

CimfsMountBootVolume

Exports

Exports

AlpcCreateSecurityContext
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
AsanWrapperMemcmp
BgkDisplayCharacter
BgkGetConsoleState
BgkGetCursorState
BgkSetCursor
CarCopyRuleViolationDetails
CarCreateRuleViolationDetails
CarDeleteRuleViolationDetails
CarDeregisterRuleClassConfiguration
CarDeregisterRuleOverride
CarInitializeRuleViolationDetails
CarQueryReportAction
CarQueryReportActionForTriage
CarRegisterDefaultRuleClassConfiguration
CarRegisterRuleClassConfiguration
CarRegisterRuleOverride
CarRegisterRuleOverrideAllContexts
CarRegisterRuleOverridesAllContexts
CarReportRuleViolation
CarReportRuleViolationForTriage
CarSetCustomIdInRuleOverride
CarSetCustomRuleIdRange
CcAddDirtyPagesToExternalCache
CcAsyncCopyRead
CcCanIWrite
CcCoherencyFlushAndPurgeCache
CcCopyRead
CcCopyReadEx
CcCopyWrite
CcCopyWriteEx
CcCopyWriteWontFlush
CcDeductDirtyPagesFromExternalCache
CcDeferWrite
CcErrorCallbackRoutine
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFlushCache
CcFlushCacheToLsn
CcGetCachedDirtyPageCountForFile
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcGetNumberOfMappedPages
CcInitializeCacheMap
CcInitializeCacheMapEx
CcInitializeCacheMapEx2
CcIsCacheManagerCallbackNeeded
CcIsThereDirtyData
CcIsThereDirtyDataEx
CcIsThereDirtyLoggedPages
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRegisterExternalCache
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcScheduleReadAheadEx
CcSetAdditionalCacheAttributes
CcSetAdditionalCacheAttributesEx
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetLogHandleForFileEx
CcSetLoggedDataThreshold
CcSetParallelFlushFile
CcSetReadAheadGranularity
CcSetReadAheadGranularityEx
CcTestControl
CcUninitializeCacheMap
CcUnmapFileOffsetFromSystemCache
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcUnregisterExternalCache
CcWaitForCurrentLazyWriterActivity
CcZeroData
CcZeroDataOnDisk
CmCallbackGetKeyObjectID
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmGetBoundTransaction
CmGetCallbackVersion
CmKeyObjectType
CmRegisterCallback
CmRegisterCallbackEx
CmRegisterMachineHiveLoadedNotification
CmSetCallbackObjectContext
CmUnRegisterCallback
CmUnregisterMachineHiveLoadedNotification
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgSetDebugPrintCallback
DbgkLkmdRegisterCallback
DbgkLkmdUnregisterCallback
DbgkWerCaptureLiveKernelDump
DbgkWerCaptureLiveKernelDump2
DifFindThreadContextData
DifGetPluginPerDriverData
DifPluginSimplePerfControl
DifPopThreadContextData
DifPushThreadContextData
DifRegisterPlugin
DifUtilDbgPrint
EmClientQueryRuleState
EmClientRuleDeregisterNotification
EmClientRuleEvaluate
EmClientRuleRegisterNotification
EmProviderDeregister
EmProviderDeregisterEntry
EmProviderRegister
EmProviderRegisterEntry
EmpProviderRegister
EtwActivityIdControl
EtwEnableTrace
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwSendTraceBuffer
EtwSetInformation
EtwTelemetryCoverageReport
EtwUnregister
EtwWrite
EtwWriteEndScenario
EtwWriteEx
EtwWriteStartScenario
EtwWriteString
EtwWriteTransfer
EtwpDisableStackWalkApc
EtwpReenableStackWalkApc
ExAcquireAutoExpandPushLockExclusive
ExAcquireAutoExpandPushLockShared
ExAcquireCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusiveEx
ExAcquireCacheAwarePushLockSharedEx
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireFastResourceExclusive
ExAcquireFastResourceShared
ExAcquireFastResourceSharedStarveExclusive
ExAcquireFastResourceWithFlags
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockExclusiveAtDpcLevel
ExAcquireSpinLockShared
ExAcquireSpinLockSharedAtDpcLevel
ExActivationObjectType
ExAllocateAutoExpandPushLock
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePool2
ExAllocatePool3
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExAllocateTimer
ExBlockOnAddressPushLock
ExBlockPushLock
ExCancelDpcEventWait
ExCancelTimer
ExCleanupAutoExpandPushLock
ExCleanupRundownProtectionCacheAware
ExCompositionObjectType
ExConvertExclusiveToSharedLite
ExConvertFastResourceExclusiveToShared
ExConvertPushLockExclusiveToShared
ExCoreMessagingObjectType
ExCreateCallback
ExCreateDpcEvent
ExCreatePool
ExDeleteDpcEvent
ExDeleteFastResource
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDeleteTimer
ExDesktopObjectType
ExDestroyPool
ExDisableResourceBoostLite
ExDisownFastResource
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEnumerateSystemFirmwareTables
ExEventObjectType
ExExtendZone
ExFetchLicenseData
ExFlushLookasideListEx
ExFreeAutoExpandPushLock
ExFreeCacheAwarePushLock
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePool2
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetFirmwareType
ExGetLicenseTamperState
ExGetPreviousMode
ExGetSharedWaiterCount
ExGetSystemFirmwareTable
ExInitializeAutoExpandPushLock
ExInitializeDeviceAts
ExInitializeFastOwnerEntry
ExInitializeFastResource
ExInitializeFastResourceAcquired
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeRundownProtectionCacheAwareEx
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsFastResourceContended
ExIsFastResourceHeld
ExIsFastResourceHeldExclusive
ExIsManufacturingModeEnabled
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExIsSoftBoot
ExLocalTimeToSystemTime
ExMoveFastResourceOwnershipWithFlags
ExNotifyBootDeviceRemoval
ExNotifyCallback
ExQueryDepthSList
ExQueryFastCacheDevLicense
ExQueryPoolBlockSize
ExQueryTimerResolution
ExQueryWnfStateData
ExQueueDpcEventWait
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExRawInputManagerObjectType
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRealTimeIsUniversal
ExRegisterBootDevice
ExRegisterCallback
ExRegisterExtension
ExReinitializeFastResource
ExReinitializeResourceLite
ExReleaseAutoExpandPushLockExclusive
ExReleaseAutoExpandPushLockShared
ExReleaseCacheAwarePushLockExclusive
ExReleaseCacheAwarePushLockExclusiveEx
ExReleaseCacheAwarePushLockSharedEx
ExReleaseDisownedFastResource
ExReleaseDisownedFastResourceExclusive
ExReleaseDisownedFastResourceShared
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseFastResource
ExReleaseFastResourceExclusive
ExReleaseFastResourceShared
ExReleasePushLockEx
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockExclusiveFromDpcLevel
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExRundownCompleted
ExRundownCompletedCacheAware
ExSecurePoolUpdate
ExSecurePoolValidate
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetLicenseTamperState
ExSetResourceOwnerPointer
ExSetResourceOwnerPointerEx
ExSetTimer
ExSetTimerResolution
ExShareAddressSpaceWithDevice
ExShareUltraSpaceWithDevice
ExSizeOfAutoExpandPushLock
ExSizeOfRundownProtectionCacheAware
ExSubscribeWnfStateChange
ExSvmBeginDeviceReset
ExSvmFinalizeDeviceReset
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTimedWaitForUnblockPushLock
ExTimerObjectType
ExTryAcquireAutoExpandPushLockExclusive
ExTryAcquireAutoExpandPushLockShared
ExTryAcquireCacheAwarePushLockExclusiveEx
ExTryAcquireCacheAwarePushLockSharedEx
ExTryAcquirePushLockExclusiveEx
ExTryAcquirePushLockSharedEx
ExTryAcquireSpinLockExclusiveAtDpcLevel
ExTryAcquireSpinLockSharedAtDpcLevel
ExTryConvertPushLockSharedToExclusiveEx
ExTryConvertSharedSpinLockExclusive
ExTryQueueWorkItem
ExTryToAcquireFastMutex
ExTryToAcquireResourceExclusiveLite
ExTryToConvertFastResourceSharedToExclusive
ExUnblockOnAddressPushLockEx
ExUnblockPushLockEx
ExUnregisterCallback
ExUnregisterExtension
ExUnsubscribeWnfStateChange
ExUpdateLicenseData
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWaitForUnblockPushLock
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcknowledgeEcp
FsRtlAcquireEofLock
FsRtlAcquireFileExclusive
FsRtlAcquireHeaderMutex
FsRtlAddBaseMcbEntry
FsRtlAddBaseMcbEntryEx
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAddToTunnelCacheEx
FsRtlAllocateAePushLock
FsRtlAllocateExtraCreateParameter
FsRtlAllocateExtraCreateParameterFromLookasideList
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlAreThereCurrentOrInProgressFileLocks
FsRtlAreThereWaitingFileLocks
FsRtlAreVolumeStartupApplicationsComplete
FsRtlBalanceReads
FsRtlCancellableWaitForMultipleObjects
FsRtlCancellableWaitForSingleObject
FsRtlChangeBackingFileObject
FsRtlCheckLockForOplockRequest
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCheckOplockEx
FsRtlCheckOplockEx2
FsRtlCheckOplockForFsFilterCallback
FsRtlCheckUpperOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlCurrentOplock
FsRtlCurrentOplockH
FsRtlDedupChangeInit
FsRtlDedupChangeLogOverwriteOrFree
FsRtlDedupChangeLogWrite
FsRtlDedupChangeUninit
FsRtlDeleteExtraCreateParameterLookasideList
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDisallowLegacyFilterOnDevice
FsRtlDismountComplete
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindExtraCreateParameter
FsRtlFindInTunnelCache
FsRtlFindInTunnelCacheEx
FsRtlFreeAePushLock
FsRtlFreeExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlFreeFileLock
FsRtlGetCurrentProcessLoaderList
FsRtlGetEcpListFromIrp
FsRtlGetFileNameInformation
FsRtlGetFileSize
FsRtlGetIoAtEof
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlGetSectorSizeInformation
FsRtlGetSupportedFeatures
FsRtlGetVirtualDiskNestingLevel
FsRtlHeatInit
FsRtlHeatLogIo
FsRtlHeatLogTierMove
FsRtlHeatUninit
FsRtlIncrementCcFastMdlReadWait
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitExtraCreateParameterLookasideList
FsRtlInitializeBaseMcb
FsRtlInitializeBaseMcbEx
FsRtlInitializeEofLock
FsRtlInitializeExtraCreateParameter
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertExtraCreateParameter
FsRtlInsertPerFileContext
FsRtlInsertPerFileObjectContext

Sections

.rdata
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROTDATA
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GFIDS
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Pad1
Size: - Virtual size: 804KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

POOLCODE
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHDLS
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEBGFX
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRACESUP
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RETPOL
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MINIEX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 936KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 8KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CACHEALI
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDATA
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEVRFD
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 4KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad3
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad4
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntoskrnl.exe
.sys windows:10 windows x64 arch:x64

8a6a24dc179d1d583e1d3b5fddaea3d6

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:74:93:ef:3a:59:22:e4:80:b0:dc:0b:8f:d5:81:7d:d3:f0:c2:da:2c:d0:55:0a:7a:a9:09:13:04:1d:2c:35
Signer

Actual PE Digest

4b:74:93:ef:3a:59:22:e4:80:b0:dc:0b:8f:d5:81:7d:d3:f0:c2:da:2c:d0:55:0a:7a:a9:09:13:04:1d:2c:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ntkrnlmp.pdb

Imports

ext-ms-win-ntos-processparameters-l1-1-0

PsDestroyProcessParameterOverrides
PsGetProcessParameterOverrides

ext-ms-win-ntos-tm-l1-1-0

TmIsKTMCommitCoordinator
TmInitializeTransactionManager
TmGetTransactionId
TmFreezeTransactions
TmEndPropagationRequest
TmEnableCallbacks
TmDereferenceEnlistmentKey
TmCurrentTransaction
TmCreateEnlistment
TmCommitTransaction
TmCommitEnlistment
TmCommitComplete
TmCancelPropagationRequest
NtThawTransactions
NtSetInformationTransaction
NtSetInformationResourceManager
NtSetInformationEnlistment
NtRollbackTransaction
NtRollbackEnlistment
NtRollbackComplete
NtRecoverTransactionManager
NtRecoverResourceManager
NtRecoverEnlistment
NtRegisterProtocolAddressInformation
TmIsTransactionActive
TmInitSystemPhase2
TmInitSystem
NtCommitComplete
NtCommitEnlistment
TmPrePrepareComplete
TmRecoverEnlistment
TmRecoverResourceManager
TmRecoverTransactionManager
TmReferenceEnlistmentKey
TmRenameTransactionManager
TmRequestOutcomeEnlistment
TmRollbackComplete
TmRollbackEnlistment
TmRollbackTransaction
TmSetCurrentTransaction
TmSinglePhaseReject
NtCommitTransaction
TmShutdownSystem
NtRollforwardTransactionManager
NtSinglePhaseReject
NtCreateEnlistment
NtCreateResourceManager
NtSetInformationTransactionManager
NtRenameTransactionManager
NtCreateTransaction
TmThawTransactions
NtCreateTransactionManager
NtEnumerateTransactionObject
NtFreezeTransactions
NtGetNotificationResourceManager
NtOpenEnlistment
NtOpenResourceManager
NtOpenTransaction
NtOpenTransactionManager
NtPrePrepareComplete
TmPrePrepareEnlistment
TmPrepareComplete
TmPrepareEnlistment
TmPropagationComplete
TmReadOnlyEnlistment
TmPropagationFailed
NtReadOnlyEnlistment
NtQueryInformationTransactionManager
NtQueryInformationTransaction
NtQueryInformationResourceManager
NtQueryInformationEnlistment
NtPropagationFailed
NtPropagationComplete
NtPrepareEnlistment
NtPrepareComplete
NtPrePrepareEnlistment

pshed

PshedGetBootErrorPacket
PshedInitialize
PshedGetAllErrorSources
PshedAttemptErrorRecovery
PshedWriteErrorRecord
PshedBugCheckSystem
PshedFreeMemory
PshedDoPluginCtl
PshedAllocateMemory
PshedDoPfa
PshedEnableErrorSource
PshedGetInjectionCapabilities
PshedInjectError
PshedSetErrorSourceInfo
PshedSetHalEnlightenments
PshedMarkHiberPhase
PshedInitProc
PshedIsSystemWheaEnabled
PshedClearErrorRecord
PshedArePluginsPresent
PshedReadErrorRecord
PshedInitGlobal
PshedDisableErrorSource
PshedInitAvailable
PshedGetErrorSourceInfo
PshedFinalizeErrorRecord
PshedRetrieveErrorInfo

bootvid

VidInitialize
VidBitBltEx
VidDisplayString
VidSetScrollRegion
VidSetTextColor
VidCleanUp
VidBitBlt
VidScreenToBufferBlt
VidBufferToScreenBlt
VidSolidColorFill
VidResetDisplay

ext-ms-win-ntos-clipsp-l1-1-0

ClipSpInitialize

kdcom

KdSetHiberRange
KdInitialize
KdSendPacket
KdReceivePacket
KdPower

ext-ms-win-ntos-kcminitcfg-l1-1-0

CmCompleteInitMachineConfig
CmSetInitMachineConfig

ext-ms-win-ntos-ksr-l1-1-4

KsrCleanupPageDatabase
KsrInitPageDatabase
KsrFreePersistedMemory
KsrInitSystem
KsrMdlToMemoryRuns
KsrFreePersistedMemoryBlock
KsrQueryMetadata
KsrEnumeratePersistedMemory
KsrGetFirmwareInformation
KsrClaimPersistedMemory
KsrPersistMemoryWithMetadata

ext-ms-win-ntos-trace-l1-1-0

TraceInitSystem

ext-ms-win-ntos-ksecurity-l1-1-1

QueryUpdateFileEaAllowedExt

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCancelReport
WerLiveKernelSubmitReport
WerLiveKernelInitSystem
WerLiveKernelCreateReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile

