System32Problems7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

System32Problems7.zip
Size

12.3MB
MD5

32cf2ee0d072106622af68619936241f
SHA1

325600c7c03603877ddfe1b59dda9f039480871d
SHA256

03d015e091f527695e840cd8427e6497b4a644f01ceb26c9655b508f451c01c5
SHA512

c2ac80c9442dd445c7ec5bb35626bc9beced16fc6f44b58af1ad280ad8025bd15e020fb4cc4c46e8f6fc182fb5ce3b4d8c16f31ac93de40eaf6a25fa9ae000f8
SSDEEP

393216:hzUBSeWIiaJhuO1lvc+VVwFU4WRz2xPvmIfZRrJBH75U:RCWIiavreU9RzWT3NZ75U

Score

3^/10

Malware Config

Signatures

Unsigned PE 76 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ACPBackgroundManagerPolicy.dll
unpack001/AJRouter.dll
unpack001/APHostClient.dll
unpack001/APHostRes.dll
unpack001/APHostService.dll
unpack001/APMon.dll
unpack001/APMonUI.dll
unpack001/AarSvc.dll
unpack001/AboveLockAppHost.dll
unpack001/AcLayers.dll
unpack001/AcSpecfc.dll
unpack001/AcWinRT.dll
unpack001/AcXtrnal.dll
unpack001/AccountsRt.dll
unpack001/ActionCenter.dll
unpack001/ActionCenterCPL.dll
unpack001/ActivationClient.dll
unpack001/ActivationManager.dll
unpack001/ActiveSyncCsp.dll
unpack001/ActiveSyncProvider.dll
unpack001/AdaptiveCards.dll
unpack001/AddressParser.dll
unpack001/AdvancedEmojiDS.dll
unpack001/Analog.Shell.Broker.dll
unpack001/AnalogCommonProxyStub.dll
unpack001/ApiSetHost.AppExecutionAlias.dll
unpack001/AppExtension.dll
unpack001/AppInstallerPrompt.Desktop.dll
unpack001/AppListBackupLauncher.dll
unpack001/AppLockerCSP.dll
unpack001/Apphlpdm.dll
unpack001/ApplicationControlCSP.dll
unpack001/ApplicationFrame.dll
unpack001/ApplicationTargetedFeatureDatabase.dll
unpack001/WSManHTTPConfig.exe
unpack001/WSReset.exe
unpack001/WUDFHost.exe
unpack001/XblGameSaveTask.exe
unpack001/aadauthhelper.dll
unpack001/aadcloudap.dll
unpack001/aadjcsp.dll
unpack001/aadtb.dll
unpack001/accessibilitycpl.dll
unpack001/accountaccessor.dll
unpack001/acledit.dll
unpack001/aclui.dll
unpack001/acppage.dll
unpack001/acproxy.dll
unpack001/activeds.dll
unpack001/actxprxy.dll
unpack001/adhapi.dll
unpack001/adhsvc.dll
unpack001/adprovider.dll
unpack001/adsldp.dll
unpack001/adsldpc.dll
unpack001/adsmsext.dll
unpack001/adsnt.dll
unpack001/adtschema.dll
unpack001/advapi32res.dll
unpack001/advpack.dll
unpack001/aeevts.dll
unpack001/agentactivationruntime.dll
unpack001/agentactivationruntimewindows.dll
unpack001/amsi.dll
unpack001/amsiproxy.dll
unpack001/amstream.dll
unpack001/apds.dll
unpack001/apisampling.dll
unpack001/appidsvc.dll
unpack001/appinfo.dll
unpack001/appinfoext.dll
unpack001/wsmprovhost.exe
unpack001/wsqmcons.exe
unpack001/wusa.exe
unpack001/xcopy.exe
unpack001/xwizard.exe

Files

System32Problems7.zip
.zip
07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:2d:5b:e8:49:7a:b4:2e:7f:7b:84:3b:88:ee:f9:c4:09:93:03:cd:41:43:79:4d:35:9c:5a:d4:d6:9e:2b:95
Signer

Actual PE Digest

43:2d:5b:e8:49:7a:b4:2e:7f:7b:84:3b:88:ee:f9:c4:09:93:03:cd:41:43:79:4d:35:9c:5a:d4:d6:9e:2b:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.pdb

Sections

.rdata
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0ae3b998-9a38-4b72-a4c4-06849441518d_Servicing-Stack.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:8f:03:94:af:22:11:a4:63:e6:f3:f4:42:21:a4:bf:97:f2:b6:b5:4a:35:1a:3c:94:14:ac:8d:26:42:49:b2
Signer

Actual PE Digest

a0:8f:03:94:af:22:11:a4:63:e6:f3:f4:42:21:a4:bf:97:f2:b6:b5:4a:35:1a:3c:94:14:ac:8d:26:42:49:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

0ae3b998-9a38-4b72-a4c4-06849441518d_Servicing-Stack.pdb

Sections

.rdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4545ffe2-0dc4-4df4-9d02-299ef204635e_hvsocket.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:91:8e:8b:cf:27:5c:3e:40:f1:51:be:3c:ba:47:f1:e7:58:8f:b6:ee:7f:08:f2:1b:9a:b1:51:d4:39:88:7d
Signer

Actual PE Digest

66:91:8e:8b:cf:27:5c:3e:40:f1:51:be:3c:ba:47:f1:e7:58:8f:b6:ee:7f:08:f2:1b:9a:b1:51:d4:39:88:7d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

4545ffe2-0dc4-4df4-9d02-299ef204635e_hvsocket.pdb

Sections

.rdata
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:66:47:53:d1:55:10:03:28:88:67:37:23:54:57:12:bb:c5:c4:d8:b5:04:23:fd:6f:2e:3f:d7:2a:e3:b2:3d
Signer

Actual PE Digest

ed:66:47:53:d1:55:10:03:28:88:67:37:23:54:57:12:bb:c5:c4:d8:b5:04:23:fd:6f:2e:3f:d7:2a:e3:b2:3d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

69fe178f-26e7-43a9-aa7d-2b616b672dde_EventLogService.pdb

Sections

.rdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:ef:a3:e5:7c:d1:45:d3:be:10:ef:63:5e:8c:ef:ca:a2:81:d0:1e:09:d6:0e:1c:90:37:3b:5a:fd:cd:2e:7e
Signer

Actual PE Digest

ec:ef:a3:e5:7c:d1:45:d3:be:10:ef:63:5e:8c:ef:ca:a2:81:d0:1e:09:d6:0e:1c:90:37:3b:5a:fd:cd:2e:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

6bea57fb-8dfb-4177-9ae8-42e8b3529933_RuntimeDeviceInstall.pdb

Sections

.rdata
Size: 4KB - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ACPBackgroundManagerPolicy.dll
.dll windows:10 windows x64 arch:x64

eacd31322b05ebe07f24badc4df282dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ACPBackgroundManagerPolicy.pdb

Imports

msvcrt

_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler4
??0exception@@QEAA@AEBQEBD@Z
memmove
__dllonexit
__CxxFrameHandler3
_CxxThrowException
_callnewh
free
malloc
??_V@YAXPEAX@Z
_purecall
_onexit
_vsnprintf_s
??1type_info@@UEAA@XZ
memcmp
memcpy
??0exception@@QEAA@AEBV0@@Z
_ui64tow_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?terminate@@YAXXZ
memmove_s
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
??0exception@@QEAA@AEBQEBDH@Z
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
CreateSemaphoreExW
ResetEvent
CreateMutexExW
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockShared
ReleaseSemaphore
AcquireSRWLockShared
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
CreateEventW
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetProcessId
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringLen
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW

ntdll

NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlQueryTokenHostIdAsUlong64
RtlAllocateHeap
RtlFreeHeap
NtDeleteWnfStateName
NtCreateWnfStateName
RtlPublishWnfStateData
RtlInitUnicodeString
RtlValidSid
RtlLengthSid
RtlCopySid
RtlEqualSid
RtlQueryPackageClaims
RtlNtStatusToDosError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmGetPackageFullNameFromKey
PsmGetKeyFromProcess
PsmGetApplicationNameFromKey

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

rmclient

RmAcquireResources
RmAccessCheck
RmReleaseResources
HamSetExternalResourcePriority
HamDisconnectFromServer
HamConnectToServer
HamResetExternalResourcePriority
RmGetNotification
HamPopulateActivityProperties
HamCreateActivity
HamStartActivityAsync
HamCloseActivity
HamStopActivity
RmRegisterResource

resourcepolicyclient

CreateResourcePolicyStoreClient

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcEpRegisterW
RpcEpUnregister
RpcServerUnregisterIf
RpcServerInqBindings
RpcBindingVectorFree
RpcServerRegisterIf3
NdrServerCallAll
NdrServerCall2
RpcServerUseProtseqW

api-ms-win-appmodel-runtime-l1-1-0

PackageFamilyNameFromFullName

api-ms-win-core-quirks-l1-1-1

QuirkIsEnabledForPackage3

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AJRouter.dll
.dll windows:10 windows x64 arch:x64

271ed6be2b719a2dd199a26d9a18977e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AJRouter.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_stricmp
_vsnprintf
sscanf_s
memset

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueA

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
SetEvent
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

msajapi

ord10
ord13
ord18
ord12
ord11

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APHostClient.dll
.dll windows:10 windows x64 arch:x64

ce981d1c76394b9db32ba7d7cf1011da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APHostClient.pdb

Imports

msvcrt

memcpy
_vsnwprintf
_onexit
_unlock
_lock
_initterm
_strnicmp
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__C_specific_handler
memcpy_s
__dllonexit
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
EnterCriticalSection

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
OpenThreadToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetLengthSid
CopySid

rpcrt4

Ndr64AsyncClientCall
NdrClientCall3
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcBindingFree
RpcExceptionFilter
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
RpcSsDestroyClientContext
RpcStringFreeW
RpcBindingFromStringBindingW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

ApHostServerStatus_EnsureServerReady
CreateAPHostClient

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APHostRes.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
APHostService.dll
.dll windows:10 windows x64 arch:x64

591146b84eed55a14388ac6af7cac98c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APHostService.pdb

Imports

msvcrt

__dllonexit
memmove
_lock
__CxxFrameHandler3
_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
_callnewh
malloc
_vscwprintf
wcsnlen
??1type_info@@UEAA@XZ
free
_strnicmp
_purecall
wcscpy_s
_onexit
memcpy
_aligned_malloc
memcpy_s
_vsnwprintf
_aligned_free
memcmp
_unlock
memset

ntdll

RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlReportException
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetDeviceFamilyInfoEnum

networkhelper

ReleasePowerDependencyCoordinatorManager
CheckPdcRenewal
InitializePowerDependencyCoordinatorManager

userdataplatformhelperutil

??0Deserializer@Comms@@QEAA@PEBE0_N1@Z
??1Deserializer@Comms@@QEAA@XZ
??0CalculateSize@Comms@@QEAA@_N0@Z
??0SerializeBuffer@Comms@@QEAA@AEBVCalculateSize@1@_N1@Z
?CopyBytesOut@Deserializer@Comms@@QEAA_NPEAX_KAEBVtype_info@@@Z
?GetBuffer@SerializeBuffer@Comms@@QEBAPEBV?$vector@EV?$allocator@E@utl@@@utl@@XZ
GenerateUserModeServiceName
GetCombinedTransientObjectSecurityDescriptor
?Initialize@SerializeBuffer@Comms@@QEAA_NXZ

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
DisableThreadLibraryCalls

rpcrt4

NdrServerCall2
NdrServerCallAll
NdrAsyncServerCall
RpcServerUseProtseqW
RpcEpRegisterW
RpcServerInterfaceGroupClose
RpcServerRegisterAuthInfoW
RpcExceptionFilter
RpcStringFreeW
NdrMesTypeDecode3
RpcEpUnregister
RpcServerRegisterIf3
NdrMesTypeEncode3
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
MesHandleFree
Ndr64AsyncServerCallAll
RpcServerInqDefaultPrincNameW
RpcSsContextLockExclusive
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerUnregisterIf
RpcServerInqBindings
RpcServerUnregisterIfEx

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
InitOnceBeginInitialize
WakeAllConditionVariable
InitOnceComplete
Sleep

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegDeleteValueW
RegQueryInfoKeyW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateEventW
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateSemaphoreExW
OpenSemaphoreW
LeaveCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockExclusive
WaitForSingleObjectEx
SetEvent

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoUninitialize
StringFromGUID2
CoFreeUnusedLibrariesEx
CLSIDFromString
CoCreateGuid
CoFreeUnusedLibraries
CoInitializeEx
CoCreateInstance

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CloseThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWork

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-job-l2-1-0

SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject

mccspal

ord12
ord11
ord10
ord9

syncutil

ord26
MarkServerReady
UninitializeServerReadyEvents
MarkServerShutdown
InitializeServerReadyEvents
WaitForServerReady

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APMon.dll
.dll windows:10 windows x64 arch:x64

db8a6d6a1e7673602b212a8636a36eec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APMon.pdb

Imports

msvcrt

__crtCompareStringA
__crtLCMapStringW
??8type_info@@QEBAHAEBV0@@Z
islower
__crtLCMapStringA
toupper
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__uncaught_exception
wcstod
wcstoul
wcspbrk
sscanf_s
wcsrchr
iswspace
wcstok_s
_wctime
time
wcstol
_get_errno
_set_errno
_wtof
_wtol
_errno
strcspn
localeconv
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
strchr
tolower
isdigit
swprintf_s
towlower
_wtoi
_vsnprintf
sprintf_s
_stricmp
_wcsdup
_wcsnicmp
wcsstr
_wsplitpath_s
_wsetlocale
abort
realloc
memset
memchr
??1type_info@@UEAA@XZ
_onexit
__dllonexit
___lc_collate_cp_func
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcschr
wcsncmp
_wcsicmp
??_V@YAXPEAX@Z
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
isupper
wcstok
calloc
__CxxFrameHandler4
wcscmp

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LoadResource
LockResource
LoadStringW
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
ReleaseSemaphore
InitializeCriticalSectionEx
CreateEventExW
WaitForSingleObject
CreateSemaphoreExW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
CreateMutexExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventUnregister
EventSetInformation
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

SetThreadToken
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentThread
TerminateProcess
CreateThread
GetCurrentProcess
OpenThreadToken

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLocaleName
GetSystemPreferredUILanguages
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids

api-ms-win-core-threadpool-l1-2-0

CreateThreadpool
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWork
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroup
CloseThreadpool
CreateThreadpoolCleanupGroup

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

spoolss

SetPortW
GetServerPolicy
RouterCreatePrintAsyncNotificationChannel
GetPrinterDriverDirectoryW
GetJobW
RouterFreeBidiMem
RouterAllocBidiMem
GetPrinterW
RouterAllocBidiResponseContainer
SetPrinterW
DeletePrinter
SetJobW
GetPrinterDataW
GetPrinterDriverW
ImpersonatePrinterClient
OpenPrinterW
ClosePrinter
EnumPortsW
EnumPrintersW
RouterFreeBidiResponseContainer
GetJobNamedPropertyValue
FreePrintPropertyValue
SetJobNamedProperty
RevertToPrinterSelf

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
CompareStringOrdinal

api-ms-win-core-file-l1-1-0

GetFileAttributesW

ntdll

NtOpenProcessToken
NtSetInformationThread
NtOpenThreadToken
EtwEventWrite
EtwEventEnabled
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseTimer
TpWaitForTimer
TpReleaseWait
TpWaitForWait
NtClose
TpWaitForWork
TpAllocAlpcCompletion
TpStartAsyncIoOperation
TpAllocIoCompletion
TpSetTimer
TpAllocTimer
TpAllocWait
TpPostWork
TpAllocWork
RtlNtStatusToDosError
TpSimpleTryPost
TpSetWait
TpCallbackMayRunLong
TpReleasePool
EtwTraceMessage
RtlGetDeviceFamilyInfoEnum
TpReleaseWork

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
GetPrivateProfileSectionW

api-ms-win-security-activedirectoryclient-l1-1-0

DsCrackNamesW
DsUnBindW
DsFreeNameResultW

api-ms-win-core-string-l2-1-0

CharUpperBuffW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

InitializePrintMonitor2

Sections

.text
Size: 848KB - Virtual size: 847KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APMonUI.dll
.dll windows:10 windows x64 arch:x64

0aa8e6d7d3c3544c89b26103bac4f14a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APMonUI.pdb

Imports

msvcrt

wcschr
swscanf_s
__C_specific_handler
_XcptFilter
free
_callnewh
malloc
_purecall
memmove_s
memcpy_s
_lock
_unlock
__dllonexit
_onexit
memcmp
_vsnwprintf
_initterm
_amsg_exit
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

Sleep
WideCharToMultiByte
LoadLibraryExW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetProcAddress
GetLastError
SetLastError
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CloseHandle
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
LoadLibraryW
FreeLibrary
DisableThreadLibraryCalls
LocalFree

user32

MessageBeep
SendMessageW
GetDlgItem
SetWindowLongPtrW
SetWindowTextW
LoadCursorW
SetCursor
GetWindowTextW
GetWindowLongPtrW
LoadStringW
MessageBoxW

winspool.drv

ClosePrinter
OpenPrinterW

ws2_32

inet_addr
WSAGetLastError
WSAStartup
GetAddrInfoW
WSACleanup
FreeAddrInfoW

shlwapi

StrStrW

wininet

InternetCrackUrlW
InternetCreateUrlW

Exports

Exports

InitializePrintMonitorUI
LocalConfigurePortUI

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AarSvc.dll
.dll windows:10 windows x64 arch:x64

64811aeff0384842511e2a5aec47d2b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AarSvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o__crt_atexit
_o___std_exception_copy
_o__configure_narrow_argv
_o__execute_onexit_table
__std_terminate
__CxxFrameHandler4
__RTDynamicCast
wcschr
_o__cexit
memcmp
_o__callnewh
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-com-l1-1-0

CoResumeClassObjects
CoInitializeSecurity
CoGetCallContext
CoRevokeClassObject
CoGetClassObject
CoDecrementMTAUsage
CoUninitialize
CoReleaseServerProcess
CoDisconnectContext
CoAddRefServerProcess
CoWaitForMultipleHandles
CoRegisterClassObject
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-security-base-l1-1-0

MakeAbsoluteSD
GetTokenInformation

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObjectEx
CreateEventExW
DeleteCriticalSection
EnterCriticalSection
CreateMutexW
ReleaseSRWLockShared
ReleaseMutex
CreateEventW
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
SetEvent
ResetEvent
InitializeSRWLock
WaitForSingleObject
AcquireSRWLockShared
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsCreateStringReference

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

CreateThread
OpenProcessToken
TerminateProcess
GetProcessId
GetCurrentProcessId
TerminateThread
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoRegisterActivationFactories
RoRevokeActivationFactories
RoInitialize

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

agentactivationruntime

?CreateAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetLoggerInstance@@YAAEAVLogger@VoiceAgentServices@Microsoft@@XZ
?ReleaseAgentActivationRuntime@@YAXXZ

combase

ord66
ord68
ord69
ord67

systemeventsbrokerclient

SebQueryEventPackage
SebEnumerateEventsByType

ext-ms-win-devmgmt-policy-l1-1-1

PolicyManager_FreeGetPolicyData
PolicyManager_GetPolicy

msvcp_win

?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
_Xtime_get_ticks
?_Syserror_map@std@@YAPEBDH@Z
_Cnd_signal
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Cnd_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_init_in_situ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
_Mtx_unlock
?_Incref@facet@locale@std@@UEAAXXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
_Mtx_lock
_Mtx_destroy_in_situ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Query_perf_frequency
_Mtx_init_in_situ
_Mtx_current_owns
_Query_perf_counter

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegCloseKey

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-heap-l2-1-0

LocalFree

ntdll

RtlFreeHeap
NtQueryInformationToken
RtlInitUnicodeString
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ServiceMain

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AboutSettingsHandlers.dll
.dll windows:10 windows x64 arch:x64

059b0f6e69ac45ee19fe67efcfd23724

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:3d:fe:f1:87:24:26:2e:b6:78:9d:72:2c:52:3a:e2:a6:08:05:7e:f5:58:c0:fc:cb:8a:e5:65:0e:ca:c5:c1
Signer

Actual PE Digest

4a:3d:fe:f1:87:24:26:2e:b6:78:9d:72:2c:52:3a:e2:a6:08:05:7e:f5:58:c0:fc:cb:8a:e5:65:0e:ca:c5:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AboutSettingsHandlers.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_abort
_o_bsearch_s
_o_ceil
_o_ceilf
_o_free
_o_iswspace
_o_log2
_o_malloc
_o_pow
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_CxxThrowException
__CxxFrameHandler3
strchr
__std_type_info_compare
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
FreeLibrary
LoadStringW
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-winrt-string-l1-1-0

WindowsPromoteStringBuffer
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
CreateThread
GetCurrentProcess
GetCurrentThread
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetProcessId
GetExitCodeProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
IsProcessorFeaturePresent

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoInitializeEx
CoIncrementMTAUsage
CoGetMalloc
CoTaskMemRealloc
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegNotifyChangeKeyValue
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

api-ms-win-shcore-registry-l1-1-0

SHRegGetValueW
SHSetValueW
SHGetValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

oleaut32

SetErrorInfo
SysFreeString
SysAllocString
SysStringLen
GetErrorInfo
VariantClear

api-ms-win-core-sysinfo-l1-2-1

GetPhysicallyInstalledSystemMemory

api-ms-win-shlwapi-winrt-storage-l1-1-1

StrFormatByteSizeEx

api-ms-win-core-libraryloader-l2-1-0

QueryOptionalDelayLoadedAPI

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW
InitializeSRWLock
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockShared
LeaveCriticalSection
SetEvent
ReleaseSRWLockShared
CreateEventW
WaitForMultipleObjectsEx
OpenSemaphoreW
ResetEvent
CreateSemaphoreExW
CreateEventExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks
CloseThreadpoolWait
SetThreadpoolTimer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-shcore-sysinfo-l1-1-0

IsOS

dxgi

CreateDXGIFactory2

api-ms-win-core-synch-l1-2-0

InitOnceComplete
WaitOnAddress
WakeByAddressSingle
InitOnceBeginInitialize

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

rpcrt4

UuidCreate

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-security-base-l1-1-0

RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx
GetTimeFormatEx

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

api-ms-win-rtcore-ntuser-window-l1-1-0

SendMessageW
GetWindowThreadProcessId
EnumWindows

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
GetProductInfo

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

dsreg

DsrGetJoinInfo
DsrIsDeviceJoined
DsrFreeJoinInfo

shcore

ord233
ord232
ord230

winbrand

BrandingLoadString
GetEULAFile
EulaFreeBuffer

msvcp_win

??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?is@?$ctype@G@std@@QEBA_NFG@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Wcsxfrm
_Wcscoll
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Random_device@std@@YAIXZ
?_Xbad_alloc@std@@YAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSetting

Sections

.text
Size: 508KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AboveLockAppHost.dll
.dll windows:10 windows x64 arch:x64

f7b54aba11b7a5e8d7ae27f1a07e9dd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AboveLockAppHost.pdb

Imports

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
memcpy_s
memmove_s
_vsnwprintf
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__CxxFrameHandler4
wcsrchr
_wcsicmp
wcscspn
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
_callnewh
??1type_info@@UEAA@XZ
free
_amsg_exit
_XcptFilter
_vsnprintf_s
??3@YAXPEAX@Z
memcmp
memset

shcore

SHTaskPoolQueueTask
SHGetThreadRef
IUnknown_QueryService

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsSubstringWithSpecifiedLength
WindowsDuplicateString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsGetStringLen

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError
SetRestrictedErrorInfo

api-ms-win-core-synch-l1-1-0

ReleaseMutex
CreateEventW
InitializeSRWLock
CreateMutexExW
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
CreateSemaphoreExW
AcquireSRWLockShared
WaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSemaphore
SetEvent
WaitForSingleObjectEx
OpenSemaphoreW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventUnregister
EventActivityIdControl

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetCallContext
CoGetStdMarshalEx
CoWaitForMultipleObjects
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoWaitForMultipleHandles
CoGetApartmentType
CoReleaseMarshalData

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

ntdll

NtQueryWnfStateData
RtlPublishWnfStateData

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject
UnregisterWait

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

combase

ord140
ord79

kernel32

CloseState
GetSystemAppDataKey
OpenStateExplicit

user32

SetWindowLongW
SetRectEmpty
IsIconic
IsZoomed
GetWindowRect
SetForegroundWindow
GetSystemMetrics
GetWindowBand
SetLayeredWindowAttributes
SetPropW
SetWindowPos
GetWindowThreadProcessId
GetShellWindow
GetWindowLongW
PostMessageW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcGenral.dll
.dll windows:10 windows x64 arch:x64

c16124aa4ed342b37cf467ac9e91d7ef

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:86:b1:eb:36:bf:4a:65:54:3e:22:ab:4a:94:bf:cb:f2:46:aa:1c:fd:ec:4d:a1:35:f2:ce:58:ea:ed:f6:80
Signer

Actual PE Digest

3e:86:b1:eb:36:bf:4a:65:54:3e:22:ab:4a:94:bf:cb:f2:46:aa:1c:fd:ec:4d:a1:35:f2:ce:58:ea:ed:f6:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcGenral.pdb

Imports

apphelp

SE_CALLBACK_Lookup
SdbGetStringTagPtr
SE_ShimDPF
SdbFindFirstTag
SdbResolveDatabase
SdbOpenLocalDatabase
SdbReleaseDatabase
SdbGetPDBFromGUID
SE_CALLBACK_AddHook
SE_GetShimId
SdbFindNextTag
SE_COM_HookObject
SE_COM_Lookup
SE_COM_AddServer
SE_COM_AddHook
SdbInitDatabase

msvcrt

__CxxFrameHandler4
_wcsicmp
_vsnwprintf
_XcptFilter
_amsg_exit
free
malloc
_initterm
wcstoul
_errno
_wcsnicmp
strchr
strtoul
wcstol
atoi
_wcstoui64
_stricmp
_vsnprintf
strstr
wcsncmp
_wtoi
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
atol
_purecall
wcscat_s
strtok_s
wcstok_s
strrchr
wcsrchr
wcschr
wcspbrk
_wcsupr
wcsstr
wcsspn
_vscwprintf
iswspace
_wsplitpath_s
iswctype
towlower
towupper
wcscpy_s
??1type_info@@UEAA@XZ
__CxxFrameHandler3
__C_specific_handler
?terminate@@YAXXZ
wcscmp
_lock
_unlock
__dllonexit
_onexit
_CxxThrowException
_local_unwind
memcmp
memcpy
memmove
memset
strcmp

ntdll

RtlEqualSid
NtQueryObject
RtlInitializeSid
RtlLengthRequiredSid
RtlIsDosDeviceName_U
RtlGUIDFromString
RtlInitUnicodeString
RtlUnicodeStringToInteger
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlGetNativeSystemInformation
NtClose
NtSetInformationProcess
DbgPrint
NtQuerySecurityObject
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlGetNtSystemRoot
RtlNtStatusToDosError
RtlCreateServiceSid
RtlFreeUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlGetOwnerSecurityDescriptor
RtlFormatCurrentUserKeyPath
NtSetValueKey
NtCreateKey
NtQueryValueKey
NtOpenKey
NtQueryInformationToken
RtlSubAuthoritySid
RtlReAllocateHeap
RtlImageNtHeader
RtlIsNameInExpression
NtOpenProcessToken
NtOpenThreadToken

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
DeleteService
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

shlwapi

SHGetValueW
SHStrDupW

user32

DispatchMessageW
PostQuitMessage
TranslateMessage
AllowSetForegroundWindow
MsgWaitForMultipleObjects
SetCursor
GetMonitorInfoW
PeekMessageW
SetWindowsHookExAW
ShowWindow
SetPropW
EnumDisplayDevicesW
GetShellWindow
GetClassNameW
IsWindow
GetGUIThreadInfo
GetWindowThreadProcessId
SetRect
GetSystemMetrics
RegisterSuspendResumeNotification
SendMessageW
LoadCursorW

ole32

CoTaskMemFree
CoCreateInstance
StringFromCLSID
CoGetObject
StringFromGUID2

userenv

GetAllUsersProfileDirectoryW
GetUserProfileDirectoryW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObjectEx
WaitForSingleObject
CreateSemaphoreExW
CreateMutexExW
CreateMutexW
OpenMutexW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
ReleaseSemaphore
DeleteCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateEventW

api-ms-win-core-processthreads-l1-1-0

CreateProcessA
OpenProcessToken
TerminateProcess
GetCurrentProcess
ResumeThread
GetCurrentThreadId
GetExitCodeProcess
ExitProcess
CreateThread
GetCurrentProcessId
ProcessIdToSessionId

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLogicalProcessorInformationEx
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError
SetErrorMode

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
SizeofResource
GetModuleFileNameW
AddDllDirectory
LockResource
GetModuleHandleW
GetModuleFileNameA
LoadResource

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapValidate
HeapSize
HeapReAlloc

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualProtect
VirtualAlloc

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegGetValueW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegDeleteKeyExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
SetEnvironmentVariableA
GetCommandLineW
SearchPathW
GetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineA

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringEx
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW

api-ms-win-shell-shdirectory-l1-1-0

ord290
ord292

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxSettingsW
CreateActCtxW
ReleaseActCtx
QueryActCtxW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-localization-l1-2-0

FindNLSStringEx
FormatMessageW
LCMapStringEx
GetLocaleInfoEx
IsNLSDefinedString

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
GetTokenInformation
CreateWellKnownSid

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpool

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumberEx

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-file-l1-1-0

GetShortPathNameW
GetFileAttributesW
CreateFileW
GetFileAttributesA
GetLongPathNameW
GetFullPathNameW

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileA

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
Ndr64AsyncClientCall
RpcStringFreeW
I_RpcExceptionFilter
RpcAsyncCancelCall
RpcBindingFromStringBindingW
RpcStringBindingComposeW

mpr

WNetGetConnectionW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFolderPathEx
SHChangeNotify

sspicli

GetUserNameExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcLayers.dll
.dll windows:10 windows x64 arch:x64

e7aecfeca6816cac6e2c1bfd943833c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcLayers.pdb

Imports

apphelp

SE_ShimDPF
SE_GetShimId

msvcrt

memmove
memcpy
memcmp
_CxxThrowException
memset
atol
__CxxFrameHandler4
_wcsicmp
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
memmove_s
_purecall
_stricmp
strtol
__C_specific_handler
sprintf_s
vsprintf_s
_vscwprintf
_vsnprintf
wcschr
_wcsnicmp
strcmp
_scwprintf
wcsrchr
wcsncmp
wcstol
_wcstoui64
wcspbrk
wcsstr
wcsspn
_vscprintf
iswspace
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
_XcptFilter
towlower
iswctype

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQueryKey
RtlNtStatusToDosError
RtlReportException
NtTerminateProcess
RtlRaiseException
NtQueryInformationProcess
RtlUniform
RtlValidateHeap
RtlCaptureStackBackTrace
RtlImageNtHeader
RtlCaptureContext
WinSqmAddToStream
RtlInitUnicodeString
NtOpenFile
NtQuerySystemInformation
RtlLengthRequiredSid
RtlInitializeSid
NtQueryInformationToken
RtlSubAuthoritySid
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString
RtlMultiByteToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlGetOwnerSecurityDescriptor
RtlEqualSid
NtQueryObject
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
RtlGetLastNtStatus
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
EtwEventUnregister
EtwEventRegister
ZwClose
RtlAppendUnicodeStringToString
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
RtlReAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegSetValueExW
RegDeleteKeyExW
RegOpenKeyExA

api-ms-win-security-base-l1-1-0

GetAclInformation
GetAce
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
CopySid
GetFileSecurityW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

shlwapi

PathFindFileNameW
PathIsRelativeW

kernel32

WaitForSingleObject
WaitForThreadpoolTimerCallbacks
DelayLoadFailureHook
ResolveDelayLoadedAPI
SetThreadpoolTimer
ReleaseMutex
LoadLibraryExW
FreeLibrary
ReleaseSemaphore
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
SearchPathW
CreateMutexW
OpenMutexW
ReleaseActCtx
QueryActCtxW
CreateActCtxW
GetTempFileNameW
GetTempPath2W
GetTempFileNameA
GetTempPath2A
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsA
GetFileSize
SetFilePointer
CreateFileW
LocalAlloc
GetVolumeNameForVolumeMountPointW
GetSystemDirectoryW
GetModuleFileNameW
GetWindowsDirectoryW
GetShortPathNameW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
UnregisterApplicationRestart
GetCurrentDirectoryW
LocalFree
GetFullPathNameW
GetFileAttributesW
GetApplicationRestartSettings
GetCommandLineA
WerRegisterMemoryBlock
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetNamedPipeHandleState
CreateEventW
InitializeCriticalSection
OutputDebugStringA
WriteFile
CancelIo
ReadFile
InitializeSRWLock
GetCurrentThread
QueryFullProcessImageNameW
LoadLibraryW
IsNLSDefinedString
FindNLSStringEx
LCMapStringEx
CompareStringEx
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar
GetLocaleInfoEx
LCIDToLocaleName
GetCommandLineW
VirtualProtect
GetCurrentProcess
K32GetModuleInformation
LeaveCriticalSection
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
CreateThreadpoolTimer
OpenSemaphoreW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
SetLastError
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OutputDebugStringW
IsDebuggerPresent
GetLastError
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
FormatMessageW
CloseThreadpoolTimer

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcSpecfc.dll
.dll windows:10 windows x64 arch:x64

eaf8f1ee8df1088f64706a39dde1555d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcSpecfc.pdb

Imports

apphelp

SE_COM_AddServer
SE_COM_HookObject
SE_COM_Lookup
SE_ShimDPF
SE_GetShimId
SE_COM_AddHook

msvcrt

memmove
__CxxFrameHandler4
_wcsicmp
_CxxThrowException
_XcptFilter
memcpy
wcsncmp
wcsrchr
_wcsnicmp
_vsnwprintf
__C_specific_handler
wcsspn
iswctype
towlower
wcschr
wcsstr
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
malloc
free
_amsg_exit
memset
iswspace
_vscwprintf

ntdll

RtlAllocateHeap
RtlFreeHeap
NtQueryKey
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegGetValueW

sspicli

GetUserNameExW

kernel32

K32GetProcessImageFileNameW
CreateProcessW
CloseHandle
OpenProcess
K32EnumProcesses
Sleep
CreateThread
GetSystemDirectoryW
SearchPathW
GetExitCodeProcess
ExitProcess
ExpandEnvironmentStringsW
MoveFileW
WaitForSingleObject
GetLastError
SetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetFullPathNameW
GetLongPathNameW
GetWindowsDirectoryW
HeapFree
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
LocalAlloc
GetCurrentProcessId
GetModuleHandleA
LocalFree
GetVersionExW
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetProcessHeap
HeapAlloc
GetModuleHandleExW
FindClose
GetEnvironmentVariableW
GetProcAddress
GetModuleHandleW
GetCommandLineW
FindFirstFileW

advapi32

QueryServiceStatusEx
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
EventWriteTransfer
OpenProcessToken
ControlService

ole32

CoTaskMemAlloc
CoTaskMemFree

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

userenv

GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

msi

ord145

winspool.drv

OpenPrinterW
EnumFormsW

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcWinRT.dll
.dll windows:10 windows x64 arch:x64

143b4d11bccc8451d5c16700edd50bea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcWinRT.pdb

Imports

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoInitializeEx

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
GetStdHandle
FreeEnvironmentStringsW
GetCommandLineA
ExpandEnvironmentStringsA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsAlloc
FlsFree
FlsGetValue

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetVersionExW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
ExitProcess
SetThreadStackGuarantee
GetCurrentProcessId
GetStartupInfoW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapDestroy
HeapFree
HeapCreate

api-ms-win-core-file-l1-1-0

GetFileType
WriteFile

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-localization-l1-2-0

GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

apphelp

SE_GetShimId
SE_COM_Lookup
SE_WINRT_AddHook
SE_WINRT_HookObject
SE_COM_AddHook
SE_COM_AddServer

mmdevapi

ord5

ntdll

DbgPrint

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AcXtrnal.dll
.dll windows:10 windows x64 arch:x64

1062d7530750e6553052fe265d51f3f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AcXtrnal.pdb

Imports

apphelp

SE_ShimDPF
SE_GetShimId

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
memset
__C_specific_handler
_wcsicmp
memcpy

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
LdrUnlockLoaderLock
LdrFindEntryForAddress
LdrLockLoaderLock
NtQueryInformationThread
RtlAllocateHeap

kernel32

TerminateProcess
CreateEventW
Sleep
SetEvent
Thread32Next
CloseHandle
QueueUserAPC
OpenThread
GetCurrentThreadId
Thread32First
GetCurrentProcessId
CreateToolhelp32Snapshot
GetModuleHandleW
WaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcess

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer

Exports

Exports

GetHookAPIs
NotifyShims

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AccountsRt.dll
.dll windows:10 windows x64 arch:x64

2e700cb770caf4b28b628d4415952108

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AccountsRT.pdb

Imports

msvcrt

realloc
_errno
_wcsicmp
_amsg_exit
wcschr
__dllonexit
_onexit
strcmp
memset
_XcptFilter
__CxxFrameHandler3
memmove_s
_callnewh
wcsncpy_s
malloc
free
_purecall
memcpy_s
_vscwprintf
memmove
_vsnwprintf_s
memcpy
_strnicmp
memcmp
_lock
wcstoul
_vsnwprintf
_unlock
__C_specific_handler
wcstok_s
_initterm
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

oleaut32

BSTR_UserSize64
BSTR_UserFree64
SysFreeString
BSTR_UserMarshal64
SysStringLen
BSTR_UserMarshal
BSTR_UserUnmarshal
VarUI4FromStr
BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal64

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadResource
FindResourceExW
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
ReleaseMutex
ReleaseSemaphore
CreateMutexExW
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteStringBuffer
WindowsCreateString
WindowsPreallocateStringBuffer
WindowsDuplicateString
WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsConcatString
WindowsPromoteStringBuffer

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoGetApartmentType
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
CoDecrementMTAUsage
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegCloseKey
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl
EventUnregister

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
GetCurrentThread
TerminateProcess
GetCurrentProcess
OpenThreadToken
SetThreadToken
GetCurrentProcessId

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
DisassociateCurrentThreadFromCallback
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
SubmitThreadpoolWork
CreateThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns

api-ms-win-security-base-l1-1-0

GetTokenInformation
CopySid
GetLengthSid
RevertToSelf

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CryptDecodeObjectEx
CertFreeCertificateChain
CertOpenStore
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertGetNameStringW
CertCompareCertificateName
CertGetCertificateChain
CertFreeCertificateChainEngine

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSize
CreateFileW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

rpcrt4

RpcBindingFree
RpcExceptionFilter
NdrClientCall3
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcSsDestroyClientContext

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

aphostclient

ApHostServerStatus_EnsureServerReady

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActionCenter.dll
.dll windows:10 windows x64 arch:x64

1c9b36505ef2a8502d413b8a9549d941

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActionCenter.pdb

Imports

msvcrt

_XcptFilter
memcpy
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_initterm
_vsnwprintf
_lock
_amsg_exit
_callnewh
malloc
free
__C_specific_handler
_purecall
memcpy_s
memset
isdigit

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
TerminateProcess
GetCurrentProcess
OpenThreadToken

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExA
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
CreateMutexExW
AcquireSRWLockShared
WaitForSingleObject
EnterCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
OpenSemaphoreW
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSemaphore

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

kernel32

DeactivateActCtx
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx

ntdll

WinSqmAddToStreamEx
WinSqmAddToStream

user32

SendMessageW
PostMessageW
GetWindowLongPtrW
DefWindowProcW
KillTimer
SetTimer

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActionCenterCPL.dll
.dll regsvr32 windows:10 windows x64 arch:x64

ea5a7a9c3d650d7bcaa9cb3c7a590886

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActionCenterCPL.pdb

Imports

msvcrt

malloc
_initterm
free
_amsg_exit
_XcptFilter
_lock
__dllonexit
_onexit
memcpy_s
__CxxFrameHandler3
__C_specific_handler
_vsnwprintf
_unlock
memset

shell32

ShellExecuteExW
SHParseDisplayName
ord155
SHGetStockIconInfo
ord18
ord25
SHBindToObject

shlwapi

ord538
SHStrDupW
ord168
ord514
ord24
ord618
ord156
ord204
ord174
StrCmpW
PathParseIconLocationW
ord460
ord199
ord219
ord256
ord437
ord176
ord158
ord172

uxtheme

IsThemeActive

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
LoadStringW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

kernel32

ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx

ntdll

EtwLogTraceEvent
WinSqmIsOptedIn
WinSqmAddToStream
EtwEventWriteTransfer

dui70

?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?Register@Element@DirectUI@@SAJXZ
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
UnInitThread
UnInitProcessPriv
InitThread
InitProcessPriv
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
??0Expando@DirectUI@@QEAA@XZ
??1Expando@DirectUI@@UEAA@XZ
?Add@Expando@DirectUI@@UEAAJPEAPEAVElement@2@I@Z
?OnEvent@Expando@DirectUI@@UEAAXPEAUEvent@2@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??0Macro@DirectUI@@QEAA@XZ
??0Repeater@DirectUI@@QEAA@XZ
?OnPropertyChanged@Macro@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?Add@Macro@DirectUI@@UEAAJPEAPEAVElement@2@I@Z
?GetClassInfoPtr@Macro@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Repeater@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Expando@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@Expando@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?_PostEvent@Element@DirectUI@@AEAAXPEAUEvent@2@H@Z
?GetClassInfoPtr@Bind@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@Macro@DirectUI@@SAJXZ
?Register@Repeater@DirectUI@@SAJXZ
?Register@Expando@DirectUI@@SAJXZ
?UpdateChildren@Expando@DirectUI@@IEAAXPEAVValue@2@@Z
?ExpandedProp@Expandable@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Remove@Element@DirectUI@@QEAAJPEAV12@@Z
?SetExpand@Macro@DirectUI@@QEAAJPEBG@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
?GetExpand@Macro@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?Insert@Element@DirectUI@@QEAAJPEAV12@I@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?GetProperty@Bind@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetConnect@Bind@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?BuildElement@Macro@DirectUI@@MEAAJXZ
?Initialize@Macro@DirectUI@@QEAAJPEAVElement@2@PEAK@Z
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
??0IDataEngine@DirectUI@@QEAA@XZ
??1IDataEngine@DirectUI@@UEAA@XZ
??0IDataEntry@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
??1Element@DirectUI@@UEAA@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
?Release@Value@DirectUI@@QEAAXXZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?GetExpanded@Expandable@DirectUI@@QEAA_NXZ
?SetAnimation@Element@DirectUI@@QEAAJH@Z
?SetClass@Element@DirectUI@@QEAAJPEBG@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetAccName@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetExpanded@Expandable@DirectUI@@QEAAJ_N@Z

gdi32

DeleteObject

user32

GetFocus
SendMessageW
GetSystemMetrics
LoadImageW
LoadCursorW
DestroyIcon
GetWindowLongPtrW
CallWindowProcW
SetWindowLongPtrW
SystemParametersInfoW
SetCursor

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActionQueue.dll
.dll windows:10 windows x64 arch:x64

8d8fec30a01d22955b9b33ca965ef3ea

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:70:64:90:50:5e:bb:a2:6f:f2:c8:69:69:44:a0:d6:7b:37:a5:33:02:79:8b:fe:15:83:4b:a0:a6:0f:08:05
Signer

Actual PE Digest

5d:70:64:90:50:5e:bb:a2:6f:f2:c8:69:69:44:a0:d6:7b:37:a5:33:02:79:8b:fe:15:83:4b:a0:a6:0f:08:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActionQueue.pdb

Imports

msvcrt

free
_initterm
_onexit
__C_specific_handler
iswspace
_vsnwprintf
qsort
strstr
_strupr_s
strcpy_s
_lock
memcpy
malloc
_unlock
strncpy_s
memcmp
_XcptFilter
_amsg_exit
_vsnprintf
__dllonexit
wcstoul
_purecall
memcpy_s
wcsrchr
wcschr
_wcsnicmp
wcsncmp
memset

ntdll

RtlRaiseStatus
NtYieldExecution
RtlReAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlFreeHeap
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFullPathNameW
GetFileSize
GetFileAttributesW
CreateFileW
ReadFile
WriteFile

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameW
FindResourceExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
SizeofResource
EnumResourceLanguagesExW
LoadResource
LockResource

api-ms-win-core-processthreads-l1-1-0

CreateProcessA
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeProcess
TerminateProcess
GetCurrentProcess

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrlenA
lstrcmpiW

Exports

Exports

GenerateActionQueue
ProcessActionQueue

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActivationClient.dll
.dll windows:10 windows x64 arch:x64

dbe5e28b4aa5dc888a43d5cca5a23d2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActivationClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
__std_terminate
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
CreateSemaphoreExW
InitializeSRWLock
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
WaitForSingleObject
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
LeaveCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError
RoOriginateErrorW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

WaitOnAddress
InitOnceExecuteOnce
WakeByAddressAll

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

ntdll

RtlGetDeviceFamilyInfoEnum

combase

ord140

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActivationManager.dll
.dll windows:10 windows x64 arch:x64

37f36530f65f5a4512a8e7623ff82f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActivationManager.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__ui64tow_s
_o__wcsicmp
memmove
_o_abort
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_realloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcstok_s
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
wcsrchr
_o__crt_atexit
_o__configure_narrow_argv
wcschr
_o__cexit
_o__callnewh
_o__get_errno
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
wcscspn
memset
memmove_s

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSectionEx
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
OpenEventW
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ResetEvent
CreateEventW
SetEvent
ReleaseMutex
CreateSemaphoreExW
EnterCriticalSection
CreateEventExW
InitializeSRWLock
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapAlloc
HeapDestroy
HeapReAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-winrt-error-l1-1-0

RoFailFastWithErrorContext
GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
RoTransformError
SetRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWait

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
CreateProcessAsUserW
OpenThreadToken
OpenThread
GetCurrentThread
CreateThread
GetCurrentProcess
GetCurrentThreadId
ProcessIdToSessionId
GetProcessId
SetThreadToken
TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventActivityIdControl

ntdll

RtlQueryTokenHostIdAsUlong64
RtlInitUnicodeString
RtlIsParentOfChildAppContainer
RtlWakeAllConditionVariable
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlCapabilityCheck
NtQueryInformationProcess
NtTerminateProcess
NtOpenProcessToken
RtlLengthSid
NtClose
RtlCopySid
RtlSleepConditionVariableSRW
RtlAcquireSRWLockShared
RtlFreeHeap
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlReleaseSRWLockShared
NtOpenProcessTokenEx
NtQueryInformationToken
RtlNtStatusToDosError
RtlExpandEnvironmentStrings
NtQueryWnfStateData
RtlQueryPackageClaims
NtQuerySecurityAttributesToken

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoIncrementMTAUsage
CoDecrementMTAUsage
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoUninitialize
CoCancelCall
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoResumeClassObjects
CoCreateInstanceEx
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetApartmentType
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoGetStdMarshalEx
CoDisableCallCancellation
CoEnableCallCancellation
CoWaitForMultipleHandles
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoGetCallContext
CoGetCallerTID

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
InitOnceComplete
InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsSubstringWithSpecifiedLength
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlCaptureStackBackTrace

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?exceptions@ios_base@std@@QEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??Bios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegGetValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteTreeW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-com-private-l1-1-0

CoRegisterRacActivationToken
CoSetErrorInfo
CoRevokeRacActivationToken
CoGetErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psm-key-l1-1-1

PsmCreateKeyWithDynamicId

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken
PsmCreateKey

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-security-base-l1-1-0

CopySid
IsValidSid
RevertToSelf
IsWellKnownSid
CreateWellKnownSid
GetAce
FreeSid
GetLengthSid
ImpersonateLoggedOnUser
DuplicateTokenEx
GetTokenInformation

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpLogicalW
StrCmpIW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForPackage

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetArgsW
PathIsPrefixW
PathFindFileNameW
PathIsRelativeW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend
PathCchRemoveFileSpec
PathCchFindExtension

api-ms-win-core-file-l1-1-0

GetFileAttributesW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx
CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

combase

ord147
ord79
ord159
ord140
ord148
ord65

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

Exports

Exports

DisableAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnableAppXDebuggingForPackage
FreeAppXLaunchContext
GetPackageExecutionContextForAumid
GetPackageExecutionContextForAumidAndUser
GetPackageExecutionContextForPackageByFamilyNameAndUser
GetPackageExecutionContextForPackageByFullName
PostCreateProcessAppXActivation
PrepareAppXActivation
RegisterAppXPackageIfNecessary
RegisterAppXPackageIfNecessary2

Sections

.text
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveSyncCsp.dll
.dll windows:10 windows x64 arch:x64

b1c7cfa9b5a0aa128f7d26f6e14d830f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActiveSyncCsp.pdb

Imports

msvcrt

wcscpy_s
_lock
_unlock
_XcptFilter
__C_specific_handler
_onexit
_callnewh
malloc
_amsg_exit
memcmp
free
__dllonexit
realloc
memcpy
_purecall
_initterm
_vscwprintf
_vsnwprintf_s
_strnicmp
_wtoi
_itow
memmove_s
__CxxFrameHandler4
_wcsicmp
__CxxFrameHandler3
memcpy_s
_vsnwprintf
memset
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSRWLockExclusive
CreateMutexExW
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
InitializeCriticalSection
ReleaseSRWLockShared
EnterCriticalSection
SetEvent
CreateEventExW
CreateSemaphoreExW
AcquireSRWLockShared
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoWaitForMultipleObjects
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoGetApartmentType

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventWriteTransfer
EventUnregister

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantChangeType
SysAllocStringLen
SysAllocString
VariantInit
SysFreeString

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceBeginInitialize

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ActiveSyncProvider.dll
.dll windows:10 windows x64 arch:x64

e4f67fcaf64a2e9b15f5fd1a66936cec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActiveSyncProvider.pdb

Imports

msvcrt

_wcstoi64
_wcstoui64
_i64tow_s
iswspace
iswcntrl
_wcsdup
memmove_s
__CxxFrameHandler4
__CxxFrameHandler3
_XcptFilter
memmove
malloc
memcmp
memchr
floor
_vsnprintf
_wtol
strnlen
_callnewh
_wcsnicmp
_vsnprintf_s
_vscprintf
wcspbrk
_vswprintf_p_l
_vscwprintf_p_l
wcstol
_initterm
_lock
_unlock
_vsprintf_p_l
free
_vscprintf_p_l
wcsnlen
wcsstr
iswdigit
wcstok_s
_vsnwprintf_s
_vscwprintf
_strnicmp
_purecall
memcpy_s
_vsnwprintf
wcschr
_snwprintf_s
memset
__dllonexit
wcsncmp
wcstod
_ltow_s
swscanf_s
realloc
_wcsicmp
_ultow_s
__C_specific_handler
wcstoul
_wtoi
_itow_s
_errno
_amsg_exit
memcpy
_onexit
wcsrchr
swscanf
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

syncutil

ord268
ord35
GetSessionSyncStats
AggregateAccountSyncStats
GetAccountSyncStats
ord24
ord48
ord52
ord51
IsFirstSyncEver
GetCurrentSyncStats
ord21
ord453
DeviceNeedsProvisioning
ord89
CoCreateInstanceElevated
AcquireDataStoreLock
ord470
ord28
ord26
GetAuthCertTargetAndUser
CredVaultDelete
CredVaultWrite
CredVaultRead
ord702
IsMatchingClientCertificateEx
ord118
ord121
ord120
CreateAuthHandler
ord442
ord94
ord31
ord22
ord274
ord273
ord701
ord66
ord67
ord256
ReleaseDataStoreLock
ord18
GetAADToken
ord410
ord500
ord503
ord501
ord505
ord109
ord87
ord269
IsValidAADAuthUri
GetGoldenPartnershipId
ord23
ord461
ord464
GetDefaultStoreDirty
SetDefaultStoreDirty
GetMsaCustomerId
InitializeMeContact
ord462
ord463
ord242
ord33
ord296
ord744
ord743
ord745
ReadPasswordForPartnership
ord747
ord746
ord69
ord68
ord257
GetCurrentSyncStatsForStore
SetOutgoingMessageSizeLimit
GetOutgoingMessageSizeLimit
ord34
AcquireDataStoreLockEx
ord17
AggregateSessionSyncStats
InitializeSyncStatus
SyncSqmUpdateStats
ord106
ord53
ord103
ord105
ord502
ord29
ord275
ord93
ord15
ord739
ord56
ord111
ord451
ord452
ord440
InitializeMsaStore
VerifyDataStoreLockOwner
ord9
DeleteHttpTransport
GetSyncWorkOnBehalfTicket
SetSyncWorkOnBehalfTicket
ord10
ord86
ord88
ord287
ord285
ord27
ord471
ord30
ord44

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadStringW
FreeLibraryAndExitThread
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
GetModuleHandleExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceBeginInitialize
Sleep

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeSRWLock
LeaveCriticalSection
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexExW
DeleteCriticalSection
ResetEvent
SetEvent
CreateEventW
InitializeCriticalSectionEx
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapDestroy
HeapCompact
HeapSize
HeapValidate
HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-com-l1-1-0

StringFromGUID2
CreateStreamOnHGlobal
CoGetApartmentType
CoWaitForMultipleObjects
CoGetMalloc
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetACP
IsValidCodePage
FormatMessageW
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VarBstrCat
SysAllocStringByteLen
SafeArrayGetElement
SystemTimeToVariantTime
SafeArrayUnlock
VariantTimeToSystemTime
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SysStringByteLen
SafeArrayDestroy
VariantChangeType
VariantCopyInd
SysAllocString
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SafeArrayRedim
SafeArrayCreate
VariantInit
VariantCopy
VariantClear
SysFreeString
SafeArrayLock

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetTickCount64
GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteTreeW
RegQueryValueExW
RegDeleteValueW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

accountaccessor

UnenrollAndMarkAccountForDeletion

cemapi

CreateMAPITableWalker
SetConversationId
IsMessageClassReadRequest
GetMAPIStorePropTags
MAPILogonEx
MAPIFreeBuffer
FreeProws
HrGetOneProp
MAPIUninitialize
HrSetOneProp
GetMsgClassEnum
GetNamedPropTag
MAPIInitialize
MAPIAllocateBuffer
GetMsgStoreFromMessage
USOIDfromCEENTRYID

userdatalanguageutil

IsLocalePseudoLoc
UninitializeLanguageUtil
GetMultiLanguage2
ConvertToWideStream
GetWideSzAlloc
GetNarrowSzCodepage
InitializeLanguageUtil

userdatatimeutil

MinutesBetweenFT
AdjustGMTForAllDayAppts
FileTimeToVariantTime
FileTimeAdjustUTCToTz
AdjustForAllDayAppts
ConvertVariantTimeToFileTime
ConvertLocalVariantTimeToFileTime
FileTimeToLocalFileTimeEx
GetCurrentLocalTime
DaysBetweenFT
FileTimeToTzSpecificVariantTime

userdatatypehelperutil

GetStreamSize
BytesToDigits
EcUidToGlobalObjId
MapiIdToEmailUdmId
FormatPoomIdToString
ReadStreamContent
UsOidToContactUdmId
UsOidToTaskUdmId
EcGlobalObjIdToUid
CompressWhitespaceNW
StreamFromStringW
TrimWhiteSpaces
StringToBytes
UsOidToCalendarUdmId
SplitString

networkhelper

SyncPdcReference_WatchdogReport
ReportSyncProgress
GetOrCreateNullPowerDependencyCoordinatorManager
CHttpTransport_CreateInstance
SyncWerReportGenerator
SyncPdcReference_WatchdogsEnabled
IsNetworkConnectionCostRestricted

pimstore

GetAppointmentUniqueId
GetBlankName
CreateOutlookApp

mccspal

ord31
ord30
ord32

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindExtensionW
PathMatchSpecW

Exports

Exports

CreateMassObject
CreateSyncServiceLayer
DllCanUnloadNow
DllGetClassObject
DownloadEmailAttachment
DownloadEmailBody
GetActiveSyncServerProbeInstance
GetConversationSyncEnabled
GetOutlookExtensionSupportForAccount
GetOutlookExtensionSupportFromAccessor
GetUserInfoForUnconfiguredAccount
HandleEasMeetingResponseForAppointment
HandleEasMeetingResponseForMeetingNotification
InitializeSyncStatus
IsEnabledForSync
IsErrorCatastrophic
IsValidOutlookExtensionVersion
MarkPeopleFolderForResync
OneStopFactory
SyncGetMAPISession
SyncGetMessageStore
SyncGetSpecialFolder
SyncMgrPurgeFolderProvider
SyncMgrPurgeProviderStore
SyncMgrRemovePolicy
SyncSqmUpdateStats
UpdateEasTrackingSchema
WriteStoreCapabilityProps
WriteStoreContentTypesProps

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdaptiveCards.dll
.dll windows:10 windows x64 arch:x64

273fa36777a5fb467215af0e06e8c3a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AdaptiveCards.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
__C_specific_handler
_o__cexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler4
__CxxFrameHandler3
_CxxThrowException

api-ms-win-crt-string-l1-1-0

memset

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrOleFree
NdrOleAllocate

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserUnmarshal
HSTRING_UserMarshal
HSTRING_UserSize
WindowsCreateStringReference
HSTRING_UserFree64
HSTRING_UserMarshal64
WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
HSTRING_UserUnmarshal64