ext-ms-win-ntos-ucode-l1-1-0

ExpMicrocodeInformationLoad
ExpMicrocodeInformationUnload
ExpMicrocodeInitialization

ext-ms-win-ntos-runlevels-l1-1-0

ExpInitializeRunLevel0

ext-ms-win-ntos-stateseparation-l1-1-0

ExpInitializeStateSeparationPhase1
ExpInitializeStateSeparationPhase0
ExpInitializeStateSeparationPhase2

ext-ms-win-fs-clfs-l1-1-0

ClfsMgmtInstallPolicy
ClfsCloseLogFileObject
ClfsMgmtDeregisterManagedClient
ClfsMgmtRegisterManagedClient
ClfsCreateLogFile
ClfsGetLogFileInformation
ClfsReadRestartArea
ClfsLsnEqual
ClfsReadLogRecord
ClfsReadNextLogRecord
ClfsTerminateReadLog
ClfsWriteRestartArea
ClfsDeleteLogByPointer
ClfsDeleteMarshallingArea
ClfsReserveAndAppendLog
ClfsLsnInvalid
ClfsFlushToLsn
ClfsLsnContainer
ClfsLsnLess
ClfsCreateMarshallingArea
ClfsAddLogContainer
ClfsLsnDifference

ci

CiInitialize

msrpc.sys

MesIncrementalHandleReset
NdrMesTypeDecode3
MesEncodeIncrementalHandleCreate
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesHandleFree
RpcExceptionFilter

cng.sys

BCryptExportKey

ext-ms-win-ntos-globmerger-l1-1-0

CimfsMountBootVolume

Exports

Exports

AlpcCreateSecurityContext
AlpcGetHeaderSize
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
AsanWrapperMemcmp
BgkDisplayCharacter
BgkGetConsoleState
BgkGetCursorState
BgkSetCursor
CarCopyRuleViolationDetails
CarCreateRuleViolationDetails
CarDeleteRuleViolationDetails
CarDeregisterRuleClassConfiguration
CarDeregisterRuleOverride
CarInitializeRuleViolationDetails
CarQueryReportAction
CarQueryReportActionForTriage
CarRegisterDefaultRuleClassConfiguration
CarRegisterRuleClassConfiguration
CarRegisterRuleOverride
CarRegisterRuleOverrideAllContexts
CarRegisterRuleOverridesAllContexts
CarReportRuleViolation
CarReportRuleViolationForTriage
CarSetCustomIdInRuleOverride
CarSetCustomRuleIdRange
CcAddDirtyPagesToExternalCache
CcAsyncCopyRead
CcCanIWrite
CcCoherencyFlushAndPurgeCache
CcCopyRead
CcCopyReadEx
CcCopyWrite
CcCopyWriteEx
CcCopyWriteWontFlush
CcDeductDirtyPagesFromExternalCache
CcDeferWrite
CcErrorCallbackRoutine
CcFastCopyRead
CcFastCopyWrite
CcFastMdlReadWait
CcFlushCache
CcFlushCacheToLsn
CcGetCachedDirtyPageCountForFile
CcGetDirtyPages
CcGetFileObjectFromBcb
CcGetFileObjectFromSectionPtrs
CcGetFileObjectFromSectionPtrsRef
CcGetFlushedValidData
CcGetLsnForFileObject
CcGetNumberOfMappedPages
CcInitializeCacheMap
CcInitializeCacheMapEx
CcInitializeCacheMapEx2
CcIsCacheManagerCallbackNeeded
CcIsThereDirtyData
CcIsThereDirtyDataEx
CcIsThereDirtyLoggedPages
CcMapData
CcMdlRead
CcMdlReadComplete
CcMdlWriteAbort
CcMdlWriteComplete
CcPinMappedData
CcPinRead
CcPrepareMdlWrite
CcPreparePinWrite
CcPurgeCacheSection
CcRegisterExternalCache
CcRemapBcb
CcRepinBcb
CcScheduleReadAhead
CcScheduleReadAheadEx
CcSetAdditionalCacheAttributes
CcSetAdditionalCacheAttributesEx
CcSetBcbOwnerPointer
CcSetDirtyPageThreshold
CcSetDirtyPinnedData
CcSetFileSizes
CcSetFileSizesEx
CcSetLogHandleForFile
CcSetLogHandleForFileEx
CcSetLoggedDataThreshold
CcSetParallelFlushFile
CcSetReadAheadGranularity
CcSetReadAheadGranularityEx
CcTestControl
CcUninitializeCacheMap
CcUnmapFileOffsetFromSystemCache
CcUnpinData
CcUnpinDataForThread
CcUnpinRepinnedBcb
CcUnregisterExternalCache
CcWaitForCurrentLazyWriterActivity
CcZeroData
CcZeroDataOnDisk
CmCallbackGetKeyObjectID
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmGetBoundTransaction
CmGetCallbackVersion
CmKeyObjectType
CmRegisterCallback
CmRegisterCallbackEx
CmRegisterMachineHiveLoadedNotification
CmSetCallbackObjectContext
CmUnRegisterCallback
CmUnregisterMachineHiveLoadedNotification
DbgBreakPoint
DbgBreakPointWithStatus
DbgCommandString
DbgLoadImageSymbols
DbgPrint
DbgPrintEx
DbgPrintReturnControlC
DbgPrompt
DbgQueryDebugFilterState
DbgSetDebugFilterState
DbgSetDebugPrintCallback
DbgkLkmdRegisterCallback
DbgkLkmdUnregisterCallback
DbgkWerCaptureLiveKernelDump
DbgkWerCaptureLiveKernelDump2
DifFindThreadContextData
DifGetPluginPerDriverData
DifPluginSimplePerfControl
DifPopThreadContextData
DifPushThreadContextData
DifRegisterPlugin
DifUtilDbgPrint
EmClientQueryRuleState
EmClientRuleDeregisterNotification
EmClientRuleEvaluate
EmClientRuleRegisterNotification
EmProviderDeregister
EmProviderDeregisterEntry
EmProviderRegister
EmProviderRegisterEntry
EmpProviderRegister
EtwActivityIdControl
EtwEnableTrace
EtwEventEnabled
EtwProviderEnabled
EtwRegister
EtwRegisterClassicProvider
EtwSendTraceBuffer
EtwSetInformation
EtwTelemetryCoverageReport
EtwUnregister
EtwWrite
EtwWriteEndScenario
EtwWriteEx
EtwWriteStartScenario
EtwWriteString
EtwWriteTransfer
EtwpDisableStackWalkApc
EtwpReenableStackWalkApc
ExAcquireAutoExpandPushLockExclusive
ExAcquireAutoExpandPushLockShared
ExAcquireCacheAwarePushLockExclusive
ExAcquireCacheAwarePushLockExclusiveEx
ExAcquireCacheAwarePushLockSharedEx
ExAcquireFastMutex
ExAcquireFastMutexUnsafe
ExAcquireFastResourceExclusive
ExAcquireFastResourceShared
ExAcquireFastResourceSharedStarveExclusive
ExAcquireFastResourceWithFlags
ExAcquirePushLockExclusiveEx
ExAcquirePushLockSharedEx
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
ExAcquireRundownProtection
ExAcquireRundownProtectionCacheAware
ExAcquireRundownProtectionCacheAwareEx
ExAcquireRundownProtectionEx
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExAcquireSpinLockExclusive
ExAcquireSpinLockExclusiveAtDpcLevel
ExAcquireSpinLockShared
ExAcquireSpinLockSharedAtDpcLevel
ExActivationObjectType
ExAllocateAutoExpandPushLock
ExAllocateCacheAwarePushLock
ExAllocateCacheAwareRundownProtection
ExAllocateFromLookasideListEx
ExAllocateFromNPagedLookasideList
ExAllocateFromPagedLookasideList
ExAllocatePool
ExAllocatePool2
ExAllocatePool3
ExAllocatePoolWithQuota
ExAllocatePoolWithQuotaTag
ExAllocatePoolWithTag
ExAllocatePoolWithTagPriority
ExAllocateTimer
ExBlockOnAddressPushLock
ExBlockPushLock
ExCancelDpcEventWait
ExCancelTimer
ExCleanupAutoExpandPushLock
ExCleanupRundownProtectionCacheAware
ExCompositionObjectType
ExConvertExclusiveToSharedLite
ExConvertFastResourceExclusiveToShared
ExConvertPushLockExclusiveToShared
ExCoreMessagingObjectType
ExCreateCallback
ExCreateDpcEvent
ExCreatePool
ExDeleteDpcEvent
ExDeleteFastResource
ExDeleteLookasideListEx
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteResourceLite
ExDeleteTimer
ExDesktopObjectType
ExDestroyPool
ExDisableResourceBoostLite
ExDisownFastResource
ExEnterCriticalRegionAndAcquireFastMutexUnsafe
ExEnterCriticalRegionAndAcquireResourceExclusive
ExEnterCriticalRegionAndAcquireResourceShared
ExEnterCriticalRegionAndAcquireSharedWaitForExclusive
ExEnterPriorityRegionAndAcquireResourceExclusive
ExEnterPriorityRegionAndAcquireResourceShared
ExEnumHandleTable
ExEnumerateSystemFirmwareTables
ExEventObjectType
ExExtendZone
ExFetchLicenseData
ExFlushLookasideListEx
ExFreeAutoExpandPushLock
ExFreeCacheAwarePushLock
ExFreeCacheAwareRundownProtection
ExFreePool
ExFreePool2
ExFreePoolWithTag
ExFreeToLookasideListEx
ExFreeToNPagedLookasideList
ExFreeToPagedLookasideList
ExGetCurrentProcessorCounts
ExGetCurrentProcessorCpuUsage
ExGetExclusiveWaiterCount
ExGetFirmwareEnvironmentVariable
ExGetFirmwareType
ExGetLicenseTamperState
ExGetPreviousMode
ExGetSharedWaiterCount
ExGetSystemFirmwareTable
ExInitializeAutoExpandPushLock
ExInitializeDeviceAts
ExInitializeFastOwnerEntry
ExInitializeFastResource
ExInitializeFastResourceAcquired
ExInitializeLookasideListEx
ExInitializeNPagedLookasideList
ExInitializePagedLookasideList
ExInitializePushLock
ExInitializeResourceLite
ExInitializeRundownProtection
ExInitializeRundownProtectionCacheAware
ExInitializeRundownProtectionCacheAwareEx
ExInitializeZone
ExInterlockedAddLargeInteger
ExInterlockedAddUlong
ExInterlockedExtendZone
ExInterlockedInsertHeadList
ExInterlockedInsertTailList
ExInterlockedPopEntryList
ExInterlockedPushEntryList
ExInterlockedRemoveHeadList
ExIsFastResourceContended
ExIsFastResourceHeld
ExIsFastResourceHeldExclusive
ExIsManufacturingModeEnabled
ExIsProcessorFeaturePresent
ExIsResourceAcquiredExclusiveLite
ExIsResourceAcquiredSharedLite
ExIsSoftBoot
ExLocalTimeToSystemTime
ExMoveFastResourceOwnershipWithFlags
ExNotifyBootDeviceRemoval
ExNotifyCallback
ExQueryDepthSList
ExQueryFastCacheDevLicense
ExQueryPoolBlockSize
ExQueryTimerResolution
ExQueryWnfStateData
ExQueueDpcEventWait
ExQueueWorkItem
ExRaiseAccessViolation
ExRaiseDatatypeMisalignment
ExRaiseException
ExRaiseHardError
ExRaiseStatus
ExRawInputManagerObjectType
ExReInitializeRundownProtection
ExReInitializeRundownProtectionCacheAware
ExRealTimeIsUniversal
ExRegisterBootDevice
ExRegisterCallback
ExRegisterExtension
ExReinitializeFastResource
ExReinitializeResourceLite
ExReleaseAutoExpandPushLockExclusive
ExReleaseAutoExpandPushLockShared
ExReleaseCacheAwarePushLockExclusive
ExReleaseCacheAwarePushLockExclusiveEx
ExReleaseCacheAwarePushLockSharedEx
ExReleaseDisownedFastResource
ExReleaseDisownedFastResourceExclusive
ExReleaseDisownedFastResourceShared
ExReleaseFastMutex
ExReleaseFastMutexUnsafe
ExReleaseFastMutexUnsafeAndLeaveCriticalRegion
ExReleaseFastResource
ExReleaseFastResourceExclusive
ExReleaseFastResourceShared
ExReleasePushLockEx
ExReleasePushLockExclusiveEx
ExReleasePushLockSharedEx
ExReleaseResourceAndLeaveCriticalRegion
ExReleaseResourceAndLeavePriorityRegion
ExReleaseResourceForThreadLite
ExReleaseResourceLite
ExReleaseRundownProtection
ExReleaseRundownProtectionCacheAware
ExReleaseRundownProtectionCacheAwareEx
ExReleaseRundownProtectionEx
ExReleaseSpinLockExclusive
ExReleaseSpinLockExclusiveFromDpcLevel
ExReleaseSpinLockShared
ExReleaseSpinLockSharedFromDpcLevel
ExRundownCompleted
ExRundownCompletedCacheAware
ExSecurePoolUpdate
ExSecurePoolValidate
ExSemaphoreObjectType
ExSetFirmwareEnvironmentVariable
ExSetLicenseTamperState
ExSetResourceOwnerPointer
ExSetResourceOwnerPointerEx
ExSetTimer
ExSetTimerResolution
ExShareAddressSpaceWithDevice
ExShareUltraSpaceWithDevice
ExSizeOfAutoExpandPushLock
ExSizeOfRundownProtectionCacheAware
ExSubscribeWnfStateChange
ExSvmBeginDeviceReset
ExSvmFinalizeDeviceReset
ExSystemExceptionFilter
ExSystemTimeToLocalTime
ExTimedWaitForUnblockPushLock
ExTimerObjectType
ExTryAcquireAutoExpandPushLockExclusive
ExTryAcquireAutoExpandPushLockShared
ExTryAcquireCacheAwarePushLockExclusiveEx
ExTryAcquireCacheAwarePushLockSharedEx
ExTryAcquirePushLockExclusiveEx
ExTryAcquirePushLockSharedEx
ExTryAcquireSpinLockExclusiveAtDpcLevel
ExTryAcquireSpinLockSharedAtDpcLevel
ExTryConvertPushLockSharedToExclusiveEx
ExTryConvertSharedSpinLockExclusive
ExTryQueueWorkItem
ExTryToAcquireFastMutex
ExTryToAcquireResourceExclusiveLite
ExTryToConvertFastResourceSharedToExclusive
ExUnblockOnAddressPushLockEx
ExUnblockPushLockEx
ExUnregisterCallback
ExUnregisterExtension
ExUnsubscribeWnfStateChange
ExUpdateLicenseData
ExUuidCreate
ExVerifySuite
ExWaitForRundownProtectionRelease
ExWaitForRundownProtectionReleaseCacheAware
ExWaitForUnblockPushLock
ExWindowStationObjectType
ExfAcquirePushLockExclusive
ExfAcquirePushLockShared
ExfReleasePushLock
ExfReleasePushLockExclusive
ExfReleasePushLockShared
ExfTryAcquirePushLockShared
ExfTryToWakePushLock
ExfUnblockPushLock
ExpInterlockedFlushSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
FirstEntrySList
FsRtlAcknowledgeEcp
FsRtlAcquireEofLock
FsRtlAcquireFileExclusive
FsRtlAcquireHeaderMutex
FsRtlAddBaseMcbEntry
FsRtlAddBaseMcbEntryEx
FsRtlAddLargeMcbEntry
FsRtlAddMcbEntry
FsRtlAddToTunnelCache
FsRtlAddToTunnelCacheEx
FsRtlAllocateAePushLock
FsRtlAllocateExtraCreateParameter
FsRtlAllocateExtraCreateParameterFromLookasideList
FsRtlAllocateExtraCreateParameterList
FsRtlAllocateFileLock
FsRtlAllocatePool
FsRtlAllocatePoolWithQuota
FsRtlAllocatePoolWithQuotaTag
FsRtlAllocatePoolWithTag
FsRtlAllocateResource
FsRtlAreNamesEqual
FsRtlAreThereCurrentOrInProgressFileLocks
FsRtlAreThereWaitingFileLocks
FsRtlAreVolumeStartupApplicationsComplete
FsRtlBalanceReads
FsRtlCancellableWaitForMultipleObjects
FsRtlCancellableWaitForSingleObject
FsRtlChangeBackingFileObject
FsRtlCheckLockForOplockRequest
FsRtlCheckLockForReadAccess
FsRtlCheckLockForWriteAccess
FsRtlCheckOplock
FsRtlCheckOplockEx
FsRtlCheckOplockEx2
FsRtlCheckOplockForFsFilterCallback
FsRtlCheckUpperOplock
FsRtlCopyRead
FsRtlCopyWrite
FsRtlCreateSectionForDataScan
FsRtlCurrentBatchOplock
FsRtlCurrentOplock
FsRtlCurrentOplockH
FsRtlDedupChangeInit
FsRtlDedupChangeLogOverwriteOrFree
FsRtlDedupChangeLogWrite
FsRtlDedupChangeUninit
FsRtlDeleteExtraCreateParameterLookasideList
FsRtlDeleteKeyFromTunnelCache
FsRtlDeleteTunnelCache
FsRtlDeregisterUncProvider
FsRtlDisallowLegacyFilterOnDevice
FsRtlDismountComplete
FsRtlDissectDbcs
FsRtlDissectName
FsRtlDoesDbcsContainWildCards
FsRtlDoesNameContainWildCards
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAll
FsRtlFastUnlockAllByKey
FsRtlFastUnlockSingle
FsRtlFindExtraCreateParameter
FsRtlFindInTunnelCache
FsRtlFindInTunnelCacheEx
FsRtlFreeAePushLock
FsRtlFreeExtraCreateParameter
FsRtlFreeExtraCreateParameterList
FsRtlFreeFileLock
FsRtlGetCurrentProcessLoaderList
FsRtlGetEcpListFromIrp
FsRtlGetFileNameInformation
FsRtlGetFileSize
FsRtlGetIoAtEof
FsRtlGetNextBaseMcbEntry
FsRtlGetNextExtraCreateParameter
FsRtlGetNextFileLock
FsRtlGetNextLargeMcbEntry
FsRtlGetNextMcbEntry
FsRtlGetSectorSizeInformation
FsRtlGetSupportedFeatures
FsRtlGetVirtualDiskNestingLevel
FsRtlHeatInit
FsRtlHeatLogIo
FsRtlHeatLogTierMove
FsRtlHeatUninit
FsRtlIncrementCcFastMdlReadWait
FsRtlIncrementCcFastReadNoWait
FsRtlIncrementCcFastReadNotPossible
FsRtlIncrementCcFastReadResourceMiss
FsRtlIncrementCcFastReadWait
FsRtlInitExtraCreateParameterLookasideList
FsRtlInitializeBaseMcb
FsRtlInitializeBaseMcbEx
FsRtlInitializeEofLock
FsRtlInitializeExtraCreateParameter
FsRtlInitializeExtraCreateParameterList
FsRtlInitializeFileLock
FsRtlInitializeLargeMcb
FsRtlInitializeMcb
FsRtlInitializeOplock
FsRtlInitializeTunnelCache
FsRtlInsertExtraCreateParameter
FsRtlInsertPerFileContext
FsRtlInsertPerFileObjectContext

Sections

.rdata
Size: 832KB - Virtual size: 829KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PROTDATA
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

GFIDS
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Pad1
Size: - Virtual size: 588KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

POOLCODE
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEKD
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEVRFY
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEHDLS
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEBGFX
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TRACESUP
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGECMRC
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KVASCODE
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RETPOL
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INITKDBG
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MINIEX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 600KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Pad2
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ALMOSTRO
Size: 8KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CACHEALI
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEDATA
Size: 8KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGEVRFD
Size: 40KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 4KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad3
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CFGRO
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Pad4
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntprint.exe
.exe windows:10 windows x64 arch:x64

598ca250c4ce0ed92cfa650d081ad874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NtPrint.pdb

Imports

kernel32

HeapSetInformation
GetLastError
LocalFree
FreeLibrary
GetCurrentProcessId
GetProcAddress
LoadLibraryW
LocalAlloc
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

gdi32

GetStockObject

user32

RegisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
LoadCursorW

msvcrt

_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
__wgetmainargs
_amsg_exit
_XcptFilter
wcschr
_wcmdln
_initterm
__setusermatherr
__set_app_type
_exit
exit
_cexit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nvspinfo.exe
.exe windows:10 windows x64 arch:x64

de5d8b97c8fedbaf7b7d7366051e6e60

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:a8:7a:8d:fa:12:e5:21:0b:9a:77:76:d8:db:c3:7e:2d:16:3d:3c:2d:c1:7e:41:07:1c:47:3d:5b:c9:1e:92
Signer

Actual PE Digest

28:a8:7a:8d:fa:12:e5:21:0b:9a:77:76:d8:db:c3:7e:2d:16:3d:3c:2d:c1:7e:41:07:1c:47:3d:5b:c9:1e:92

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nvspinfo.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_invoke_watson
_initterm
_initterm_e

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
strcmp
wcscmp
__strncnt

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__fseeki64
_o__fsopen
_o__get_initial_narrow_environment
_o__get_stream_buffer_pointers
_o__getch
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__kbhit
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__stricmp
_o__strtime
memmove
_o__unlock_file
_o__wcsdup
_o__wcsicmp
_o_abort
_o_atoi
_o_ceilf
_o_exit
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_islower
_o_isupper
_o_malloc
_o_putwchar
_o_setlocale
_o_setvbuf
_o_strtoul
_o_terminate
_o_ungetc
_o_ungetwc
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__exit
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o___p___argv
_o___p___argc
_o___acrt_iob_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
wcschr
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleTextAttribute
GetConsoleScreenBufferInfo

iphlpapi

GetIfTable2
FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfStackTable
ConvertInterfaceGuidToLuid
SetCurrentThreadCompartmentScope

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

LCMapStringEx
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
CreateMutexExW
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
CreateEventA
ReleaseSRWLockExclusive

api-ms-win-core-localization-l2-1-0

GetNumberFormatEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

netsetupapi

NetSetupInitialize
NetSetupClose
NetSetupFreeObjectProperties
NetSetupFreeObjects
NetSetupGetObjects
NetSetupGetObjectProperties

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister

devobj

DevObjCreateDeviceInfoList
DevObjOpenDeviceInfo
DevObjGetDeviceProperty
DevObjDestroyDeviceInfoList

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odbcad32.exe
.exe windows:10 windows x64 arch:x64

69feebd40feb17dcc302c7a64d65bd53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

odbcad32.pdb

Imports

kernel32

GetModuleFileNameW
HeapSetInformation
FreeLibrary
RegisterApplicationRestart
LoadLibraryExW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetProcAddress
LoadLibraryA

user32

GetLastActivePopup
IsIconic
SetForegroundWindow
UpdateWindow
GetDesktopWindow
FindWindowW
LoadIconW
BringWindowToTop
OpenIcon
MoveWindow
RegisterClassW
ShowWindow
LoadStringW
CreateWindowExW
MessageBoxW
DestroyWindow
GetWindowRect
DefWindowProcW

msvcrt

_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wsplitpath_s
_wmakepath_s
?terminate@@YAXXZ
exit
_vsnwprintf_s

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
odbcconf.exe
.exe windows:10 windows x64 arch:x64

09ae8655c843b33d7fa4cdd4f87ad0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

odbcconf.pdb

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

kernel32

DeleteFileA
GetModuleFileNameA
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
GetLastError
GetSystemDirectoryA
HeapSetInformation
GetProcAddress
FreeLibrary
FormatMessageA
RegisterApplicationRestart
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetTickCount
GetSystemTimeAsFileTime

user32

MessageBoxW
LoadStringW

msvcrt

fputs
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
exit
free
_errno
fgets
fprintf
_fsopen
_vsnprintf
fclose
fflush
vfprintf
fopen
strerror
malloc
?terminate@@YAXXZ
getenv
_vsnwprintf
memset

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ofdeploy.exe
.exe windows:10 windows x64 arch:x64

09c42344ab28bcc85e705a4ed698e793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ofdeploy.pdb

Imports

msvcp_win

?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__crt_atexit
_o_exit
_o_free
_o_malloc
_o_terminate
__current_exception
__current_exception_context
_CxxThrowException
_o__configure_wide_argv
_o___stdio_common_vswprintf_s
_o__configthreadlocale
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__C_specific_handler
__CxxFrameHandler4
__C_specific_handler_noexcept
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoGetMalloc

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
CreateProcessW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
AcquireSRWLockShared
CreateEventW
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-string-l1-1-0

CompareStringW

oleaut32

SysFreeString
GetErrorInfo

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

user32

PostThreadMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetThreadLocale

crypt32

CertVerifyCertificateChainPolicy

api-ms-win-core-file-l1-1-0

GetTempFileNameW
WriteFile
CreateFileW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmclient.exe
.exe windows:10 windows x64 arch:x64

8a4ac9e4fc1e14159ac1dd230d658cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

omadmclient.pdb

Imports

msvcp110_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

strstr
wcschr
swscanf_s
iswspace
_wtoi
_wtol
wcsrchr
_wcsupr_s
wcstod
_strnicmp
_ultow_s
wcstol
wcsncmp
wcsncpy_s
_wcsnicmp
__CxxFrameHandler3
wcsstr
sprintf_s
strrchr
strchr
strtol
_errno
_set_errno
strncpy_s
memset
memmove
memcpy
memcmp
_CxxThrowException
_wcsicmp
??3@YAXPEAX@Z
__CxxFrameHandler4
??_V@YAXPEAX@Z
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
memmove_s
malloc
_callnewh
wcscmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FindStringOrdinal
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleExA
LoadStringW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegDeleteValueW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
CreateMutexExW
EnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventExW
WaitForMultipleObjectsEx
CreateEventW
ResetEvent
InitializeCriticalSection
ReleaseMutex
CreateSemaphoreExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-com-l1-1-0

CLSIDFromString
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoUninitialize
GetHGlobalFromStream
CoInitializeEx
CoGetApartmentType
CoCreateInstance
CoWaitForMultipleHandles
CreateStreamOnHGlobal
CoCreateInstanceEx
CoCreateFreeThreadedMarshaler

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWork

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentThread
GetCurrentThreadId
OpenThreadToken
CreateProcessW
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GetSystemTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

crypt32

CertFindCertificateInStore
CryptEncryptMessage
CryptSignMessage
CryptDecryptMessage
CertOpenStore
CertGetCertificateChain
CertGetNameStringW
CertStrToNameW
CertVerifyCertificateChainPolicy
CertCompareCertificateName
CertFreeCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptHashCertificate
CryptVerifyMessageSignature

xmllite

CreateXmlWriter
CreateXmlWriterOutputWithEncodingName
CreateXmlReaderInputWithEncodingName
CreateXmlReader

coredpus

ord6
ord12
ord4
ord5
ord9
ord7
ord14
ord10
ord11
ord3
ord13
ord8

cryptsp

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

dmcmnutils

DmInformUser
DmGetUserPermissionAsync
DmGetUserPermission
QueryPolicy
DmCancelGetUserPermissionAsync
DmPlayNotificationSound
UnicodeToMB
MBToUnicode
CopyString
DmWnfQuery
BigStrcat
DmMdmSign
DmIsTaskScheduled
DmCheckIfAadAccountLoggedOn
DmRevertToSelf
DmCreateTask
DmImpersonate
DmIsDeviceConnected
OmaDmRegistryGetDWORD
OmaDmRegistrySetDWORD
InvStrCmpNIW
DmGetActiveUserSid
InvStrCmpIW
HexStringToBinary
DmIsDeviceRoaming
BinaryToHexString
DmInitializeContainer
DmStartContainerActivity
DmStopContainerActivity
DmReleaseContainer
EncodeBase64W
EncodeBase64
SetConnectionPriority
OmaDmRegistryGetBinary
InvStrCmpW
OmaDmRegistryGetString
DecodeBase64W
SafeStringToDword
IsWvdSku
DmUnregisterRoamingNotification
DmGetAadEnrollmentResource
DmGetAadDeviceToken
DmGetAadUserToken
DmRegisterRoamingNotification

omadmapi

ord52
ord53
ord89
ord90
ord91
ord87
ord86
ord51
ord100
ord40
ord47
ord24
ord27
ord48
ord54
ord115
ord38
ord23
ord39
ord114
ord44
ord56
ord116
ord64
ord22
ord41
ord55

dmiso8601utils

FileTimeToISO8601String
ISO8601StringToFileTime
ISO8601StringToSystemTime
SystemTimeToISO8601String

profapi

ord104

api-ms-win-shcore-stream-l1-1-0

IStream_Size
SHCreateStreamOnFileEx
SHCreateMemStream

umpdc

Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister

dmenrollengine

GetEnrollmentSID
ord9
GetEnrollmentCertStore
GetEnrollmentType
GetIsRecoveryAllowed
GetEnrollmentPartnerOpaqueID
GetEnrollmentState
GetEnrollmentTenantID
GetEnrollmentAadSendDeviceToken
GetEnrollmentClientCertThumbprint
SetEnrollState
GetEnrollmentAuthPolicy
GetEnrollmentForceAadToken
GetRecoveryInitiatedByServer
GetRecoveryRetryCount
SetRecoveryRetryCount
GetEnrollmentAadResourceUrl

dmenterprisediagnostics

RecordDiagnosticsError

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlIsStateSeparationEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

rpcrt4

UuidFromStringW
UuidCreate

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSizeEx
DeleteFileW
ReadFile
GetTempFileNameW
GetFileAttributesW
GetFullPathNameW
CreateFileW
CompareFileTime
WriteFile

oleaut32

VariantInit
SafeArrayCreate
VariantChangeType
VariantClear
SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayAccessData

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

iphlpapi

ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToIndex

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchAppend
PathAllocCombine
PathCchCombine

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
omadmprc.exe
.exe windows:10 windows x64 arch:x64

c83da75364ddd7ae6caa6691f7642981

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

omadmprc.pdb

Imports

msvcrt

_errno
sprintf_s
_set_errno
strncpy_s
strtol
strchr
malloc
??3@YAXPEAX@Z
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
__CxxFrameHandler3
memcpy
_fmode
_acmdln
strrchr
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_purecall
memmove_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_vsnprintf_s
_vsnwprintf
memcpy_s
__CxxFrameHandler4
memmove
memset

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
CreateProcessW
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateMutexExW
AcquireSRWLockExclusive
OpenEventW
LeaveCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockShared
TryEnterCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpool
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum

api-ms-win-core-com-l1-1-0

CoInitializeEx
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount

dmcmnutils

UnicodeToMB
MBToUnicode
DmIsDeviceRoaming
OmaDmRegistryGetDWORD
InvStrCmpNIW
GetHeader
DmDeleteTask
DmRunTask
IsWvdFeatureAllowed
CopyString
OmaDmRegistrySetString
InvStrCmpW
DmCreateTask
DmIsTaskScheduled
BigStrcat
OmaDmRegistrySetDWORD
IsWvdSku

dmpushproxy

ord11
ord10
ord9
ord3
ord1

ntdll

RtlIsStateSeparationEnabled

dmenrollengine

ord10
ord9

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

omadmapi

ord55
ord53
ord24
ord50
ord117
ord100
ord40
ord44
ord118
ord38
ord52
ord51
ord22
ord56
ord39
ord41
ord54

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
openfiles.exe
.exe windows:10 windows x64 arch:x64

b8df5d84ff68243788ad32e37c441dde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