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
CreateSemaphoreExW
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
WaitForSingleObject
AcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AddressParser.dll
.dll windows:10 windows x64 arch:x64

2f7c5228fa8df91e86bc452800a750df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AddressParser.pdb

Imports

msvcrt

realloc
_purecall
towupper
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
free
malloc
_lock
memcpy
__CxxFrameHandler3
wcschr
_onexit
__dllonexit
_unlock
memmove

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
LCMapStringW
GetACP
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
FreeLibrary

api-ms-win-core-string-l1-1-0

GetStringTypeExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

DestroyAddressParser
GetCity
GetCountryName
GetCountryStringFromIndex
GetFullAddress
GetNewAddressParser
GetPostalCode
GetState
GetStreet
ParseAddress
RebuildAddress
SetCity
SetCountryName
SetFullAddress
SetPostalCode
SetState
SetStreet
UpdateDefCountry

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdvancedEmojiDS.dll
.dll windows:10 windows x64 arch:x64

6c66c8302aa86e47014cee776d62fe23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AdvancedEmojiDS.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___stdio_common_vsnprintf_s
memmove
_o__callnewh
_o__wcsicmp
_o_ceilf
_o_free
_o_iswspace
_o_malloc
_o_terminate
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___stdio_common_vswprintf
_o__cexit
__std_terminate
__CxxFrameHandler4
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSemaphore
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObject
CreateSemaphoreExW
ReleaseMutex

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetLocaleInfoW
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
SysFreeString

api-ms-win-core-string-l1-1-0

CompareStringEx

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-file-l1-1-0

GetFileSize
SetEndOfFile
CreateFileW
SetFilePointer

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW

api-ms-win-core-memory-l1-1-1

PrefetchVirtualMemory

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Analog.Shell.Broker.dll
.dll regsvr32 windows:10 windows x64 arch:x64

2a3bd753060cbe356d161e60bb9d1bae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Analog.Shell.Broker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcstoui64
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_realloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
wcsrchr
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsspn
memset

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
OpenThreadToken
CreateThread
OpenThread
SuspendThread
GetCurrentThread
OpenProcessToken

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrOleAllocate
NdrDllUnregisterProxy
NdrOleFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeSRWLock
DeleteCriticalSection
CreateMutexExW
CreateEventExW
CreateSemaphoreExW
EnterCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-string-l1-1-0

HSTRING_UserUnmarshal64
HSTRING_UserMarshal64
HSTRING_UserFree
HSTRING_UserSize64
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserSize
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
HSTRING_UserUnmarshal

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CoImpersonateClient
CoRevertToSelf

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

GetThreadContext
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-base-l1-1-0

GetAce
EqualSid
AllocateAndInitializeSid
IsValidSid
GetLengthSid
CopySid
GetTokenInformation
AdjustTokenPrivileges

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-provider-l1-1-0

SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW

api-ms-win-core-psapi-l1-1-0

K32GetPerformanceInfo

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-power-setting-l1-1-0

PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCValueIndex
PowerGetActiveScheme

powrprof

PowerReadACValueIndex

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

ntdll

RtlIsMultiSessionSku

api-ms-win-appmodel-runtime-l1-1-0

GetApplicationUserModelId

coremessaging

MsgRelease
MsgBufferShare
CoreUICreate

api-ms-win-ntuser-sysparams-l1-1-0

SystemParametersInfoW
GetSystemMetrics

coreuicomponents

CoreUIFactoryCreate

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
SysFreeString
SetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AnalogCommonProxyStub.dll
.dll windows:10 windows x64 arch:x64

b08dd6024b14545c24fb43b231d87022

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AnalogCommonProxyStub.pdb

Imports

msvcrt

malloc
_amsg_exit
_initterm
__C_specific_handler
free
_XcptFilter

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetProxyDllInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApiSetHost.AppExecutionAlias.dll
.dll windows:10 windows x64 arch:x64

1e00bd42b7c3b58d7ce0fc2170fa1bab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ApiSetHost.AppExecutionAlias.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
memmove
_o_free
_o_malloc
__C_specific_handler
_o__crt_atexit
_o___stdio_common_vswprintf
_o__configure_narrow_argv
_o___stdio_common_vsnprintf_s
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsIsStringEmpty
WindowsCreateString
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsStringHasEmbeddedNull

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexExW
CreateSemaphoreExW
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockExclusive
DeleteCriticalSection
ReleaseMutex
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
OpenThreadToken
TerminateProcess
ProcessIdToSessionId
SetThreadToken
GetCurrentThread
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

ntdll

RtlFreeHeap
RtlAllocateAndInitializeSid
RtlCreateAcl
RtlAddProcessTrustLabelAce
RtlCreateSecurityDescriptor
RtlSetSaclSecurityDescriptor
NtSetSecurityObject
RtlFreeSid
RtlCopySid
RtlDestroyEnvironment
RtlAcquireSRWLockShared
RtlSleepConditionVariableSRW
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlWakeAllConditionVariable
NtClose
RtlLengthSid
RtlExpandEnvironmentStrings
RtlNtStatusToDosError
NtQueryInformationToken
RtlAllocateHeap
RtlQueryTokenHostIdAsUlong64
NtOpenProcessToken

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-security-base-l1-1-0

GetLengthSid
SetSecurityAccessMask
GetTokenInformation
CreateWellKnownSid

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-file-l1-1-0

CreateFileW

profapi

ord101

api-ms-win-core-com-l1-1-0

CoIncrementMTAUsage
CoTaskMemAlloc
CoCreateInstance
CoDecrementMTAUsage
CoTaskMemFree

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

msvcp_win

??5?$basic_istream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@AEAI@Z
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?uncaught_exception@std@@YA_NXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ

rpcrt4

RpcStringBindingComposeW
I_RpcExceptionFilter
RpcAsyncCompleteCall
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcAsyncCancelCall
RpcBindingFromStringBindingW
Ndr64AsyncClientCall
RpcBindingFree
RpcAsyncInitializeHandle

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-psm-key-l1-1-0

PsmGetKeyFromToken

api-ms-win-core-processthreads-l1-1-3

GetProcessInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CheckAppExecutionAliasApplicationType
CloseAppExecutionAliasEx
CompleteAppExecutionAliasProcessCreationEx
CompletePackagedProcessCreationEx
CreateAndPersistAppExecutionAliasEx
CreateAppExecutionAliasEx
CreateAppExecutionAliasEx2
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
FreeAppExecutionAliasInfoEx
GetAppExecutionAliasApplicationType
GetAppExecutionAliasApplicationUserModelIdEx
GetAppExecutionAliasExecutableEx
GetAppExecutionAliasPackageFamilyNameEx
GetAppExecutionAliasPackageFullNameEx
GetAppExecutionAliasPath
LoadAppExecutionAliasInfoEx
LoadAppExecutionAliasInfoEx2
OpenAppExecutionAliasForUserEx
PerformAppxLicenseRundownEx
PersistAppExecutionAliasToFileEx
PersistAppExecutionAliasToFileHandleEx

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppContracts.dll
.dll windows:10 windows x64 arch:x64

a740c37d78928b428a18129844a6d3fc

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:0f:c6:f3:11:e2:c2:a1:d8:84:aa:06:1f:7e:0b:cc:b6:84:0e:c0:53:c1:b9:53:bb:4f:16:46:b4:3c:8e:c9
Signer

Actual PE Digest

25:0f:c6:f3:11:e2:c2:a1:d8:84:aa:06:1f:7e:0b:cc:b6:84:0e:c0:53:c1:b9:53:bb:4f:16:46:b4:3c:8e:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppContracts.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcsicmp
_o_ceilf
_o_free
_o_malloc
_o_mbstowcs
_o_realloc
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlQueryPackageClaims
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlIsMultiUsersInSessionSku

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExA
LoadStringW
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
SetEvent
CreateEventExW
CreateEventW
ReleaseSRWLockExclusive
OpenEventW
CreateMutexExW
InitializeSRWLock
WaitForSingleObject
ResetEvent
ReleaseSemaphore
AcquireSRWLockShared
CreateSemaphoreExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseMutex
WaitForMultipleObjectsEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteStringBuffer
WindowsGetStringRawBuffer
WindowsPromoteStringBuffer
WindowsCreateStringReference
WindowsDuplicateString
WindowsDeleteString
WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateString
WindowsPreallocateStringBuffer

api-ms-win-core-com-l1-1-0

CoCreateInstance
StringFromCLSID
CoImpersonateClient
CoRegisterClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoGetMalloc
CoCreateFreeThreadedMarshaler
CoGetCallContext
CoMarshalInterface
CoTaskMemRealloc
CoWaitForMultipleHandles
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CoReleaseMarshalData
CoRevertToSelf

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThreadId
TerminateProcess
OpenProcessToken
GetCurrentThread
GetCurrentProcessId
GetProcessId
GetCurrentProcess

rpcrt4

UuidToStringA
UuidToStringW
RpcStringFreeA
UuidCreate
RpcStringFreeW
I_RpcBindingInqLocalClientPID

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-appmodel-runtime-l1-1-1

GetPackageFamilyNameFromToken
GetPackageFullNameFromToken

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolAllowThreadReuse
SHTaskPoolQueueTask

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
FlushFileBuffers
WriteFile

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-io-l1-1-0

CancelIoEx
GetOverlappedResult

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation
IsWellKnownSid

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
CancelThreadpoolIo
StartThreadpoolIo
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
FreeLibraryWhenCallbackReturns
CloseThreadpoolIo
CreateThreadpoolIo
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName
GetPackageFullName
PackageFamilyNameFromFullName

api-ms-win-appmodel-runtime-internal-l1-1-2

GetEffectivePackageStatusForUser

api-ms-win-ro-typeresolution-l1-1-1

RoCreatePropertySetSerializer

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

combase

ord167
ord168
ord184

msvcp_win

_Mtx_lock
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 704KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppExtension.dll
.dll windows:10 windows x64 arch:x64

cf0c899f455a5d5627f7d0317e598496

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppExtension.pdb

Imports

msvcrt

memcpy_s
??1exception@@UEAA@XZ
__CxxFrameHandler4
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
_purecall
free
?terminate@@YAXXZ
memmove
??0exception@@QEAA@XZ
malloc
??0exception@@QEAA@AEBV0@@Z
_initterm
__C_specific_handler
memcpy
__CxxFrameHandler3
_CxxThrowException
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_ui64tow_s
_XcptFilter
wcschr
memmove_s
realloc
??1type_info@@UEAA@XZ
_amsg_exit
_lock
_onexit
__dllonexit
_vsnwprintf
_unlock
memset

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-com-l1-1-0

CoGetCallerTID
CoGetCallContext
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoReleaseMarshalData
CoMarshalInterface
CoWaitForMultipleHandles
CoCreateGuid
StringFromCLSID
CoRevertToSelf
CoTaskMemFree
CoCreateInstance
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetProcessId
OpenThreadToken
GetCurrentThread
OpenProcessToken

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoTransformError
GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
WaitForSingleObject
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockShared
InitializeSRWLock
InitializeCriticalSectionEx
SetEvent
LeaveCriticalSection
CreateMutexExW
AcquireSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
DeleteCriticalSection
EnterCriticalSection
CreateEventExW
ReleaseMutex
ReleaseSRWLockExclusive
CreateEventW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-security-base-l1-1-0

DuplicateTokenEx
GetTokenInformation
CopySid
GetLengthSid

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey

combase

ord168

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

RtlInitUnicodeString
NtQueryInformationToken
RtlFreeHeap
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlInsertElementGenericTableAvl
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlAllocateHeap

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppInstallerPrompt.Desktop.dll
.dll windows:10 windows x64 arch:x64

078aabf1137d1fefe5a16f932390bf61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppInstallerPrompt.Desktop.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_wcscpy_s
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
__CxxFrameHandler3
_CxxThrowException
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateMutexExW
ReleaseSemaphore
CreateSemaphoreExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
CreateEventExW
ReleaseMutex
WaitForSingleObject

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-rtcore-ntuser-window-l1-1-0

DestroyWindow
SetForegroundWindow
ShowWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostQuitMessage
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW

user32

LoadStringW

ole32

CoCreateInstance
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoAllowSetForegroundWindow

shell32

SHGetPropertyStoreForWindow

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppListBackupLauncher.dll
.dll regsvr32 windows:10 windows x64 arch:x64

b7a3563615cca41016fe31f77ef62164

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppListBackupLauncher.pdb

Imports

msvcp_win

_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsdup
_o_abort
_o_free
_o_iswspace
_o_malloc
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
memcpy
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
CreateMutexExW
CreateEventW
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
ResumeThread
GetCurrentProcessId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

oleaut32

GetErrorInfo
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppLockerCSP.dll
.dll windows:10 windows x64 arch:x64

d94fa14df25d2d8a08554825d64d1868

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppLockerCSP.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Wcscoll
?id@?$collate@G@std@@2V0locale@2@A
_Wcsxfrm
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0facet@locale@std@@IEAA@_K@Z
??_7facet@locale@std@@6B@
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??_7_Facet_base@std@@6B@
??1_Facet_base@std@@UEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

memcmp
_CxxThrowException
memcpy
memset
??3@YAXPEAX@Z
_wtoi
_wcstoi64
_errno
towupper
_vsnwprintf_s
wcstol
_wcsicmp
memmove_s
__CxxFrameHandler4
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
?what@exception@@UEBAPEBDXZ
wcsnlen
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
??_V@YAXPEAX@Z
strchr
realloc
free
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
wcsstr
_ui64tow_s
wcschr
_wcsdup
_wcstoui64
malloc
_callnewh
__CxxFrameHandler3
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
memmove

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExA
GetModuleHandleW
FreeLibrary
GetProcAddress
FreeLibraryAndExitThread
LoadLibraryExA
GetModuleHandleExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThreadId
ResumeThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventActivityIdControl
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

api-ms-win-core-file-l1-1-0

GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
ReadFile
CreateFileW
RemoveDirectoryW
FlushFileBuffers
WriteFile
DeleteFileW
FindClose
FindNextFileW
FindFirstFileExW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegGetValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorDacl

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
GetWindowsDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlCreateUnicodeString
NtClose
NtDelayExecution
NtOpenFile
NtQueryInformationFile
EtwTraceMessage
RtlAdjustPrivilege
NtQueryWnfStateData
RtlNtStatusToDosError
ZwQueryWnfStateData
NtSetSystemInformation
RtlPublishWnfStateData
NtQueryDirectoryFile
RtlAllocateHeap
RtlFreeHeap
NtReadFile
NtWaitForSingleObject
NtOpenKey
NtSetValueKey
RtlFreeUnicodeString

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Apphlpdm.dll
.dll windows:10 windows x64 arch:x64

f2c50d29003c5d8a953cc1340b77ca4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Apphlpdm.pdb

Imports

msvcrt

memcpy
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_wcsnicmp
memset

ntdll

RtlFreeUnicodeString
RtlStringFromGUID
RtlCompareMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-file-l1-1-0

CreateDirectoryW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

wdi

WdiSetResolution
WdiGetDiagnosticModuleId
WdiGetParameterData
WdiGetParameterByName
WdiGetEvent
WdiAddParameter
WdiSetProblemDetectionResult

shell32

ShellExecuteW
Shell_NotifyIconW

user32

DispatchMessageW
DestroyIcon
SetDlgItemTextW
RegisterClassW
SendDlgItemMessageW
LoadIconW
mouse_event
SetWindowTextW
RegisterWindowMessageW
DialogBoxParamW
SetForegroundWindow
UnregisterClassW
GetMessageW
EndDialog
EnableWindow
DefWindowProcW
PostMessageW
GetWindowLongPtrW
DestroyWindow
SendMessageW
GetDlgItem
SetWindowLongPtrW
CreateWindowExW

gdi32

CreateFontIndirectW
GetObjectW

wtsapi32

WTSQueryUserToken

wer

WerReportCreate
WerReportSubmit
WerReportCloseHandle
WerReportAddFile
WerReportSetUIOption
WerReportSetParameter

apphelp

SdbGrabMatchingInfo
SdbGetEntryFlags
SdbIsNullGUID

Exports

Exports

WdiDiagnosticModuleMain
WdiGetDiagnosticModuleInterfaceVersion
WdiHandleInstance

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplicationControlCSP.dll
.dll windows:10 windows x64 arch:x64

a87a12320dc9209ddbea602fae616ab7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ApplicationControlCSP.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_memcpy_s
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswprintf
_o__configure_narrow_argv
_o__crt_atexit
_o__cexit
_o__callnewh
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExA
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
EnterCriticalSection
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObject
InitializeCriticalSectionEx
AcquireSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

UuidFromStringW
RpcStringFreeW
UuidToStringW

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SysStringLen
SafeArrayCreate
VariantInit
SysFreeString
VariantClear
SysAllocString
SafeArrayAccessData

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

manageci

BeginSetSBCPToken
BeginUpsertCIPolicy
GetTenantID
GetSModeUnlockID
GetTokenInformation
GetPolicyInformation
BeginRemoveSBCPToken
BeginRemoveCIPolicy
GetPoliciesAuthorizedBySBCPToken
GetAllSBCPTokens
GetSBCPTokensForPolicyID
GetAllCIPolicies
GetSBCPTokenByID
GetCIPolicyByID
BeginTransaction
ValidateState
Rollback
Commit
End
Start

dmenrollengine

GetEnrollmentType
ord18

api-ms-win-core-heap-l2-1-0

LocalFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplicationFrame.dll
.dll windows:10 windows x64 arch:x64

2ff63f6f1e4d9f8fa7989c277faee1ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ApplicationFrame.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wcstoui64
_o_abort
_o_floorf
_o_free
_o_iswspace
_o_malloc
_o_memcpy_s
_o_terminate
_o_wcstol
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
_CxxThrowException
__CxxFrameHandler3
wcschr

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcsspn

api-ms-win-core-libraryloader-l1-2-0

LockResource
LoadStringW
DisableThreadLibraryCalls
LoadResource
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW
FindStringOrdinal
LoadLibraryExA
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateMutexW
CreateMutexExW
ReleaseMutex
ReleaseSRWLockShared
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
AcquireSRWLockShared
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
TryEnterCriticalSection
ResetEvent
CreateSemaphoreExW
InitializeCriticalSection
CreateEventW
InitializeSRWLock
SetEvent
CreateEventExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventWriteTransfer
EventActivityIdControl
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsAlloc
TerminateProcess
GetCurrentProcess
TlsGetValue
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
GetCurrentThread

api-ms-win-core-localization-l1-2-0

LCMapStringW
GetThreadUILanguage
FindNLSString
GetSystemDefaultLCID
FormatMessageW
LocaleNameToLCID
ResolveLocaleName
GetSystemPreferredUILanguages
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDuplicateString
WindowsCreateStringReference
WindowsCreateString
WindowsGetStringRawBuffer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-com-l1-1-0

CoGetMalloc
PropVariantClear
StringFromCLSID
CoTaskMemAlloc
CoCancelCall
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoDisableCallCancellation
CoEnableCallCancellation
CoCreateInstance
PropVariantCopy
CoGetApartmentType
CoGetStandardMarshal
CoTaskMemRealloc

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualQuery
MapViewOfFileEx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalReAlloc
LocalAlloc

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-com-private-l1-1-0

CoRevokeInitializeSpy
CoRegisterInitializeSpy

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

ntdll

RtlQueryWnfStateData
RtlNtStatusToDosError

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 444KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApplicationTargetedFeatureDatabase.dll
.dll windows:10 windows x64 arch:x64

bcb4eeb99a27232aece7058e31c26188

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ApplicationTargetedFeatureDatabase.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_abort
_o_free
_o_iswspace
_o_malloc
_o_qsort
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstoul
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
wcschr
wcsrchr
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
wcsstr

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsspn
memset
strncmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleW
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
OpenSemaphoreW
ReleaseSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCompareMemory
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-file-l1-1-0

GetDriveTypeW
FindNextFileW
FindClose
FindFirstFileW
GetLongPathNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

ntdll

NtWriteFile
ZwQueryKey
RtlUnicodeStringToInteger
ZwOpenKey
RtlCopyUnicodeString
RtlUpcaseUnicodeString
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwClose
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlReAllocateHeap
RtlFreeUnicodeString
NtClose
ZwOpenFile
ZwEnumerateKey
RtlFormatCurrentUserKeyPath
ZwQueryInformationFile
ZwCreateSection
ZwQueryInformationProcess
ZwSetInformationProcess
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwQueryDirectoryFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
RtlGUIDFromString
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
NtQueryValueKey
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlAllocateHeap
ZwQuerySystemInformation
RtlGetVersion
RtlRunOnceExecuteOnce
RtlFreeHeap
NtQueryInformationFile
ZwCreateFile
RtlDosPathNameToNtPathName_U_WithStatus
ZwEnumerateValueKey

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

oleaut32

SysStringLen
SetErrorInfo
SysAllocString
GetErrorInfo
SysFreeString

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSManHTTPConfig.exe
.exe windows:10 windows x64 arch:x64

031182968584c829b86d19eb15364008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WSManHTTPConfig.pdb

Imports

msvcrt

_unlock
_lock
??1type_info@@UEAA@XZ
__iob_func
__dllonexit
_onexit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_wcsicmp
fwprintf
__CxxFrameHandler4
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags

oleaut32

SysFreeString
SysAllocString

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

wsmsvc

UninstallMigration
RemovePluginXmlNewAttrForThresholdOrGreater
??1CErrorContext@@UEAA@XZ
??0CErrorContext@@QEAA@_N@Z
??1OnHTTPInitialize@@QEAA@XZ
??0OnHTTPInitialize@@QEAA@XZ
?GetErrorCode@CErrorContext@@UEBAKXZ
??1?$AutoDeleteVector@E@@QEAA@XZ
??0?$AutoDeleteVector@E@@QEAA@XZ
HandleMigration
MoveSettingsToMigrationKey
WSManError
??1CWSManCriticalSection@@QEAA@XZ
?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z
?Free@WSManMemory@@SAXPEAXH@Z
??4?$AutoDeleteVector@E@@QEAAAEAV0@PEAE@Z

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QEBAKXZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WSReset.exe
.exe windows:10 windows x64 arch:x64

1fc4cb53a2206655892168907d8c326b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WSReset.pdb

Imports

advapi32

EventUnregister
EventRegister
EventWrite
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey

kernel32

HeapFree
HeapAlloc
GetProcessHeap
FindFirstFileW
CreateEventExW
FindNextFileW
GetModuleHandleExW
RemoveDirectoryW
FindClose
GetLastError
SetEvent
DeleteFileW
CloseHandle
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

msvcrt

_amsg_exit
exit
_exit
wcsrchr
__set_app_type
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
__CxxFrameHandler3
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
printf
_purecall
system
_wcsicmp
_vsnwprintf
__wgetmainargs
_cexit
memset

ole32

CoWaitForMultipleHandles
CoTaskMemFree
CoCreateFreeThreadedMarshaler

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoInitialize

shell32

ShellExecuteExW
SHGetKnownFolderPath

wevtapi

EvtClearLog

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WUDFCompanionHost.exe
.exe windows:10 windows x64 arch:x64

e4735dcee461268895e8fbe34d25309f

Code Sign

33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2023, 19:22

Not After

15/12/2023, 19:22

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:5d:f9:a5:16:f5:73:88:b6:0d:b0:85:67:5d:a3:34:ff:00:de:20:8b:42:43:a3:04:a4:a5:d8:65:55:78:ab
Signer

Actual PE Digest

26:5d:f9:a5:16:f5:73:88:b6:0d:b0:85:67:5d:a3:34:ff:00:de:20:8b:42:43:a3:04:a4:a5:d8:65:55:78:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WUDFCompanionHost.pdb

Imports

api-ms-win-core-crt-l1-1-0

__C_specific_handler
wcsstr
memcpy
_wcsicmp
wcstoul
_wcsnicmp
_wcslwr_s
wcscspn
iswdigit
iswalnum
_vsnwprintf_s
memset
wcsncmp

api-ms-win-core-crt-l2-1-0

exit
_initterm_e
_purecall
wprintf
__dllonexit3
__wgetmainargs
_onexit
_initterm

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
GetProcessHeap
HeapAlloc

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemInfo
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMinimum
WaitForThreadpoolWaitCallbacks
CreateThreadpoolCleanupGroup
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
CloseThreadpool

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateWaitableTimerExW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
ReleaseSRWLockExclusive
WaitForSingleObject
CreateEventW
AcquireSRWLockExclusive
CancelWaitableTimer
ReleaseSemaphore
TryEnterCriticalSection
ResetEvent
EnterCriticalSection
SetEvent
CreateSemaphoreExW
LeaveCriticalSection

api-ms-win-core-file-l1-1-0

GetFullPathNameW
GetLongPathNameW
WriteFile
GetFileSizeEx
CreateFileW
DeleteFileW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualQuery
MapViewOfFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
GetCurrentProcessId
CreateThread
TerminateProcess
GetCurrentThreadId
TlsAlloc
GetProcessId
GetCurrentProcess
TlsFree

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

RtlInitUnicodeString
DbgPrintEx
RtlNtStatusToDosError
AlpcGetMessageAttribute
NtCreateDirectoryObject
NtClose
NtAlpcDeletePortSection
NtAlpcDeleteResourceReserve
NtAlpcConnectPort
NtAlpcCancelMessage
NtAlpcCreateResourceReserve
NtAlpcCreateSectionView
RtlVerifyVersionInfo
NtAlpcCreateSecurityContext
NtAlpcDeleteSectionView
NtAlpcAcceptConnectPort
AlpcInitializeMessageAttribute
NtAlpcCreatePort
NtAlpcDeleteSecurityContext
NtAlpcSetInformation
NtAlpcDisconnectPort
NtAlpcSendWaitReceivePort
NtAlpcCreatePortSection
DbgBreakPoint
NtQuerySystemInformation
vDbgPrintEx
LdrEnumerateLoadedModules
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateServiceSid
NtAlpcImpersonateClientOfPort

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Exports

Exports

Microsoft_WDF_UMDF_Version
__ImagePolicyMetadata

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tPolicy
Size: 4KB - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WUDFHost.exe
.exe windows:10 windows x64 arch:x64

fbb1e8290f0b168cec3d026f11d7e449

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WUDFHost.pdb

Imports

api-ms-win-core-crt-l1-1-0

wcsrchr
wcscat_s
_vsnprintf_s
wcsstr
wcsncpy_s
wcscpy_s
__C_specific_handler
_vsnwprintf_s
_wcsicmp
memcpy
memset
wcstoul
_wcsnicmp
wcsncmp

api-ms-win-core-crt-l2-1-0

__wgetmainargs
_purecall
exit
_initterm_e
_initterm
__dllonexit3
_onexit

ntdll

RtlInitUnicodeString
DbgPrintEx
RtlSetIoCompletionCallback
VerSetConditionMask
RtlVerifyVersionInfo
NtQueryInformationFile
RtlNtStatusToDosError
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSetInformationFile

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
UnregisterTraceGuids

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsGetValue
TerminateProcess
CreateThread
TlsFree
GetCurrentThread
TlsAlloc
GetCurrentThreadId
TlsSetValue
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryW
GetTickCount

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CLSIDFromString

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
CreateEventW
EnterCriticalSection
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
WaitForMultipleObjectsEx

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
SetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryExW
LoadLibraryExA

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWait
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CloseThreadpool
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolWait

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
GetFileSizeEx
WriteFile
FlushFileBuffers

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

wudfplatform

WudfWaitForDebugger
WudfDebugBreakPoint
WudfIsUserDebuggerPresent
GetAndInitializePlatformObject
InitializePlatformLibrary
WdfGetLpcInterface
SetPlatformErrorReportingCallbacks
ShutdownPlatformLibrary
WudfIsKernelDebuggerPresent

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WWAHost.exe
.exe windows:10 windows x64 arch:x64

e519beed39f596dd72563b6c3346d9c1

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:bc:4e:23:55:36:af:68:ba:cd:c5:5d:26:17:50:e6:f1:ce:5e:0d:66:02:8c:59:0f:d0:a9:ae:22:2d:d0:4e
Signer

Actual PE Digest

d6:bc:4e:23:55:36:af:68:ba:cd:c5:5d:26:17:50:e6:f1:ce:5e:0d:66:02:8c:59:0f:d0:a9:ae:22:2d:d0:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WWAHost.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
_amsg_exit
??1type_info@@UEAA@XZ
wcsstr
realloc
wcschr
__setusermatherr
free
_initterm
__C_specific_handler
_unlock
??1exception@@UEAA@XZ
memmove_s
__CxxFrameHandler4
strchr
_wcsicmp
wcsncmp
_purecall
__set_app_type
_cexit
_vsnprintf_s
memcpy
memmove
_fmode
__getmainargs
_itow_s
_CxxThrowException
malloc
floorf
_commode
_lock
__dllonexit
_vsnwprintf
_onexit
exit
memcmp
memcpy_s
?terminate@@YAXXZ
_exit
memset
wcscmp

api-ms-win-appmodel-runtime-internal-l1-1-0

GetCurrentPackageApplicationContext
GetCurrentPackageContext
GetPackageApplicationPropertyString
GetPackagePropertyString
GetPackageOSMaxVersionTested
GetPackageProperty