OpnFiles.pdb

Imports

advapi32

RegConnectRegistryW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
CheckTokenMembership
AllocateAndInitializeSid
FreeSid

kernel32

CompareStringW
GetComputerNameW
GetStdHandle
GetConsoleScreenBufferInfo
VirtualAlloc
VirtualQuery
VirtualFree
GetLogicalDrives
GetSystemDirectoryW
GetDriveTypeW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
CloseHandle
SetLastError
SetThreadUILanguage
GetTimeFormatW
FileTimeToSystemTime
GetModuleFileNameW
GetComputerNameExW
HeapSize
HeapReAlloc
HeapAlloc
HeapValidate
HeapFree
GetProcessHeap
ReadConsoleW
ReadFile
SetConsoleMode
MultiByteToWideChar
GetConsoleOutputCP
ExitProcess
WriteConsoleW
CompareStringA
GetThreadLocale
lstrlenW
lstrlenA
GetConsoleMode
GetFileType
WideCharToMultiByte
GetLastError
OpenProcess
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
FindStringOrdinal

msvcrt

_CxxThrowException
wcstok
fflush
fprintf
_get_osfhandle
_fileno
wcstol
wcstod
_errno
_memicmp
__iob_func
__CxxFrameHandler4
_vsnwprintf
__setusermatherr
wcstoul
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
memset
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_wgetcwd

user32

LoadStringW
CharUpperW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

ws2_32

GetAddrInfoW
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSACleanup
WSAGetLastError
WSAStartup
GetNameInfoW
FreeAddrInfoW

framedynos

?Format@CHString@@QEAAXPEBGZZ
?Find@CHString@@QEBAHPEBG@Z
?Right@CHString@@QEBA?AV1@H@Z
??0CHString@@QEAA@XZ
?Mid@CHString@@QEBA?AV1@HH@Z
?Mid@CHString@@QEBA?AV1@H@Z
??4CHString@@QEAAAEBV0@PEBG@Z
??0CHString@@QEAA@PEBG@Z
??1CHString@@QEAA@XZ
??4CHString@@QEAAAEBV0@AEBV0@@Z
?GetData@CHString@@IEBAPEAUCHStringData@@XZ
?Left@CHString@@QEBA?AV1@H@Z
??YCHString@@QEAAAEBV0@PEBG@Z

ntdll

RtlAllocateHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VerSetConditionMask
RtlInitUnicodeString
RtlVerifyVersionInfo
NtQuerySystemInformation

shlwapi

StrChrW

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

srvcli

NetServerGetInfo
NetFileEnum
NetFileClose

netutils

NetApiBufferFree

sspicli

GetUserNameExW

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
osk.exe
.exe windows:10 windows x64 arch:x64

5dd120dc6a23a12489d1e4e7b5afb1aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

osk.pdb

Imports

advapi32

EventUnregister
RegOpenKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
RegSetValueExW
GetTraceEnableFlags
GetTraceLoggerHandle
EventSetInformation
TraceMessage
EventRegister
EventWriteTransfer
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegGetValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegNotifyChangeKeyValue
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegLoadMUIStringW
RegDeleteTreeW
RegEnumValueW

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
LoadLibraryExA
VirtualProtect
FreeLibrary
CreateThreadpoolTimer
InitializeCriticalSectionEx
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
IsDebuggerPresent
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
InitOnceComplete
OutputDebugStringW
ReleaseSemaphore
CreateSemaphoreExW
InitOnceBeginInitialize
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
DeleteFileW
InitializeCriticalSection
DeleteProcThreadAttributeList
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcess
SetLastError
LocalFree
OOBEComplete
DebugBreak
CreateThread
SetEvent
FormatMessageW
CreateEventW
HeapFree
MultiByteToWideChar
OpenJobObjectW
WaitForSingleObject
CompareStringOrdinal
HeapSize
GetModuleFileNameA
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
DeleteCriticalSection
GetFileAttributesW
HeapDestroy
OpenMutexW
GetSystemDefaultLocaleName
GetStringTypeExW
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetProcAddress
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
MulDiv
GetTickCount
LocaleNameToLCID
GetCurrentProcessId
ResolveLocaleName
ProcessIdToSessionId
LCIDToLocaleName
FreeResource
GetUserPreferredUILanguages
GetLocaleInfoEx
ExpandEnvironmentStringsW
IsProcessInJob
HeapReAlloc
GetProcessHeap
HeapAlloc
RegisterApplicationRestart
LoadResource
FindResourceExW
HeapSetInformation
CloseHandle
LockResource
GetLastError
GetTickCount64
ReleaseMutex
CreateMutexW
SetProcessShutdownParameters
SizeofResource
GetModuleHandleExW

gdi32

GetDeviceCaps
GetStockObject

user32

GetWindowMinimizeRect
UnregisterClassA
CreateDialogParamW
GetKeyState
GetShellWindow
GetUserObjectInformationW
GetThreadDesktop
SendNotifyMessageW
SetDesktopColorTransform
ChangeWindowMessageFilterEx
MessageBoxW
SetDlgItemTextW
SendDlgItemMessageW
SetFocus
GetDlgItem
CheckDlgButton
EnableWindow
AdjustWindowRectEx
AllowSetForegroundWindow
MonitorFromPoint
MonitorFromWindow
SetWindowLongPtrW
RemovePropW
GetSystemMetrics
SetClassLongPtrW
GetWindowLongPtrW
IsWindow
GetMonitorInfoW
GetDoubleClickTime
SetPropW
LoadIconW
SetForegroundWindow
GetWindowLongW
GetWindowThreadProcessId
GetMessageExtraInfo
GetWindowRect
GetDC
GetPropW
MonitorFromRect
CallNextHookEx
GetCursorInfo
WindowFromPhysicalPoint
MapVirtualKeyExW
MapWindowPoints
GetKeyboardLayout
GetForegroundWindow
UnhookWindowsHookEx
SetLayeredWindowAttributes
LoadCursorW
GetClassNameW
SetWindowsHookExW
SetWinEventHook
GetParent
PtInRect
UnhookWinEvent
InvalidateRect
ReleaseDC
GetGUIThreadInfo
SendInput
SetWindowPos
CreateWindowExW
ScreenToClient
SendMessageW
SetTimer
GetClientRect
KillTimer
SystemParametersInfoW
LoadImageW
GetCursorPos
GetMessageW
PostMessageW
DestroyWindow
LoadStringW
ShowWindow
DispatchMessageW
IsDialogMessageW
PeekMessageW
SetWindowFeedbackSetting
TranslateMessage
FindWindowW
IsIconic
SetWindowPlacement

msvcrt

_wcslwr_s
memset
_wtoi
wcschr
memcpy_s
??3@YAXPEAX@Z
wcsrchr
memcmp
__CxxFrameHandler4
_ltow_s
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
__C_specific_handler
wcsstr
wcscpy_s
free
calloc
wcstoul
_vsnwprintf
??_V@YAXPEAX@Z
wcscspn
memmove_s
wcsspn
_wcsicmp
wcscmp

osksupport

UninitializeOSKSupport
InitializeOSKSupport

dwmapi

DwmSetWindowAttribute

gdiplus

GdiplusStartup
GdiplusShutdown

ntdll

WinSqmIncrementDWORD
WinSqmSetDWORD
RtlCaptureContext
RtlLookupFunctionEntry
WinSqmAddToStream
WinSqmIsOptedIn
RtlVirtualUnwind

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleacc

AccSetRunningUtilityState
AccessibleObjectFromWindow

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

winmm

waveOutGetNumDevs
PlaySoundW
joyReleaseCapture
joySetCapture

wmsgapi

WmsgSendMessage

duser

InvalidateGadget

dui70

?ShowWindow@NativeHWNDHost@DirectUI@@QEAAXH@Z
UnInitThread
UnInitProcessPriv
?EndDefer@Element@DirectUI@@QEAAXK@Z
InitThread
InitProcessPriv
?WndProc@HWNDElement@DirectUI@@UEAA_JPEAUHWND__@@I_K_J@Z
?ElementFromPoint@HWNDElement@DirectUI@@QEAAPEAVElement@2@PEAUtagPOINT@@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?ActivateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@K@Z
?UpdateTooltip@HWNDElement@DirectUI@@UEAAXPEAVElement@2@@Z
?_OnUIStateChanged@HWNDElement@DirectUI@@MEAAXGG@Z
?OnWmSettingChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UEAAX_K_J@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UEAAXPEAUtagMSG@@PEA_J@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UEAAXPEAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnImmersiveColorSchemeChanged@HWNDElement@DirectUI@@UEAAXXZ
?OnThemeChanged@HWNDElement@DirectUI@@UEAAXPEAUThemeChangedEvent@2@@Z
?OnEvent@HWNDElement@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnDestroy@HWNDElement@DirectUI@@UEAAXXZ
?OnGroupChanged@HWNDElement@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Host@NativeHWNDHost@DirectUI@@QEAAXPEAVElement@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?DoubleBuffered@Element@DirectUI@@QEAAX_N@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?Initialize@HWNDElement@DirectUI@@QEAAJPEAUHWND__@@_NIPEAVElement@2@PEAK@Z
??1HWNDElement@DirectUI@@UEAA@XZ
??0HWNDElement@DirectUI@@QEAA@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?Register@HWNDElement@DirectUI@@SAJXZ
?ThemeChange@HWNDElement@DirectUI@@SA?AVUID@@XZ
?GetHWND@NativeHWNDHost@DirectUI@@QEAAPEAUHWND__@@XZ
?OnCompositionChanged@HWNDElement@DirectUI@@UEAAXXZ
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?OnMessage@NativeHWNDHost@DirectUI@@UEAAJI_K_JPEA_J@Z
?Destroy@NativeHWNDHost@DirectUI@@QEAAXXZ
??0NativeHWNDHost@DirectUI@@QEAA@XZ
?Initialize@NativeHWNDHost@DirectUI@@QEAAJPEBG0PEAUHWND__@@PEAUHICON__@@HHHHHHPEAUHINSTANCE__@@I@Z
??1NativeHWNDHost@DirectUI@@UEAA@XZ
?CreateHostWindow@NativeHWNDHost@DirectUI@@UEAAPEAUHWND__@@KPEBG0KHHHHPEAU3@PEAUHMENU__@@PEAUHINSTANCE__@@PEAX@Z
?GetDisplayNode@Element@DirectUI@@QEAAPEAUHGADGET__@@XZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetHeight@Element@DirectUI@@QEAAJH@Z
?SetX@Element@DirectUI@@QEAAJH@Z
?SetY@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?IsRTL@Element@DirectUI@@QEAA_NXZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetLayout@Element@DirectUI@@QEAAJPEAVLayout@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UEAA_NXZ
?IsMSAAEnabled@HWNDElement@DirectUI@@UEAA_NXZ
?GetHWND@HWNDElement@DirectUI@@UEAAPEAUHWND__@@XZ
?GetClassInfoW@HWNDElement@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?Create@FillLayout@DirectUI@@SAJPEAPEAVLayout@2@@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?Destroy@Layout@DirectUI@@QEAAXXZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetWindowClassNameAndStyle@HWNDElement@DirectUI@@UEAAXPEAPEBGPEAI@Z

shell32

ShellExecuteW

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pacjsworker.exe
.exe windows:10 windows x64 arch:x64

84970980433aae64352684fdbfe4e420

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:d8:4c:1f:7e:26:bf:2f:dc:00:e1:8a:c7:32:ca:b9:04:53:49:e4:64:c0:80:7c:c8:07:d3:f8:23:a8:f2:90
Signer

Actual PE Digest

ea:d8:4c:1f:7e:26:bf:2f:dc:00:e1:8a:c7:32:ca:b9:04:53:49:e4:64:c0:80:7c:c8:07:d3:f8:23:a8:f2:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pacjsworker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p___wargv
_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o___p___argc
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

winhttp

WinHttpPacJsWorkerMain

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcalua.exe
.exe windows:10 windows x64 arch:x64

65181227a3f528925438a98cb935f5cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcalua.pdb

Imports

user32

GetDesktopWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
DefWindowProcW
SetForegroundWindow

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr
_o__wcsnicmp
_o__wtoi
_o_exit
_o_free
_o_strcpy_s
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__current_exception
__current_exception_context
wcschr
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
_o___p__commode
__CxxFrameHandler4
wcsstr
strchr
wcsrchr
_CxxThrowException
memcmp
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

ntdll

NtClose
LdrGetProcedureAddress
NtQueryInformationFile
RtlInitString
RtlInitAnsiString
NtCreateFile
RtlCaptureContext
ZwOpenKey
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetDllHandle
RtlInitUnicodeString
RtlDeleteCriticalSection
RtlAllocateHeap
RtlEqualString
RtlReAllocateHeap
RtlEnterCriticalSection
RtlMultiByteToUnicodeN
ZwEnumerateKey
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
ZwClose
ZwQuerySystemInformation
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
ZwQueryValueKey

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExA
GetProcAddress
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
CreateActCtxW
ActivateActCtx

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockExclusive
CreateMutexExW
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
CreateFileW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

pcaui

PcaLaunchApplicationWithConsent
PcaPersistSettingsAndLaunchApplication

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcaui.exe
.exe windows:10 windows x64 arch:x64

4bf57eba3b7099c31e7f2d38d3460f0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcaui.pdb

Imports

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcslwr
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o_exit
_o_free
_o_malloc
_o_memcpy_s
_o_strcpy_s
_o_terminate
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__current_exception
__current_exception_context
__CxxFrameHandler3
_o___std_exception_destroy
_CxxThrowException
_o___std_exception_copy
wcsrchr
strchr
wcsstr
wcschr
_o___p__commode
_o__crt_atexit
_o__exit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcpy
memcmp
_o__wcsicmp

api-ms-win-crt-string-l1-1-0

memset
strncmp
wcscmp

ntdll

RtlMultiByteToUnicodeN
ZwEnumerateKey
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
ZwClose
RtlAnsiStringToUnicodeString
RtlImageDirectoryEntryToData
ZwQuerySystemInformation
RtlEnterCriticalSection
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
RtlTimeToTimeFields
RtlUpcaseUnicodeChar
RtlDosPathNameToNtPathName_U_WithStatus
ZwCreateSection
RtlFreeUnicodeString
RtlxAnsiStringToUnicodeSize
RtlGetNativeSystemInformation
RtlSecondsSince1970ToTime
RtlVerifyVersionInfo
RtlInitUnicodeStringEx
ZwMapViewOfSection
ZwQueryValueKey
ZwQueryInformationFile
LdrResSearchResource
ZwOpenKey
EtwTraceMessage
RtlReAllocateHeap
RtlEqualString
RtlDeleteCriticalSection
NtQueryInformationFile
NtClose
NtCreateFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
LdrGetProcedureAddress
RtlInitString
LdrGetDllHandle
RtlInitUnicodeString
RtlAllocateHeap
RtlFreeHeap
RtlGUIDFromString
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitAnsiString
ZwUnmapViewOfSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExW
GetProcAddress
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
SetEvent
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
EnterCriticalSection
CreateEventExW
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
ResetEvent
AcquireSRWLockShared
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW

userenv

GetUserProfileDirectoryW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
DeactivateActCtx

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegLoadAppKeyW

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathFindFileNameW

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

kernel32

FindFirstFileW
GetModuleHandleExA
CreateFileW
FindClose
WriteFile
FileTimeToSystemTime
GetVolumeInformationByHandleW
RegOpenKeyExW
VerSetConditionMask
ExpandEnvironmentStringsW
ReleaseActCtx

apphelp

SdbSetEntryFlags
ord31
SdbIsNullGUID
SdbFreeFileAttributes
SdbGetEntryFlags
SdbGetFileAttributes
SdbTagToString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipBitmapSetPixel
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromHICON
GdipGetImageEncoders
GdipGetImageEncodersSize

comctl32

ImageList_GetIcon

pcaui

PcaShowDialog
DisplayApphelpDialog

gdi32

DeleteObject
GetDIBits
CreateDIBSection
CreateCompatibleDC
GetObjectW
DeleteDC

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptCreateHash

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcwrun.exe
.exe windows:10 windows x64 arch:x64

f377d135d63e07adc800e6f236499a9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pcwrun.pdb

Imports

kernel32

GetTempPath2W
GetTempFileNameW
CreateFileW
WriteFile
CloseHandle
RaiseException
HeapFree
GetProcessHeap
GetModuleHandleW
GetLastError
FindResourceW
SizeofResource
HeapAlloc
LoadResource
LockResource
ExpandEnvironmentStringsW
CreateProcessW
HeapSetInformation
MoveFileExW
LocalFree
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

msvcrt

_commode
__setusermatherr
?terminate@@YAXXZ
__C_specific_handler
__set_app_type
exit
_exit
_cexit
memcpy
_wcmdln
__wgetmainargs
_amsg_exit
_XcptFilter
free
_vsnwprintf
_initterm
_fmode
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString
SysStringLen
SysAllocString
VariantClear
VariantInit

shell32

CommandLineToArgvW

shlwapi

PathRemoveExtensionW
PathAddExtensionW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
perfmon.exe
.exe windows:10 windows x64 arch:x64

c558b7a765839c058d47628a59e81cdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

perfmon.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetModuleFileNameW
FindActCtxSectionStringW
GetLocaleInfoW
WaitForSingleObject
GetFileAttributesW
DeactivateActCtx
QueryActCtxW
Sleep
FormatMessageW
GetLastError
GetThreadUILanguage
CloseHandle
OutputDebugStringA
CreateThread
HeapSetInformation
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
CreateProcessW
FreeLibrary
CopyFileW
RegisterApplicationRestart
IsWow64Process
GetSystemDefaultUILanguage
ExpandEnvironmentStringsW
LoadLibraryW
GetLocaleInfoEx
GetUserDefaultUILanguage
GetCurrentProcess
UnmapViewOfFile
LCIDToLocaleName
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetConsoleMode
GetFileType
WriteFile
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
SetLastError
HeapFree
ActivateActCtx
CreateActCtxW
FindResourceExW
LoadResource
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
GetModuleHandleExW
GetVersionExW
SearchPathW

gdi32

GetDeviceCaps

user32

SetLayeredWindowAttributes
EnumWindows
SetFocus
GetMessageW
DefWindowProcW
PostMessageW
MonitorFromPoint
CheckMenuRadioItem
TranslateAcceleratorW
TranslateMessage
LoadIconW
GetClassNameW
SetWindowPos
CheckMenuItem
GetClientRect
GetDlgItem
PostQuitMessage
GetDesktopWindow
EnableMenuItem
SystemParametersInfoW
DialogBoxParamW
UpdateWindow
IsIconic
ReleaseDC
ShowWindow
IsWindow
GetSysColor
CopyRect
DispatchMessageW
LoadStringW
GetWindowRect
GetMenu
GetFocus
DestroyWindow
GetDC
LoadAcceleratorsW
CreateWindowExW
DeleteMenu
SendMessageW
WaitForInputIdle
EndDialog
SetWindowTextW
RegisterClassExW
GetWindowPlacement
GetMonitorInfoW

msvcrt

wcsncmp
malloc
_callnewh
memset
memcpy
__C_specific_handler
_vsnwprintf
memmove
towlower
_wcsicmp
wcsrchr
wcschr
_wsplitpath_s
_wmakepath_s
wcstok
__CxxFrameHandler3
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_wcsnicmp
wcsstr
?terminate@@YAXXZ

atl

ord41

ole32

CoCreateInstance
CoInitialize
OleInitialize
CoUninitialize

ntdll

NtQueryInformationToken
NtOpenProcessToken
NtClose
NtOpenThreadToken
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmAddToStream

shlwapi

SHCreateStreamOnFileEx
ord186

shell32

ord28
SHGetIDListFromObject
CommandLineToArgvW
SHCreateDataObject
ShellExecuteExW
SHBindToParent
ord155
SHGetFolderPathEx

oleaut32

OleCreateFontIndirect
SysFreeString
VariantInit
VariantTimeToSystemTime
VarDateFromStr
VariantChangeType
SysAllocString
VariantClear

credui

CredUIPromptForCredentialsW

sspicli

GetUserNameExW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phoneactivate.exe
.exe windows:10 windows x64 arch:x64

da01aba632042a34353c786f41878181

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:19:80:30:a1:eb:87:cc:f2:78:d9:8f:e1:fb:27:81:41:0d:57:87:77:8a:ea:52:4b:9d:fb:db:a1:e9:08:60
Signer

Actual PE Digest

7e:19:80:30:a1:eb:87:cc:f2:78:d9:8f:e1:fb:27:81:41:0d:57:87:77:8a:ea:52:4b:9d:fb:db:a1:e9:08:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

phoneactivate.pdb

Imports

advapi32

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

kernel32

HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
GetLastError
CompareStringW
LocalFree
GetSystemTime
SystemTimeToFileTime
CreateEventW
SetEvent
OpenEventW
CreateMutexW
RegisterWaitForSingleObject
QueueUserWorkItem
OpenProcess
UnregisterWaitEx
CloseHandle
GetGeoInfoW
VirtualQuery
FindResourceExW
LoadResource
LockResource
GetCurrentThreadId
CompareStringEx
LoadLibraryExW
FreeLibrary
GetSystemDirectoryW

user32

GetMessageW
TranslateMessage
GetSystemMetrics
DispatchMessageW
CharNextW
ChangeWindowMessageFilter
PostThreadMessageW
CharUpperW
PostQuitMessage
CharUpperBuffW
GetWindowThreadProcessId

msvcrt

memmove
memset
memcpy
floorf
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
wcscmp
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
towlower
_wcsicmp
_vsnwprintf
swscanf_s
_wtoi
wcsstr
_purecall
wcschr
_unlock

shell32

ShellExecuteExW
SHCreateItemInKnownFolder
SHGetIDListFromObject
CommandLineToArgvW

shlwapi

PathFileExistsW
ord460

windows.ui.immersive

ord100

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

setupapi

SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetLineByIndexW
SetupOpenInfFileW
SetupCloseInfFile

slc

SLGetWindowsInformation
SLDepositOfflineConfirmationId
SLGetSLIDList
SLGenerateOfflineInstallationId
SLGetLicensingStatusInformation
SLOpen
SLClose
SLGetProductSkuInformation
SLConsumeWindowsRight

sppc

SLpIsCurrentInstalledProductKeyDefaultKey

sppcext

SLGetTokenActivationGrants
SLFreeTokenActivationGrants

dui70

GetScaleFactor
?GetRoot@Element@DirectUI@@QEAAPEAV12@XZ
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?ClearButtonClicked@TouchEdit2@DirectUI@@SA?AVUID@@XZ
?Release@Value@DirectUI@@QEAAXXZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetInputScope@TouchEdit2@DirectUI@@QEAAJW4__MIDL___MIDL_itf_inputscope_0000_0000_0001@@@Z
?GetSelectionIndex@TouchSelect@DirectUI@@QEAAHXZ
?SetSelectionIndex@TouchSelect@DirectUI@@QEAAJH@Z
?AddString@TouchSelect@DirectUI@@QEAAJPEBG@Z
?UserTextChanged@TouchEditBase@DirectUI@@SA?AVUID@@XZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?CreateString@Value@DirectUI@@SAPEAV12@PEBGPEAUHINSTANCE__@@@Z
?SetCaretPosition@TouchEdit2@DirectUI@@QEAAJJ@Z
?GetSelection@TouchEdit2@DirectUI@@QEAAJPEAJ0@Z
DuiCreateObject
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QEAAJIPEAUHINSTANCE__@@0@Z
?Create@DUIXmlParser@DirectUI@@SAJPEAPEAV12@P6APEAVValue@2@PEBGPEAX@Z2P6AX11H2@Z2@Z
?Click@TouchButton@DirectUI@@SA?AVUID@@XZ
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetDirection@Element@DirectUI@@QEAAJH@Z

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plasrv.exe
.exe windows:10 windows x64 arch:x64

71297308fdb1be310422f78b8e23f73c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

plasrv.pdb

Imports

kernel32

GetSystemDirectoryW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_vsnwprintf
?terminate@@YAXXZ

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pnputil.exe
.exe windows:10 windows x64 arch:x64

8f47eb65ebe877be06b87402556253df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pnputil.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
memcpy
__C_specific_handler
_resetstkoflw
wcschr
_initterm
__setusermatherr
wcsrchr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsnicmp
_wcsicmp
_vsnwprintf
memset

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
SetLastError
GetLastError
RaiseException

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileW
GetFullPathNameW
FindNextFileW
CreateDirectoryW
FindClose
GetFileAttributesW
CreateFileW

api-ms-win-core-console-l1-1-0

WriteConsoleW
GetConsoleMode

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
FreeLibrary
LoadStringW
GetProcAddress
GetModuleHandleW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal
CompareStringW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Class_PropertyW

devobj

DevObjClassNameFromGuid
DevObjDestroyDeviceInfoList
DevObjDeleteDevice
DevObjCreateDeviceInfoList
DevObjGetDeviceProperty
DevObjChangeState
DevObjUninstallDevice
DevObjOpenDeviceInfo
DevObjClassGuidsFromName

cfgmgr32

CM_Get_Res_Des_Data_Size
CM_Get_Device_Interface_PropertyW
CM_Free_Log_Conf_Handle
CM_Get_DevNode_PropertyW
CM_Get_Next_Res_Des
CM_Free_Res_Des_Handle
CM_Reenumerate_DevNode
CM_Get_First_Log_Conf
CM_Get_Res_Des_Data
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW

api-ms-win-devices-query-l1-1-0

DevGetObjectProperties
DevFindProperty
DevGetObjects
DevFreeObjects
DevFreeObjectProperties

ntdll

NtQueryValueKey
NtOpenKey
RtlFreeUnicodeString
RtlFormatCurrentUserKeyPath
NtClose
RtlGUIDFromString
RtlInitUnicodeString
RtlNtStatusToDosError
NtQuerySystemInformation
RtlIsStateSeparationEnabled

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObjectEx
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
poqexec.exe
.sys windows:10 windows x64 arch:x64

53a44d5c493b9234dafc0dc163b81690

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

poqexec.pdb

Imports

ntdll

RtlQueryFeatureConfiguration
RtlNotifyFeatureUsage
RtlRaiseStatus
sprintf_s
NtWriteFile
vsprintf_s
NtQuerySystemTime
NtOpenFile
NtSetInformationFile
NtClose
NtCreateFile
NtSetCachedSigningLevel
RtlCopyUnicodeString
RtlFindMessage
RtlFormatMessage
NtDrawText
NtDisplayString
NtQueryInformationFile
NtOpenProcess
NtQueryInformationProcess
_wcstoui64
RtlInitUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtOpenKey
NtLoadKey
NtUnloadKey
NtQueryInformationTransaction
NtCreateTransaction
NtCommitTransaction
NtFlushKey
RtlSetSystemBootStatus
NtShutdownSystem
NtCreateKey
RtlExpandEnvironmentStrings_U
NtFlushBuffersFile
NtReadFile
RtlSetHeapInformation
DbgPrintEx
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
NtDelayExecution
NtRollbackTransaction
NtQueryVolumeInformationFile
NtQueryAttributesFile
NtQuerySecurityObject
NtSetSecurityObject
NtCreateKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyEx
NtDeleteKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtFsControlFile
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
RtlNormalizeProcessParams
RtlFreeUnicodeString
NtOpenThreadToken
NtQueryInformationToken
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlDuplicateUnicodeString
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlNewSecurityObjectEx
RtlDeleteSecurityObject
RtlEqualUnicodeString
LdrLoadDll
LdrGetProcedureAddress
NtQueryPerformanceCounter
NtSetIoCompletion
NtWaitForMultipleObjects
RtlGetControlSecurityDescriptor
RtlFindAceByType
NtQuerySystemInformation
NtCreateIoCompletion
NtCreateEvent
TpSimpleTryPost
NtRemoveIoCompletion
NtSetEvent
RtlTimeToTimeFields
NtQueryKey
RtlSetOwnerSecurityDescriptor
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
RtlGetAce
RtlpApplyLengthFunction
LdrUnloadDll
RtlQueryInformationAcl
RtlAddAccessAllowedAceEx
NtDeleteFile
RtlCaptureStackBackTrace
RtlQueryEnvironmentVariable_U
RtlGetCurrentTransaction
RtlAddAce
RtlLengthSid
NtDuplicateObject
NtYieldExecution
NtSetInformationKey
NtQueryObject
RtlDestroyEnvironment
NtQueryDirectoryFile
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlConvertSidToUnicodeString
RtlValidAcl
RtlSetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlValidSid
RtlMakeSelfRelativeSD
NtDuplicateToken
NtSetInformationThread
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlCreateEnvironmentEx
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
RtlReAllocateHeap
RtlDosPathNameToNtPathName_U
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
iswspace
wcscpy_s
memcpy_s
strncmp
_snprintf_s
wcstoul
memcmp
memcpy
memset

Sections

.text
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pospaymentsworker.exe
.exe windows:10 windows x64 arch:x64

4f405554d882f78a05e90f7d0e034497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pospaymentsworker.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoll
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoActivateInstance

api-ms-win-core-com-l1-1-0

CoTaskMemFree

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powercfg.exe
.exe windows:10 windows x64 arch:x64

e85330399b67b18f4577e432ca6ce70d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

powercfg.pdb

Imports

msvcrt

memcpy
memmove
?terminate@@YAXXZ
_CxxThrowException
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
??1type_info@@UEAA@XZ
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
fprintf
fflush
_wtoi
_wcstoui64
_wcsnicmp
_ui64tow_s
_itow_s
_vsnwprintf
_purecall
wcstoul
wcscat_s
wcscpy_s
_wcsicmp
__CxxFrameHandler4
__iob_func
swprintf_s
__set_app_type
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtQueryObject
RtlFreeHeap
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosError
NtPowerInformation
RtlLoadString

rpcrt4

UuidEqual
UuidFromStringW
UuidToStringW
RpcStringFreeW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
GetFileType
FindFirstFileW
CreateFileW
GetFileAttributesW
GetFullPathNameW
DeleteFileW
FindClose
FileTimeToLocalFileTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
OpenProcessToken

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringOrdinal

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
LoadStringW
LoadLibraryExA
GetModuleHandleW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchAppend

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l2-1-0

RegSaveKeyW

powrprof

PowerGetActualOverlayScheme
PowerApplyPowerRequestOverride
PowerGetAdaptiveStandbyDiagnostics
PowerEnumerate
PowerReadValueIncrement
PowerReadFriendlyName
PowerGetOverlaySchemes
PowerPolicyToGUIDFormat
PowerWriteDCDefaultIndex
PowerGetProfiles
PowerWriteACProfileIndex
PowerReadValueMin
PowerRemovePowerSetting
PowerCleanupOverrides
PowerRestoreIndividualDefaultPowerScheme
ReadPwrScheme
PowerReadValueUnitsSpecifier
PowerRestoreDefaultPowerSchemes
PowerReadValueMax
PowerReadProfileAlias
PowerReadACValueIndexEx
PowerWriteValueMax
PowerReplaceDefaultPowerSchemes
PowerSetActiveOverlayScheme
PowerReadPossibleFriendlyName
PowerWritePossibleValue
PowerReadPossibleValue
PowerWriteValueIncrement
PowerDeleteScheme
PowerWriteValueMin
PowerWriteDescription
PowerReadSecurityDescriptor
PowerWriteSecurityDescriptor
PowerDuplicateScheme
PowerReadDCValueIndexEx
PowerWriteDCProfileIndex
PowerWriteACDefaultIndex
GetActivePwrScheme
PowerWriteSettingAttributes
PowerWriteFriendlyName
DevicePowerOpen
DevicePowerEnumDevices
PowerReadDCValueIndex
PowerImportPowerScheme
DevicePowerClose
PowerReadACValueIndex
PowerOpenUserPowerKey
PowerReadSettingAttributes
DevicePowerSetDeviceState
PowerInformationWithPrivileges

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-service-private-l1-1-0

I_QueryTagInformation

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prevhost.exe
.exe windows:10 windows x64 arch:x64