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpICW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
LoadStringW
GetModuleHandleExA
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
GetProcAddress

api-ms-win-core-synch-l1-1-0

SleepEx
ReleaseMutex
ResetEvent
WaitForSingleObject
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForMultipleObjectsEx
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSemaphore
CreateEventExW
OpenSemaphoreW
AcquireSRWLockExclusive
CreateEventW
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSection
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
ExitProcess
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThread
OpenProcessToken
GetCurrentThreadId
GetProcessTimes

api-ms-win-core-localization-l1-2-0

FormatMessageW
SetThreadPreferredUILanguages

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-path-l1-1-0

PathCchCombineEx

api-ms-win-core-file-l1-1-0

GetFileAttributesW
CreateFileW
WriteFile
FindFirstFileW
FindClose
GetFileSizeEx

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

profapi

ord104

api-ms-win-shcore-scaling-l1-1-1

ord244

combase

ord86
ord87
ord90
ord157
ord160
ord111
ord110
ord88

iertutil

ord177
ord797
CreateUri
ord792
CreateIUriBuilder
ord174

shcore

ord246
ord232
ord230
ord233
SHCreateMemStream
ord245

ntdll

NtQueryInformationToken
RtlInitUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlCompareUnicodeString
RtlGetVersion
NtQuerySystemInformation
RtlFreeHeap
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlConvertSidToUnicodeString
RtlIsCriticalSectionLockedByThread
RtlLeaveCriticalSection
RtlIsCriticalSectionLocked
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlQueryPackageClaims
NtSetInformationProcess

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-ro-typeresolution-l1-1-0

RoGetMetaDataFile
RoResolveNamespace

api-ms-win-security-capability-l1-1-0

CapabilityCheck

Sections

.text
Size: 688KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XblGameSaveTask.exe
.exe windows:10 windows x64 arch:x64

8500995099f1fff234c29b2797de4d9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

XblGameSaveTask.pdb

Imports

msvcrt

_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
_lock
_unlock
??0exception@@QEAA@AEBQEBDH@Z
?terminate@@YAXXZ
_fmode
malloc
_commode
__dllonexit
?what@exception@@UEBAPEBDXZ
_onexit
wprintf
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_initterm
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
memcpy_s
_vsnwprintf
__setusermatherr
__CxxFrameHandler4
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
ReleaseSemaphore
WaitForSingleObject
CreateMutexExW
CreateSemaphoreExW
ReleaseMutex
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
I_RpcExceptionFilter

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

ntdll

RtlIsMultiSessionSku

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadWamExtension.dll
.dll windows:10 windows x64 arch:x64

ab939286ce5cb298f3c4aeb4e33080b9

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:8a:d7:7c:83:7f:ea:09:70:b3:ec:83:5a:6f:48:79:3d:c1:2f:ed:d2:c6:e7:9a:fb:86:5e:ed:62:3c:7f:ae
Signer

Actual PE Digest

ad:8a:d7:7c:83:7f:ea:09:70:b3:ec:83:5a:6f:48:79:3d:c1:2f:ed:d2:c6:e7:9a:fb:86:5e:ed:62:3c:7f:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadWamExtension.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o__wtof
_o_free
_o_isalpha
_o_isdigit
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_realloc
_o_strtol
_o_terminate
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
wcscmp
memset

api-ms-win-core-libraryloader-l1-2-0

LockResource
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
FindResourceExW
GetModuleHandleExW
SizeofResource
GetProcAddress
LoadResource

api-ms-win-core-synch-l1-1-0

CreateMutexExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
ReleaseMutex
InitializeSRWLock
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
CreateSemaphoreExW
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapAlloc
HeapDestroy
HeapFree
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

sspicli

LsaConnectUntrusted
LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

crypt32

CertDuplicateCertificateContext
CryptStringToBinaryW
CertFindExtension
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptDecodeObjectEx
CryptBinaryToStringW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegUnLoadKeyW
RegCloseKey
RegLoadKeyW
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

rpcrt4

UuidCreate

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

ntdll

RtlNtStatusToDosError
RtlInitString
RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader

msvcp_win

?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadauthhelper.dll
.dll windows:10 windows x64 arch:x64

d04f42948845ecaafdb48df604d9de10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AADAuthHelper.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mbsinc
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__wcserror
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wtof
_o__wtoi
_o_calloc
_o_free
_o_isalpha
_o_isdigit
_o_iswspace
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_strtol
_o_wcscpy_s
_o_wcsncpy_s
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__endthreadex
_o__crt_atexit
_o__configure_narrow_argv
__CxxFrameHandler3
wcsrchr
wcsstr
wcschr
_o__cexit
_o__beginthreadex
_o__beginthread
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscspn
wcspbrk
wcsspn
wcsnlen
memmove_s
wcsncmp
memset
wcscmp

api-ms-win-security-cryptoapi-l1-1-0

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventActivityIdControl
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
SetThreadStackGuarantee

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

LoadResource
FindResourceExW
GetProcAddress
GetModuleHandleExW
LockResource
SizeofResource
GetModuleHandleW
GetModuleFileNameA

ntdll

RtlInitString
NtQueryWnfStateData
RtlGetPersistedStateLocation
RtlNtStatusToDosError
RtlAllocateHeap
RtlImageNtHeader
RtlGetVersion
RtlPublishWnfStateData
RtlFreeHeap

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
MultiByteToWideChar

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
Sleep

wkscli

NetGetJoinInformation

api-ms-win-security-lsalookup-l1-1-0

LookupAccountNameLocalW

netutils

NetApiBufferFree

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegCloseKey
RegEnumKeyExW
RegOpenCurrentUser
RegFlushKey
RegUnLoadKeyW
RegCreateKeyExW
RegSetValueExW
RegLoadKeyW
RegDeleteValueW
RegQueryInfoKeyW

rpcrt4

NdrMesTypeEncode3
MesBufferHandleReset
UuidCreate
RpcStringFreeW
UuidToStringW
MesEncodeFixedBufferHandleCreate
MesHandleFree
NdrMesTypeAlignSize3
UuidIsNil
UuidFromStringW

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
InitializeCriticalSectionEx
WaitForSingleObjectEx
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
SetEvent
DeleteCriticalSection
CreateEventW
ReleaseSemaphore

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc
HeapSize

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrNW
StrStrIW
StrRStrIW

wldap32

ord73
ord203
ord46
ord88
ord18
ord26
ord224
ord14
ord140
ord145
ord97
ord16
ord41

cryptngc

NgcGetSymmetricPopKeyTransportKey

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CloseFidoAuthenticationSession
CreateAuthBuffer
CreateResourceAccountAuthBuffer
CreateTokenAuthBuffer
CreateTokenAuthBufferEx
GetFidoAuthenticationSessionStatus
GetSerializedAuthBuffer
StartChangingFidoPin
StartFidoAuthenticationSession
StartSigningFidoClientData

Sections

.text
Size: 268KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadcloudap.dll
.dll regsvr32 windows:10 windows x64 arch:x64

a8ff7829bd1c31f64530939ec9db6090

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadCloudAP.pdb

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcspbrk
wcscmp
wcsnlen
memset
memmove_s
wcsncmp
wcscspn
wcsspn

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__mbsinc
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__wcserror
_o__wcsicmp
_o__wcslwr
_o__wcslwr_s
_o__wcsnicmp
_o__wcsupr_s
_o__wtof
_o__wtoi
_o__wtol
_o_calloc
_o_free
_o_isalpha
_o_isdigit
_o_iswspace
_o_isxdigit
_o_malloc
_o_memcpy_s
_o_rand
_o_strtol
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
wcsrchr
_o__execute_onexit_table
_o__errno
_o__difftime64
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
wcsstr
wcschr
_o___stdio_common_vswprintf_s
_o__wcsicoll
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LockResource
FindResourceExW
GetProcAddress
SizeofResource
LoadResource
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-heap-l1-1-0

HeapDestroy
HeapReAlloc
HeapSize
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
OpenSemaphoreW
ResetEvent
CreateSemaphoreExW
CreateMutexExW
SetEvent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
WideCharToMultiByte

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
SetThreadToken

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-com-l1-1-0

StringFromGUID2

rpcrt4

UuidCreate
UuidIsNil
UuidToStringW
NdrMesTypeFree3
NdrMesTypeEncode3
NdrMesTypeDecode3
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize3
UuidFromStringW
RpcStringFreeW
MesEncodeFixedBufferHandleCreate
MesHandleFree
MesBufferHandleReset

api-ms-win-security-base-l1-1-0

GetSidIdentifierAuthority
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
FreeSid
SetSecurityDescriptorControl
AllocateAndInitializeSid
EqualSid
InitializeSecurityDescriptor
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
ImpersonateLoggedOnUser
RevertToSelf
CheckTokenMembership

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
Sleep
InitOnceComplete

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegUnLoadKeyW
RegCloseKey
RegEnumKeyExW
RegLoadKeyW
RegFlushKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegOpenCurrentUser
RegSetValueExW
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

ntdll

RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlLengthRequiredSid
RtlImageNtHeader
RtlEqualSid
RtlCopySid
RtlLengthSid
RtlInitializeSid
NtQueryWnfStateData
RtlAllocateHeap
NtAllocateLocallyUniqueId
NtOpenThreadToken
NtClose
RtlInitString
RtlIsMultiSessionSku
RtlPublishWnfStateData
RtlFreeHeap
RtlGetPersistedStateLocation
RtlGetDeviceFamilyInfoEnum
NtQueryInformationToken
RtlGetVersion

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrNW
StrStrIW
StrRStrIW

msvcp_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CloudAPPluginInitialize
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 616KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadjcsp.dll
.dll windows:10 windows x64 arch:x64

ebbdb89ebaecd81022745fc46b001635

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AADJCSP.pdb

Imports

msvcp110_win

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z

msvcrt

memmove
memcpy
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__CxxFrameHandler3
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnprintf_s
memset
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_CxxThrowException
_purecall
??3@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_wcsicmp

aadtb

AADTBAcquireTokenEx
AADTBFreeString

dsreg

DsrIsDeviceJoined

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleExA
GetProcAddress
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

SetEvent
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObject
CreateEventA
ResetEvent
CreateMutexExW
ReleaseSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventRegister
EventUnregister

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

wkscli

NetGetJoinInformation

iphlpapi

CancelMibChangeNotify2
GetNetworkConnectivityHint
NotifyNetworkConnectivityHintChange

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetMalloc
CoCreateInstance
CoTaskMemFree

netutils

NetApiBufferFree

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlGetDeviceFamilyInfoEnum

Exports

Exports

DllGetClassObject

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aadtb.dll
.dll windows:10 windows x64 arch:x64

2c625e95376c75e227cc998ce2255abd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aadtb.pdb

Imports

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
RtlImageNtHeader

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
DeleteCriticalSection
SetEvent
LeaveCriticalSection
ResetEvent
InitializeCriticalSectionEx
CreateEventExW
ReleaseMutex
CreateMutexExW
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventRegister
EventActivityIdControl
EventWriteTransfer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
GetProcessHeap
HeapSize
HeapFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
CreateProcessW
TerminateProcess
SetThreadStackGuarantee
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceComplete
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceExecuteOnce

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetLengthSid
GetTokenInformation
DuplicateTokenEx
CopySid

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegDeleteTreeW
RegCreateKeyExW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

msvcrt

__ExceptionPtrCopyException
clock
__ExceptionPtrAssign
__ExceptionPtrToBool
_wtol
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
__CxxFrameHandler3
memset
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
realloc
wcslen
__RTtypeid
?name@type_info@@QEBAPEBDXZ
difftime
??2@YAPEAX_KHPEBDH@Z
wcschr
wcsnlen
__ExceptionPtrRethrow
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_wcsicmp
_wcsupr_s
??_V@YAXPEAX@Z
wcsstr
?terminate@@YAXXZ
__ExceptionPtrCreate
__ExceptionPtrCurrentException
__ExceptionPtrCopy
__ExceptionPtrDestroy
_wcsnicmp
_vsnprintf_s
_purecall
_vscwprintf
vswprintf_s
memcpy_s
memmove_s
_vsnwprintf
_wcsdup
wcsncmp
_wcsicoll
wcsspn
wcscspn
time
free
__C_specific_handler
iswspace
wcspbrk
__CxxFrameHandler4
_wcslwr_s
??3@YAXPEAX@Z
wcsrchr
memcmp
swprintf_s
_callnewh
memcpy
memmove
_vsnprintf
wcscat_s
wcsncpy_s
_gmtime64_s
wcsftime
malloc
__RTDynamicCast

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AADTBAcquireToken
AADTBAcquireTokenEx
AADTBFreeString
AADTBFreeStruct
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1012KB - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
accessibilitycpl.dll
.dll regsvr32 windows:10 windows x64 arch:x64

97e45f403ebe81e6f5dd9bf911502f62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AccessibilityCpl.pdb

Imports

msvcrt

__CxxFrameHandler4
wcsrchr
wcsspn
_ltow_s
wcscspn
?terminate@@YAXXZ
__CxxFrameHandler3
memcpy
memcmp
_vsnwprintf
_wcslwr_s
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
calloc
wcsstr
_wcsicmp
__C_specific_handler
malloc
free
vswprintf_s
_vscwprintf
memmove_s
_itow_s
memcpy_s
_wtoi
wcschr
??1type_info@@UEAA@XZ
wcscmp

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
FindResourceExW
FreeLibrary
LockResource
LoadResource
GetModuleHandleW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
SetLastError

oleaut32

VariantClear
SysAllocString

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegCloseKey
RegLoadMUIStringW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
EnterCriticalSection
InitializeCriticalSection
ReleaseSemaphore
ReleaseMutex
CreateMutexExW
WaitForSingleObjectEx
WaitForSingleObject
OpenSemaphoreW
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

ntdll

EtwEventWriteTransfer
EtwLogTraceEvent
WinSqmAddToStream
WinSqmIncrementDWORD
WinSqmSetDWORD
WinSqmIsOptedIn

kernel32

GetFileAttributesW
DeleteFileW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
InitializeCriticalSectionEx
CreateThreadpoolTimer
CompareStringOrdinal
LoadLibraryExW
OpenMutexW
OpenJobObjectW
IsProcessInJob
OOBEComplete
GetThreadUILanguage
DeleteProcThreadAttributeList
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
GetModuleFileNameW
LocalAlloc
GetProcessMitigationPolicy
GetAtomNameW
GlobalLock
GlobalUnlock
CreateProcessW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
K32EnumProcesses
ProcessIdToSessionId
OpenProcess
K32EnumProcessModules
K32GetModuleBaseNameW
LocalFree

shlwapi

ord156
ord618
ord24
ord514
SHStrDupW
ord204
ord174
ord278
ord158
ord199
ord219
ord172
ord437
ord176
ord256

shell32

SHGetStockIconInfo
SHBindToObject
SHParseDisplayName
ord25
ord18
ord155
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemAlloc
CoGetObject

user32

GetFocus
DestroyIcon
SendInput
SendMessageW
GetWindowLongPtrW
DefWindowProcW
KillTimer
SetTimer
DestroyWindow
SystemParametersInfoW
SetDesktopColorTransform
SendNotifyMessageW
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
GetShellWindow
GetKeyState
UnregisterClassA

dui70

?Click@Button@DirectUI@@SA?AVUID@@XZ
?ForceThemeChange@XProvider@DirectUI@@UEAAJ_K_J@Z
?GetHostedElementID@XProvider@DirectUI@@UEAAJPEAG@Z
?FindElementWithShortcutAndDoDefaultAction@XProvider@DirectUI@@UEAAHGH@Z
?CanSetFocus@XProvider@DirectUI@@UEAAJPEA_N@Z
?Navigate@XProvider@DirectUI@@UEAAJHPEA_N@Z
?SetFocus@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?IsDescendent@XProvider@DirectUI@@UEAAJPEAVElement@2@PEA_N@Z
?GetDesiredSize@XProvider@DirectUI@@UEAAJHHPEAUtagSIZE@@@Z
?SetParameter@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAX@Z
?AddRef@XProvider@DirectUI@@UEAAKXZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?SetDefaultButtonTracking@XProvider@DirectUI@@UEAAJ_N@Z
?SetHandleEnterKey@XProvider@DirectUI@@IEAAX_N@Z
?CreateDUI@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAPEAUHWND__@@@Z
?GetRoot@XProvider@DirectUI@@IEAAPEAVElement@2@XZ
?Initialize@XProvider@DirectUI@@QEAAJPEAVElement@2@PEAVIXProviderCP@2@@Z
?Create@XResourceProvider@DirectUI@@SAJPEAUHINSTANCE__@@PEBG11PEAPEAV12@@Z
?QueryInterface@XProvider@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1XProvider@DirectUI@@UEAA@XZ
??0XProvider@DirectUI@@QEAA@XZ
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetClassInfoPtr@Element@DirectUI@@SAPEAUIClassInfo@2@XZ
?Register@Element@DirectUI@@SAJXZ
?GetAtomZero@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@PEBUPropertyInfo@2@HPEAUUpdateCache@2@@Z
?GetStringNull@Value@DirectUI@@SAPEAV12@XZ
?SetRegisteredDefaultButton@XProvider@DirectUI@@UEAAJPEAVElement@2@@Z
?SetButtonClassAcceptsEnterKey@XProvider@DirectUI@@UEAAJ_N@Z
?CreateXBaby@XProvider@DirectUI@@UEAAJPEAVIXElementCP@2@PEAUHWND__@@PEAVElement@2@PEAKPEAPEAUIXBaby@2@@Z
InitProcessPriv
?GetString@Value@DirectUI@@QEAAPEBGXZ
?GetUnset@Value@DirectUI@@SAPEAV12@XZ
?GetValue@Element@DirectUI@@QEAAPEAVValue@2@P6APEBUPropertyInfo@2@XZHPEAUUpdateCache@2@@Z
?CustomProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetClassInfoPtr@TouchSwitch@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetOnText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetOffText@TouchSwitch@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?GetToggleValue@TouchSwitch@DirectUI@@QEAAHXZ
?SliderUpdated@TouchSlider@DirectUI@@SA?AVUID@@XZ
?RemoveListener@Element@DirectUI@@QEAAXPEAUIElementListener@2@@Z
?AddListener@Element@DirectUI@@QEAAJPEAUIElementListener@2@@Z
?BackgroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?ForegroundProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
??1IDataEngine@DirectUI@@UEAA@XZ
??0IDataEngine@DirectUI@@QEAA@XZ
??1IDataEntry@DirectUI@@UEAA@XZ
??0IDataEntry@DirectUI@@QEAA@XZ
?GetClass@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetActive@Element@DirectUI@@QEAAJH@Z
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@Element@DirectUI@@UEAA_NXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?GetAccessibleImpl@Element@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?OnUnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?OnHosted@Element@DirectUI@@MEAAXPEAV12@@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?MessageCallback@Element@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?SetKeyFocus@Element@DirectUI@@UEAAXXZ
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Paint@Element@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?OnDestroy@Element@DirectUI@@UEAAXXZ
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnEvent@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
??1Element@DirectUI@@UEAA@XZ
??0Element@DirectUI@@QEAA@XZ
?Initialize@Element@DirectUI@@QEAAJIPEAV12@PEAK@Z
?Release@Value@DirectUI@@QEAAXXZ
?GetParent@Element@DirectUI@@QEAAPEAV12@XZ
?GetVisible@Element@DirectUI@@QEAA_NXZ
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?GetID@Element@DirectUI@@QEAAGXZ
?GetSelected@Element@DirectUI@@QEAA_NXZ
?GetEnabled@Element@DirectUI@@QEAA_NXZ
?SetWidth@Element@DirectUI@@QEAAJH@Z
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?SetAccessible@Element@DirectUI@@QEAAJ_N@Z
?SetShortcut@Element@DirectUI@@QEAAJH@Z
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?SetSelection@Combobox@DirectUI@@QEAAJH@Z
?SetNotifyHandler@CCBase@DirectUI@@QEAAXP6AHI_K_JPEA_JPEAX@Z3@Z
?Init@NavReference@DirectUI@@QEAAXPEAVElement@2@PEAUtagRECT@@@Z
?GetAtom@Value@DirectUI@@QEAAGXZ
GetElementDataEntry
?SetDataEngine@Repeater@DirectUI@@QEAAXPEAUIDataEngine@2@@Z
?AddString@Combobox@DirectUI@@QEAAHPEBG@Z
?SelectionChange@Combobox@DirectUI@@SA?AVUID@@XZ
StrToID
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
?GetClassInfoPtr@ScrollViewer@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCTrackBar@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCSysLink@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCCheckBox@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Combobox@DirectUI@@SAPEAUIClassInfo@2@XZ
?ClickDefaultButton@XProvider@DirectUI@@UEAAHXZ
InitThread
UnInitProcessPriv
UnInitThread

dwmapi

DwmIsCompositionEnabled

sspicli

GetUserNameExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
accountaccessor.dll
.dll windows:10 windows x64 arch:x64

7081b58efaaf078692ace5bb377fc391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AccountAccessor.pdb

Imports

msvcrt

memset
_onexit
__dllonexit
__CxxFrameHandler3
_stricmp
_wcsicmp
wcschr
wcsstr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_strnicmp
__C_specific_handler
memcpy_s
iswspace
_wcsnicmp
memcpy
_vsnwprintf
realloc
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
RtlReportException

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenThreadToken
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

SafeArrayGetDim
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserUnmarshal64
VariantInit
BSTR_UserFree
VariantCopy
VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
SafeArrayUnlock
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SafeArrayGetElemsize
SafeArrayDestroy
SystemTimeToVariantTime
VarCmp
BSTR_UserSize
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayLock

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation

api-ms-win-core-synch-l1-2-0

InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
InitOnceBeginInitialize

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegGetValueW
RegOpenKeyExW
RegFlushKey
RegCloseKey

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

syncutil

ord125
AcquireDataStoreLock
ord38
ord95
GetDefaultDeviceType
ord111
GetAuthCertHash
DeleteAuthCertHash
ord255
ord23
ord3
ord40
ord108
ord119
ord118
ord71
ord475
ord112
ord135
SetAuthCertHash
ord134
ord133
InitializeMsaStore
ord132
ord130
ord131
WriteOAuthRefreshTokenForPartnership
DeleteOAuthRefreshTokenForPartnership
ord24
ord21
ord28
ord17
ord122
ord4
ord10
CoCreateInstanceElevated
ord31
ord242
ord290
ord39
ord94
ord257
ord74
ord1
ord93
ord308
DoesServerSupportAutoMoveSentItem
ord121
ord120
ord307
ReleaseDataStoreLock
DeletePwd
ord109
ord29
SetDefaultStoreDirty
ord26
MarkUserDataAccountAsHidden
ord87
ord25
ord296
GetGoldenPartnershipId
ord27
ord470
ord2
TryGetDefaultSignInAccountInfo

mccsengineshared

GetAccountDomainForAccountAccessor
GetDomainNamesForEmailSyncList
IsDomainInDelimitedList

pimstore

GetPartnerGUID

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcSsDestroyClientContext
RpcExceptionFilter
NdrClientCall3
RpcBindingFree

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
GetTokenInformation

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
DisassociateCurrentThreadFromCallback
CreateThreadpoolWait
SetThreadpoolWait

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CreateDefaultWindowsLiveAccount
DllCanUnloadNow
DllGetClassObject
FindMatchingPartnership
GetConversationSyncDateFilter
GetConversationSyncEnabled
GetUnifiedInboxEnabled
GetUnifiedInboxServerValue
IsExtendedConversationSyncDateFiltersSupported
LoadGoldenPartnershipAccessor
SetConversationSyncDateFilter
SetConversationSyncEnabled
SetUnifiedInboxEnabled
UnenrollAndMarkAccountForDeletion
UpdateGoogleAccountConversationFlags
UpdateGoogleAccountServerSendsMeetingProp
UpdateWebDavAccountProperties

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acledit.dll
.dll windows:10 windows x64 arch:x64

02f6fc922b46bf9b846109dcfb249d30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acledit.pdb

Imports

msvcrt

_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memset

user32

LoadStringW
MessageBoxW

kernel32

Sleep
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
TerminateProcess

Exports

Exports

DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aclui.dll
.dll windows:10 windows x64 arch:x64

59f7455356c01233afa6827d58cb51ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aclui.pdb

Imports

msvcrt

wcstok_s
_wcsnicmp
_wcstoui64
_CxxThrowException
_vsnwprintf
memcpy_s
??1exception@@UEAA@XZ
__RTDynamicCast
floor
memcmp
_wcstoi64
memmove
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
free
wcsnlen
wcschr
memmove_s
_itow_s
wcsncmp
?what@exception@@UEBAPEBDXZ
memcpy
??0exception@@QEAA@AEBQEBDH@Z
wcspbrk
wcsspn
wcscspn
iswspace
wcscpy_s
malloc
__C_specific_handler
wcsrchr
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
__CxxFrameHandler4
__CxxFrameHandler3
_errno
realloc
memset
??0exception@@QEAA@AEBQEBD@Z
wcscmp

shell32

ord258
ord259
ord6

shlwapi

StrChrW
ord219
ord165
PathAppendW
ord12
ord628
StrRChrW

advapi32

GetSecurityDescriptorControl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
EventWrite
EqualPrefixSid
AllocateAndInitializeSid
EqualSid
ConvertSidToStringSidW
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
LsaGetAppliedCAPIDs
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
IsWellKnownSid
LookupAccountSidW
DeleteAce
LookupAccountNameW
OpenProcessToken
GetSidSubAuthorityCount
LsaOpenPolicy
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddConditionalAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
AddAccessAllowedAce
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
CopySid
EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister
GetAce
LsaClose
LsaFreeMemory
IsValidSid
GetLengthSid
LsaQueryInformationPolicy

gdi32

CreateDIBSection
DeleteObject
SelectObject
CreateFontIndirectW
GetDeviceCaps
SetTextColor
SetBkColor
SetBkMode
GetObjectW
GetTextExtentPoint32W

kernel32

LoadLibraryExW
CreateThread
FreeLibrary
FreeLibraryAndExitThread
HeapReAlloc
GetCurrentProcess
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapSize
HeapDestroy
VirtualFree
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringA
lstrcmpW
FindResourceW
GetCurrentThread
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TlsGetValue
MulDiv
InitOnceExecuteOnce
EnterCriticalSection
LeaveCriticalSection
RaiseException
CompareStringW
CheckElevationEnabled
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetThreadpoolTimer
CreateThreadpoolTimer
DeleteCriticalSection
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
InitializeCriticalSection
TlsAlloc
TlsFree
LocalReAlloc

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlIsPackageSid
RtlRunOnceExecuteOnce
EtwTraceMessage
RtlGetSaclSecurityDescriptor
RtlNtStatusToDosErrorNoTeb
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid

ntdsapi

DsUnBindW
DsCrackNamesW
DsFreeNameResultW
DsBindWithSpnExW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysReAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData

user32

SystemParametersInfoW
MapDialogRect
GetWindowLongW
SetWindowLongW
UnregisterClassW
RegisterClassW
SetWindowPlacement
GetWindowPlacement
GetWindow
RegisterWindowMessageW
LoadImageW
GetAncestor
LoadIconW
GetWindowLongPtrW
GetClientRect
GetSystemMetrics
RedrawWindow
DialogBoxParamW
GetDC
ReleaseDC
SetWindowTextW
DestroyIcon
GetActiveWindow
EndDialog
PostMessageW
SetWindowLongPtrW
GetDlgCtrlID
GetParent
EnableWindow
SetDlgItemTextW
SetWindowPos
MapWindowPoints
GetWindowRect
ShowWindow
GetDlgItem
LoadCursorW
SetCursor
UnregisterClassA
DrawTextW
IsWindowVisible
MessageBoxW
RegisterClipboardFormatW
IsWindowEnabled
DefWindowProcW
GetScrollInfo
SetScrollPos
ScrollWindow
ClientToScreen
KillTimer
SetTimer
keybd_event
GetFocus
CreateWindowExW
EnumDisplaySettingsW
InvalidateRect
DrawFocusRect
FrameRect
SetFocus
SetScrollInfo
CallWindowProcW
OffsetRect
MoveWindow
ShowScrollBar
GetSysColorBrush
GetSysColor
GetDlgItemTextW
LoadStringW
DestroyWindow
SendMessageW
SendDlgItemMessageW
InflateRect