14e7a56ce14dad875047d7ec617bc003

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

prevhost.pdb

Imports

kernel32

GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
FormatMessageW
GetLastError
OutputDebugStringW
SetEvent
WaitForSingleObjectEx
ReleaseSemaphore
CloseHandle
HeapSetInformation
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetLastError
HeapFree
CreateSemaphoreExW
OpenSemaphoreW
GetModuleFileNameA

user32

PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
TranslateMessage

msvcrt

_lock
_unlock
__setusermatherr
__CxxFrameHandler3
free
_ismbblead
_cexit
?terminate@@YAXXZ
_onexit
_XcptFilter
__C_specific_handler
_initterm
_acmdln
_fmode
_exit
_callnewh
malloc
memcpy_s
_vsnwprintf
exit
__set_app_type
__getmainargs
_amsg_exit
__dllonexit
_commode
memset

api-ms-win-core-com-l1-1-0

CoRegisterSurrogate
CLSIDFromString
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoReleaseMarshalData
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

comctl32

ord328
ord386
ord329
ord334

shell32

ord176

shlwapi

ord219
ord16
ord215

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
print.exe
.exe windows:10 windows x64 arch:x64

d67c73847bd1dc0d9109ba544ad6c11d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

print.pdb

Imports

advapi32

IsTextUnicode

kernel32

HeapSetInformation
WideCharToMultiByte
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
TerminateProcess

msvcrt

_commode
?terminate@@YAXXZ
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
_fmode
_XcptFilter
__C_specific_handler

ulib

??0PATH_ARGUMENT@@QEAA@XZ
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
??1OBJECT@@UEAA@XZ
?Initialize@PRINT_STREAM@@QEAAEPEBVPATH@@@Z
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0PRINT_STREAM@@QEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??0ARRAY@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1PATH_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
??0PATH@@QEAA@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1ARRAY@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?WriteByte@STREAM@@QEAAEE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
Get_Standard_Input_Stream
??1DSTRING@@UEAA@XZ
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1PRINT_STREAM@@UEAA@XZ

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
printfilterpipelinesvc.exe
.exe windows:10 windows x64 arch:x64

fbc12e38838e6890bccd0777da4496e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
RegQueryValueExW
RegGetValueW
EventWriteTransfer
SetThreadToken
EventWrite
EventEnabled
AccessCheck
MapGenericMask
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW

kernel32

SetErrorMode
GetErrorMode
RtlCaptureStackBackTrace
CloseHandle
SetEvent
WaitForSingleObject
IsDebuggerPresent
OutputDebugStringA
SetProcessMitigationPolicy
CreateEventW
CreateThread
GetCurrentThreadId
Sleep
UnregisterWaitEx
CreateTimerQueue
RegisterWaitForSingleObject
DeleteTimerQueueEx
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DecodePointer
EncodePointer
GetStringTypeW
HeapSetInformation
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringW
GetPrivateProfileSectionW
AddVectoredExceptionHandler
FindResourceExW
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
GlobalLock
WaitForMultipleObjects
GlobalFree
GlobalAlloc
WriteFile
FlushFileBuffers
ReadFile
DuplicateHandle
SetEndOfFile
SetFilePointer
SetFilePointerEx
CreateFileW
GetTickCount64
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
QueueUserWorkItem
ResetEvent
ExitProcess
ReleaseSemaphore
CreateSemaphoreW
GetCurrentThread
LocalFree
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
InitializeCriticalSection
GlobalUnlock
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
GetModuleFileNameW
DebugBreak

user32

CharNextW
PostThreadMessageW
GetMessageW
DispatchMessageW
UnregisterClassA
TranslateMessage

msvcrt

??0bad_cast@@QEAA@PEBD@Z
??0bad_cast@@QEAA@AEBV0@@Z
strcspn
localeconv
sprintf_s
ldexp
wcstok_s
iswspace
wcsrchr
setlocale
__uncaught_exception
??0exception@@QEAA@AEBQEBD@Z
isupper
___lc_handle_func
___lc_codepage_func
___mb_cur_max_func
_ismbblead
islower
isspace
tolower
memchr
abort
memset
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
isalnum
isdigit
??1bad_cast@@UEAA@XZ
memcmp
memcpy
memmove
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_wcsdup
towlower
wcschr
wcsstr
wcstoul
_wcsicmp
_wcsnicmp
??0exception@@QEAA@XZ
wcscpy_s
calloc
_cexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_errno
realloc
__CxxFrameHandler3
memcpy_s
_vsnwprintf
_vsnprintf
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
__CxxFrameHandler4
_purecall
__C_specific_handler
wcsncpy_s
free
malloc
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__pctype_func
wcscmp

oleaut32

GetErrorInfo
VariantCopy
SysFreeString
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SetErrorInfo

api-ms-win-core-com-l1-1-0

CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoResumeClassObjects
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CLSIDFromString
IIDFromString
GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoGetObjectContext
CoCreateGuid
CoRevertToSelf
CoImpersonateClient

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwTraceMessage
EtwEventRegister
EtwEventUnregister
RtlReportException
EtwEventWrite
EtwEventEnabled

powrprof

PowerDeterminePlatformRole

xpspushlayer

ord5
ord4

gdi32

GdiDisableUMPDSandboxing

winspool.drv

GetPrinterDataW
GetPrinterDriverW
SetJobW
GetPrinterW
OpenPrinter2W
FreePrintPropertyValue
GetJobNamedPropertyValue
StartDocPrinterW
OpenPrinterW
ReadPrinter
EndDocPrinter
GetPrinterDriverDirectoryW
SeekPrinter
StartPagePrinter
EndPagePrinter
DocumentPropertiesW
ClosePrinter
WritePrinter

prntvpt

ord9
ord2
ord4

xpsservices

ord8

xmllite

CreateXmlReader

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
printui.exe
.exe windows:10 windows x64 arch:x64

de8c59512ca98fb3e224769147985370

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PrintUI.pdb

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey

kernel32

HeapSetInformation
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetLastError
GetCommandLineW
LoadLibraryW
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

gdi32

GetStockObject

user32

RegisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
LoadCursorW

msvcrt

_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
__wgetmainargs
_amsg_exit
_XcptFilter
iswspace
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proquota.exe
.exe windows:10 windows x64 arch:x64

3f32c4f6ebfec67c604916772e1803f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

proquota.pdb

Imports

advapi32

RegQueryValueExW
SetSecurityInfo
RegOpenKeyExW
GetAce
RegCloseKey
GetSecurityInfo

kernel32

CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
FindNextFileW
GetCurrentProcess
ReleaseSemaphore
GetModuleHandleExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
SetProcessShutdownParameters
CompareStringOrdinal
SetThreadPriority
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetEnvironmentVariableW
FindClose
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
OpenEventW
FindFirstFileW
ResumeThread
ExitThread
FindFirstChangeNotificationW
CreateEventW
Sleep
FormatMessageW
GetTickCount64
GetLastError
OutputDebugStringW
SetEvent
FindCloseChangeNotification
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
CreateThread
HeapSetInformation
HeapAlloc
FindNextChangeNotification
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
LocalReAlloc
DebugBreak
IsDebuggerPresent
GetModuleFileNameA
ReleaseMutex

user32

PostQuitMessage
CheckDlgButton
KillTimer
GetDlgItem
GetClientRect
LoadIconW
TranslateMessage
IsDlgButtonChecked
SendDlgItemMessageW
ShutdownBlockReasonCreate
RegisterClassW
SetDlgItemTextW
DestroyIcon
SetTimer
GetDesktopWindow
LoadStringW
GetSystemMetrics
EndDialog
SendMessageW
CreateWindowExW
MessageBoxW
SetWindowPos
GetWindowRect
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
GetParent
DialogBoxParamW
SetForegroundWindow
LoadImageW
DispatchMessageW
ShutdownBlockReasonDestroy

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o___std_exception_copy
_o___std_exception_destroy
_o___stdio_common_vsnprintf_s
_o___stdio_common_vswprintf
_o__cexit
_o__configthreadlocale
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_narrow_winmain_command_line
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_terminate
__current_exception
__current_exception_context
__std_terminate
__C_specific_handler
__CxxFrameHandler4
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

shell32

SHGetFileInfoW
Shell_NotifyIconW
ord60

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

comctl32

ord17

ole32

CoInitialize

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provlaunch.exe
.exe windows:10 windows x64 arch:x64

5e2bd8bdc63e61f7e0d77c0b742a3dc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

provlaunch.pdb

Imports

msvcp110_win

?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
_callnewh
malloc
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
wcstol
_errno
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_XcptFilter
_CxxThrowException
memcpy
memmove

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegDeleteTreeW
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-shell-shdirectory-l1-1-0

ord290

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
provtool.exe
.exe windows:10 windows x64 arch:x64

32a66f804cdbf1298dd7e3bae661d502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

provtool.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
memmove
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy
_CxxThrowException
malloc
_callnewh
wcscmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_wcsicmp
_wcsnicmp
__CxxFrameHandler3
_purecall
wcstok_s
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
wprintf
__CxxFrameHandler4

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

dmcommandlineutils

ProcessCommandLine
FreeCommandLineOptions

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-path-l1-1-0

PathCchCombineEx
PathCchAppendEx
PathCchCanonicalizeEx
PathCchFindExtension

api-ms-win-core-file-l1-1-0

GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

profapi

ord117

crypt32

CryptBinaryToStringW

ntdll

NtQuerySystemInformation
RtlAdjustPrivilege

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prproc.exe
.exe windows:10 windows x64 arch:x64

6c59001e0768c2b59f1f170dae94ead2

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:92:b6:5f:df:51:9f:e1:d9:23:0d:0e:13:42:c8:17:88:83:5f:72:76:bc:59:c6:04:df:da:d8:3e:d8:cb:5b
Signer

Actual PE Digest

9a:92:b6:5f:df:51:9f:e1:d9:23:0d:0e:13:42:c8:17:88:83:5f:72:76:bc:59:c6:04:df:da:d8:3e:d8:cb:5b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PRPROC.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psr.exe
.exe windows:10 windows x64 arch:x64

c89d20643dc07bfe7517000ab83d9fbb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

psr.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
RegGetValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegGetValueA

kernel32

DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetFullPathNameW
LocalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateThreadpoolTimer
SetThreadpoolTimer
MultiByteToWideChar
WideCharToMultiByte
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
GetFileAttributesW
CreateDirectoryW
CreateEventExW
SetEvent
DeleteFileW
MoveFileExW
Wow64DisableWow64FsRedirection
GetCommandLineW
GetSystemDirectoryW
CreateMutexExW
CreateEventW
CreateMutexW
RegisterWaitForSingleObject
HeapSetInformation
IsWow64Process
GetCurrentProcess
UnregisterWait
RaiseException
InitOnceBeginInitialize
InitializeCriticalSectionEx
InitializeCriticalSection
GetModuleFileNameW
LoadLibraryExW
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
GetSystemTime
SystemTimeToTzSpecificLocalTime
CopyFileW
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
GetSystemTimeAsFileTime
Sleep
LockResource
LoadResource
FindResourceW
EncodePointer
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
OpenEventW
LoadLibraryExA
VirtualAlloc
VirtualFree
lstrcmpiW
lstrcmpiA
GetModuleHandleExW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
QueryPerformanceCounter
InitializeSListHead
GetStartupInfoW
FileTimeToLocalFileTime
CreateFileW
OpenProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileA
GetLocaleInfoEx
TlsAlloc
TlsSetValue
GlobalHandle
WaitForSingleObject
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
InitOnceComplete
GlobalFree
TlsFree
TlsGetValue
lstrlenA
CreateFileA
ReadFile
IsDBCSLeadByte
FileTimeToDosDateTime
FindClose
GlobalReAlloc
lstrcmpA
WriteFile
GetFileAttributesExA
ReplaceFileW
SetFilePointer
DecodePointer
GetFileInformationByHandle
SetFileAttributesW
GetFileAttributesExW
GetDriveTypeA
FindFirstFileA
FindNextFileA
LoadLibraryW
FreeLibrary

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

GetDlgItemInt
EndDialog
SetDlgItemTextW
EnableWindow
SetDlgItemInt
SendDlgItemMessageW
SetForegroundWindow
DialogBoxParamW
UnregisterClassW
KillTimer
SetTimer
GetWindowRect
GetTitleBarInfo
GetProcessDefaultLayout
LoadCursorW
LoadAcceleratorsW
CharLowerA
UnregisterClassA
MessageBoxW
SetLayeredWindowAttributes
GetDpiForWindow
DispatchMessageW
AdjustWindowRectExForDpi
PeekMessageA
DispatchMessageA
CharNextA
OemToCharBuffA
CharToOemBuffA
CharPrevA
CharUpperBuffA
RegisterClassExW
CharUpperW
CharNextW
PostThreadMessageW
GetDlgItemTextW
DestroyIcon
GetMessageW
TranslateMessage
GetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
SetWindowLongW
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
TranslateAcceleratorW
GetKeyState
LoadIconW
PostMessageW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
DefWindowProcW
GetParent
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
IsWindow
SendMessageW
GetDlgItem
GetWindow
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
LoadStringW
GetSystemMetrics
GetSysColorBrush
SystemParametersInfoW
ShowWindow
MapWindowPoints
UpdateWindow

msvcp_win

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

api-ms-win-crt-string-l1-1-0

memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__getdrive
_o__gmtime32
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime32
_o__cexit
_o__mktemp
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__wcsicmp
_o__wtoi
_o_abort
_o_calloc
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_qsort
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__C_specific_handler
__std_terminate
__CxxFrameHandler4
strstr
_CxxThrowException
__C_specific_handler_noexcept
memcmp
memcpy
_o__set_new_mode
memmove

uireng

UirInitializeEngine
UirStopRecordingSession
UirOutCreateOutputFile
UirGetRecordedActionInfo
UirWriteRecordedActionListXml
UirWriteRecordedActionAndCommentListMht
UirWriteUserComments
UirFreeRecordedActionInfo
UirPauseRecordingSession
UirResumeRecordingSession
UirUpdateRecordingSession
UirStartRecordingSession

comctl32

ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ord381

ntdll

EtwEventWriteNoRegistration
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

oleaut32

UnRegisterTypeLi
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringLen
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
SysStringByteLen
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
GetErrorInfo
SetErrorInfo

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
OleLockRunning
CoCreateFreeThreadedMarshaler
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetClassObject
CoInitializeEx

shell32

SHFileOperationW
ShellExecuteExW
ord171
SHCreateItemInKnownFolder
ShellAboutW
CommandLineToArgvW

shlwapi

PathFindExtensionW
PathAppendW
PathGetArgsW
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
SHAutoComplete
StrStrIW
PathFindExtensionA
PathIsSameRootW
ord216
ord218
PathMatchSpecExA

api-ms-win-crt-time-l1-1-0

_time32

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwlauncher.exe
.exe windows:10 windows x64 arch:x64

83c9df9631980adba74edd944ab6f667

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

pwlauncher.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
StartTraceW
EnableTrace
ControlTraceW
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

FormatMessageW
LocalFree
GetTempPathW
GetLastError
GetCurrentProcessId
CloseHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceExW
GetConsoleOutputCP
SetThreadPreferredUILanguages
ReleaseSRWLockExclusive
Sleep
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WakeAllConditionVariable
SleepConditionVariableSRW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
AcquireSRWLockExclusive
UnhandledExceptionFilter
TerminateProcess

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
memcpy
_initterm
__setusermatherr
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_unlock
_lock
?terminate@@YAXXZ
_commode
_XcptFilter
__CxxFrameHandler3
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
__C_specific_handler
_wsetlocale
swprintf_s
wprintf_s
vswprintf_s
_vscwprintf
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
free
malloc
?what@exception@@UEBAPEBDXZ
memcpy_s
memmove_s
_wcsicmp
__CxxFrameHandler4
??3@YAXPEAX@Z
_fmode
_exit
memset

user32

UnregisterClassA

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoCreateGuid

shlwapi

PathAppendW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlCheckPortableOperatingSystem
RtlNtStatusToDosError
RtlVirtualUnwind

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasautou.exe
.exe windows:10 windows x64 arch:x64

69dc1709b7740448a0dc0ad149c69d48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasautou.pdb