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditConditionalAceClaims
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acmigration.dll
.dll windows:10 windows x64 arch:x64

e35984eb5738b38ef3ddf9e25ca83dc3

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:52:13:9a:7c:0f:e2:e1:04:7d:76:0e:08:b4:a0:8c:0a:a0:15:f8:66:34:62:41:42:b9:aa:57:2d:6c:ac:4d
Signer

Actual PE Digest

ec:52:13:9a:7c:0f:e2:e1:04:7d:76:0e:08:b4:a0:8c:0a:a0:15:f8:66:34:62:41:42:b9:aa:57:2d:6c:ac:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acmigration.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
wcschr
wcsncpy_s
_wtoi
??_V@YAXPEAX@Z
calloc
_wcsicmp
_wcsnicmp
wcsncmp
wcscpy_s
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
towupper
wcsstr
swscanf_s
wcstod
_errno
fgetc
fputc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fwrite
fclose
strchr
realloc
swprintf_s
wcscat_s
_vsnprintf
wcstok_s
wcsrchr
iswspace
wcsspn
wcspbrk
iswalpha
strcpy_s
sprintf_s
strncmp
_wcslwr
__uncaught_exception
setlocale
__pctype_func
isupper
___lc_handle_func
___lc_codepage_func
islower
fseek
_wfsopen
___lc_collate_cp_func
___mb_cur_max_func
_ismbblead
memcmp
abort
memset
_wcsdup
__crtCompareStringW
__crtLCMapStringW
__crtLCMapStringA
_wsetlocale
memchr
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__CxxFrameHandler3
??3@YAXPEAX@Z
wcscmp

kernel32

GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ExpandEnvironmentStringsW
GetFileAttributesW
GetTickCount64
MultiByteToWideChar
LocalFree
GetSystemTime
WaitForSingleObject
LoadLibraryExW
FreeLibrary
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
CreatePipe
SetHandleInformation
CreateProcessW
ReadFile
CreateThread
DeleteFileW
LocalAlloc
CopyFileW
CreateDirectoryW
GetExitCodeProcess
WriteFile
HeapReAlloc
GetWindowsDirectoryW
MoveFileW
RtlCompareMemory
GetFileSizeEx
UnlockFileEx
LockFileEx
FlushFileBuffers
WaitForThreadpoolTimerCallbacks
SleepConditionVariableSRW
WakeAllConditionVariable
DecodePointer
EncodePointer
GetStringTypeW
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExA
VerSetConditionMask
RemoveDirectoryW
SetFilePointer
InitializeCriticalSection
SystemTimeToFileTime

ntdll

RtlDoesFileExists_U
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlGUIDFromString
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDeleteCriticalSection
RtlAllocateHeap
RtlEqualString
RtlEnterCriticalSection
RtlInitAnsiString
RtlMultiByteToUnicodeN
RtlInitializeCriticalSection
RtlFreeHeap
RtlLeaveCriticalSection
ZwClose
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
ZwOpenKey
ZwEnumerateKey
RtlInitUnicodeStringEx
ZwQueryValueKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateFile
ZwQueryInformationFile
ZwCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlUpcaseUnicodeChar
ZwUnmapViewOfSection
ZwMapViewOfSection
LdrResSearchResource
RtlVerifyVersionInfo
RtlImageDirectoryEntryToData
RtlGetNativeSystemInformation
ZwQuerySystemInformation
RtlRunOnceExecuteOnce
ZwEnumerateValueKey
RtlExpandEnvironmentStrings_U
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtOpenKey
NtDeleteKey
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtClose
NtQueryInformationFile
NtCreateFile

advapi32

IsWellKnownSid
RegDeleteKeyW
ConvertStringSidToSidW
RegOpenKeyW
RegSetKeyValueW
EventWriteTransfer
EventUnregister
EventRegister
RegDeleteTreeW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
ChangeServiceConfigW
RegSaveKeyW
RegRestoreKeyW
RegEnumKeyExW
StartServiceW
ControlService
RegCreateKeyExW
RegGetValueW
RegSetValueExW
CloseServiceHandle
QueryServiceConfigW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyW
RegOpenKeyExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetClassObject

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear

userenv

GetProfilesDirectoryW

shlwapi

PathRemoveFileSpecW
StrToInt64ExW
PathFindFileNameW
StrToIntExW

shell32

CommandLineToArgvW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Get_DevNode_Status
SetupDiSetDevicePropertyW
SetupGetInfDriverStoreLocationW
SetupDiGetDevicePropertyW
SetupDiGetDeviceInstanceIdW

newdev

DiInstallDevice

msi

MsiOpenDatabaseW
MsiCloseHandle
MsiGetProductInfoW
MsiViewExecute
MsiRecordGetStringW
MsiViewFetch
MsiDatabaseOpenViewW

Exports

Exports

AcmEngineApply
AcmEngineCollect
AcmEngineCreate
AcmEngineDelete
AcmEngineGenerateMigXml
AcmEngineGetCapabilityList
AcmEngineSetBaseWorkingDirectory
AcmMatchPluginExecute
ApplyMigrationShimsW

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acppage.dll
.dll windows:10 windows x64 arch:x64

933a8964155be2ea2e6c85c5283de581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acppage.pdb

Imports

msvcrt

sscanf_s
wcschr
wcsrchr
wcsncmp
wcscat_s
memset
_wcslwr
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
malloc
free
_wcsnicmp
wcsstr
_wcsupr
_wcsicmp
memmove_s
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler

ntdll

RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
RtlInitUnicodeStringEx
ZwQueryValueKey
ZwOpenKey
ZwQuerySystemInformation
ZwClose
ZwEnumerateKey
RtlReAllocateHeap
NtQuerySection
RtlNtStatusToDosError
NtCreateSection
RtlImageDirectoryEntryToData
RtlFreeHeap
RtlAllocateHeap
NtOpenThreadToken
NtClose
NtQueryInformationToken
NtOpenProcessToken
RtlIsPartialPlaceholder
RtlImageRvaToVa
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileTime
GetVersionExW
QueryActCtxW
ResolveDelayLoadedAPI
DelayLoadFailureHook
FreeLibrary
LoadLibraryExW
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
DisableThreadLibraryCalls
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
RaiseException
GetModuleFileNameW
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
FindFirstFileW
FindClose
lstrcmpiA
ReadFile
GetFileSizeEx
RegQueryValueExW
BasepGetExeArchType
ExpandEnvironmentStringsW
EncodePointer
RegOpenKeyExW
SetFilePointer
CreateFileW
GetSystemDirectoryW
UnmapViewOfFile
LoadLibraryW
DecodePointer
CheckElevationEnabled
LocalFree
RegCloseKey
CreateFileMappingW
MapViewOfFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
CreateThreadpoolTimer
ActivateActCtx

user32

LoadStringA
EnableWindow
GetParent
GetDlgItem
InsertMenuW
SetWindowLongPtrW
LoadStringW
DialogBoxParamW
SendMessageW
EndDialog
GetSystemMetrics
SetWindowTextW
GetWindowLongPtrW
SetDlgItemTextW
SendDlgItemMessageW
SetThreadDpiAwarenessContext
IsWindowEnabled

shlwapi

UrlEscapeW
PathFindExtensionW
ord176
StrCmpIW
PathFindFileNameW

advapi32

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHParseDisplayName
ord155
ShellExecuteW
SHGetNameFromIDList
SHChangeNotify
SHGetItemFromDataObject

ole32

HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoGetObject

rpcrt4

NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree

sfc

SfcIsFileProtected

apphelp

SdbFindFirstTag
SdbGetStringTagPtr
SdbTagRefToTagID
SdbQueryFlagMask
SdbReleaseDatabase
SdbGetPathSystemSdb
SdbGetMatchingExe
SdbFindNextTag
SdbInitDatabase

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetExeFromLnk

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
acproxy.dll
.dll windows:10 windows x64 arch:x64

eee13c6d596c6e9cdf034c605eafec01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

acproxy.pdb

Imports

msvcrt

malloc
_initterm
__C_specific_handler
_amsg_exit
_XcptFilter
free

ntdll

RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WinSqmIsOptedInEx
RtlAllocateHeap

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetDriveTypeW
FindNextVolumeW
ReadFile
FindFirstVolumeW
CreateFileW
Sleep
GetLastError
DeleteFileW
CloseHandle
FindVolumeClose

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ulib

??0DSTRING@@QEAA@XZ
??0FSTRING@@QEAA@XZ
?Resize@HMEM@@QEAAEKK@Z
?Acquire@HMEM@@UEAAPEAXKK@Z
?Initialize@HMEM@@QEAAEXZ
??1HMEM@@UEAA@XZ
??0HMEM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
?SPrintf@DSTRING@@UEAAEPEBGZZ
??1DSTRING@@UEAA@XZ
?UploadSqmFromFile@SQMEXPORT@@SAEPEAX@Z

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?CleanupBackingStore@WRITEVIEW_BACKINGSTORE@@SAEPEAVWSTRING@@@Z

Exports

Exports

PerformAutochkOperations

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
activeds.dll
.dll windows:10 windows x64 arch:x64

f9769bfa5983dfe04bf13b2189bef51b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

activeds.pdb

Imports

msvcrt

?terminate@@YAXXZ
wcscmp
memcmp
memcpy
malloc
memset
free
_initterm
wcstok
_amsg_exit
_XcptFilter
iswspace
_wcsnicmp
_snwprintf_s
memcpy_s
wcschr
wcscpy_s
swscanf_s
wcscat_s
swprintf_s
_wcsicmp
wcsncpy_s
__C_specific_handler
__CxxFrameHandler4

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetUserDefaultLCID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegGetKeySecurity
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegSetKeySecurity

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

ntdll

RtlNtStatusToDosError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

adsldpc

FreeADsMem
AllocADsMem
AllocADsStr
ConvertU2TrusteeToSid
LdapCrackUserDNtoNTLMUser2
ConvertSidToString
ConvertSidToU2Trustee
GetServerAndPort
GetDomainDNSNameForDomain
ADsGetLastError
ADsSetLastError
ReallocADsMem
FreeADsStr

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

ADsBuildEnumerator
ADsBuildVarArrayInt
ADsBuildVarArrayStr
ADsDecodeBinaryData
ADsEncodeBinaryData
ADsEnumerateNext
ADsFreeEnumerator
ADsGetLastError
ADsGetObject
ADsOpenObject
ADsSetLastError
AdsFreeAdsValues
AdsTypeToPropVariant
AdsTypeToPropVariant2
AllocADsMem
AllocADsStr
BinarySDToSecurityDescriptor
ConvertSecDescriptorToVariant
ConvertSecurityDescriptorToSecDes
ConvertTrusteeToSid
DllCanUnloadNow
DllGetClassObject
FreeADsMem
FreeADsStr
PropVariantToAdsType
PropVariantToAdsType2
ReallocADsMem
ReallocADsStr
SecurityDescriptorToBinarySD

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
actxprxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

68f3a834aaf7648941eea439c99c9589

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ActXPrxy.pdb

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
memcpy

rpcrt4

NdrStubForwardingFunction
NdrStubCall3
NdrClientCall3
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrGetUserMarshalInfo
RpcRaiseException
IUnknown_QueryInterface_Proxy
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-marshal-l1-1-0

HMONITOR_UserMarshal64
HBITMAP_UserSize
HBITMAP_UserMarshal
HBITMAP_UserSize64
HICON_UserMarshal64
HMONITOR_UserFree64
HICON_UserUnmarshal
HWND_UserUnmarshal64
HICON_UserFree
HBITMAP_UserUnmarshal
HWND_UserMarshal64
HICON_UserSize64
HICON_UserUnmarshal64
HICON_UserSize
HMONITOR_UserUnmarshal
HMONITOR_UserSize64
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
HBITMAP_UserFree64
HICON_UserFree64
HMONITOR_UserMarshal
HBITMAP_UserMarshal64
HICON_UserMarshal
HBITMAP_UserFree
HMONITOR_UserSize
HBITMAP_UserUnmarshal64
HWND_UserMarshal
HMONITOR_UserFree
HMONITOR_UserUnmarshal64

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient28
ObjectStublessClient25
ObjectStublessClient18
NdrProxyForwardingFunction19
ObjectStublessClient15
ObjectStublessClient23
ObjectStublessClient22
ObjectStublessClient4
ObjectStublessClient20
NdrProxyForwardingFunction7
NdrProxyForwardingFunction23
NdrProxyForwardingFunction3
ObjectStublessClient21
ObjectStublessClient29
NdrProxyForwardingFunction21
NdrProxyForwardingFunction12
ObjectStublessClient16
ObjectStublessClient30
ObjectStublessClient24
NdrProxyForwardingFunction9
NdrProxyForwardingFunction29
NdrProxyForwardingFunction25
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient9
NdrProxyForwardingFunction10
ObjectStublessClient8
NdrProxyForwardingFunction30
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
NdrProxyForwardingFunction13
ObjectStublessClient19
NdrProxyForwardingFunction31
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
ObjectStublessClient5
NdrProxyForwardingFunction24
ObjectStublessClient11
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
ObjectStublessClient13
ObjectStublessClient12
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
ObjectStublessClient14
NdrProxyForwardingFunction20
ObjectStublessClient27
NdrProxyForwardingFunction11
ObjectStublessClient7
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
ObjectStublessClient3
NdrProxyForwardingFunction6
NdrProxyForwardingFunction16

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adhapi.dll
.dll windows:10 windows x64 arch:x64

32958480369cebb74256d975884cd863

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AdhApi.pdb

Imports

msvcrt

malloc
__C_specific_handler
_amsg_exit
free
_XcptFilter
_initterm
memset

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids

rpcrt4

RpcAsyncCancelCall
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
NdrClientCall3
RpcAsyncInitializeHandle
RpcStringFreeW
Ndr64AsyncClientCall
RpcBindingFree
RpcStringBindingComposeW
RpcBindingSetOption
RpcBindingFromStringBindingW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Exports

Exports

AdhEngineClose
AdhEngineOpen
AdhGetConfig
AdhGetEvidenceCollectorResult
AdhStatusEventSubscribe
AdhStatusEventUnsubscribe
DllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adhsvc.dll
.dll windows:10 windows x64 arch:x64

e4d10e0b84c5d57cda18c25c55803a06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AdhSvc.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_wcsncpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjectsEx
ResetEvent
InitializeCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
CreateMutexW
LeaveCriticalSection
CreateEventW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadResource
FindResourceExW
DisableThreadLibraryCalls
SizeofResource
GetProcAddress
LoadLibraryExW
FreeLibrary

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-heap-l2-1-0

LocalFree

rpcrt4

RpcBindingVectorFree
RpcEpUnregister
I_RpcBindingIsClientLocal
RpcBindingToStringBindingW
RpcEpRegisterW
RpcRevertToSelf
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
Ndr64AsyncServerCallAll
RpcImpersonateClient
RpcStringBindingParseW
NdrServerCallAll
NdrAsyncServerCall
RpcAsyncAbortCall
RpcAsyncCompleteCall
NdrServerCall2
RpcBindingInqAuthClientW
RpcServerUnregisterIfEx

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThreadId

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
StartServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

wldap32

ord191
ord135
ord26
ord41
ord13
ord145
ord14
ord18
ord88
ord73
ord203
ord224
ord206
ord97
ord140
ord16
ord27

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

api-ms-win-security-base-l1-1-0

AccessCheck

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

firewallapi

FwAlloc
FwMergeAddresses
FwConvertIPv6SubNetToRange
FwCopyWFAddressesContents
FwStringToAddresses
FwFree
FwGetAddressesAsString
FwFreeAddresses

oleaut32

VarUI4FromStr

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

SubServiceScmNotification
SubServiceStart
SubServiceStop

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

f7c0c383d927ae707c617e61d61e78c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adprovider.pdb

Imports

msvcrt

realloc
memcpy
_errno
_onexit
__dllonexit
__C_specific_handler
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_atoi64
_wcsicmp
_wcsnicmp
wcstoul
_ultow
_purecall
wcschr
memcpy_s
malloc
wcsncpy_s
wcscat_s
free
wcscpy_s
memcmp
_vsnwprintf
memset

oleaut32

SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr
UnRegisterTypeLi

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
DisableThreadLibraryCalls
GetModuleFileNameW
FreeLibrary
SizeofResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadResource

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenCurrentUser
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

logoncli

DsGetDcNameW

netutils

NetApiBufferFree

wldap32

ord41
ord167
ord40
ord301
ord142
ord147
ord224
ord97
ord16
ord152
ord145
ord13
ord14
ord140
ord127
ord88
ord26
ord208
ord79
ord18
ord118
ord73
ord190
ord12
ord10

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

crypt32

CertAddSerializedElementToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptHashCertificate

api-ms-win-core-file-l1-1-0

CompareFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

sspicli

GetUserNameExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

advapi32

CryptGetUserKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey

kernel32

lstrcmpiW

ntdsapi

DsReplicaGetInfo2W
DsReplicaFreeInfo
DsBindW
DsUnBindW

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adsldp.dll
.dll windows:10 windows x64 arch:x64

413b698a5a04abdc66d2a831bd5786af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsldp.pdb

Imports

msvcrt

wcstok
_initterm
free
_amsg_exit
_XcptFilter
_itow_s
swscanf_s
_wtoi64
_wtol
_ltow
qsort
wcsncpy_s
wcschr
__C_specific_handler
swprintf_s
_purecall
wcscat_s
_wcsnicmp
wcsstr
_wcslwr
wcscpy_s
memset
memcpy
malloc
_wcsicmp
wcscmp

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

wldap32

ord53
ord54
ord12
ord14

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW

activeds

ord28
ord3
ord27
ord7
ord22
ord25
ord26
ord31
ord16
ord17
ord12
ord18
ord15
ord14

adsldpc

SchemaGetSyntaxOfAttribute
SchemaGetClassInfo
SchemaAddRef
LdapMakeSchemaCacheObsolete
LdapGetSubSchemaSubEntryPath
LdapGetSchemaObjectCount
LdapcKeepHandleAround
SchemaGetPropertyInfo
LdapNextAttribute
LdapAttributeFree
LdapFirstAttribute
LdapValueFreeLen
UnMarshallLDAPToLDAPSynID
SchemaGetStringsFromStringTable
FindSearchTableIndex
LdapTypeCopyConstruct
LdapTypeFreeLdapModList
SortAndRemoveDuplicateOIDs
LdapTypeFreeLdapModObject
LdapGetSyntaxIdOfAttribute
LdapTypeBinaryToString
Component
?GetNextToken@CLexer@@QEAAJPEAGPEAK@Z
GetDisplayName
LdapDeleteExtS
LdapTypeToAdsTypeCopyConstruct
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
LdapGetSyntaxOfAttributeOnServer
LdapcSetStickyServer
FindEntryInSearchTable
LdapRenameExtS
LdapModDnS
GetLDAPTypeName
LdapDeleteS
LdapReadAttribute
BuildADsPathFromParent
LdapTypeFreeLdapObjects
LdapSearchS
BerEncodingQuotaControl
LdapAddS
LdapAddExtS
LdapModifyS
LdapModifyExtS
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
LdapOpenObject
SchemaGetPropertyInfoByIndex
SchemaGetClassInfoByIndex
SchemaGetObjectCount
SchemaOpen
ADsObject
LdapMemFree
intcmp
FreeObjectInfo
PathName
?SetFSlashDisabler@CLexer@@QEAAXH@Z
?SetAtDisabler@CLexer@@QEAAXH@Z
InitObjectInfo
?InitializePath@CLexer@@QEAAJPEAG@Z
??1CLexer@@QEAA@XZ
??0CLexer@@QEAA@XZ
LdapGetValues
LdapGetDn
LdapNextEntry
LdapFirstEntry
ADsHelperGetCurrentRowMessage
ADSIPrint
BuildADsParentPathFromObjectInfo2
LdapTypeToAdsTypeUTCTime
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
MapADSTypeToLDAPType
MapLDAPTypeToADSType
AdsTypeToLdapTypeCopyTime
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
GetServerAndPort
LdapInitializeSearchPreferences
LdapCloseObject
LdapCacheAddRef
ADsSetObjectAttributes
ADsGetObjectAttributes
ReadSecurityDescriptorControlType
ADsCreateDSObjectExt
SchemaClose
ADsDeleteDSObject
ADsEnumAttributes
ADsCreateAttributeDefinition
ADsWriteAttributeDefinition
ADsDeleteAttributeDefinition
ADsEnumClasses
ADsCreateClassDefinition
ADsWriteClassDefinition
ADsDeleteClassDefinition
LdapSearchAbandonPage
ADsSetSearchPreference
ADsExecuteSearch
ADsAbandonSearch
ADsCloseSearchHandle
ADsGetFirstRow
ADsGetNextRow
ADsGetPreviousRow
ADsGetColumn
ADsGetNextColumnName
ADsFreeColumn
IsGCNamespace
GetDefaultServer
LdapOpenObject2
LdapReadAttributeFast
BuildADsPathFromLDAPPath2
BuildADsParentPath
LdapValueFree
BuildLDAPPathFromADsPath2
ReadPagingSupportedAttr
LdapSearchInitPage
LdapSearchExtS
LdapCountEntries
LdapGetNextPageS
LdapMsgFree

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adsldpc.dll
.dll windows:10 windows x64 arch:x64

7179ba3c109cddec2eca5df68bf7dc63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsldpc.pdb

Imports

msvcrt

_wtoi
_wtol
_vsnwprintf
wcsrchr
wcscat_s
swprintf_s
_wcsicmp
wcsncpy_s
iswdigit
_amsg_exit
free
malloc
_initterm
swscanf_s
wcsncat_s
memset
__C_specific_handler
wcschr
memcpy
memcpy_s
wcscpy_s
memcmp
qsort
bsearch
wcsstr
_wcsnicmp
wcstoul
_XcptFilter
_itow_s
wcscmp

wldap32

ord69
ord309
ord310
ord304
ord301
ord311
ord300
ord146
ord53
ord54
ord91
ord94
ord321
ord319
ord173
ord100
ord116
ord191
ord138
ord135
ord134
ord206
ord194
ord203
ord18
ord133
ord147
ord79
ord224
ord77
ord142
ord97
ord140
ord120
ord167
ord127
ord27
ord26
ord41
ord179
ord40
ord10
ord85
ord111
ord113
ord65
ord161
ord188
ord12
ord165
ord155
ord157
ord190
ord36
ord210
ord13
ord16
ord73
ord216
ord88
ord14
ord145
ord219
ord29

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegGetValueW
RegCreateKeyExW

ntdll

EtwEventUnregister
EtwEventRegister
EtwEventWrite
RtlIdentifierAuthoritySid

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CreateDirectoryW
DeleteFileW
ReadFile
CompareFileTime
CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0CLexer@@QEAA@XZ
??1CLexer@@QEAA@XZ
?GetNextToken@CLexer@@QEAAJPEAGPEAK@Z
?InitializePath@CLexer@@QEAAJPEAG@Z
?SetAtDisabler@CLexer@@QEAAXH@Z
?SetExclaimnationDisabler@CLexer@@QEAAXH@Z
?SetFSlashDisabler@CLexer@@QEAAXH@Z
ADSIAbandonSearch
ADSICloseDSObject
ADSICloseSearchHandle
ADSICreateDSObject
ADSIDeleteDSObject
ADSIExecuteSearch
ADSIFreeColumn
ADSIGetColumn
ADSIGetFirstRow
ADSIGetNextColumnName
ADSIGetNextRow
ADSIGetObjectAttributes
ADSIGetPreviousRow
ADSIModifyRdn
ADSIOpenDSObject
ADSIPrint
ADSISetObjectAttributes
ADSISetSearchPreference
ADsAbandonSearch
ADsCloseSearchHandle
ADsCreateAttributeDefinition
ADsCreateClassDefinition
ADsCreateDSObject
ADsCreateDSObjectExt
ADsDecodeBinaryData
ADsDeleteAttributeDefinition
ADsDeleteClassDefinition
ADsDeleteDSObject
ADsEncodeBinaryData
ADsEnumAttributes
ADsEnumClasses
ADsExecuteSearch
ADsFreeColumn
ADsGetColumn
ADsGetFirstRow
ADsGetLastError
ADsGetNextColumnName
ADsGetNextRow
ADsGetObjectAttributes
ADsGetPreviousRow
ADsHelperGetCurrentRowMessage
ADsObject
ADsSetLastError
ADsSetObjectAttributes
ADsSetSearchPreference
ADsWriteAttributeDefinition
ADsWriteClassDefinition
AdsTypeFreeAdsObjects
AdsTypeToLdapTypeCopyConstruct
AdsTypeToLdapTypeCopyDNWithBinary
AdsTypeToLdapTypeCopyDNWithString
AdsTypeToLdapTypeCopyGeneralizedTime
AdsTypeToLdapTypeCopyTime
AllocADsMem
AllocADsStr
BerBvFree
BerEncodingQuotaControl
BuildADsParentPath
BuildADsParentPathFromObjectInfo
BuildADsParentPathFromObjectInfo2
BuildADsPathFromLDAPPath
BuildADsPathFromLDAPPath2
BuildADsPathFromParent
BuildLDAPPathFromADsPath
BuildLDAPPathFromADsPath2
ChangeSeparator
Component
ConvertSidToString
ConvertSidToU2Trustee
ConvertU2TrusteeToSid
FindEntryInSearchTable
FindSearchTableIndex
FreeADsMem
FreeADsStr
FreeObjectInfo
GetDefaultServer
GetDisplayName
GetDomainDNSNameForDomain
GetLDAPTypeName
GetServerAndPort
GetSyntaxOfAttribute
InitObjectInfo
IsGCNamespace
LdapAddExtS
LdapAddS
LdapAttributeFree
LdapCacheAddRef
LdapCloseObject
LdapCompareExt
LdapControlFree
LdapControlsFree
LdapCountEntries
LdapCrackUserDNtoNTLMUser2
LdapCreatePageControl
LdapDeleteExtS
LdapDeleteS
LdapFirstAttribute
LdapFirstEntry
LdapGetDn
LdapGetNextPageS
LdapGetSchemaObjectCount
LdapGetSubSchemaSubEntryPath
LdapGetSyntaxIdOfAttribute
LdapGetSyntaxOfAttributeOnServer
LdapGetValues
LdapGetValuesLen
LdapInitializeSearchPreferences
LdapIsClassNameValidOnServer
LdapMakeSchemaCacheObsolete
LdapMemFree
LdapModDnS
LdapModifyExtS
LdapModifyS
LdapMsgFree
LdapNextAttribute
LdapNextEntry
LdapOpenObject
LdapOpenObject2
LdapParsePageControl
LdapParseResult
LdapReadAttribute
LdapReadAttribute2
LdapReadAttributeFast
LdapRenameExtS
LdapResult
LdapSearch
LdapSearchAbandonPage
LdapSearchExtS
LdapSearchInitPage
LdapSearchS
LdapSearchST
LdapTypeBinaryToString
LdapTypeCopyConstruct
LdapTypeFreeLdapModList
LdapTypeFreeLdapModObject
LdapTypeFreeLdapObjects
LdapTypeToAdsTypeCopyConstruct
LdapTypeToAdsTypeDNWithBinary
LdapTypeToAdsTypeDNWithString
LdapTypeToAdsTypeGeneralizedTime
LdapTypeToAdsTypeUTCTime
LdapValueFree
LdapValueFreeLen
LdapcKeepHandleAround
LdapcSetStickyServer
MapADSTypeToLDAPType
MapLDAPTypeToADSType
PathName
ReadPagingSupportedAttr
ReadSecurityDescriptorControlType
ReadServerSupportsIsADAMControl
ReadServerSupportsIsADControl
ReallocADsMem
ReallocADsStr
SchemaAddRef
SchemaClose
SchemaGetClassInfo
SchemaGetClassInfoByIndex
SchemaGetObjectCount
SchemaGetPropertyInfo
SchemaGetPropertyInfoByIndex
SchemaGetStringsFromStringTable
SchemaGetSyntaxOfAttribute
SchemaIsClassAContainer
SchemaOpen
SortAndRemoveDuplicateOIDs
UnMarshallLDAPToLDAPSynID
intcmp

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adsmsext.dll
.dll windows:10 windows x64 arch:x64

5cf201375eafa8a286b6cb718aa1bb48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsmsext.pdb

Imports

msvcrt

_wcsicmp
memset
wcstok
memcpy
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
wcscat_s
wcscpy_s
_purecall
swscanf_s
wcschr
_wcsnicmp
swprintf_s
_initterm
wcscmp

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
FileTimeToLocalFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

FormatMessageW

ntdll

RtlInitUnicodeString
RtlInitString

activeds

ord16
ord17
ord9
ord18
ord15
ord14
ord7

adsldpc

ReadServerSupportsIsADAMControl
GetDefaultServer
LdapCrackUserDNtoNTLMUser2
ChangeSeparator
ReadServerSupportsIsADControl
LdapCloseObject
FreeObjectInfo
ADSIPrint
LdapOpenObject
LdapGetSyntaxOfAttributeOnServer
ADsObject
LdapCompareExt
BuildLDAPPathFromADsPath2
LdapReadAttributeFast
BuildADsPathFromLDAPPath
LdapValueFree
LdapModifyS