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW

kernel32

VirtualFree
VirtualAlloc
LocalAlloc
MultiByteToWideChar
ProcessIdToSessionId
GetLastError
HeapSetInformation
LocalFree
GetCurrentProcessId
GetModuleHandleW
LoadLibraryExW
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ActivateActCtx
DeactivateActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW

msvcrt

_wcsicmp
_fmode
printf
_stricmp
strstr
_XcptFilter
_amsg_exit
__wgetmainargs
?terminate@@YAXXZ
_commode
__set_app_type
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit

ntdll

NtQuerySystemInformation
RtlInitUnicodeString
NtClose
DbgPrint
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenFile

rasapi32

RasGetAutodialParamW
RasEnumAutodialAddressesW
DwRasUninitialize
RasGetAutodialAddressW

rasdlg

RasDialDlgW
RasPhonebookDlgW
RasAutodialQueryDlgW

ws2_32

WSAStartup

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasdial.exe
.exe windows:10 windows x64 arch:x64

d893fb6dd140ff7107d0e41ffbaaaec9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasdial.pdb

Imports

kernel32

SetConsoleCtrlHandler
CompareStringW
GetCommandLineW
GetConsoleOutputCP
GetStdHandle
WriteFile
ExpandEnvironmentStringsW
SetThreadUILanguage
WaitForSingleObject
LocalAlloc
CreateFileW
CreateEventW
Sleep
FormatMessageW
GetLastError
SetEvent
GlobalAlloc
GlobalFree
CloseHandle
HeapSetInformation
LocalFree
GetModuleHandleW
WideCharToMultiByte
RtlLookupFunctionEntry
RtlVirtualUnwind
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext

msvcrt

?terminate@@YAXXZ
_fmode
_initterm
__setusermatherr
_exit
_commode
__iob_func
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_getwch
getchar
wcsstr
_itow
wcschr
_wcsupr
fputwc
exit
__C_specific_handler
_cexit
memset

rasapi32

RasGetConnectStatusW
RasHangUpW
RasDialW
RasFreeEapUserIdentityW
RasGetErrorStringW
RasGetEntryPropertiesW
RasGetEapUserIdentityW
RasEnumConnectionsW
RasHandleTriggerConnDisconnect
RasCompleteDialMachineCleanup

user32

LoadStringW

shell32

CommandLineToArgvW

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
raserver.exe
.exe windows:10 windows x64 arch:x64

e20b4754318a11b8eb79040b310ad904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

RAServer.pdb

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
IsValidRelativeSecurityDescriptor
MakeAbsoluteSD
InitializeSecurityDescriptor
InitializeAcl
MakeSelfRelativeSD
IsValidSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
FreeSid
GetSecurityDescriptorDacl
IsValidAcl
GetAclInformation
GetAce
EqualSid
AddAccessDeniedAce
DeleteAce
RegEnumValueW
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptImportKey
CryptDecrypt
CryptEncrypt
EventWrite
EventUnregister
EventRegister

kernel32

GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
OutputDebugStringW
ReleaseSemaphore
OpenSemaphoreW
CloseHandle
RaiseException
FindResourceExW
LoadResource
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
LoadLibraryExW
IsDebuggerPresent
SetProcessMitigationPolicy
SetErrorMode
HeapSetInformation
CompareStringW
GetCommandLineW
SetEvent
Sleep
CreateThread
LoadLibraryW
ResetEvent
GetSystemDirectoryW
DelayLoadFailureHook
ResolveDelayLoadedAPI
OutputDebugStringA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
SizeofResource
GetModuleHandleExW
GetModuleFileNameA
WaitForSingleObjectEx

user32

TranslateMessage
DispatchMessageW
LoadStringW
UnregisterClassA
CharNextW
CharUpperW
PostThreadMessageW
GetMessageW

msvcrt

__setusermatherr
_callnewh
_wcmdln
_fmode
_commode
_errno
??0exception@@QEAA@AEBQEBDH@Z
realloc
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_initterm
memcmp
wcsncmp
_wtol
iswdigit
_cexit
_exit
exit
__set_app_type
_wtoi
wcscat_s
wcscpy_s
wcsncpy_s
malloc
free
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
??3@YAXPEAX@Z
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
memset
_CxxThrowException
wcscmp

shlwapi

StrCmpIW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SysAllocString
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
RegisterTypeLi
SysStringLen
VarUI4FromStr
VarBstrCat
SysAllocStringLen
VarBstrCmp

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

shell32

SHGetSpecialFolderPathW
ShellExecuteW

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
StringFromGUID2
CoResumeClassObjects
CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

samcli

NetLocalGroupAddMembers
NetLocalGroupDel
NetLocalGroupAdd
NetLocalGroupGetInfo
NetLocalGroupGetMembers
NetLocalGroupDelMembers

netutils

NetApiBufferFree

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rasphone.exe
.exe windows:10 windows x64 arch:x64

bafee5a15041b808dad2d2fdf7d204f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rasphone.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

kernel32

FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
FormatMessageW
GetModuleFileNameW
ActivateActCtx
DeactivateActCtx
CreateActCtxW
GetModuleHandleW
GetProcAddress
HeapSetInformation
lstrlenA
ReleaseActCtx
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
CloseHandle
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalFree
LocalFree
GlobalReAlloc
CompareStringW

msvcrt

__argv
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__argc
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
__setusermatherr
memcpy
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
_wtol
NtQueryInformationToken
_vsnwprintf

rtutils

TracePrintfExA
TraceDeregisterExA
TraceRegisterExA

user32

CharNextW
CharPrevW
LoadStringW
MessageBoxW

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpclip.exe
.exe windows:10 windows x64 arch:x64

e0421433defcad674f59db8672487c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdpclip.pdb

Imports

user32

MsgWaitForMultipleObjectsEx
PostThreadMessageW
UnregisterClassW
IsClipboardFormatAvailable
GetWindowThreadProcessId
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
GetClipboardOwner
UnionRect
CharNextA
CharPrevA
GetClipboardFormatNameW
ChangeDisplaySettingsExW
GetMessageW
GetWindowRect
IsWindowVisible
EqualRect
EnumChildWindows
EnumDisplayMonitors
IsWindow
CloseDesktop
DispatchMessageW
SetTimer
GetMonitorInfoW
GetLayeredWindowAttributes
IsChild
EnumWindows
TranslateMessage
GetUserObjectInformationW
SetRectEmpty
GetClientRect
KillTimer
GetDesktopWindow
OpenDesktopW
GetParent
GetAncestor
GetWindowRgn
GetWindowTextW
MonitorFromWindow
OffsetRect
CopyRect
ClientToScreen
IntersectRect
GetClassNameW
SetRect
DestroyWindow
SendMessageW
RegisterClipboardFormatW
GetSystemMetrics
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterDeviceNotificationW
RegisterClassW
UnregisterDeviceNotification
LoadStringW
DefWindowProcW
PostMessageW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
RegisterClassExW
PeekMessageW
LoadCursorW
PostQuitMessage
SystemParametersInfoW
SetWinEventHook
GetClassInfoExW
GetWindowTextLengthW
UnhookWinEvent

msvcrt

?terminate@@YAXXZ
memset
memmove
malloc
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
wcschr
free
__setusermatherr
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcsrchr
swprintf_s
_vscwprintf
_wcsnicmp
__CxxFrameHandler4
_initterm
_acmdln
memcpy
memcmp
_CxxThrowException
_fmode
_commode
_lock
_XcptFilter
_callnewh
_unlock
__dllonexit
__C_specific_handler
_errno
_wcsicmp
_wsplitpath_s
_wmakepath_s
memmove_s
_purecall
memcpy_s
_vsnwprintf
_onexit
isalpha
_strnicmp
wcsnlen
strnlen
_amsg_exit
??1type_info@@UEAA@XZ
__CxxFrameHandler3
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibraryAndExitThread
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
CreateEventW
ReleaseMutex
CreateEventExW
ReleaseSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseSemaphore
OpenSemaphoreW
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexW
ReleaseSRWLockShared
SetEvent
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSetInformation
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
TlsGetValue
OpenThread
SwitchToThread
GetStartupInfoW
CreateThread
GetCurrentProcess
TlsAlloc
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
QueueUserAPC
ProcessIdToSessionId
TlsSetValue
OpenProcessToken
TlsFree

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte
FormatMessageW
GetCPInfo

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetModuleFileNameExW

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFileEx
WriteFile
SetFilePointerEx
QueryDosDeviceW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetTempFileNameW
DefineDosDeviceW
DeleteFileW
GetFileInformationByHandle
CreateDirectoryW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitializeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-security-isolatedcontainer-l1-1-1

IsProcessInWDAGContainer

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW

rpcrt4

RpcStringBindingParseW
RpcBindingToStringBindingW
NdrServerCall2
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerRegisterIfEx
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
NdrServerCallAll
RpcStringFreeW
RpcBindingInqAuthClientW

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid
DestroyPrivateObjectSecurity
GetTokenInformation
GetLengthSid
CopySid

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
InitOnceInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

NtCreateFile
EtwEventActivityIdControl
RtlNtStatusToDosError
NtClose
RtlMultiByteToUnicodeN
RtlInitUnicodeString

gdi32

DeleteEnhMetaFile
GetStockObject
DeleteMetaFile
ExtEscape
DeleteDC
CreateDCW
GetRgnBox
CombineRgn
DeleteObject
GetRegionData
CreateRectRgn
OffsetRgn
EqualRgn
CreateRectRgnIndirect
SetRectRgn
GetObjectW
GetPaletteEntries
CreatePalette
CreateMetaFileW
SetMetaFileBitsEx
GetMetaFileBitsEx
CloseMetaFile
PlayMetaFile

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
LocalFree
GlobalFree

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

api-ms-win-core-namedpipe-l1-1-0

DisconnectNamedPipe
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-path-l1-1-0

PathCchCanonicalize

Sections

.text
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdpinput.exe
.exe windows:10 windows x64 arch:x64

224fd90eecbc5c37e4d8d6d4947c54cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdpinput.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventActivityIdControl
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW

kernel32

OpenThread
DebugBreak
CreateSemaphoreW
GetProcessHeap
SwitchToThread
HeapAlloc
GetSystemInfo
OutputDebugStringW
InitializeCriticalSection
HeapFree
GetModuleFileNameA
LocalAlloc
WaitForMultipleObjects
SetLastError
CreateMutexExW
CreateSemaphoreExW
HeapSetInformation
GetCommandLineW
GetCurrentProcess
DuplicateHandle
OpenProcess
CloseHandle
CreateMutexW
GetModuleHandleExA
IsDebuggerPresent
FreeLibrary
GetLastError
ReleaseMutex
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
WaitForSingleObject
OpenEventW
CreateEventW
SetEvent
CreateThread
LocalFree
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
ResetEvent
DeleteCriticalSection
GetModuleHandleExW
WaitForSingleObjectEx
FreeLibraryAndExitThread
QueueUserAPC
ReadFileEx
ProcessIdToSessionId
CancelIo
WriteFile
GetOverlappedResult
LoadLibraryExW
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
GetCurrentThread
QueryPerformanceFrequency
SetWaitableTimer
CreateWaitableTimerExW
GetVersionExW
FormatMessageW
GetProcAddress
OpenSemaphoreW

user32

ScreenToClient
SystemParametersInfoW
CloseDesktop
OpenInputDesktop
SetThreadDesktop
DispatchMessageW
SendInput
GetSystemMetrics
PostMessageW
SetWindowLongPtrW
DefWindowProcW
CreateWindowExW
GetWindowLongPtrW
GetClassInfoExW
LoadCursorW
DestroyWindow
PeekMessageW
MsgWaitForMultipleObjectsEx
UnregisterClassW
PostQuitMessage
RegisterClassExW
PostThreadMessageW

msvcrt

_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_wtoi64
_wtoi
wcsstr
memset
memcpy
memcpy_s
_vsnwprintf
__CxxFrameHandler3

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlMultiByteToUnicodeN

winsta

WinStationIsSessionRemoteable
WinStationVirtualOpenEx

wtsapi32

WTSVirtualChannelOpen
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSFreeMemory

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdrleakdiag.exe
.exe windows:10 windows x64 arch:x64

bbaeddb424d5e6ad0fea37aaae4fa16c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rdrleakdiag.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__cexit
memcpy
_o__wcsicmp
_o__wtol
_o_exit
_o_qsort
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o___p__commode
_o___p___wargv
_o___p___argc
wcsrchr

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-file-l1-1-0

CreateFileW
CreateDirectoryW
SetFilePointer
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
WriteFile

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSetInformation
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
SetProcessShutdownParameters
GetCurrentProcess
GetProcessTimes
GetProcessId
OpenProcessToken

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
GetProcessMitigationPolicy

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
ReadProcessMemory
MapViewOfFile
CreateFileMappingW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
GetModuleFileNameW
LoadStringW
GetModuleHandleW
FreeLibrary

api-ms-win-core-memory-l1-1-3

SetProcessValidCallTargets

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

ntdll

NtWaitForSingleObject
NtResetEvent
EtwEventRegister
NtQueryInformationThread
RtlFreeHeap
NtCreateMutant
NtSetEvent
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosError
NtCreateEvent
NtReleaseMutant
NtDuplicateObject
RtlCreateProcessReflection
NtClose
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
NtOpenProcess
RtlEqualUnicodeString
RtlInitUnicodeString
EtwEventUnregister
NtCreateThreadEx

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readCloudDataSettings.exe
.exe windows:10 windows x64 arch:x64

952778e7951347b92084f804a66ed621

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

readCloudDataSettings.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsnicmp
_o_abort
_o_exit
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_towlower
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___acrt_iob_func
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
SetEvent
CreateEventExW
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoCreateFreeThreadedMarshaler

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

oleaut32

SysAllocString
SysStringLen
GetErrorInfo
SetErrorInfo
SysFreeString

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
recdisc.exe
.exe windows:10 windows x64 arch:x64

a2042075d402c99a2a280af40042a5ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recdisc.pdb

Imports

user32

ShowWindow
MessageBoxW
EndDialog
GetLastActivePopup
SetFocus
IsWindow
LoadIconW
ChangeWindowMessageFilterEx
RegisterWindowMessageW
SetWindowLongPtrW
GetWindowLongPtrW
DialogBoxParamW
GetDlgItem
DestroyIcon
SendMessageW
GetSystemMetrics
EnableWindow
PostMessageW
SetWindowTextW
GetWindowLongW

msvcrt

_vscwprintf
iswspace
memmove
memcpy
memcmp
wcsstr
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
_wcsnicmp
wcschr
_vsnwprintf
memset

oleaut32

SysFreeString
SysAllocStringLen
DispCallFunc
SysStringLen
VariantClear
LoadRegTypeLi
SysAllocString

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
CreateDirectoryW
CreateFileW
FindClose
GetVolumePathNameW
GetLogicalDriveStringsW
GetFileAttributesW
FindNextFileW
GetDriveTypeW
GetDiskFreeSpaceExW
FindFirstFileW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoCreateGuid
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
OpenProcessToken
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetCurrentProcess
TlsAlloc
GetCurrentThreadId
CreateThread
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW
FreeLibrary
LoadLibraryExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetFileMUIPath

api-ms-win-eventing-controller-l1-1-0

ControlTraceW
EnableTraceEx2
StartTraceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

DuplicateToken
CreateWellKnownSid
CheckTokenMembership
GetTokenInformation

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
EnterCriticalSection

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

shell32

SHParseDisplayName
ord155
SHGetFileInfoW
SHGetDesktopFolder
CommandLineToArgvW

shlwapi

StrRetToBufW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx

ntdll

WinSqmAddToStream
NtQuerySystemInformation
RtlGetLastNtStatus
EtwTraceMessage
NtQueryInformationFile
NtSetInformationFile
RtlNtStatusToDosError

comctl32

ImageList_Destroy
ord345
ImageList_ReplaceIcon
ord344
ImageList_Create

bcd

BcdOpenObject
BcdOpenSystemStore
BcdGetElementData

reagent

WinReGetConfig

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
recover.exe
.exe windows:10 windows x64 arch:x64

15ec0ace85d3228adcc66943670ef7d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

recover.pdb

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

ulib

??1PATH_ARGUMENT@@UEAA@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@XZ
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?QueryFullPath@PATH@@QEBAPEAV1@XZ
?Display@MESSAGE@@QEAAEPEBDZZ
Get_Standard_Output_Stream
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1OBJECT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
??0STREAM_MESSAGE@@QEAA@XZ
??1STREAM_MESSAGE@@UEAA@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
??0STRING_ARGUMENT@@QEAA@XZ
??0PATH_ARGUMENT@@QEAA@XZ
?Initialize@STREAM_MESSAGE@@QEAAEPEAVSTREAM@@00@Z
?Set@STREAM_MESSAGE@@UEAAEKW4MESSAGE_TYPE@@K@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
Get_Standard_Input_Stream
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z

ifsutil

?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

HeapSetInformation
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
refsutil.exe
.exe windows:10 windows x64 arch:x64