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adsnt.dll
.dll windows:10 windows x64 arch:x64

c247c873484e4c098a53f0aff1e5bc8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

adsnt.pdb

Imports

msvcrt

_CxxThrowException
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
malloc
wcscmp
free
_amsg_exit
_XcptFilter
_wcsnicmp
wcsncpy_s
wcsrchr
wcsncat_s
__C_specific_handler
_ltow
wcschr
_wtol
swprintf_s
_purecall
_wcsicmp
_itow_s
wcscat_s
wcscpy_s

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection

ntdll

RtlSecondsSince1970ToTime
RtlTimeToSecondsSince1970
RtlIpv6StringToAddressW
RtlInitUnicodeString
RtlRunEncodeUnicodeString
RtlRunDecodeUnicodeString

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-file-l1-1-0

FileTimeToLocalFileTime
LocalFileTimeToFileTime

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-localization-l1-2-0

FormatMessageW

activeds

ord14
ord15
ord7
ord21
ord23
ord22
ord16
ord18
ord17

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adtschema.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 872KB - Virtual size: 868KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
advapi32.dll
.dll windows:10 windows x64 arch:x64

b55125ec5b4041cf9eacca6f0fe107a3

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:f5:30:59:62:8c:e4:16:54:82:33:32:30:db:f7:6b:df:49:db:b6:53:2f:72:d0:d1:1a:af:2b:3b:84:4b:ac
Signer

Actual PE Digest

1a:f5:30:59:62:8c:e4:16:54:82:33:32:30:db:f7:6b:df:49:db:b6:53:2f:72:d0:d1:1a:af:2b:3b:84:4b:ac

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

advapi32.pdb

Imports

msvcrt

swprintf_s
_wcsicmp
_wcsnicmp
tolower
strstr
strchr
_ultow_s
iswctype
wcstoul
_wcstoui64
_wcstoi64
_ultow
wcstok_s
wcscat_s
_ui64tow_s
_i64tow_s
_stricmp
wcsnlen
_resetstkoflw
iswalpha
wcsncmp
_vsnprintf
__CxxFrameHandler4
__CxxFrameHandler3
?terminate@@YAXXZ
wcsstr
wcsncpy_s
_errno
memcpy_s
memcmp
memcpy
memmove
_vsnwprintf
wcsrchr
wcschr
swscanf_s
__C_specific_handler
wcscpy_s
memset

ntdll

NtQueryValueKey
NtClose
NtOpenThreadToken
NtOpenProcessToken
RtlEqualSid
RtlLengthSid
RtlAddAccessAllowedAceEx
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtDuplicateToken
NtCompareTokens
RtlAllocateAndInitializeSid
RtlFreeSid
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenFile
RtlCreateUnicodeString
NtQueryInformationProcess
RtlGetLastNtStatus
NtQueryKey
RtlValidSid
LdrLoadDll
RtlImageNtHeader
LdrUnloadDll
NtDeviceIoControlFile
NtQuerySystemInformation
EtwEventRegister
EtwEventWrite
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlInsertElementGenericTable
RtlCopySid
RtlInitializeHandleTable
RtlDestroyHandleTable
EtwEventUnregister
NtEnumerateKey
RtlIntegerToUnicodeString
RtlStringFromGUID
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlQueryRegistryValuesEx
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlUnicodeToMultiByteN
RtlNtStatusToDosErrorNoTeb
RtlUnicodeToMultiByteSize
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
NtTraceControl
RtlSetLastWin32Error
RtlInitAnsiStringEx
RtlInitUnicodeStringEx
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
RtlQueryPackageIdentity
RtlOemStringToUnicodeString
RtlIsTextUnicode
NtSetInformationThread
RtlAddAce
RtlValidAcl
RtlSetSaclSecurityDescriptor
RtlInitializeSid
RtlGetControlSecurityDescriptor
RtlAddAuditAccessObjectAce
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetAce
RtlAddAuditAccessAceEx
RtlxAnsiStringToUnicodeSize
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessDeniedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlFirstFreeAce
NtOpenKey
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U
EtwEventWriteTransfer
EtwEventSetInformation
RtlImpersonateSelf
RtlAdjustPrivilege
RtlCopyString
RtlTimeToSecondsSince1970
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtWaitForSingleObject
RtlGetVersion
NtQueryInformationThread
NtQuerySecurityObject
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlDllShutdownInProgress
RtlRunOnceInitialize
NtQueryPerformanceCounter
RtlDeleteBoundaryDescriptor
NtCreateMutant
NtOpenPrivateNamespace
NtCreatePrivateNamespace
RtlAddSIDToBoundaryDescriptor
RtlCreateBoundaryDescriptor
NtWaitForMultipleObjects
RtlCreateAcl
RtlValidRelativeSecurityDescriptor
NtCreateFile
NtWriteFile
NtFlushBuffersFile
NtSetInformationFile
NtReadFile
RtlWaitOnAddress
RtlWakeAddressAll
RtlQueryPerformanceCounter
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupElementGenericTableAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlWakeAddressSingle
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlEqualUnicodeString
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
NtAlpcQueryInformation
RtlCreateQueryDebugBuffer
NtQueryObject
NtQueryMutant
RtlInitString
RtlAddAccessAllowedAce
RtlOpenCurrentUser
NtReplaceKey
NtSaveKey
NtSaveMergedKeys
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlGetNtProductType
RtlIsValidIndexHandle
RtlAllocateHandle
RtlUnicodeStringToInteger
RtlConvertSidToUnicodeString
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlGetThreadPreferredUILanguages
RtlMakeSelfRelativeSD
RtlFreeHeap
RtlxUnicodeStringToAnsiSize
NtQueryInformationToken
RtlFreeUnicodeString
RtlAllocateHeap
RtlSetGroupSecurityDescriptor
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtSetSystemInformation
RtlLeaveCriticalSection
RtlEnterCriticalSection
DbgPrint
RtlNtStatusToDosError
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlGetCurrentTransaction
RtlInitUnicodeString
NtOpenKeyEx
NtSetInformationKey
LdrGetProcedureAddress
LdrGetDllHandle
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlFreeHandle

api-ms-win-eventing-controller-l1-1-0

StopTraceW
EnableTraceEx2
EnumerateTraceGuidsEx
TraceSetInformation
EventAccessRemove
EventAccessQuery
StartTraceW
ControlTraceW
QueryAllTracesW
EventAccessControl

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
ProcessTrace
OpenTraceW

api-ms-win-eventing-consumer-l1-1-1

QueryTraceProcessingHandle

kernelbase

LocalReAlloc
CreateProcessAsUserW
CreateProcessAsUserA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
lstrcmpiW
lstrcmpW
Sleep
PackageIdFromFullName
GetStagedPackagePathByFullName
RegOpenKeyExInternalA
DisablePredefinedHandleTableInternal
lstrlenW
RegDeleteKeyExInternalW
RegCreateKeyExInternalW
RegOpenKeyExInternalW
CLOSE_LOCAL_HANDLE_INTERNAL
MapPredefinedHandleInternal
RegDeleteKeyExInternalA
RemapPredefinedHandleInternal
RegCreateKeyExInternalA
RegKrnGetHKEY_ClassesRootAddress
RegKrnGetClassesEnumTableAddressInternal
RegKrnGetTermsrvRegistryExtensionFlags
LocalAlloc

sechost

StartTraceA
QueryAllTracesA
ControlTraceA

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-core-l1-1-1

QueryServiceDynamicInformation
EnumServicesStatusExW
EnumDependentServicesW

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW
GetServiceDisplayNameW

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenServiceW
StartServiceW
ControlServiceExW
DeleteService
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW
SetServiceObjectSecurity
ChangeServiceConfig2W
NotifyServiceStatusChangeW
QueryServiceObjectSecurity
QueryServiceStatusEx
QueryServiceConfig2W

api-ms-win-service-private-l1-1-4

CreateServiceEx

api-ms-win-service-private-l1-1-2

I_ScReparseServiceDatabase
QueryUserServiceName
QueryLocalUserServiceName

api-ms-win-service-private-l1-1-3

QueryUserServiceNameForContext

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW
I_ScSetServiceBitsA
WaitServiceState
I_ScRpcBindA
I_ScRpcBindW

api-ms-win-service-winsvc-l1-1-0

ControlService
ChangeServiceConfigA
RegisterServiceCtrlHandlerExA
OpenServiceA
ControlServiceExA
QueryServiceConfigA
NotifyServiceStatusChangeA
QueryServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
OpenSCManagerA
StartServiceA
QueryServiceConfig2A
CreateServiceA
RegisterServiceCtrlHandlerW

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
SetThreadToken
OpenThreadToken
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
GetPriorityClass
CreateThread
GetProcessId
OpenThread

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

AccessCheckByTypeResultListAndAuditAlarmByHandleW
ObjectDeleteAuditAlarmW
GetSidSubAuthorityCount
SetTokenInformation
AreAnyAccessesGranted
SetSecurityDescriptorRMControl
EqualSid
GetAce
GetSecurityDescriptorRMControl
SetSecurityDescriptorOwner
IsTokenRestricted
DeleteAce
PrivilegedServiceAuditAlarmW
InitializeSid
GetSecurityDescriptorOwner
ImpersonateAnonymousToken
ImpersonateSelf
ImpersonateLoggedOnUser
EqualDomainSid
IsValidSid
AddAce
AddAuditAccessAce
AccessCheckByTypeResultListAndAuditAlarmW
SetAclInformation
IsValidSecurityDescriptor
AddAccessDeniedAce
CreateRestrictedToken
FreeSid
EqualPrefixSid
GetFileSecurityW
AccessCheckAndAuditAlarmW
GetSecurityDescriptorGroup
InitializeSecurityDescriptor
InitializeAcl
DuplicateToken
SetPrivateObjectSecurityEx
AddAccessAllowedObjectAce
GetKernelObjectSecurity
MapGenericMask
SetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
SetSecurityDescriptorControl
DuplicateTokenEx
IsValidAcl
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAccessDeniedObjectAce
MakeSelfRelativeSD
AccessCheckByType
AddAuditAccessAceEx
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetSidIdentifierAuthority
GetTokenInformation
AccessCheckByTypeResultList
PrivilegeCheck
ObjectCloseAuditAlarmW
AccessCheck
AdjustTokenGroups
CreatePrivateObjectSecurityEx
GetSidSubAuthority
AllocateAndInitializeSid
IsWellKnownSid
DestroyPrivateObjectSecurity
ObjectPrivilegeAuditAlarmW
CopySid
GetSecurityDescriptorControl
ObjectOpenAuditAlarmW
SetSecurityAccessMask
AddAccessDeniedAceEx
CreatePrivateObjectSecurity
CreateWellKnownSid
GetPrivateObjectSecurity
AreAllAccessesGranted
CreatePrivateObjectSecurityWithMultipleInheritance
GetSidLengthRequired
GetWindowsAccountDomainSid
CheckTokenMembership
GetAclInformation
SetFileSecurityW
AddAuditAccessObjectAce
AllocateLocallyUniqueId
GetSecurityDescriptorDacl
RevertToSelf
QuerySecurityAccessMask
SetPrivateObjectSecurity
AdjustTokenPrivileges
SetSecurityDescriptorDacl
AccessCheckByTypeAndAuditAlarmW
FindFirstFreeAce
GetSecurityDescriptorSacl
ConvertToAutoInheritPrivateObjectSecurity
SetSecurityDescriptorSacl

api-ms-win-security-base-private-l1-1-0

MakeAbsoluteSD2

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegDeleteTreeA
RegDisablePredefinedCacheEx
RegNotifyChangeKeyValue
RegCloseKey
RegGetKeySecurity
RegLoadAppKeyW
RegDeleteKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegGetValueA
RegSaveKeyExA
RegLoadMUIStringA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegFlushKey
RegCreateKeyExW
RegUnLoadKeyA
RegOpenUserClassesRoot
RegDeleteKeyExA
RegEnumKeyExW
RegSetKeySecurity
RegSaveKeyExW
RegDeleteTreeW
RegLoadMUIStringW
RegSetValueExW
RegLoadAppKeyA
RegSetValueExA
RegCopyTreeW
RegLoadKeyA
RegUnLoadKeyW
RegQueryInfoKeyA
RegLoadKeyW
RegOpenKeyExA
RegGetValueW
RegEnumValueW
RegRestoreKeyW
RegEnumValueA
RegDeleteValueW
RegRestoreKeyA
RegDeleteValueA
RegQueryValueExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW
RegDeleteKeyValueA
RegSetKeyValueA

api-ms-win-core-registry-l1-1-2

RegQueryMultipleValuesW
RegQueryMultipleValuesA

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetComputerNameExA
GetComputerNameExW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
GetSystemWindowsDirectoryW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

kernel32

GetModuleFileNameW
SetLastError
MultiByteToWideChar
LocalFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
DelayLoadFailureHook
ResolveDelayLoadedAPI
FreeLibrary
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateEventW
CloseHandle
GetThreadUILanguage
GetCommandLineW
GetModuleHandleExW
WriteFile
ExpandEnvironmentStringsW
SetFilePointer
CreateFileW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
DeleteFileW
MoveFileW
GetModuleHandleW
GetFileSizeEx
CreateFileMappingW
HeapAlloc
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
HeapFree
GetLongPathNameW
CompareFileTime
FindResourceExW
LoadResource
GetVolumePathNameW
DeleteCriticalSection
WaitForSingleObject
InitOnceBeginInitialize
CompareStringOrdinal
ReleaseMutex
InitOnceComplete
GetComputerNameW
ExpandEnvironmentStringsA
AreFileApisANSI
SearchPathW
GetFullPathNameW
GetFileAttributesW
SleepEx
LoadLibraryExA
LoadLibraryA
CreateMutexW
InitializeCriticalSection
SizeofResource
LockResource
SetEvent
ResetEvent
GetFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetFileSize
FindFirstFileExW
FindNextFileW
FindClose
CopyFileExW
TermsrvDeleteKey
TermsrvOpenUserClasses
ReadProcessMemory
DecodePointer
LoadLibraryW
DuplicateHandle
FreeLibraryAndExitThread
EncodePointer
FreeLibraryWhenCallbackReturns
CloseThreadpoolIo
CancelIoEx
CancelThreadpoolIo
CreateThreadpoolIo
DeviceIoControl
StartThreadpoolIo
GetFileMUIPath
EnumUILanguagesW
SetErrorMode
RaiseException
SetFileInformationByHandle

rpcrt4

RpcExceptionFilter
UuidToStringW
UuidFromStringW
NdrClientCall2
RpcMgmtInqServerPrincNameW
I_RpcSNCHOption
RpcBindingSetAuthInfoA
RpcEpResolveBinding
RpcSsDestroyClientContext
RpcBindingCreateW
RpcBindingBind
RpcBindingSetAuthInfoW
I_RpcMapWin32Status
I_RpcExceptionFilter
NdrClientCall3
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
RpcBindingFromStringBindingW

api-ms-win-core-timezone-l1-1-0

EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears

api-ms-win-security-audit-l1-1-1

AuditLookupSubCategoryNameW
AuditQuerySecurity
AuditEnumeratePerUserPolicy
AuditSetPerUserPolicy
AuditEnumerateSubCategories
AuditQueryGlobalSaclW
AuditEnumerateCategories
AuditQueryPerUserPolicy
AuditLookupCategoryNameW
AuditSetGlobalSaclW
AuditSetSecurity

api-ms-win-security-audit-l1-1-0

AuditComputeEffectivePolicyBySid
AuditFree
AuditQuerySystemPolicy
AuditSetSystemPolicy

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-pcw-l1-1-0

PcwCreateNotifier
PcwRemoveQueryItem
PcwEnumerateInstances
PcwCollectData
PcwCreateQuery
PcwAddQueryItem
PcwSendStatelessNotification
PcwSetQueryItemUserData
PcwSendNotification

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceEx
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
CveEventWrite
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScReparseServiceDatabase
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaConfigureAutoLogonCredentials
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaDisableUserArso
LsaEnableUserArso
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetDeviceRegistrationInfo
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaInvokeTrustScanner
LsaIsUserArsoAllowed
LsaIsUserArsoEnabled
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaProfileDeleted
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryForestTrustInformation2
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetForestTrustInformation2
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount
LsaSetTrustedDomainInfoByName
LsaSetTrustedDomainInformation
LsaStorePrivateData
LsaValidateProcUniqueLuid
MD4Final
MD4Init
MD4Update
MD5Final
MD5Init
MD5Update
MIDL_user_free_Ext
MSChapSrvChangePassword
MSChapSrvChangePassword2
MakeAbsoluteSD

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advapi32res.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
advpack.dll
.dll windows:10 windows x64 arch:x64

9f54aec8ee18f83bbe291a2f6d33e648

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

advpack.pdb

Imports

msvcrt

__C_specific_handler
_lock
_unlock
_setjmp
__dllonexit
_onexit
wcspbrk
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset

user32

ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
ShowWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
LoadStringW

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
HeapFree
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPath2W
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
GetCurrentProcessId
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW

advapi32

AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupCloseInfFile
SetupTermDefaultQueueCallback
SetupQueueCopyW
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupInitDefaultQueueCallbackEx

shlwapi

StrChrW
ord215
ord217
StrStrIW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
PathAddBackslashW

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aeevts.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aeinv.dll
.dll windows:10 windows x64 arch:x64

139a17fbfba895e061178f590801dbc9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:8e:69:43:de:61:24:69:91:6d:6e:5e:7d:9c:b5:df:a8:ef:4c:0f:40:0d:80:ce:79:fd:a6:12:72:26:7a:8e
Signer

Actual PE Digest

d5:8e:69:43:de:61:24:69:91:6d:6e:5e:7d:9c:b5:df:a8:ef:4c:0f:40:0d:80:ce:79:fd:a6:12:72:26:7a:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aeinv.pdb

Imports

msvcrt

__uncaught_exception
___lc_collate_cp_func
memcmp
_wcsdup
__crtCompareStringW
__crtLCMapStringW
_wsetlocale
abort
memset
_wtoi
strncmp
toupper
wcsncmp
calloc
wcschr
strcpy_s
_wcslwr
wcscat_s
wcstoul
_wsplitpath_s
iswalpha
wcspbrk
__pctype_func
setlocale
_wfsopen
fseek
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
memmove_s
isdigit
wcstok_s
realloc
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
fclose
fwrite
__mb_cur_max
fgetpos
wcsspn
_fseeki64
fsetpos
setvbuf
??1type_info@@UEAA@XZ
fflush
_vsnwprintf_s
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_wcsnicmp
_vsnprintf
wcsstr
?what@exception@@UEBAPEBDXZ
_wcsicmp
_vscwprintf
tolower
iswcntrl
iswspace
ungetwc
ungetc
fputwc
fgetwc
towlower
wcsrchr
_wtoi64
wcscpy_s
strchr
_set_errno
strtol
_errno
strncpy_s
sprintf_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
fgetc
__CxxFrameHandler3
wcscmp

ntdll

ZwOpenKey
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
ZwQueryValueKey
RtlFormatCurrentUserKeyPath
ZwMapViewOfSection
RtlInitUnicodeStringEx
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlVerifyVersionInfo
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlUpcaseUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlTimeToTimeFields
ZwCreateFile
RtlAppendUnicodeToString
RtlNtPathNameToDosPathName
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwTraceMessage
RtlComputeCrc32
RtlCompareMemory
EtwEventUnregister
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlUpcaseUnicodeChar
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
ZwEnumerateValueKey
RtlRunOnceExecuteOnce
RtlCopyUnicodeString
RtlFreeSid
EtwEventWriteNoRegistration
WinSqmIsOptedInEx
VerSetConditionMask
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlGetVersion

advapi32

CryptAcquireContextW
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
TraceEvent
CryptCreateHash
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EventUnregister
RegDeleteValueW
EventWriteTransfer
RegOpenKeyW
RegSetValueExW
RegSetKeyValueW
RegDeleteKeyValueW
GetTokenInformation
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegGetValueW
EventRegister
RegLoadAppKeyW

kernel32

GetCommandLineW
DeviceIoControl
GetVolumeInformationByHandleW
GetSystemInfo
LocaleNameToLCID
FileTimeToSystemTime
LocalAlloc
InitOnceExecuteOnce
TryAcquireSRWLockExclusive
InitializeSRWLock
GetCurrentDirectoryW
InitializeCriticalSection
GetFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
DebugBreak
RaiseException
HeapFree
SetLastError
GetModuleHandleExW
WaitForThreadpoolTimerCallbacks
GetCurrentThreadId
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
FindFirstFileW
AcquireSRWLockExclusive
SetThreadpoolTimer
ReleaseSRWLockShared
HeapAlloc
GetProcAddress
AcquireSRWLockShared
GetProcessHeap
FreeLibrary
GetTickCount
QueryThreadCycleTime
GetCurrentThread
Sleep
VerifyVersionInfoW
LoadLibraryW
LoadLibraryExW
CloseHandle
UnmapViewOfFile
ReleaseMutex
SetEvent
WaitForSingleObject
SignalObjectAndWait
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
WaitForSingleObjectEx
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexExW
SetWaitableTimer
ReleaseSemaphore
WaitForMultipleObjects
GetSystemTimeAsFileTime
CreateThreadpoolTimer
K32EnumProcesses
OpenProcess
QueryFullProcessImageNameW
GetSystemDirectoryW
GetFileAttributesW
CreateEventW
CreateMutexW
GetModuleFileNameA
CreateSemaphoreExW
OpenSemaphoreW
LoadLibraryExA
DelayLoadFailureHook
MultiByteToWideChar
QueryUnbiasedInterruptTime
GetSystemPowerStatus
LocalFree
CreateWaitableTimerW
OpenWaitableTimerW
CreateSemaphoreW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
WideCharToMultiByte
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
EncodePointer
DecodePointer
WakeAllConditionVariable
SleepConditionVariableSRW
FindNextFileW
GetLongPathNameW
FindClose
CloseThreadpoolTimer
CreateActCtxW
QueryActCtxW
ReleaseActCtx
GetLogicalDriveStringsW
QueryDosDeviceW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleaut32

SysAllocString
VariantChangeType
SysFreeString
VariantCopy
VariantInit
VariantClear
SysStringLen

rpcrt4

UuidCreate

msi

ord113
ord8
ord92
ord32
ord159
ord166
ord115
ord141
ord118
ord248
ord160
ord294

shlwapi

PathFileExistsW
PathIsNetworkPathW
PathUnExpandEnvStringsW
SHCreateStreamOnFileEx
PathCommonPrefixW
PathFindFileNameW
ord487

Exports

Exports

CreateAppxPackageInventory
CreateAppxPackageInventoryExtracted
CreateSoftwareInventory
GetAppInfo
GetAppInfo2
GetAppInventory
GetApplicationKBsTC2
GetCachedAppInventory
GetDetailedAppInventory
GetDetailedAppInventoryFile
GetDetailedAppInventoryOrphanFile
UpdateSoftwareInventoryW

Sections

.text
Size: 772KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aemarebackup.dll
.dll windows:10 windows x64 arch:x64

8c13c89d9b2658da5d94355c8a2139dc

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:7e:3d:aa:d2:6f:7e:73:e6:9f:38:20:14:da:ab:34:41:07:8e:89:f8:27:a6:15:93:f5:e3:99:a7:73:d3:e0
Signer

Actual PE Digest

8d:7e:3d:aa:d2:6f:7e:73:e6:9f:38:20:14:da:ab:34:41:07:8e:89:f8:27:a6:15:93:f5:e3:99:a7:73:d3:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AeMareBackup.pdb

Imports

msvcrt

iswspace
_wcslwr
__CxxFrameHandler3
_wtoi64
tolower
wcstol
_errno
swprintf_s
wcstoul
_wcstoui64
_wcsnicmp
_wtof
memcpy
memmove
_wtoi
wcsrchr
strcspn
iswcntrl
_wsetlocale
islower
isspace
localeconv
fwrite
fgetpos
_fseeki64
fsetpos
__uncaught_exception
fflush
__mb_cur_max
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
localtime
strftime
_vscwprintf
??0exception@@QEAA@AEBQEBD@Z
wcsstr
setlocale
___mb_cur_max_func
?what@exception@@UEBAPEBDXZ
ungetwc
ungetc
___lc_handle_func
fputwc
fgetwc
fgetc
_wcsicmp
fwprintf_s
_wfopen_s
towlower
wcschr
fclose
___lc_codepage_func
__CxxFrameHandler4
_ismbblead
_Getmonths
wcscpy_s
_W_Getdays
sprintf_s
__pctype_func
strchr
isupper
_W_Getmonths
realloc
calloc
__crtLCMapStringW
__crtLCMapStringA
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
strncmp
_vsnprintf
?terminate@@YAXXZ
wcscat_s
strcpy_s
fseek
_wfsopen
ldexp
memset
___lc_collate_cp_func
isdigit
isalnum
memchr
wcsncmp
time
_Strftime
_Gettnames
_wsplitpath_s
memcmp
??1type_info@@UEAA@XZ
_onexit
abort
__dllonexit
_unlock
_lock
_initterm
_wcsdup
malloc
__crtCompareStringW
free
setvbuf
__crtCompareStringA
_amsg_exit
_XcptFilter
__C_specific_handler
_Wcsftime
_W_Gettnames
_vsnwprintf_s
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
_Getdays
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
GetModuleHandleExA
LoadLibraryExW
GetProcAddress

ntdll

RtlInitUnicodeStringEx
ZwMapViewOfSection
ZwQueryValueKey
RtlSecondsSince1970ToTime
ZwQueryInformationFile
LdrResSearchResource
RtlGetNativeSystemInformation
ZwOpenKey
RtlxAnsiStringToUnicodeSize
RtlFreeUnicodeString
ZwCreateSection
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
RtlAppendUnicodeToString
EtwTraceMessage
RtlAppendUnicodeStringToString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
ZwClose
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
ZwEnumerateKey
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlGetDeviceFamilyInfoEnum
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
WinSqmIsOptedInEx
ZwCreateFile
LdrGetProcedureAddress
LdrGetDllHandle
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlInitUnicodeString
NtClose
NtQueryInformationFile
RtlInitString
NtCreateFile
RtlAllocateHeap
RtlFreeHeap
RtlVerifyVersionInfo

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
LeaveCriticalSection
SetEvent
AcquireSRWLockShared
CreateMutexW
CreateEventW
InitializeSRWLock
OpenWaitableTimerW
SetWaitableTimer
DeleteCriticalSection
CreateSemaphoreExW
ReleaseSRWLockShared
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseMutex
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
WaitForSingleObject
CreateEventExW
AcquireSRWLockExclusive
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
ExitProcess
GetCurrentThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW
OutputDebugStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceComplete
SignalObjectAndWait
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
RoGetAgileReference
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
CoCreateGuid
CoGetClassObject
CoInitializeEx
PropVariantClear

ext-ms-win-session-wtsapi32-l1-1-0

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

aepic

ord101
ord109
ord100
ord104
ord102
ord103
ord107
ord105
ord106
ord108

psapi

GetDeviceDriverBaseNameW
EnumDeviceDrivers

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegLoadAppKeyW
RegDeleteTreeW
RegSetValueExW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW

rpcrt4

UuidCreate

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorDacl
IsWellKnownSid

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

QueryDosDeviceW
GetLogicalDriveStringsW
GetVolumeInformationByHandleW
CreateFileW
FindClose
GetLongPathNameW
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
CompareFileTime
GetFileAttributesExW
WriteFile

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetCurrentDirectoryW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpSetOption
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpQueryHeaders
WinHttpReceiveResponse

api-ms-win-security-credentials-l1-1-0

CredReadW
CredFree

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

api-ms-win-core-realtime-l1-1-0

QueryThreadCycleTime

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCanonicalizeEx

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ReleaseActCtx
CreateActCtxW

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

Exports

Exports

BackupMareDataTC2

Sections

.text
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aepic.dll
.dll windows:10 windows x64 arch:x64

23080abadd79be0da68e451c0562e73c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:81:f1:bc:da:3c:8a:c7:61:cf:fe:c7:25:7e:37:c3:37:4d:4c:b7:f4:1b:d0:03:28:be:be:4b:5e:d8:c4:db
Signer

Actual PE Digest

d8:81:f1:bc:da:3c:8a:c7:61:cf:fe:c7:25:7e:37:c3:37:4d:4c:b7:f4:1b:d0:03:28:be:be:4b:5e:d8:c4:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

aepic.pdb

Imports

msvcrt

setlocale
___mb_cur_max_func
___lc_handle_func
___lc_codepage_func
_ismbblead
__pctype_func
wcstoul
fputwc
fclose
fwrite
calloc
__uncaught_exception
___lc_collate_cp_func
memcmp
__mb_cur_max
fseek
fgetwc
_wfsopen
abort
fgetc
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
fgetpos
ungetc
ungetwc
memset
_wcsdup
fflush
_vscwprintf
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
tolower
iswcntrl
iswspace
?terminate@@YAXXZ
_initterm
_amsg_exit
setvbuf
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_vsnwprintf_s
__crtCompareStringW
?what@exception@@UEBAPEBDXZ
__crtLCMapStringW
strchr
fsetpos
_set_errno
strtol
_wsetlocale
_errno
_wsplitpath_s
wcscmp
strncpy_s
sprintf_s
realloc
??0bad_cast@@QEAA@AEBV0@@Z
free
malloc
__C_specific_handler
wcsrchr
wcscpy_s
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
_fseeki64
memcpy_s
_vsnwprintf
__CxxFrameHandler4
_wcsnicmp
wcschr
_vsnprintf
strcpy_s
wcsstr
wcscat_s
strncmp
_wcslwr
towlower
_wtoi
_wtoi64

ntdll

NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
EtwTraceMessage
RtlImageDirectoryEntryToData
RtlVerifyVersionInfo
LdrResSearchResource
RtlTimeToTimeFields
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlDeleteCriticalSection
RtlSecondsSince1970ToTime
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlReleaseRelativeName
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlReAllocateHeap
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlFreeHeap
RtlAllocateHeap
WinSqmIsOptedInEx
VerSetConditionMask

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
SetEvent
SleepEx
TryAcquireSRWLockExclusive
CreateMutexW
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSemaphore
InitializeSRWLock
OpenWaitableTimerW
ReleaseSRWLockExclusive
ReleaseMutex
EnterCriticalSection
WaitForSingleObject
CreateSemaphoreExW
SetWaitableTimer
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
LocaleNameToLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsCreateString
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
Sleep
SignalObjectAndWait

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryInfoKeyW
RegSaveKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegGetValueW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteKeyExW
RegSetKeySecurity
RegLoadAppKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

WriteFile
GetVolumeInformationByHandleW
FindNextFileW
FindFirstFileW
GetLogicalDriveStringsW
FindClose
QueryDosDeviceW
CreateFileW
GetFileAttributesW
GetLongPathNameW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
GetRestrictedErrorInfo
RoTransformError
SetRestrictedErrorInfo
RoOriginateError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
StartServiceW
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

api-ms-win-core-com-l1-1-0

PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoInitializeEx
CoGetCallContext
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoMarshalInterface
CoReleaseMarshalData

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
DuplicateTokenEx
GetTokenInformation

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime
QueryThreadCycleTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCanonicalizeEx
PathAllocCombine

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathFileExistsW

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-string-l2-1-1

SHLoadIndirectString

api-ms-win-eventing-classicprovider-l1-1-0

TraceEvent

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
CreateActCtxW
ReleaseActCtx

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
GetAppInventoryCore
GetPrivacyLevel
PicAmiClose
PicAmiInitialize
PicFreeFileInfo
PicRetrieveFileInfo
PicRetrieveFileInfoAppx
PicRetrieveFileLastRunTime
PicUpdateFileLastRunTime
UpdateSoftwareInventoryTC2

Sections

.text
Size: 480KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agentactivationruntime.dll
.dll windows:10 windows x64 arch:x64

2de7a2e5bf54559da8c4fe9c4815a450

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

agentactivationruntime.pdb

Imports

msvcp_win

_Mtx_destroy_in_situ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Cnd_broadcast
_Thrd_detach
_Cnd_timedwait
_Mtx_current_owns
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
?_Xbad_function_call@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Query_perf_frequency
_Cnd_destroy_in_situ
_Thrd_join
_Thrd_id
_Cnd_wait
_Cnd_do_broadcast_at_thread_exit
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Cnd_signal
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_s
_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
__RTDynamicCast
_o__wfopen
_o__wgetenv
_o_ceilf
_o_cos
_o_cosf
_o_expf
_o_fclose
_o_fread
_o_free
_o_fseek
_o_ftell
_o_logf
_o_malloc
_o_rewind
_o_sin
_o_sinf
_o_sqrt
_o_terminate
_o_toupper
_o_towlower
_o_wcstol
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__RTtypeid
__std_terminate
__std_type_info_compare
__CxxFrameHandler3
memchr
memcmp
memmove
memcpy
strchr
__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-synch-l1-1-0

CreateEventW
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
InitializeCriticalSectionEx
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
DeleteCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
FindFirstFileW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

agentactivationruntimewindows

?GetAgentActivationRuntimePalComponentFactory@@YAPEAVIAgentActivationRuntimePalComponentFactory@VoiceAgentServices@Microsoft@@XZ

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAddBackslash

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l1-2-0

CreateFile2

Exports

Exports

?CreateAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetAgentActivationRuntime@@YA?AV?$shared_ptr@VIAgentActivationRuntime@VoiceAgentServices@Microsoft@@@std@@XZ
?GetLoggerInstance@@YAAEAVLogger@VoiceAgentServices@Microsoft@@XZ
?ReleaseAgentActivationRuntime@@YAXXZ

Sections

.text
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agentactivationruntimewindows.dll
.dll windows:10 windows x64 arch:x64

4f93e45132a3dd575e643075dd3d69d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

agentactivationruntimewindows.pdb

Imports

msvcp_win

?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBG1AEAPEBGPEAD3AEAPEAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Cnd_do_broadcast_at_thread_exit
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Cnd_timedwait
_Mtx_current_owns
_Cnd_wait
_Cnd_signal
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Thrd_join
_Thrd_id
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Xtime_get_ticks
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAG3AEAPEAG@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Thrd_detach
_Cnd_broadcast
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xbad_alloc@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?uncaught_exception@std@@YA_NXZ
_Query_perf_counter
_Query_perf_frequency
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__beginthreadex
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__fseeki64
_o__get_stream_buffer_pointers
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__unlock_file
_o__wcsnicmp
_o__wdupenv_s
_o__wgetenv
_o__wrename
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fgetwc
_o_floor
_o_fputc
_o_fputwc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_malloc
_o_rand
_o_realloc
_o_setvbuf
_o_srand
_o_terminate
_o_tolower
_o_toupper
_o_ungetc
_o_ungetwc
_o_wcstol
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler_noexcept
__RTDynamicCast
memchr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
WaitForSingleObject
ResetEvent
WaitForSingleObjectEx
OpenSemaphoreW
InitializeSRWLock
CreateMutexExW
CreateEventExW
ReleaseSemaphore
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateMutexW
ReleaseSRWLockShared
CreateEventW
CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateThread
GetCurrentProcessId
CreateThread
OpenProcessToken
TerminateProcess
GetThreadId
GetExitCodeThread
SetThreadPriority
SetPriorityClass

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
LocaleNameToLCID
GetUserDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringLen
SysAllocString
SysFreeString

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
IIDFromString
CoGetClassObject
CLSIDFromString
CoCreateFreeThreadedMarshaler
CoUninitialize
CoGetApartmentType
CoTaskMemFree
PropVariantClear
CoWaitForMultipleHandles
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey
RegFlushKey
RegDeleteTreeW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsDuplicateString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize
RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
MakeAbsoluteSD
DestroyPrivateObjectSecurity
GetTokenInformation

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

mmdevapi

ord21
ord27
ord17

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-power-base-l1-1-0

GetPwrCapabilities
PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme
PowerSettingUnregisterNotification
PowerSettingRegisterNotification
PowerReadDCValue

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

powrprof

PowerReadACValueIndex

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

RtlPublishWnfStateData
NtPowerInformation
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData

avrt

AvSetMmThreadCharacteristicsW
AvRevertMmThreadCharacteristics

umpdc

Pdcv2ActivationClientDeactivate
PdcSignalClientPulse
Pdcv2ActivationClientRenewActivation
Pdcv2ActivationClientRegister
PdcSignalClientUnregister
PdcSignalClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientActivate

systemeventsbrokerclient

SebQueryEventPackage
SebEnumerateEventsByType
SebSignalEvent

faultrep

ReportCoreHang

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
DeleteFileW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

?GetAgentActivationRuntimePalComponentFactory@@YAPEAVIAgentActivationRuntimePalComponentFactory@VoiceAgentServices@Microsoft@@XZ

Sections

.text
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amsi.dll
.dll regsvr32 windows:10 windows x64 arch:x64

53e09f2655b3f6741619cfa138d5f104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Amsi.pdb

Imports

msvcrt

_purecall
_callnewh
_unlock
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
malloc
__dllonexit
_onexit
free
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
__CxxFrameHandler3
wcsnlen
time
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
rand
memcpy_s
srand
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
_lock
memset

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockShared
DeleteCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventProviderEnabled
EventSetInformation
EventWriteTransfer
EventWrite

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

rpcrt4

UuidFromStringW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegGetValueW
RegOpenKeyExW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

ntdll

NtQueryInformationProcess

Exports

Exports

AmsiCloseSession
AmsiInitialize
AmsiNotifyOperation
AmsiOpenSession
AmsiScanBuffer
AmsiScanString
AmsiUacInitialize
AmsiUacScan
AmsiUacUninitialize
AmsiUninitialize
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amsiproxy.dll
.dll regsvr32 windows:10 windows x64 arch:x64

4ae77a4cc9d0e7cf01dedd77e1c306d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

amsiproxy.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

rpcrt4

NdrOleAllocate
NdrOleFree
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllUnregisterProxy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amstream.dll
.dll regsvr32 windows:10 windows x64 arch:x64

6661408b41e275d036365271094ac2ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

amstream.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_realloc
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
__C_specific_handler
memcmp

api-ms-win-crt-string-l1-1-0

memset

kernel32

WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThreadId
lstrcpynW
GetCurrentProcess
EnterCriticalSection
GetModuleFileNameW
ReleaseSemaphore
MultiByteToWideChar
CreateThread
QueueUserAPC
DuplicateHandle
CreateSemaphoreW
SizeofResource
MulDiv
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
lstrcmpW
ResetEvent
SetEvent
CreateEventW
DisableThreadLibraryCalls
LoadLibraryExW
lstrcmpiW
lstrcpyW
FreeLibrary
GetModuleHandleW
DeleteCriticalSection
GetProcAddress
HeapDestroy
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
GetCurrentThread
GetLastError

user32

CharNextW
IsRectEmpty

advapi32

RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

LoadTypeLi
SysFreeString
RegisterTypeLi
VarI4FromStr

ddraw

DirectDrawCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apds.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5289fa55d61484a1bb36e121234c0750

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apds.pdb

Imports

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__strtoui64
memmove
_o__ui64toa_s
_o__wcsicmp
_o__wcslwr_s
_o_calloc
_o_free
_o_iswspace
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wmemcpy_s
__current_exception
__current_exception_context
_CxxThrowException
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__execute_onexit_table
_o__errno
wcschr
wcsstr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
__C_specific_handler_noexcept
memcmp
memcpy

kernel32

GlobalUnlock
FindClose
FindFirstFileExW
FindNextFileW
DisableThreadLibraryCalls
DeleteCriticalSection
WriteFile
EnterCriticalSection
LeaveCriticalSection
GetLastError
CreateFileW
GlobalSize
GlobalLock
FindResourceExW
LoadResource
GetTempFileNameW
GetTempPathW
CloseHandle
RaiseException
GlobalAlloc
LockResource
SizeofResource
FindResourceW
GetProductInfo
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetModuleHandleW
GetProcAddress
GetLocaleInfoEx
InitializeSListHead
GetModuleFileNameW
IsDebuggerPresent
GetVersionExW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
LoadLibraryW
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
MultiByteToWideChar
lstrcmpiW
FreeLibrary
GetWindowsDirectoryW
InitializeCriticalSection
LoadLibraryExW

user32

UnregisterClassA
CharNextW

advapi32

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
RegOpenKeyW
TraceEvent
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
UnregisterTraceGuids
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetTraceEnableLevel

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantInit
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnlock
SafeArrayLock
SysAllocStringLen
VarBstrCat
VarUI4FromStr
VariantClear

shlwapi

SHCreateStreamOnFileEx
AssocQueryStringW
SHRegGetValueW
PathFileExistsW
PathFindExtensionW
PathCombineW
PathAppendW
UrlUnescapeW
ord12

cabinet

ord20
ord22
ord23
ord21

api-ms-win-core-com-l1-1-0

GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoGetMalloc
CoTaskMemFree

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apisampling.dll
.dll windows:10 windows x64 arch:x64

09284ff709bb8ea22e2731e336b0ca00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

APISampling.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__fseeki64
_o__get_stream_buffer_pointers
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__lock_file
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__unlock_file
_o__errno
_o__wcsdup
_o__wcstoui64
_o__wfsopen
_o_abort
_o_ceilf
_o_fclose
_o_fflush
_o_fgetc
_o_fgetpos
_o_fputc
_o_fread
_o_free
_o_fsetpos
_o_fwrite
_o_isalpha
_o_islower
_o_isupper
_o_malloc
_o_mbstowcs_s
_o_realloc
_o_setlocale
_o_setvbuf
_o_strcpy_s
_o_terminate
_o_tolower
_o_towlower
_o_ungetc
_o_wcsncpy_s
_o_wcstol
_o_wcstombs_s
_o_wcstoul
__C_specific_handler
_o__execute_onexit_table
_o__cexit
_o__calloc_base
_o__callnewh
__CxxFrameHandler3
strchr
__uncaught_exception
_CxxThrowException
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
wcsncmp
wcsnlen
__strncnt

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
CreateThread
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetVersionExW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryExW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

aepic

PicFreeFileInfo
PicRetrieveFileInfo

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-localization-l1-2-0

FormatMessageW
LCMapStringEx

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockShared
ReleaseSRWLockShared
ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
CreateEventExW
WaitForSingleObject
ReleaseSemaphore
OpenSemaphoreW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexExW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

ntdll

NtSetSystemInformation
RtlGetCompressionWorkSpaceSize
RtlUnsubscribeWnfNotificationWaitForCompletion
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
NtCreateSection
RtlCompressBuffer
NtQueryDirectoryFile
NtQuerySystemInformation
RtlTimeToTimeFields
NtQuerySection
RtlConvertDeviceFamilyInfoToString

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoTaskMemAlloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-file-l1-1-0

CreateDirectoryW
DeleteFileW
GetFullPathNameW
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointerEx
GetFileInformationByHandle
GetFileAttributesW
FileTimeToLocalFileTime

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-0

MapViewOfFile
VirtualQuery
UnmapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

ext-ms-win-wer-reporting-l1-1-0

WerReportSetParameter
WerReportCloseHandle
WerpSetIntegratorReportId
WerReportSubmit
WerReportAddFile
WerReportCreate

Exports

Exports

APISamplingInitialize
APISamplingSetValue
APISamplingUninitialize

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
apisetschema.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:fc:63:56:64:a3:54:d7:88:3c:8d:f7:1a:68:f2:60:ad:c2:b9:42:97:1b:fb:ac:08:8f:5d:5a:12:66:7a:f4
Signer

Actual PE Digest

da:fc:63:56:64:a3:54:d7:88:3c:8d:f7:1a:68:f2:60:ad:c2:b9:42:97:1b:fb:ac:08:8f:5d:5a:12:66:7a:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apisetschema.pdb

Sections

.rdata
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apiset
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
apphelp.dll
.dll windows:10 windows x64 arch:x64

4b94109ad84c4a2b2bcebfecced9952c

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:6b:7a:c3:9a:67:19:bc:be:4c:e5:3c:48:01:fa:41:5b:24:67:f7:ef:6a:df:a0:74:26:c6:3e:cf:83:f9:24
Signer

Actual PE Digest

d7:6b:7a:c3:9a:67:19:bc:be:4c:e5:3c:48:01:fa:41:5b:24:67:f7:ef:6a:df:a0:74:26:c6:3e:cf:83:f9:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

apphelp.pdb

Imports

ntdll

RtlSetEnvironmentVar
RtlSizeHeap
RtlDestroyEnvironment
NtReadFile
ZwQuerySystemTime
NtWriteFile
qsort
wcsspn
_vscwprintf
RtlGetFileMUIPath
NtQueryInformationFile
RtlCreateUnicodeString
RtlDoesFileExists_U
NtSetValueKey
NtDeleteValueKey
ZwEnumerateValueKey
RtlGetVersion
RtlDosPathNameToNtPathName_U
RtlRunOnceExecuteOnce
RtlDuplicateUnicodeString
NtSetInformationKey
NtDeleteKey
wcsstr
NtCreateFile
_wtoi
ZwQueryKey
RtlUnicodeStringToInteger
ZwSetValueKey
RtlExpandEnvironmentStrings
RtlCompareMemory
RtlSetEnvironmentVariable
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlWow64GetProcessMachines
LdrFindEntryForAddress
RtlInitializeCriticalSection
RtlDeleteCriticalSection
strrchr
_stricmp
_vsnprintf
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCaptureStackBackTrace
RtlInitAnsiStringEx
LdrInitShimEngineDynamic
RtlGetNtSystemRoot
EtwEventWriteNoRegistration
NtQueryAttributesFile
NtQueryObject
RtlAddVectoredExceptionHandler
strcpy_s
_wcslwr
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlCheckTokenMembership
RtlFreeSid
LdrLoadDll
sprintf_s
sscanf_s
LdrGetProcedureAddressEx
LdrGetProcedureAddress
RtlLengthRequiredSid
RtlCreateServiceSid
NtOpenFile
NtQuerySecurityObject
RtlGetOwnerSecurityDescriptor
RtlEqualSid
NtProtectVirtualMemory
RtlInitializeSRWLock
LdrEnumerateLoadedModules
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtApphelpCacheControl
LdrGetDllHandle
ZwOpenKey
wcsncmp
ZwClose
LdrResSearchResource
ZwQueryInformationFile
ZwOpenFile
VerSetConditionMask
ZwQueryValueKey
RtlInitString
ZwOpenProcessToken
ZwEnumerateKey
wcschr
swprintf_s
RtlInitAnsiString
strncmp
ZwMapViewOfSection
ZwQueryInformationToken
ZwSetInformationProcess
ZwQueryDirectoryFile
RtlQueryEnvironmentVariable_U
RtlReAllocateHeap
RtlVerifyVersionInfo
RtlGetFullPathName_UEx
wcscat_s
wcscpy_s
RtlSecondsSince1970ToTime
RtlGetNativeSystemInformation
ZwCreateKey
RtlInitUnicodeString
RtlpEnsureBufferSize
ZwQueryInformationProcess
RtlxAnsiStringToUnicodeSize
ZwCreateSection
RtlUpcaseUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlUpcaseUnicodeChar
RtlTimeToTimeFields
ZwCreateFile
RtlNtPathNameToDosPathName
toupper
RtlAppendUnicodeStringToString
RtlGUIDFromString
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
RtlAnsiStringToUnicodeString
__C_specific_handler
_wcsicmp
RtlFreeUnicodeString
RtlFreeHeap
RtlCreateEnvironmentEx
EtwEventRegister
EtwEventEnabled
EtwEventUnregister
_wcsnicmp
_vsnwprintf
memset
RtlVirtualUnwind
RtlLookupFunctionEntry
NtClose
RtlCaptureContext
wcsrchr
EtwEventWrite
RtlStringFromGUID
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlAllocateHeap
RtlEqualString
RtlMultiByteToUnicodeN
strchr
RtlExpandEnvironmentStrings_U
NtQueryValueKey
NtOpenKey
RtlFormatCurrentUserKeyPath
NtCreateKey
RtlInitUnicodeStringEx
memcmp
memcpy
memmove
strcmp

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-appcompat-l1-1-1

BaseReadAppCompatDataForProcess
BaseFreeAppCompatDataForProcess

api-ms-win-core-appcompat-l1-1-0

BaseFlushAppcompatCache
BaseIsAppcompatInfrastructureDisabled

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

SetFilePointer
WriteFile
GetFileAttributesW
FindFirstFileW
DeleteFileW
FindClose
FindNextFileW
GetLongPathNameW
CreateFileW
GetFinalPathNameByHandleW
GetDriveTypeW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
CreateProcessW
GetProcessTimes
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetSystemDirectoryW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventUnregister
EventWriteTransfer
EventRegister

kernel32

ResolveDelayLoadedAPI
GetOverlappedResult
CancelIo
PackageIdFromFullName
DelayLoadFailureHook
QueryFullProcessImageNameW
GetPackageFullName

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
DeleteCriticalSection
OpenMutexW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleHandleExW
GetModuleHandleExA
GetModuleFileNameW
DisableThreadLibraryCalls
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
FreeLibrary
SizeofResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
ExpandEnvironmentStringsW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-0

VerLanguageNameW
IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME
ApphelpCheckInstallShieldPackage
ApphelpCheckModule
ApphelpCheckMsiPackage
ApphelpCheckRunApp
ApphelpCheckRunAppEx
ApphelpCheckShellObject
ApphelpChpeModSettingsFromQueryResult
ApphelpCreateAppcompatData
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpFreeFileAttributes
ApphelpGetFileAttributes
ApphelpGetMsiProperties
ApphelpGetNTVDMInfo
ApphelpGetShimDebugLevel
ApphelpIsPortMonAllowed
ApphelpNotifyPcaOfProblem
ApphelpParseModuleData
ApphelpQueryModSettingsAlloc
ApphelpQueryModuleData
ApphelpQueryModuleDataEx
ApphelpShowDialog
ApphelpUpdateCacheEntry
GetPermLayers
SE_AddHookset
SE_CALLBACK_AddHook
SE_CALLBACK_Lookup
SE_COM_AddHook
SE_COM_AddServer
SE_COM_HookInterface
SE_COM_HookObject
SE_COM_Lookup
SE_DllLoaded
SE_DllUnloaded
SE_DynamicShim
SE_GetHookAPIs
SE_GetMaxShimCount
SE_GetProcAddressForCaller
SE_GetProcAddressIgnoreIncExc
SE_GetProcAddressLoad
SE_GetShimCount
SE_GetShimId
SE_InitializeEngine
SE_InstallAfterInit
SE_InstallBeforeInit
SE_IsShimDll
SE_LdrEntryRemoved
SE_LdrResolveDllName
SE_LookupAddress
SE_LookupCaller
SE_ProcessDying
SE_ShimDPF
SE_ShimDllLoaded
SE_WINRT_AddHook
SE_WINRT_HookObject
SdbAddLayerTagRefToQuery
SdbApphelpNotify
SdbApphelpNotifyEx
SdbApphelpNotifyEx2
SdbBeginWriteListTag
SdbBuildCompatEnvVariables
SdbCloseApphelpInformation
SdbCloseDatabase
SdbCloseDatabaseWrite
SdbCloseLocalDatabase
SdbCommitIndexes
SdbCreateDatabase
SdbCreateHelpCenterURL
SdbCreateMsiTransformFile
SdbDeclareIndex
SdbDeletePermLayerKeys
SdbDumpSearchPathPartCaches
SdbEndWriteListTag
SdbEnumMsiTransforms
SdbEscapeApphelpURL
SdbFindCustomActionForPackage
SdbFindFirstDWORDIndexedTag
SdbFindFirstGUIDIndexedTag
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstStringIndexedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindMsiPackageByID
SdbFindNextDWORDIndexedTag
SdbFindNextGUIDIndexedTag
SdbFindNextMsiPackage
SdbFindNextStringIndexedTag
SdbFindNextTag
SdbFindNextTagRef
SdbFormatAttribute
SdbFreeDatabaseInformation
SdbFreeFileAttributes
SdbFreeFileInfo
SdbFreeFlagInfo
SdbGUIDFromString
SdbGUIDToString
SdbGetAppCompatDataSize
SdbGetAppPatchDir
SdbGetBinaryTagData
SdbGetDatabaseGUID
SdbGetDatabaseID
SdbGetDatabaseInformation
SdbGetDatabaseInformationByName
SdbGetDatabaseMatch
SdbGetDatabaseVersion
SdbGetDllPath
SdbGetEntryFlags
SdbGetFileAttributes
SdbGetFileImageType
SdbGetFileImageTypeEx
SdbGetFileInfo
SdbGetFirstChild
SdbGetImageType
SdbGetIndex
SdbGetItemFromItemRef
SdbGetLayerName
SdbGetLayerTagRef
SdbGetLocalPDB
SdbGetMatchingExe
SdbGetMsiPackageInformation
SdbGetNamedLayer
SdbGetNextChild
SdbGetNthUserSdb
SdbGetPDBFromGUID
SdbGetPathCustomSdb
SdbGetPathSystemSdb
SdbGetPermLayerKeys
SdbGetShowDebugInfoOption
SdbGetShowDebugInfoOptionValue
SdbGetStandardDatabaseGUID
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbInitDatabase
SdbInitDatabaseEx
SdbIsDbRuntimePlatformSupportedOnHost
SdbIsNullGUID
SdbIsStandardDatabase
SdbIsTagrefFromLocalDB
SdbIsTagrefFromMainDB
SdbIsTagrefFromMergeStubDB
SdbLoadString
SdbMakeIndexKeyFromString
SdbOpenApphelpDetailsDatabase
SdbOpenApphelpDetailsDatabaseSP
SdbOpenApphelpInformation
SdbOpenApphelpInformationByID
SdbOpenApphelpResourceFile
SdbOpenDatabase
SdbOpenDbFromGuid
SdbOpenLocalDatabase
SdbPackAppCompatData
SdbQueryApphelpInformation
SdbQueryBlockUpgrade
SdbQueryContext
SdbQueryData
SdbQueryDataEx
SdbQueryDataExTagID
SdbQueryFlagInfo
SdbQueryFlagMask
SdbQueryName
SdbQueryReinstallUpgrade
SdbReadApphelpData
SdbReadApphelpDetailsData
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadPatchBits
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbRegisterDatabase
SdbRegisterDatabaseEx
SdbReleaseDatabase
SdbReleaseMatchingExe
SdbResolveDatabase
SdbSetApphelpDebugParameters
SdbSetEntryFlags
SdbSetImageType
SdbSetPermLayerKeys
SdbShowApphelpDialog
SdbShowApphelpFromQuery
SdbStartIndexing
SdbStopIndexing
SdbStringDuplicate
SdbStringReplace
SdbStringReplaceArray
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnpackAppCompatData
SdbUnpackQueryResult
SdbUnregisterDatabase
SdbWriteBYTETag
SdbWriteBinaryTag
SdbWriteBinaryTagFromFile
SdbWriteDWORDTag
SdbWriteNULLTag
SdbWriteQWORDTag
SdbWriteStringRefTag
SdbWriteStringTag
SdbWriteStringTagDirect
SdbWriteWORDTag
SetPermLayerState
SetPermLayerStateEx
SetPermLayers
ShimDbgPrint
ShimDumpCache
ShimFlushCache

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidapi.dll
.dll windows:10 windows x64 arch:x64

8ce3f3bcbecf210156c42b2a28ea2f0b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9d:3b:e5:6d:50:d3:da:e4:d2:1c:59:1e:81:1e:26:70:f8:0a:a3:32:9b:b7:9f:68:e9:f3:9d:ff:45:dd:6c
Signer

Actual PE Digest

03:9d:3b:e5:6d:50:d3:da:e4:d2:1c:59:1e:81:1e:26:70:f8:0a:a3:32:9b:b7:9f:68:e9:f3:9d:ff:45:dd:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appidapi.pdb

Imports

msvcrt

_vsnwprintf
__C_specific_handler
_vsnprintf
_wtol
__CxxFrameHandler4
wcsstr
?what@exception@@UEBAPEBDXZ
strcmp
wcscat_s
??1type_info@@UEAA@XZ
_initterm
_amsg_exit
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_XcptFilter
??0exception@@QEAA@XZ
memmove_s
memcpy_s
__CxxFrameHandler3
memset
memmove
memcpy
memcmp
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
??0exception@@QEAA@AEBQEBD@Z
iswspace
wcscmp

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount

api-ms-win-core-file-l1-1-0

WriteFile
GetFinalPathNameByHandleW
DeleteFileW
GetFileSize
ReadFile
CreateFileW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

crypt32

CryptSIPLoad
CertGetEnhancedKeyUsage
CertGetNameStringW
CryptSIPRetrieveSubjectGuidForCatalogFile

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

ntdll

NtReadFile
NtWaitForSingleObject
RtlInitializeSRWLock
RtlGetNtSystemRoot
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEqualUnicodeString
RtlCopyUnicodeString
NtOpenFile
NtClose
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryObject
NtDeviceIoControlFile
RtlPrefixUnicodeString
RtlFreeHeap
RtlUpcaseUnicodeString
NtOpenKey
NtQueryValueKey
LdrResSearchResource
RtlCompareUnicodeString
EtwTraceMessage
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
RtlNtStatusToDosErrorNoTeb
RtlInitUnicodeString
RtlRunOnceExecuteOnce
EtwUnregisterTraceGuids
NtCreateSection
NtUnmapViewOfSection
NtMapViewOfSection
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
RtlAllocateHeap

advapi32

ord1000

srpapi

SrpIsAllowed

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AppIDConstructAppxAttributes
AppIDDecodeAttributeString
AppIDEncodeAttributeString
AppIDFreeAttributeString
AppIDGetAppxFileAttributes
AppIDGetFileAttributes
AppIDGetMsiVersionInfo
AppIDReleaseAppxFileAttributes
AppIDReleaseFileAttributes
CompareToSystemCIPolicy
UpdateSystemCIPolicy