3dee2855457795a8df5ddb338d1f718e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

refsutil.pdb

Imports

msvcp_win

??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
_Thrd_join
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uncaught_exceptions@std@@YAHXZ
?_Throw_Cpp_error@std@@YAXH@Z
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
_Query_perf_frequency
_Thrd_hardware_concurrency
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
_Mtx_init_in_situ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_counter
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Mtx_destroy_in_situ

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
memmove
_o__wtoi
_o__wtol
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_qsort
_o_rand
_o_terminate
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o__beginthreadex
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o__exit
_o___p___argc
_o__errno
_o___acrt_iob_func
wcsrchr
wcschr
__CxxFrameHandler3
_o____lc_codepage_func
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsnlen
wcsncmp
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleMode

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
CreateMutexW
CreateEventW
AcquireSRWLockExclusive
InitializeCriticalSectionEx
ReleaseMutex
CancelWaitableTimer
OpenSemaphoreW
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
SetWaitableTimer
CreateWaitableTimerExW
WaitForMultipleObjectsEx
ResetEvent
InitializeSRWLock
LeaveCriticalSection
CreateEventExW
SetEvent
ReleaseSRWLockExclusive
CreateMutexExW
CreateMutexA
CreateEventA
AcquireSRWLockShared
WaitForSingleObjectEx
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TlsFree
TerminateProcess
CreateThread
ExitProcess
OpenProcessToken

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-com-l1-1-0

CoCreateGuid

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpool
CloseThreadpoolCleanupGroup
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CreateThreadpoolCleanupGroup
TrySubmitThreadpoolCallback
SetThreadpoolThreadMaximum

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
InterlockedFlushSList

api-ms-win-core-perfcounters-l1-1-0

PerfDeleteInstance

api-ms-win-core-file-l1-1-0

CreateDirectoryW
ReadFile
GetFileSize
SetFileInformationByHandle
WriteFile
GetVolumePathNameW
GetVolumeInformationW
CreateFileW
GetFileType
SetEndOfFile
SetFilePointerEx
FindFirstFileExW
GetFileTime
GetDiskFreeSpaceW
GetFinalPathNameByHandleW
GetDiskFreeSpaceExW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
FlushFileBuffers
GetFileAttributesExW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-io-l1-1-0

GetQueuedCompletionStatus
CreateIoCompletionPort
DeviceIoControl
PostQueuedCompletionStatus
GetOverlappedResult
CancelIoEx

api-ms-win-security-base-l1-1-0

CheckTokenMembership
FreeSid
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid

ntdll

RtlAcquireSRWLockShared
DbgPrintEx
RtlFreeUnicodeString
RtlSetBits
RtlClearBits
RtlInitializeResource
RtlInitializeSRWLock
RtlAcquireSRWLockExclusive
NtQuerySystemTime
RtlDeleteResource
RtlIsNameInExpression
RtlClearAllBits
RtlFindSetBits
RtlTryAcquireSRWLockShared
RtlTryAcquireSRWLockExclusive
RtlAreBitsClear
RtlFindClearBits
RtlSetBit
RtlClearBit
RtlSetAllBits
NtDeviceIoControlFile
RtlAcquireResourceExclusive
RtlReleaseResource
RtlAcquireResourceShared
RtlConvertExclusiveToShared
RtlDeleteHashTable
RtlInitEnumerationHashTable
RtlEnumerateEntryHashTable
RtlRemoveEntryHashTable
RtlEndEnumerationHashTable
RtlCreateHashTableEx
RtlExtractBitMap
RtlInitStrongEnumerationHashTable
RtlStronglyEnumerateEntryHashTable
RtlEndStrongEnumerationHashTable
RtlReleaseSRWLockExclusive
RtlLookupEntryHashTable
RtlInsertEntryHashTable
RtlCopyMemoryNonTemporal
RtlCopyBitMap
RtlWakeConditionVariable
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
TpSetTimer
TpAllocTimer
TpWaitForTimer
TpReleaseTimer
RtlUpcaseUnicodeString
NtWriteFile
RtlNumberOfSetBitsInRange
NtReadFile
RtlNumberOfClearBits
RtlNumberOfSetBits
RtlIsNameInUnUpcasedExpression
RtlImpersonateSelf
RtlAdjustPrivilege
RtlTestBit
RtlInitializeBitMap
RtlGetLastNtStatus
RtlAreBitsSet
RtlDoesFileExists_U
NtQueryDirectoryFile
RtlCreateSystemVolumeInformationFolder
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtSetInformationFile
NtOpenFile
NtCreateFile
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
RtlIsZeroMemory
RtlReleaseSRWLockShared

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask
GetActiveProcessorCount

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
UnmapViewOfFile
VirtualAlloc
MapViewOfFile

api-ms-win-core-file-l1-2-4

GetTempPath2W

rpcrt4

UuidCreate

api-ms-win-core-file-l2-1-1

OpenFileById

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

bcrypt

BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
reg.exe
.exe windows:10 windows x64 arch:x64

1085bd82b37a225f6d356012d2e69c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

reg.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__fileno
_o__get_initial_wide_environment
_o__get_osfhandle
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__memicmp
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__crt_atexit
_o__wcstoui64
_o_exit
_o_fflush
_o_getwchar
_o_terminate
_o_wcstol
_o_wcstoul
__current_exception
__current_exception_context
_o___stdio_common_vswprintf
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o___stdio_common_vfprintf
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExA
RegGetValueW
RegLoadKeyW
RegUnLoadKeyW
RegFlushKey
RegRestoreKeyW
RegSaveKeyExW
RegDeleteValueW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetTempFileNameW
DeleteFileW
GetFileType
WriteFile
SetFilePointer
GetFileSize
ReadFile
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SearchPathW

api-ms-win-core-string-l2-1-0

IsCharAlphaNumericW
CharNextW
CharUpperW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FindStringOrdinal
GetModuleHandleW
LoadStringW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrToIntW
StrDupW
StrChrW

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW

ntdll

NtQueryKey
NtSetInformationKey

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
GetThreadLocale
FormatMessageW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
WriteConsoleW
GetConsoleMode

api-ms-win-core-heap-l1-1-0

HeapFree
HeapValidate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapSize

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regedt32.exe
.exe windows:10 windows x64 arch:x64

a3060ec916831020104fae5bc9414975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regedt32.pdb

Imports

kernel32

GetModuleHandleA
GetCommandLineA
HeapSetInformation
GetWindowsDirectoryA
GetStartupInfoA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
Sleep
GetTickCount

msvcrt

_commode
?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter

shell32

ShellExecuteA

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regini.exe
.exe windows:10 windows x64 arch:x64

59eadf2e64b87e9c2b8f545b5e2b4a03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regini.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetValueExW
RegOpenKeyExW
RegConnectRegistryW
RegDeleteValueW
IsTextUnicode

kernel32

CreateFileW
VirtualAlloc
VirtualFree
SetLastError
CloseHandle
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
GetFileSize
GetProcessHeap
CopyFileW
GetFileTime
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
GetStdHandle
RtlCompareMemory
GetLastError
MultiByteToWideChar
HeapFree
Sleep
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter

msvcrt

memmove
wcstoul
iswctype
_vsnwprintf
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
tolower
exit
_fileno
__iob_func
_wcsicmp
wcscpy_s
strcpy_s
wcschr
_wcsnicmp
vfprintf
_isatty
memset
_stricmp
atoi

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlSetDaclSecurityDescriptor
NtOpenKey
RtlFreeUnicodeString
NtLoadKey
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U
NtFlushKey
NtClose
RtlAdjustPrivilege
RtlFormatCurrentUserKeyPath
NtUnloadKey
RtlNtStatusToDosError
RtlCreateSecurityDescriptor
RtlInitializeSid
RtlAllocateHeap
RtlSubAuthoritySid
RtlGetAce
RtlAddAce
RtlLengthSid
RtlLengthRequiredSid
RtlCopySid
RtlFreeHeap
RtlCreateAcl
RtlEqualSid
RtlGetDaclSecurityDescriptor
RtlVirtualUnwind

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
regsvr32.exe
.exe windows:10 windows x64 arch:x64

939d090d03567fad6f1ac6f2c641a4b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

regsvr32.pdb

Imports

msvcrt

wprintf
__setusermatherr
_initterm
__C_specific_handler
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
wcsncpy_s
strcat_s
__wargv
?terminate@@YAXXZ
exit
_fmode
swprintf_s
wcscat_s
wcscpy_s
_wsplitpath_s
__argc
_commode
memset

ntdll

RtlCaptureContext
EtwEventWriteNoRegistration
RtlWow64IsWowGuestMachineSupported
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetErrorMode
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
LoadLibraryExW
LoadLibraryExA
GetModuleHandleW
FreeLibrary
GetProcAddress

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-file-l1-1-0

SetFilePointer
CreateFileW
ReadFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-misc-l1-1-0

lstrcmpW
LocalAlloc
LocalFree

api-ms-win-core-wow64-l1-1-1

IsWow64Process2
GetSystemWow64Directory2W

api-ms-win-core-wow64-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rekeywiz.exe
.exe windows:10 windows x64 arch:x64

2d39e9413bd47309718b763e13774fcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rekeywiz.pdb

Imports

advapi32

SetUserFileEncryptionKeyEx
AddUsersToEncryptedFileEx
CryptSetProvParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

CloseHandle
DeleteFileW
LocalFree
GetCurrentDirectoryW
GetLastError
LocalAlloc
SetCurrentDirectoryW
ExpandEnvironmentStringsW
CreateFileW
SetErrorMode
LoadLibraryW
CreateMutexW
GetProcessHeap
HeapSetInformation
FreeLibrary
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
LocalReAlloc
GetLogicalDriveStringsW
GetVolumeInformationW
GetDriveTypeW
WriteFile
GetTickCount
GetDateFormatW
CreateThread
FormatMessageW
FileTimeToLocalFileTime
FileTimeToSystemTime

user32

SetDlgItemTextW
GetFocus
IsWindow
SetFocus
GetDlgItemTextW
MessageBoxW
SetWindowLongW
ShowWindow
LoadIconW
GetParent
PostMessageW
SendDlgItemMessageW
LoadCursorW
SendMessageW
GetDlgItem
EnableWindow
DestroyIcon
SetWindowLongPtrW
LoadStringW
ScreenToClient
GetMessagePos
InvalidateRect
SetCursor
MessageBoxExW

msvcrt

_wcsicmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_vsnwprintf
_cexit
_exit
memset
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
memcpy
memcmp
_initterm
__setusermatherr
_ismbblead
exit
wcscmp

efsadu

EfsUIUtilCheckScardStatus
EfsUIUtilPromptForPinDialog
EfsUIUtilCreateSelfSignedCertificate
EfsUIUtilEnrollEfsCertificateEx

crypt32

CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CertCloseStore
CertOpenStore

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

api-ms-win-core-com-l1-1-0

CoTaskMemFree

mpr

WNetGetResourceInformationW
WNetGetProviderNameW

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

efsutil

EfsUtilCheckCurrentKeyCapabilities
EfsUtilGetSmartcardProviderName
EfsUtilGetCurrentUserInformation
EfsUtilGetCertContextFromCertHash
EfsUtilGetCurrentKey
EfsUtilApplyGroupPolicy

comctl32

PropertySheetW
ord345

comdlg32

CommDlgExtendedError
GetSaveFileNameW

cryptui

CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW
CryptUIWizExport

ntdll

RtlAllocateHeap
NtQueryInformationFile
RtlRandomEx
RtlFreeHeap

shell32

ShellExecuteW
SHGetFolderPathW
SHCreateItemFromParsingName

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
relog.exe
.exe windows:10 windows x64 arch:x64

fb8ee34a945ac23f2c29fed831421a52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

relog.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo_noreturn
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o__wfsopen
_o__wmakepath_s
_o__wsplitpath_s
_o_exit
_o_fclose
_o_fgetws
_o_free
_o_malloc
_o_terminate
_o_wcstod
_o_wcstok_s
_o_wcstol
__current_exception
__current_exception_context
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcsstr
wcschr
__C_specific_handler
__CxxFrameHandler4

api-ms-win-core-file-l1-1-0

ReadFile
FindFirstFileW
WriteFile
GetFileType
FindClose
CreateFileW
FindNextFileW
DeleteFileW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-console-l1-1-0

SetConsoleMode
ReadConsoleW
WriteConsoleW
GetConsoleOutputCP
GetConsoleMode

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadStringW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
SetThreadUILanguage

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

UuidCreate

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

pdh

PdhBindInputDataSourceW
PdhParseCounterPathW
PdhRelogW
PdhCloseLog
PdhEnumObjectsHW
PdhEnumObjectItemsHW
PdhAddCounterW
PdhGetDataSourceTimeRangeH
PdhGetLogFileTypeW
PdhMakeCounterPathW
PdhOpenQueryH
PdhValidatePathExW
PdhExpandWildCardPathHW
PdhEnumMachinesHW

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
repair-bde.exe
.exe windows:10 windows x64 arch:x64

c367e5351e6b578f24e96ce56960c8a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

repair-bde.pdb

Imports

advapi32

EventRegister
EventSetInformation
EventWriteTransfer
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
EventUnregister

kernel32

HeapFree
ExpandEnvironmentStringsW
WriteFile
DeviceIoControl
SetFilePointerEx
VirtualAlloc
VirtualFree
ReadConsoleW
FindFirstFileW
FindClose
GetVolumeNameForVolumeMountPointW
GetLogicalDrives
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
SetEndOfFile
DeleteFileW
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
SetConsoleCursorPosition
WriteConsoleW
InitOnceExecuteOnce
HeapAlloc
SetConsoleMode
GetConsoleMode
GetStdHandle
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
LocalFree
FormatMessageW
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
GetLastError
HeapSetInformation
GetFileAttributesW
GetModuleFileNameW

msvcrt

_cexit
__setusermatherr
_vsnwprintf
_wsetlocale
wprintf
__C_specific_handler
_wcsicmp
_wcsnicmp
iswalpha
towupper
_purecall
free
malloc
_callnewh
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
swprintf_s
memcmp
memcpy
?terminate@@YAXXZ
_commode
_fmode
_exit
exit
_initterm
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlSetThreadErrorMode
RtlNtStatusToDosError
RtlVirtualUnwind

bderepair

FveCreateRestoreContext
FveSupplyKeyPackage
FveSupplyWatermark
FveSupplyInformationBlock
FveAuthWithPasswordW
FveAuthWithKey
FveAuthWithClearKey
FveAuthWithPassphraseW
FveGetMetadataFromRestoreContext
FveGetConvLogOffset
FveLoadConvLog
FveGetInterruptedRangeOffset
FveRecoverBlock
FveDecryptData
FveDestroyRestoreContext

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d912785ee3106afa32d10c36e887032f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

msvcrt

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

ntdll

imm32

ninput

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.pdata Size: 4KB - Virtual size: 624B

.didat Size: 4KB - Virtual size: 32B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 76B

7da48a208498a9fa7b90d053471c59d9

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ws2_32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 516B

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 4KB - Virtual size: 52B

17f5437822db9af8e58ae3971b905f6c

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 624B

.didat
Size: 4KB - Virtual size: 32B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 76B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

9c:ca:e9:51:cf:79:1d:48:3d:b8:b6:c2:0e:56:15:29:45:7f:6a:d3:00:84:9f:63:13:fa:f5:c6:09:8f:fa:9a
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 516B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 52B

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f5:ea:c6:d9:80:4a:12:b8:17:7c:2d:5a:d9:b5:9d:76:9b:7e:27:bd:04:66:2a:30:b6:e5:de:dc:d6:16:06:28
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 492B

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 4KB - Virtual size: 52B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 696B