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appidsvc.dll
.dll windows:10 windows x64 arch:x64

130d823cbfba19712e75a46c7fe24afc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appidsvc.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
__CxxFrameHandler4
memcpy
??0exception@@QEAA@AEBQEBD@Z
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??3@YAXPEAX@Z
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memmove
_callnewh
?what@exception@@UEBAPEBDXZ
_purecall
malloc
memset
_onexit
__dllonexit
_unlock
_XcptFilter
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
free
strcmp

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseSRWLockExclusive
CreateEventW
AcquireSRWLockExclusive

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
SetThreadpoolWait
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CreateThreadpoolWait
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-file-l1-1-0

GetFinalPathNameByHandleW
CompareFileTime
CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegDeleteKeyExW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
StringFromGUID2
CoInitializeEx

oleaut32

VariantInit

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-service-winsvc-l1-1-0

ControlService

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcServerInqBindings
RpcServerInqCallAttributesW
RpcEpRegisterW
RpcEpUnregister
RpcServerTestCancel
Ndr64AsyncServerCallAll
RpcAsyncCompleteCall
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcServerUseProtseqW
RpcAsyncAbortCall
NdrAsyncServerCall
RpcBindingVectorFree
I_RpcMapWin32Status

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetThreadToken
GetCurrentThread
OpenThreadToken

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExA

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-security-base-l1-1-0

RevertToSelf
GetSecurityDescriptorDacl

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-appmodel-runtime-l1-1-1

GetStagedPackagePathByFullName

ntdll

RtlRunOnceExecuteOnce
RtlReleaseSRWLockExclusive
RtlReleaseSRWLockShared
RtlAllocateHeap
RtlFreeHeap
NtQueryLicenseValue
EtwEventWriteTransfer
NtOpenKey
NtCreateKey
NtQueryValueKey
NtClose
NtSetValueKey
RtlAcquireSRWLockShared
NtQueryKey
NtCreateTransaction
NtCommitTransaction
NtQueryInformationFile
NtCreateFile
RtlUpcaseUnicodeString
RtlInitUnicodeString
NtQuerySystemTime
EtwEventUnregister
NtSetSystemInformation
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
NtSetInformationProcess
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlAcquireSRWLockExclusive

slc

SLUnregisterWindowsEvent
SLRegisterWindowsEvent

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appinfo.dll
.dll windows:10 windows x64 arch:x64

e0944d835a98a45cefecedae3535f5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appinfo.pdb

Imports

msvcrt

memmove
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_vsnwprintf
wcsrchr
_wcsnicmp
memcpy
memcmp
_ui64tow_s
wcsstr
wcschr
wcscat_s
_wcsicmp
wcsnlen
swprintf_s
wcscpy_s
memmove_s
_purecall
memcpy_s
bsearch
_callnewh
iswupper
towlower
memset

rpcrt4

RpcEpRegisterW
I_RpcBindingInqLocalClientPID
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
RpcServerUseProtseqW
RpcServerInqBindings
RpcEpUnregister
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingVectorFree
RpcRevertToSelf
RpcImpersonateClient
RpcAsyncCompleteCall

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
Sleep

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockExclusive
EnterCriticalSection
CreateEventExW
WaitForSingleObjectEx
OpenSemaphoreW
InitializeCriticalSectionEx
CreateEventW
LeaveCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
ReleaseSRWLockExclusive
SetEvent
CreateMutexW
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventRegister
EventUnregister

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processthreads-l1-1-0

GetExitCodeProcess
ResumeThread
GetCurrentProcessId
CreateProcessAsUserW
OpenThread
GetThreadId
GetCurrentThreadId
GetCurrentProcess
DeleteProcThreadAttributeList
TerminateProcess
UpdateProcThreadAttribute
GetProcessIdOfThread
GetProcessId
InitializeProcThreadAttributeList
OpenProcessToken

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadProcessMemory

api-ms-win-security-base-l1-1-0

SetTokenInformation
GetSidLengthRequired
GetAce
GetTokenInformation
IsTokenRestricted
GetSidSubAuthority
GetLengthSid
InitializeSid
CheckTokenMembership
ImpersonateLoggedOnUser
EqualSid
CreateRestrictedToken
RevertToSelf
IsWellKnownSid

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-file-l1-1-0

GetLongPathNameW
GetFileAttributesW
GetFinalPathNameByHandleW
GetFullPathNameW
CreateFileW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-wow64-l1-1-1

GetSystemWow64DirectoryW

api-ms-win-core-file-l1-2-4

GetTempPath2W

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-appcompat-l1-1-1

BaseFreeAppCompatDataForProcess
BaseReadAppCompatDataForProcess

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait

api-ms-win-core-kernel32-private-l1-1-0

CheckElevationEnabled
CheckElevation

api-ms-win-core-sidebyside-l1-1-0

CreateActCtxW
QueryActCtxSettingsW
ReleaseActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken
ParseApplicationUserModelId
GetPackageFullNameFromToken

api-ms-win-appmodel-runtime-l1-1-0

GetApplicationUserModelId
GetPackagesByPackageFamily
PackageFamilyNameFromFullName

api-ms-win-core-psm-key-l1-1-0

PsmCreateKey
PsmGetKeyFromToken

ntdll

RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtReadVirtualMemory
NtClose
RtlImageNtHeaderEx
NtDuplicateObject
RtlDeregisterWait
RtlNtStatusToDosError
RtlRegisterWait
RtlRemovePrivileges
LdrQueryImageFileKeyOption
RtlAllocateHeap
RtlGetDeviceFamilyInfoEnum
NtOpenProcess
RtlInitUnicodeString
NtQueryInformationToken
LdrOpenImageFileOptionsKey
RtlQueryPackageClaims
RtlExpandEnvironmentStrings
RtlAcquireSRWLockExclusive
RtlSetEnvironmentVar
NtOpenThreadToken
RtlEqualSid
NtQuerySecurityAttributesToken
RtlDestroyEnvironment
RtlQueryEnvironmentVariable
RtlCreateEnvironmentEx
RtlEqualUnicodeString
RtlNtPathNameToDosPathName
RtlFreeUnicodeString
RtlDosPathNameToRelativeNtPathName_U_WithStatus
RtlpEnsureBufferSize
RtlReleaseRelativeName
RtlPrefixUnicodeString
RtlInitUnicodeStringEx
LdrResSearchResource
NtSetSecurityObject
RtlCreateServiceSid
NtQuerySecurityObject
RtlDeriveCapabilitySidsFromName
NtSetInformationToken
NtQueryInformationProcess
RtlDeregisterWaitEx
NtQuerySystemInformation
NtDuplicateToken
NtOpenProcessToken
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwEventWrite
EtwEventUnregister
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage
RtlInitializeSRWLock
EtwGetTraceLoggerHandle
RtlFindAceByType
RtlAllocateAndInitializeSid
RtlFreeSid
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlReleaseSRWLockExclusive

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

AiDisableDesktopRpcInterface
AiEnableDesktopRpcInterface
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
appinfoext.dll
.dll windows:10 windows x64 arch:x64

cb4e306d92ffeb0429e68cbc8abaab4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

appinfoext.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___std_type_info_destroy_list
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
__C_specific_handler

api-ms-win-crt-string-l1-1-0

memset

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

appinfo

AiEnableDesktopRpcInterface
AiDisableDesktopRpcInterface

Exports

Exports

AiExtDisableDesktopRpcInterface
AiExtEnableDesktopRpcInterface

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsmprovhost.exe
.exe windows:10 windows x64 arch:x64

35c50cc7209a454799c998cde17c6e24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wsmprovhost.pdb

Imports

msvcrt

_exit
exit
__set_app_type
__getmainargs
__CxxFrameHandler4
_ismbblead
_onexit
__dllonexit
_unlock
_cexit
_lock
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
__setusermatherr
memset

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoRegisterClassObject

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

wsmsvc

?Alloc@WSManMemory@@SAPEAX_KHW4_NitsFaultMode@@@Z
??1CWSManCriticalSection@@QEAA@XZ
WSManError
CreateProvHost
?Free@WSManMemory@@SAXPEAXH@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??0?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@AEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??0?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@AEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@_N@Z
??1?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@QEAA@XZ
??1?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@QEAA@XZ
??1?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ
??1?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEAA@XZ
??1?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEAA@XZ
??1?$SafeMap_Iterator@UPluginKey@@K@@QEAA@XZ
??1?$SafeMap_Iterator@VKey@Locale@@K@@QEAA@XZ
??1?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA@XZ
??1?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA@XZ
??1?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA@XZ
??1?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA@XZ
??1?$SafeSet@PEAVCListenerOperation@@@@QEAA@XZ
??1?$SafeSet@PEAVIOperation@@@@QEAA@XZ
??1?$SafeSet_Iterator@PEAVCListenerOperation@@@@QEAA@XZ
??1?$SafeSet_Iterator@PEAVIOperation@@@@QEAA@XZ
??1CWSManCriticalSectionWithConditionVar@@QEAA@XZ
??_7?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@6B@
??_7?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@6B@
??_7?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@6B@
??_7?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@6B@
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ
?Acquire@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ
?Acquire@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ
?Acquire@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ
?Acquire@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Acquire@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ
?Acquire@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAXXZ
?Acquired@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEAA_NXZ
?Acquired@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAA_NXZ
?AsReference@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEAAAEAV1@XZ
?Data@?$SafeMap_Iterator@VKey@Locale@@K@@IEBAAEAV?$STLMap@VKey@Locale@@K@@XZ
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?DeInitialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z
?GetInitError@CWSManCriticalSection@@QEBAKXZ
?GetMap@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBAAEAV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Iterator@UPluginKey@@K@@QEBAAEAV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Iterator@VKey@Locale@@K@@QEBAAEAV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?GetMap@?$SafeMap_Lock@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@QEBAAEBV?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@XZ
?GetMap@?$SafeMap_Lock@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@QEBAAEBV?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@XZ
?GetMap@?$SafeMap_Lock@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@QEBAAEBV?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@XZ
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEAA_NAEAVIRequestContext@@@Z
?Initialize@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEAA_NAEAVIRequestContext@@@Z
?IsValid@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@UPluginKey@@K@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@VKey@Locale@@K@@QEBA_NXZ
?IsValid@?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@QEBA_NXZ
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVCListenerOperation@@UEmpty@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVCListenerOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVCListenerOperation@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeMap_Iterator@PEAVIOperation@@UEmpty@@@@@@UEBAXXZ
?Release@?$SafeMap@PEAVIOperation@@UEmpty@@V?$SafeSet_Iterator@PEAVIOperation@@@@@@UEBAXXZ
?Release@?$SafeMap@UPluginKey@@KV?$SafeMap_Iterator@UPluginKey@@K@@@@UEBAXXZ
?Release@?$SafeMap@UUserKey@@PEAVBlockedRecord@@V?$SafeMap_Iterator@UUserKey@@PEAVBlockedRecord@@@@@@UEBAXXZ
?Release@?$SafeMap@VKey@Locale@@KV?$SafeMap_Iterator@VKey@Locale@@K@@@@UEBAXXZ
?Release@?$SafeMap@VStringKeyStore@@PEAVServerFullDuplexChannel@@V?$SafeMap_Iterator@VStringKeyStore@@PEAVServerFullDuplexChannel@@@@@@UEBAXXZ
?Reset@?$SafeMap_Iterator@VKey@Locale@@K@@QEAAXXZ
?SkipOrphans@?$SafeMap_Iterator@VKey@Locale@@K@@IEAAXXZ

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wsqmcons.exe
.exe windows:10 windows x64 arch:x64

cf044a6a8ebba03fd7a29679767e5281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wsqmcons.pdb

Imports

msvcrt

_lock
_unlock
__C_specific_handler
_initterm
__dllonexit
__setusermatherr
_onexit
?terminate@@YAXXZ
__CxxFrameHandler3
_ismbblead
_cexit
_exit
exit
__set_app_type
_commode
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
malloc
_vsnwprintf
memmove
_acmdln
free
_fmode
memcpy
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-file-l1-1-0

FindFirstFileW
FindClose

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
RegCreateKeyExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-synch-l1-1-0

CreateMutexW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetStartupInfoW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-downlevel-shlwapi-l2-1-0

SHDeleteKeyW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuapihost.exe
.exe windows:10 windows x64 arch:x64

1cc79f8314a839e6f87b12ee994e1c4b

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:c1:94:c8:44:48:30:2c:f2:88:d6:df:11:c9:f4:4f:fc:f5:11:6f:b7:44:f5:65:bf:c2:04:ca:08:b7:c6:f9
Signer

Actual PE Digest

c5:c1:94:c8:44:48:30:2c:f2:88:d6:df:11:c9:f4:4f:fc:f5:11:6f:b7:44:f5:65:bf:c2:04:ca:08:b7:c6:f9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wuapihost.pdb

Imports

api-ms-win-core-com-l1-1-0

CoGetClassObject
CoRevokeClassObject
CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx
CoFreeUnusedLibraries
CoRegisterClassObject

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
IsThreadpoolTimerSet
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsGetValue
FlsAlloc
FlsFree

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___p__commode
_o__calloc_base
_o__cexit
_o__configthreadlocale
_o__configure_wide_argv
_o__crt_atexit
_o__exit
_o__free_base
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_malloc
_o_strcpy_s
_o_terminate

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuauclt.exe
.exe windows:10 windows x64 arch:x64

7f88106d6a8be4bc98d3aba7fa4b6f89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:3c:d0:9c:d6:e6:f0:d1:b5:4d:c4:8b:02:9b:18:85:71:54:e4:a7:4c:2b:bf:8b:03:ac:1e:bc:ce:7f:81:32
Signer

Actual PE Digest

31:3c:d0:9c:d6:e6:f0:d1:b5:4d:c4:8b:02:9b:18:85:71:54:e4:a7:4c:2b:bf:8b:03:ac:1e:bc:ce:7f:81:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wuauclt.pdb

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadResource
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
DeleteCriticalSection
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
WaitForSingleObject
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
GetExitCodeProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-file-l1-1-0

FindFirstFileW
GetFileSizeEx
FindClose
GetFileAttributesExW
CreateFileW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

ntdll

NtQueryInformationProcess

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_abort
_o_exit
_o_free
_o_malloc
_o_terminate
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o__exit
_o__errno
_o____lc_codepage_func
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__free_base
_o__cexit
_o__calloc_base
_o__callnewh

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wusa.exe
.exe windows:10 windows x64 arch:x64

cbeb5956a9780dfadbdb4a7b7a1d8925

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wusa.pdb

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
InitiateSystemShutdownExW
CreateProcessAsUserW
RegOpenKeyExW
ConvertSidToStringSidW
RegDeleteValueW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
CopySid
RegDeleteKeyValueW
StartTraceW
EnableTrace
ControlTraceW
CloseTrace
IsValidSid
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptGenRandom
DecryptFileA
CryptReleaseContext
EventRegister
EventUnregister
EventEnabled
EventWrite

kernel32

GetExitCodeProcess
ProcessIdToSessionId
GetCurrentProcessId
FormatMessageW
GetModuleHandleW
CreateFileW
GetFullPathNameW
GetCurrentProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
GetFileAttributesA
MultiByteToWideChar
GetSystemDirectoryA
lstrcmpW
DeleteFileW
MoveFileExW
RemoveDirectoryW
OutputDebugStringW
GetFileAttributesW
UnhandledExceptionFilter
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemWindowsDirectoryW
CloseHandle
GetExitCodeThread
FindClose
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetLastError
LocalFree
CreateThread
FindFirstFileW
lstrcmpiW
FindNextFileW
Sleep
TerminateProcess

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontIndirectW

user32

ReleaseDC
GetDC
SendDlgItemMessageW
SetRect
GetClientRect
ShowWindow
SystemParametersInfoW
DialogBoxParamW
DestroyAcceleratorTable
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyWindow
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
CreateWindowExW
BeginPaint
EndDialog
UpdateWindow
LoadCursorW
LoadIconW
SetWindowLongW
EnableWindow
SetDlgItemTextW
SetFocus
GetDlgItem
EndPaint
PostMessageW
FillRect
RegisterClassExW
DefWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SendMessageW

msvcrt

wcschr
iswdigit
_wcsnicmp
_wcsicmp
_vsnwprintf
wcsrchr
_lock
_commode
memcpy
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
memset
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
free
_callnewh
malloc
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_fmode
exit
__C_specific_handler
_vsnprintf

oleaut32

VariantInit
SysFreeString
SysAllocString

shell32

ord730
CommandLineToArgvW
ShellExecuteExW

shlwapi

StrToIntExW
PathFindExtensionW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmEndSession
WinSqmSetDWORD
WinSqmSetString
WinSqmStartSession

dpx

DpxNewJob

wtsapi32

WTSQueryUserToken

servicingcommon

SczEnsureBackslashTerminated
SczAllocConcat2Sz
SczFree
SczAllocFormatted
SczAlloc
SczAllocPrefixSz
SczAllocConcatSz
SczAllocFromSz

dismapi

DismUnmountImage
DismMountImage
DismInitialize

comctl32

ord344
InitCommonControlsEx

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoTaskMemFree

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xcopy.exe
.exe windows:10 windows x64 arch:x64

1effe65a4f251e4ae9fa8551f9fcdabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xcopy.pdb

Imports

msvcrt

__C_specific_handler
_wcsnicmp
towupper
exit
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_wgetenv

ulib

?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
?Initialize@STRING_ARRAY@@QEAAEKKK@Z
??0STRING_ARRAY@@QEAA@XZ
?ConvertToUTC@TIMEINFO@@QEAAEXZ
?Initialize@TIMEINFO@@QEAAXPEBV1@@Z
??0TIMEINFO@@QEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??1STRING_ARGUMENT@@UEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
?TruncateNameAtColon@PATH@@QEAAXXZ
?AppendBase@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
?Initialize@PATH@@QEAAEPEBGE@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
?Initialize@PATH@@QEAAEPEBV1@E@Z
??0PATH@@QEAA@XZ
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
?PathWasTooBig@PATH@@QEAAEXZ
?Truncate@WSTRING@@QEAAKK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Strcmp@WSTRING@@QEBAJPEBV1@@Z
?GetWSTR@WSTRING@@QEBAPEBGXZ
?QueryChAt@WSTRING@@QEBAGK@Z
?QueryChCount@WSTRING@@QEBAKXZ
?QueryResourceString@BASE_SYSTEM@@SAEPEAVWSTRING@@KPEBDZZ
?ExitProgram@PROGRAM@@SAXK@Z
?FindFirstFileW@@YAPEAXPEBVPATH@@PEAU_WIN32_FIND_DATAW@@@Z
?Copy@FSN_FILE@@QEBAEPEAVPATH@@PEAW4_COPY_ERROR@@KP6AKT_LARGE_INTEGER@@222KKPEAX33@Z3PEAH@Z
?Resize@FSTRING@@UEAAEK@Z
??0FSTRING@@QEAA@XZ
?DisplaySystemError@SYSTEM@@SAXKH@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
?RemoveNode@SYSTEM@@SAEPEAPEAVFSNODE@@E@Z
?MakeDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@0PEAW4_COPY_ERROR@@P6AKT_LARGE_INTEGER@@222KKPEAX33@Z3PEAHK@Z
??OTIMEINFO@@QEBAEV0@@Z
?GetNext@FSN_DIRECTORY@@QEAAPEAVFSNODE@@PEAPEAXPEAK@Z
?IsEmpty@FSN_DIRECTORY@@QEBAEXZ
?DeleteDirectory@FSN_DIRECTORY@@QEAAEXZ
?CreateDirectoryPath@FSN_DIRECTORY@@QEBAPEAV1@PEBVPATH@@@Z
??0PROGRAM@@IEAA@XZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
?Usage@PROGRAM@@UEBAXXZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Fatal@PROGRAM@@UEBAXXZ
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
??1PROGRAM@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?UseAlternateName@FSNODE@@QEAAEXZ
?SetAttributes@FSNODE@@QEAAEKPEAK@Z
?GetPFlagBreak@KEYBOARD@@QEBAQEAHXZ
?GotABreak@KEYBOARD@@SAEXZ
?EnableLineMode@KEYBOARD@@QEAAEXZ
?EnableBreakHandling@KEYBOARD@@SAEXZ
?DisableLineMode@KEYBOARD@@QEAAEXZ
?DisableBreakHandling@KEYBOARD@@SAEXZ
?Initialize@KEYBOARD@@QEAAEEE@Z
?Cast@KEYBOARD@@SAPEAV1@PEBVOBJECT@@@Z
??0KEYBOARD@@QEAA@XZ
?TruncateBase@PATH@@QEAAEXZ
?QueryFullPathString@PATH@@QEBAPEAVWSTRING@@XZ
?QueryComponentArray@PATH@@QEBAPEAVARRAY@@PEAV2@@Z
?ModifyName@PATH@@QEAAEPEBVWSTRING@@@Z
?HasWildCard@PATH@@QEBAEXZ
?EndsWithDelimiter@PATH@@QEBAEXZ
?Display@MESSAGE@@QEAAEPEBDZZ
?SetTimeInfo@FSN_FILTER@@QEAAEPEBVTIMEINFO@@W4FSN_TIME@@G@Z
?SetAttributes@FSN_FILTER@@QEAAEKKK@Z
?SetFileName@FSN_FILTER@@QEAAEPEBD@Z
?SetFileName@FSN_FILTER@@QEAAEPEBVWSTRING@@@Z
?DoesNodeMatch@FSN_FILTER@@QEAAEPEAVFSNODE@@@Z
?Initialize@FSN_FILTER@@QEAAEXZ
??0FSN_FILTER@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
??0OBJECT@@QEAA@AEBV0@@Z
??1FSTRING@@UEAA@XZ
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
??9WSTRING@@QEBAEAEBV0@@Z
??8WSTRING@@QEBAEAEBV0@@Z
?Strstr@WSTRING@@QEBAKPEBV1@@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?SetClassDescriptor@OBJECT@@IEAAXPEBVCLASS_DESCRIPTOR@@@Z
?SPrintfAppend@DSTRING@@UEAAEPEBGZZ
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QEAAPEAVWSTRING@@K@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?SetAllowSwitchGlomming@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?SetNoSpcBetweenDstAndSwitch@ARGUMENT_LEXEMIZER@@QEAAXE@Z
?PutMultiCharSwitch@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?GetPattern@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
?QueryDirectory@SYSTEM@@SAPEAVFSN_DIRECTORY@@PEBVPATH@@E@Z
?QueryFile@SYSTEM@@SAPEAVFSN_FILE@@PEBVPATH@@EPEAE@Z
??0PATH_ARGUMENT@@QEAA@XZ
??1PATH_ARGUMENT@@UEAA@XZ
?Initialize@PATH_ARGUMENT@@QEAAEPEADE@Z
?ReadLine@STREAM@@QEAAEPEAVWSTRING@@E@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?DeleteAllMembers@ARRAY@@UEAAEXZ
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?QueryStream@FSN_FILE@@QEAAPEAVFILE_STREAM@@W4STREAMACCESS@@K@Z
??0TIMEINFO_ARGUMENT@@QEAA@XZ
??1TIMEINFO_ARGUMENT@@UEAA@XZ
?Initialize@TIMEINFO_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?Resize@DSTRING@@UEAAEK@Z
?NewBuf@DSTRING@@UEAAEK@Z
?SPrintf@DSTRING@@UEAAEPEBGZZ
?QueryWindowsErrorMessage@SYSTEM@@SAEKPEAVWSTRING@@@Z

ifsutil

?QueryFreeDiskSpace@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAVBIG_INT@@@Z

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-file-l1-1-0

GetFileTime
FindClose
SetFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-file-l2-1-0

CreateDirectoryExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlAdjustPrivilege
NtSetInformationProcess

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xwizard.exe
.exe windows:10 windows x64 arch:x64

a64091098129483c3d876a86009bbe1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xwizard.pdb

Imports

msvcrt

realloc
memmove
_XcptFilter
_CxxThrowException
_amsg_exit
memcpy
_errno
?terminate@@YAXXZ
_lock
_commode
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__wgetmainargs
_fmode
_wcmdln
_initterm
_unlock
__set_app_type
__CxxFrameHandler3
__setusermatherr
_cexit
??3@YAXPEAX@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
wcsncpy_s
malloc
free
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler4
exit
__dllonexit
_onexit
??1type_info@@UEAA@XZ
_exit
memset

oleaut32

VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
GetModuleFileNameW
LoadResource
LoadLibraryExW
GetModuleHandleW
SizeofResource
FreeLibrary

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableFlags
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
MessageBoxW
RegisterClassW
LoadIconW
LoadCursorW

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
DeactivateActCtx
ReleaseActCtx
CreateActCtxW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

43:2d:5b:e8:49:7a:b4:2e:7f:7b:84:3b:88:ee:f9:c4:09:93:03:cd:41:43:79:4d:35:9c:5a:d4:d6:9e:2b:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 524B

.data Size: - Virtual size: 128B

.apiset Size: 4KB - Virtual size: 196B

.rsrc Size: 4KB - Virtual size: 1KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

a0:8f:03:94:af:22:11:a4:63:e6:f3:f4:42:21:a4:bf:97:f2:b6:b5:4a:35:1a:3c:94:14:ac:8d:26:42:49:b2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 516B

.data Size: - Virtual size: 128B

.apiset Size: 4KB - Virtual size: 180B

.rsrc Size: 4KB - Virtual size: 1KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

66:91:8e:8b:cf:27:5c:3e:40:f1:51:be:3c:ba:47:f1:e7:58:8f:b6:ee:7f:08:f2:1b:9a:b1:51:d4:39:88:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 500B

.data Size: - Virtual size: 128B

.apiset Size: 4KB - Virtual size: 168B

.rsrc Size: 4KB - Virtual size: 1KB

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ed:66:47:53:d1:55:10:03:28:88:67:37:23:54:57:12:bb:c5:c4:d8:b5:04:23:fd:6f:2e:3f:d7:2a:e3:b2:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 516B

.data Size: - Virtual size: 128B

.apiset Size: 4KB - Virtual size: 172B

.rsrc Size: 4KB - Virtual size: 1KB

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ec:ef:a3:e5:7c:d1:45:d3:be:10:ef:63:5e:8c:ef:ca:a2:81:d0:1e:09:d6:0e:1c:90:37:3b:5a:fd:cd:2e:7eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.rdata Size: 4KB - Virtual size: 524B

.data Size: - Virtual size: 128B

.apiset Size: 4KB - Virtual size: 252B

.rsrc Size: 4KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

43:2d:5b:e8:49:7a:b4:2e:7f:7b:84:3b:88:ee:f9:c4:09:93:03:cd:41:43:79:4d:35:9c:5a:d4:d6:9e:2b:95
Signer

.rdata
Size: 4KB - Virtual size: 524B

.data
Size: - Virtual size: 128B

.apiset
Size: 4KB - Virtual size: 196B

.rsrc
Size: 4KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

a0:8f:03:94:af:22:11:a4:63:e6:f3:f4:42:21:a4:bf:97:f2:b6:b5:4a:35:1a:3c:94:14:ac:8d:26:42:49:b2
Signer

.rdata
Size: 4KB - Virtual size: 516B

.data
Size: - Virtual size: 128B

.apiset
Size: 4KB - Virtual size: 180B

.rsrc
Size: 4KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

66:91:8e:8b:cf:27:5c:3e:40:f1:51:be:3c:ba:47:f1:e7:58:8f:b6:ee:7f:08:f2:1b:9a:b1:51:d4:39:88:7d
Signer

.rdata
Size: 4KB - Virtual size: 500B

.data
Size: - Virtual size: 128B

.apiset
Size: 4KB - Virtual size: 168B

.rsrc
Size: 4KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ed:66:47:53:d1:55:10:03:28:88:67:37:23:54:57:12:bb:c5:c4:d8:b5:04:23:fd:6f:2e:3f:d7:2a:e3:b2:3d
Signer

.rdata
Size: 4KB - Virtual size: 516B

.data
Size: - Virtual size: 128B

.apiset
Size: 4KB - Virtual size: 172B

.rsrc
Size: 4KB - Virtual size: 1KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ec:ef:a3:e5:7c:d1:45:d3:be:10:ef:63:5e:8c:ef:ca:a2:81:d0:1e:09:d6:0e:1c:90:37:3b:5a:fd:cd:2e:7e
Signer

.rdata
Size: 4KB - Virtual size: 524B

.data
Size: - Virtual size: 128B

.apiset
Size: 4KB - Virtual size: 252B

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 12KB - Virtual size: 9KB

.didat
Size: 4KB - Virtual size: 168B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB