SoftWare_v1[.]7 (2024)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SoftWare_v1.7 (2024).zip
Size

30.6MB
MD5

9d479a8cb6accae319d703c51e8ad4c9
SHA1

adafc2d1f2731ecc7ce066f9253719e4560cb4a7
SHA256

96203d10c357c465e727f91a2dafbdee2ac6b410f88b9199ec418251927f0537
SHA512

9ae1ee7e89ad18697a7c36fbabbd20524ce26df031fd056b18219c3faa4a6aaf1c2b4f9e0b8ab408829bba996a7038de164d27c4b40b1408a9d74ec661837465
SSDEEP

786432:S4vZXikB3fISA1Y/RGGIDnkMn4yVI6UqVOrBloK5Y:LZzB3fJA1iwXwM4yDUqAHY

Score

3^/10

Malware Config

Signatures

Unsigned PE 27 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bin/MFMediaEngine.dll
unpack001/Bin/Microsoft.ApplicationId.RuleWizard.ni.dll
unpack001/Bin/Microsoft.BestPractices.dll
unpack001/Bin/Microsoft.BestPractices.ni.dll
unpack001/Bin/Microsoft.Bluetooth.Service.dll
unpack001/Bin/Microsoft.Build.Engine.dll
unpack001/Bin/Microsoft.Build.Engine.ni.dll
unpack001/Bin/Microsoft.Build.Framework.ni.dll
unpack001/Bin/Microsoft.Build.Tasks.dll
unpack001/Bin/Microsoft.Build.Tasks.ni.dll
unpack001/Bin/Microsoft.Build.Tasks.v3.5.dll
unpack001/Bin/Microsoft.Build.Tasks.v3.5.ni.dll
unpack001/Bin/Microsoft.Build.Tasks.v4.0.ni.dll
unpack001/Bin/Microsoft.Build.Utilities.v4.0.ni.dll
unpack001/Bin/Microsoft.Build.ni.dll
unpack001/Bin/Microsoft.CSharp.dll
unpack001/Bin/Microsoft.CSharp.ni.dll
unpack001/Bin/Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll
unpack001/Bin/Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.dll
unpack001/Bin/Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.ni.dll
unpack001/Bin/Microsoft.ConfigCI.Commands.ni.dll
unpack001/Bin/Microsoft.DirectoryServices.ServerManager.dll
unpack001/Bin/Microsoft.FailoverClusters.UI.Common.Resources.dll
unpack001/Bin/mfmkvsrcsnk.dll
unpack001/Bin/mgmtprovider.dll
unpack001/Bin/micaut.dll
unpack001/Bin/microsoft.bing.client.graph.dll

Files

SoftWare_v1.7 (2024).zip
.zip

Password: 2024
Bin/MFMediaEngine.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

e02521237686dec6cddc813023ca54e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFMediaEngine.pdb

Imports

msvcrt

strncmp
_W_Getdays
_Getmonths
_Wcsftime
_Getdays
_Gettnames
_ltoa_s
memcpy
islower
_i64toa_s
_gcvt_s
memmove
_free_locale
_lock
_unlock
strcspn
setlocale
_get_current_locale
___mb_cur_max_func
___lc_handle_func
localeconv
__crtLCMapStringA
sprintf_s
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
__crtLCMapStringW
__crtCompareStringA
___lc_codepage_func
_ismbblead
_wtof
__crtCompareStringW
_wcsdup
wcstod
__mb_cur_max
??0exception@@QEAA@AEBQEBD@Z
_Strftime
_vsnprintf
_errno
isxdigit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
strtol
_W_Gettnames
_strnicmp
isalpha
wcsrchr
wcsstr
wcschr
wcspbrk
memset
ldexp
_vsnprintf_s
time
ctime
atoi
wcstombs_s
memmove_s
iswdigit
iswalpha
towupper
wcscspn
swscanf
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
__CxxFrameHandler3
__dllonexit
wcscpy_s
__uncaught_exception
__C_specific_handler
__pctype_func
_initterm
swscanf_s
isupper
_amsg_exit
_wcsicmp
_ui64toa_s
_ultow_s
towlower
tolower
_XcptFilter
isdigit
isalnum
_W_Getmonths
_CxxThrowException
??0exception@@QEAA@XZ
strncpy_s
strnlen
_strtoui64
memcmp
___lc_collate_cp_func
_ltow_s
_ultoa_s
realloc
_stricmp
isprint
calloc
_finite
_isnan
_vsnwprintf
memchr
_wcsnicmp
wcsncmp
qsort
memcpy_s
_wtoi
wcstok_s
_callnewh
malloc
free
_purecall
abort
isspace
floor
wcscmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateMutexW
WaitForMultipleObjectsEx
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionEx
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSection
LeaveCriticalSection
InitializeSRWLock
EnterCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
DeleteCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexExW
CreateWaitableTimerExW
ReleaseMutex
SetWaitableTimer
AcquireSRWLockShared

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags
TraceMessage

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
LoadStringW
LoadLibraryExW
GetProcAddress

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentThreadId
OpenProcessToken

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNW
StrToIntW
StrStrW
StrStrIW
StrTrimW
StrCmpW
StrChrW
StrCmpIW
StrSpnW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
GetStringTypeW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc

api-ms-win-core-registry-l1-1-0

RegSetValueExA
RegEnumKeyExW
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExW
RegGetValueW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
DebugBreak

api-ms-win-core-console-l3-2-0

GetConsoleWindow

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
Sleep
WakeAllConditionVariable

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetSystemInfo

api-ms-win-core-url-l1-1-0

UrlHashW

api-ms-win-core-path-l1-1-0

PathIsUNCEx
PathCchFindExtension

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

api-ms-win-power-base-l1-1-0

PowerUnregisterSuspendResumeNotification
PowerRegisterSuspendResumeNotification

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
LocalAlloc

xmllite

CreateXmlReader

api-ms-win-core-shlwapi-legacy-l1-1-0

IsCharSpaceW

api-ms-win-core-string-l2-1-0

IsCharAlphaW

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-core-file-l1-1-0

CreateFileA
WriteFile
SetFilePointer
SetFilePointerEx
FlushFileBuffers

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpiA

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel
AppPolicyGetLifecycleManagement
AppPolicyGetMediaFoundationCodecLoading

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFullName
PackageIdFromFullName
GetPackagesByPackageFamily

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

bcrypt

BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptDecrypt

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rtworkq

RtwqSetLongRunning

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/MFPlay.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: 2024

2f4b7710dad8e8fc13c0a1e3f351e5bd

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:58:ba:06:98:f4:ca:82:29:cb:3e:9f:73:af:12:c0:a9:21:a8:2e:e8:e7:c8:3b:f8:00:73:43:fc:17:ae:18
Signer

Actual PE Digest

88:58:ba:06:98:f4:ca:82:29:cb:3e:9f:73:af:12:c0:a9:21:a8:2e:e8:e7:c8:3b:f8:00:73:43:fc:17:ae:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFPlay.pdb

Imports

msvcrt

strnlen
strncpy_s
memset
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
qsort
_callnewh
_vsnwprintf
_wcsnicmp
wcscat_s
wcscpy_s
wcsncpy_s
memcpy_s
free
malloc
_purecall
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
SetEvent
CreateEventW
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObject

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TlsGetValue
TlsSetValue

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
FreeLibrary
GetModuleFileNameW
DisableThreadLibraryCalls
LoadLibraryExW
SizeofResource
GetModuleHandleExW
GetModuleHandleW
GetProcAddress

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
MFPCreateMediaPlayer
MFPCreateMediaPlayerEx

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.AppV.AppvClientComConsumer.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

6c299c6be3f1cd5aa4de203d434fdb16

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:81:73:1d:2a:9b:b9:81:8e:81:b8:a2:37:e1:ed:33:a6:39:6e:ba:df:9a:fc:1e:fb:c5:7c:1b:38:43:33:09
Signer

Actual PE Digest

e4:81:73:1d:2a:9b:b9:81:8e:81:b8:a2:37:e1:ed:33:a6:39:6e:ba:df:9a:fc:1e:fb:c5:7c:1b:38:43:33:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.AppV.AppvClientComConsumer.pdb

Imports

msvcp_win

?good@ios_base@std@@QEBA_NXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__stricmp
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
_o__wsplitpath_s
_o__wtoi
_o_abort
_o_free
_o_iswalpha
_o_iswdigit
_o_malloc
_o_terminate
__C_specific_handler
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
strrchr
__FrameUnwindFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
memmove
memcpy
__std_terminate
__CxxFrameHandler3

advapi32

EventWriteTransfer
RegOpenKeyExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW
RegQueryValueExW
RegSetValueExW
RegGetValueW

kernel32

WideCharToMultiByte
GetDriveTypeW
LocalFree
GetLastError
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetNativeSystemInfo
InitializeCriticalSectionAndSpinCount
CloseHandle
GetVersionExW
LoadLibraryW
LoadLibraryA
GetSystemDirectoryW
Sleep
FreeLibrary
RaiseException
TerminateProcess
GetCurrentProcess
GetModuleHandleW
CreateEventW
GetProcAddress

normaliz

IdnToNameprepUnicode

oleaut32

SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
VariantInit
SysFreeString
SysAllocString
VariantClear
SysAllocStringByteLen

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW
InternetCreateUrlW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

mscoree

_CorDllMain

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.ApplicationId.RuleWizard.ni.dll
.dll windows:5 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.ApplicationId.RuleWizard.ni.pdb
Microsoft.ApplicationId.RuleWizard.pdb

Sections

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.BestPractices.dll
.dll windows:4 windows x86 arch:x86

Password: 2024

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.BestPractices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 825KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.BestPractices.ni.dll
.dll windows:5 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.BestPractices.ni.pdb
Microsoft.BestPractices.pdb

Sections

.data
Size: 779KB - Virtual size: 779KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Bluetooth.Service.dll
.dll windows:10 windows x64 arch:x64

Password: 2024

292b53af0bedd1c237c33d9ef9fd66cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Bluetooth.Service.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

strnlen
memset

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_free
_o_malloc
_o_qsort
_o_realloc
_o_strcat_s
_o_terminate
_o_toupper
_o_wcstok_s
_o_wcstol
__C_specific_handler
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
__std_type_info_compare
_CxxThrowException
_o__cexit
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
__std_terminate
__CxxFrameHandler3
memcmp
memcpy
_o___stdio_common_vsnprintf_s

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateEventExW
InitializeSRWLock
SetEvent
CreateMutexExW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ResetEvent
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
EnterCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetThreadPriority
GetCurrentProcess
OpenThreadToken
TerminateProcess
GetCurrentThreadId
CreateThread
OpenProcessToken
GetCurrentThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolWait
WaitForThreadpoolTimerCallbacks
TrySubmitThreadpoolCallback
SetThreadpoolTimer
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolWait
CreateThreadpoolTimer
CloseThreadpoolCleanupGroup
SetThreadpoolTimerEx
SetThreadpoolWait

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCompareMemory

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

msvcp_win

?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoRevokeActivationFactories
RoInitialize
RoRegisterActivationFactories
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
GetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-com-l1-1-0

CoGetMarshalSizeMax
CoMarshalInterface
CoGetInterfaceAndReleaseStream
CoSwitchCallContext
CoCreateGuid
CoReleaseMarshalData
CoGetApartmentType
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
CoImpersonateClient
CoRevertToSelf
CoWaitForMultipleHandles
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoDisconnectObject
CoDisconnectContext
CoDecrementMTAUsage
CoIncrementMTAUsage
CoCreateInstance
CreateStreamOnHGlobal
CoGetMalloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsDuplicateString

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx
GetOverlappedResult

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-devices-query-l1-1-0

DevCloseObjectQuery
DevCreateObjectQuery
DevGetObjectProperties

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CopySid
GetTokenInformation
IsValidSid
GetLengthSid

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
RoReportFailedDelegate

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
Sleep
WaitOnAddress
WakeByAddressSingle
InitOnceComplete

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringW

ntdll

RtlUnicodeToUTF8N
NtQuerySystemInformation
RtlInitUnicodeString
RtlAllocateWnfSerializationGroup
RtlUnsubscribeWnfNotificationWithCompletionCallback
RtlStringFromGUID
RtlFreeUnicodeString
RtlUTF8ToUnicodeN
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData
RtlQueryPackageIdentity
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlGUIDFromString

api-ms-win-devices-query-l1-1-1

DevCreateObjectQueryEx

api-ms-win-devices-config-l1-1-1

CM_MapCrToWin32Err
CM_Unregister_Notification
CM_Get_Device_Interface_PropertyW
CM_Register_Notification

api-ms-win-core-winrt-robuffer-l1-1-0

RoGetBufferMarshaler

api-ms-win-shcore-stream-l1-1-0

IStream_Write

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer
EventSetInformation
EventProviderEnabled

rpcrt4

RpcServerUnregisterIfEx
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerRegisterIf3
RpcBindingVectorFree
RpcEpUnregister
UuidHash
NdrServerCallAll
NdrServerCall2
I_RpcBindingInqLocalClientPID

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolAllowThreadReuse

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteTreeW
RegDeleteValueW
RegOpenKeyExW

bcrypt

BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptFinishHash

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

combase

ord67
ord68
ord66

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

policymanager

PolicyManager_GetPolicyString
PolicyManager_GetPolicyInt

devobj

DevObjDestroyDeviceInfoList
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInterfaces
DevObjGetClassDevs
DevObjCreateDeviceInfoList

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 774KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Engine.dll
.dll windows:4 windows x86 arch:x86

Password: 2024

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeBuildEngine\objr\i386\Microsoft.Build.Engine.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 612KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Engine.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeBuildEngine\objr\i386\Microsoft.Build.Engine.pdb

Sections

.data
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 287B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Framework.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Build.Framework.ni.pdb
f:\binaries\Intermediate\ndp_msbuild\framework.csproj_348859884\objr\x86\Microsoft.Build.Framework.pdb

Sections

.data
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeTasks\objr\i386\Microsoft.Build.Tasks.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 628KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeTasks\objr\i386\Microsoft.Build.Tasks.pdb

Sections

.data
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.v3.5.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeTasks\objr\i386\Microsoft.Build.Tasks.v3.5.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 700KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.v3.5.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\dd\vsproject\xmake\XMakeTasks\objr\i386\Microsoft.Build.Tasks.v3.5.pdb

Sections

.data
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extjmp
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 261B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.v4.0.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:cb:d9:52:06:53:bf:3e:2a:59:00:00:00:00:00:cb
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:f9:7d:64:61:ce:5e:37:7f:cd:4d:b5:d9:09:28:5e:04:8c:11:63:77:0b:1c:1f:0f:b0:5d:96:65:cc:13:69
Signer

Actual PE Digest

99:f9:7d:64:61:ce:5e:37:7f:cd:4d:b5:d9:09:28:5e:04:8c:11:63:77:0b:1c:1f:0f:b0:5d:96:65:cc:13:69

Digest Algorithm

sha256

PE Digest Matches

true

a3:44:5b:2a:a8:49:f1:d5:b8:9c:8c:80:5a:63:e7:08:cc:78:97:d2
Signer

Actual PE Digest

a3:44:5b:2a:a8:49:f1:d5:b8:9c:8c:80:5a:63:e7:08:cc:78:97:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmaketasks.csproj__664050716\objr\x86\Microsoft.Build.Tasks.v4.0.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Tasks.v4.0.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Build.Tasks.v4.0.ni.pdb
f:\binaries\Intermediate\ndp_msbuild\xmaketasks.csproj__664050716\objr\x86\Microsoft.Build.Tasks.v4.0.pdb

Sections

.data
Size: 809KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.Utilities.v4.0.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Build.Utilities.v4.0.ni.pdb
f:\binaries\Intermediate\ndp_msbuild\utilities.csproj__534314299\objr\x86\Microsoft.Build.Utilities.v4.0.pdb

Sections

.data
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:b5:ac:7d:6d:87:6b:26:11:47:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:ae:73:ea:6c:da:4d:24:a4:23:74:9f:57:6d:bd:89:a3:65:71:fb:87:f2:c5:b1:b3:17:61:96:b1:ed:7e:03
Signer

Actual PE Digest

0a:ae:73:ea:6c:da:4d:24:a4:23:74:9f:57:6d:bd:89:a3:65:71:fb:87:f2:c5:b1:b3:17:61:96:b1:ed:7e:03

Digest Algorithm

sha256

PE Digest Matches

true

e4:1f:04:99:ff:21:86:96:e4:44:b9:25:35:f5:5a:79:61:85:48:0a
Signer

Actual PE Digest

e4:1f:04:99:ff:21:86:96:e4:44:b9:25:35:f5:5a:79:61:85:48:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

f:\binaries\Intermediate\ndp_msbuild\xmakebuildengine.csproj_1234830932\objr\x86\Microsoft.Build.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.Build.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Build.ni.pdb
f:\binaries\Intermediate\ndp_msbuild\xmakebuildengine.csproj_1234830932\objr\x86\Microsoft.Build.pdb

Sections

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.CSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.CSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.CSharp.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.CSharp.ni.pdb
Microsoft.CSharp.pdb

Sections

.data
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.CertificateServices.PKIClient.Cmdlets.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.CertificateServices.PKIClient.Cmdlets.ni.pdb
Microsoft.CertificateServices.PKIClient.Cmdlets.pdb

Sections

.data
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.ni.pdb
Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.pdb

Sections

.data
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.ConfigCI.Commands.ni.dll
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.ConfigCI.Commands.ni.pdb
Microsoft.ConfigCI.Commands.pdb

Sections

.data
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 667KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.DirectoryServices.ServerManager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.DirectoryServices.ServerManager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.FailoverClusters.Framework.dll
Bin/Microsoft.FailoverClusters.UI.Common.Resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/Microsoft.FailoverClusters.UI.Common.dll
Bin/mfmkvsrcsnk.dll
.dll windows:10 windows x64 arch:x64

0d54f72f64b3c9d21a6859471646a9f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfmkvsrcsnk.pdb

Imports

msvcrt

memcmp
___lc_collate_cp_func
_CxxThrowException
__C_specific_handler
memchr
memcpy
tolower
isspace
?terminate@@YAXXZ
isdigit
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
??0exception@@QEAA@AEBQEBDH@Z
towlower
_W_Getmonths
__dllonexit
_onexit
isalnum
_W_Getdays
??1type_info@@UEAA@XZ
_Getmonths
_Getdays
sqrtf
malloc
__mb_cur_max
_finite
free
localeconv
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
strcspn
_wtoi
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
swscanf_s
qsort
strncpy_s
strnlen
atoi
wcstombs_s
memmove_s
_wcsicmp
swscanf
islower
_free_locale
_get_current_locale
??1bad_cast@@UEAA@XZ
__crtLCMapStringA
__crtLCMapStringW
__crtCompareStringA
__crtCompareStringW
_wcsdup
modf
_stricmp
_vsnprintf_s
memmove
abort
ldexp
realloc
memset
_ismbblead
___mb_cur_max_func
calloc
_XcptFilter
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
wcsncmp
_initterm
_callnewh
_isnan
__CxxFrameHandler3
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
__uncaught_exception
setlocale
sprintf_s
_errno
_vsnwprintf
_unlock
_lock
logf
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
ReleaseSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
AcquireSRWLockExclusive
ReleaseMutex
OpenSemaphoreW
ReleaseSemaphore
ReleaseSRWLockShared
EnterCriticalSection
InitializeSRWLock
CreateSemaphoreExW
CreateEventW
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockShared
SetEvent
InitializeCriticalSectionEx
LeaveCriticalSection

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
RaiseException
GetLastError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsSetValue
TlsGetValue
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

oleaut32

VariantClear
VariantChangeType
SysAllocString
VariantInit

api-ms-win-core-com-l1-1-0

IIDFromString
CreateStreamOnHGlobal
CoTaskMemFree
PropVariantCopy
CoTaskMemAlloc
PropVariantClear
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsDuplicateString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsConcatString
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoActivateInstance

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister
EventUnregister

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

propsys

InitPropVariantFromDoubleVector
PSStringFromPropertyKey
PSPropertyKeyFromString
InitPropVariantFromCLSID
InitPropVariantFromStringAsVector
PropVariantChangeType
StgDeserializePropVariant
StgSerializePropVariant
PSCreateMemoryPropertyStore

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 952KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfmp4srcsnk.dll
.dll windows:10 windows x64 arch:x64

bff86929c74c63b0b27b4ffbbd9fc988

Code Sign

33:00:00:02:ec:65:79:ad:1e:67:08:90:13:00:00:00:00:02:ec
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:20:b5:f7:25:0a:e4:e3:bc:97:2e:4b:22:94:93:47:71:22:04:71:d7:55:df:d1:23:a5:29:ee:6f:fc:43:19
Signer

Actual PE Digest

f6:20:b5:f7:25:0a:e4:e3:bc:97:2e:4b:22:94:93:47:71:22:04:71:d7:55:df:d1:23:a5:29:ee:6f:fc:43:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfmp4srcsnk.pdb

Imports

msvcrt

_amsg_exit
_vsnwprintf
_ltoa_s
_XcptFilter
wcscat_s
_snwscanf_s
_i64toa_s
_callnewh
_ultoa_s
_initterm
wcsnlen
_snwprintf_s
_scwprintf
wcstol
swprintf_s
__C_specific_handler
swscanf_s
qsort
realloc
_ultow_s
strnlen
_wcsicmp
_lock
_unlock
__dllonexit
_onexit
__CxxFrameHandler3
_gcvt_s
sqrtf
wcsncmp
sscanf_s
strncpy_s
_errno
_vsnprintf
wcsncpy_s
malloc
free
_purecall
memcpy_s
wcstoul
acos
cos
floor
logf
memcmp
memcpy
memmove
memset
sin
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
LoadResource
GetProcAddress
LoadStringW
GetModuleFileNameW
FindStringOrdinal
GetModuleHandleW
SizeofResource
FindResourceExW
FreeLibrary
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
EnterCriticalSection
SetEvent
ResetEvent
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
GetTraceLoggerHandle

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
TlsGetValue
TlsSetValue

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-url-l1-1-0

HashData

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetVersionExW

rtworkq

RtwqSetLongRunning

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
MapViewOfFileEx
VirtualQueryEx
CreateFileMappingW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfmpeg2srcsnk.dll
.dll windows:10 windows x64 arch:x64

fe3aa51f6a3b8314c85f365b62363df6

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:99:a9:fd:aa:d0:02:81:67:5b:89:b4:51:e3:82:27:92:96:68:8c:52:de:ab:87:fc:fe:50:55:f6:6f:92:c1
Signer

Actual PE Digest

e4:99:a9:fd:aa:d0:02:81:67:5b:89:b4:51:e3:82:27:92:96:68:8c:52:de:ab:87:fc:fe:50:55:f6:6f:92:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfmpeg2srcsnk.pdb

Imports

msvcrt

_XcptFilter
wcsnlen
_wcsicmp
_callnewh
realloc
rand
_lock
_amsg_exit
time
srand
memcmp
__dllonexit
_onexit
memset
memmove
swscanf_s
wcsncmp
_vsnwprintf
swprintf_s
_gcvt_s
_i64toa_s
_unlock
__C_specific_handler
_ultoa_s
_ltoa_s
_vsnprintf
strnlen
strncpy_s
_errno
_initterm
qsort
wcsncpy_s
malloc
free
_purecall
memcpy_s
memcpy
logf
sqrtf

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetModuleHandleW
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW
SizeofResource
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
OpenSemaphoreW
SetEvent
WaitForSingleObject
DeleteCriticalSection
ReleaseMutex
ReleaseSemaphore
AcquireSRWLockExclusive
ResetEvent
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockExclusive

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryInfoKeyW
RegGetValueW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegEnumKeyExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventEnabled
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

CreateThread
SetThreadPriority
GetCurrentThreadId
TerminateProcess
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
TlsGetValue
TlsSetValue

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

ntdll

NtQuerySystemInformation
RtlGetPersistedStateLocation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification
GetFeatureEnabledState

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64
GlobalMemoryStatusEx
GetLocalTime
GetTickCount
GetVersionExW

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA

mfds

InitHEVCStream_
InitDTSAudioStream_
PESHeaderLength
PESPacketLength
xMediaSubTypeTransform
PackSCR
InitAC3AudioStream_
PackMuxRate
PESPacketPTSinPCR
xCreateCannedMediaType
InitMpeg2VideoStream_
InitMpeg1VideoStream_
InitH264Stream_
InitDDPlusAudioStream_
InitAACAudioStream_
InitMpegAudioStream_
InitLPCMMiracastAudioStream_
InitBDAVLPCMAudioStream_
InitLPCMAudioStream_
InitTrueHDAudioStream_

rtworkq

RtwqSetLongRunning

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-mm-time-l1-1-0

timeGetDevCaps
timeEndPeriod
timeBeginPeriod
timeGetTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 946KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfnetcore.dll
.dll windows:10 windows x64 arch:x64

d544db4af21a770a8ee102502043d06e

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:11:29:37:b1:3c:ef:f4:10:17:0f:49:b5:83:8e:fd:62:c2:18:d2:fa:ed:41:20:01:a5:31:b8:61:03:61:01
Signer

Actual PE Digest

04:11:29:37:b1:3c:ef:f4:10:17:0f:49:b5:83:8e:fd:62:c2:18:d2:fa:ed:41:20:01:a5:31:b8:61:03:61:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfnetcore.pdb

Imports

msvcrt

wcsrchr
_lock
_wtoi
wcstok
strcpy_s
memset
memmove
memcpy
sprintf_s
calloc
realloc
_errno
strncpy_s
memcmp
strtoul
_wcsicmp
_wcsnicmp
__C_specific_handler
strcat_s
_vsnwprintf
strrchr
_stricmp
wcschr
_initterm
_ultow_s
strpbrk
memchr
wcsncmp
iswalnum
_strcmpi
towupper
wcsstr
wcspbrk
_amsg_exit
iswalpha
_XcptFilter
qsort
iswdigit
_unlock
__CxxFrameHandler3
_ui64tow_s
strnlen
_strnicmp
towlower
_callnewh
_ltow_s
_i64tow_s
swscanf_s
__dllonexit
wcsncpy_s
malloc
_onexit
free
_purecall
memcpy_s
strchr
wcscmp

ntdll

RtlCaptureContext
RtlLengthSid
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
LoadResource
GetModuleFileNameW
SizeofResource
LoadLibraryExW
FindStringOrdinal
DisableThreadLibraryCalls
GetModuleHandleA

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
SetEvent
EnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LeaveCriticalSection
CreateEventW
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSection

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcessToken
TlsSetValue
TlsGetValue
GetCurrentThreadId

api-ms-win-core-file-l1-1-0

GetTempFileNameW
GetDiskFreeSpaceExW
CompareFileTime
DeleteFileA
GetFileSizeEx
SetFileValidData
SetEndOfFile
SetFilePointerEx
GetFullPathNameW
GetDiskFreeSpaceW
DeleteFileW
WriteFile
ReadFile
GetFileSize
CreateFileA
CreateFileW
CreateDirectoryW
GetFileAttributesW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetVersion
GetTickCount
GetSystemDirectoryA
GetSystemTime
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

GlobalFree
LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
TrySubmitThreadpoolCallback

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-processenvironment-l1-1-0

SearchPathW
ExpandEnvironmentStringsW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
IsLicensedComponentAC3_ENC
IsLicensedComponentDOLBY
IsLicensedComponentMPEG2
IsLicensedComponentMPEG2_ENC
MFCreateByteCacheFile
MFCreateCredentialCache
MFCreateFileBlockMap
MFCreatePartialSeekableByteStream
MFCreateProxyLocator
MFGetSupportedDLNAProfileInfo

Sections

.text
Size: 889KB - Virtual size: 888KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfnetsrc.dll
.dll windows:10 windows x64 arch:x64

32cbe19ab6b1f3e526e3006a675c0e63

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:93:19:0a:d9:84:2b:6b:bc:ca:5b:9d:3d:79:9c:28:7b:8a:af:f7:27:b8:87:92:14:10:c6:20:98:c7:fb:1a
Signer

Actual PE Digest

0d:93:19:0a:d9:84:2b:6b:bc:ca:5b:9d:3d:79:9c:28:7b:8a:af:f7:27:b8:87:92:14:10:c6:20:98:c7:fb:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfnetsrc.pdb

Imports

msvcrt

strtoul
_ltoa_s
wcspbrk
_i64tow_s
_stricmp
swscanf_s
_strcmpi
?terminate@@YAXXZ
memchr
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
strncmp
_ui64tow_s
__CxxFrameHandler3
qsort
memcpy
gmtime
time
wcsftime
_strnicmp
rand
strncpy_s
memmove
_XcptFilter
??3@YAXPEAX@Z
_vsnwprintf
strnlen
_amsg_exit
_initterm
_errno
realloc
_lock
wcsrchr
_ultoa_s
iswxdigit
_unlock
towlower
__dllonexit
_onexit
??1type_info@@UEAA@XZ
isxdigit
wcsstr
wcsncmp
_ultow_s
_ltow_s
wcschr
towupper
iswalpha
iswdigit
toupper
isalpha
isdigit
_wcsnicmp
_wcsicmp
wcsncpy_s
memset
malloc
memcmp
ceil
free
_callnewh
??0exception@@QEAA@AEBQEBD@Z
_purecall
??0exception@@QEAA@AEBV0@@Z
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime
VariantChangeType
SysAllocStringLen
SystemTimeToVariantTime
VarUI4FromStr

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
SizeofResource
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadResource
FindResourceExW
DisableThreadLibraryCalls
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

SetEvent
EnterCriticalSection
ReleaseSRWLockExclusive
InitializeSRWLock
CreateEventW
DeleteCriticalSection
CreateEventExW
LeaveCriticalSection
WaitForSingleObject
AcquireSRWLockShared
InitializeCriticalSection
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoUninitialize
IIDFromString
PropVariantClear
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoTaskMemRealloc
PropVariantCopy

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumValueW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableFlags

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
TlsGetValue
TlsSetValue
GetExitCodeProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-file-l1-1-0

GetDiskFreeSpaceExW
DeleteFileW
WriteFile
ReadFile
CreateFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetVersion
GetTickCount
GetVersionExW
GetLocalTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

mfplat

MFCreateAsyncResult
MFCreateUdpSockets
MFCreateURLFromPath
MFCreatePathFromURL
MFCreateTelemetrySession
MFFreeAdaptersAddresses
MFGetAdaptersAddresses
MFCompareSockaddrAddresses
MFInvokeCallback
MFCreateSocket
MFSetSockaddrAny
MFEndGetHostByName
MFBeginGetHostByName
MFCreateMediaTypeFromRepresentation
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFCreateVideoMediaTypeFromVideoInfoHeader
MFInitMediaTypeFromWaveFormatEx
MFPutWorkItem
MFScheduleWorkItem
MFGetConfigurationPolicy
MFJoinWorkQueue
DestroyPropVariant
MFGetConfigurationStore
MFCancelWorkItem
MFCreateEventQueue
MFUnwrapMediaType
MFUnjoinWorkQueue
MFCreateMediaType
MFWrapMediaType
MFGetCallStackTracingWeakReference
MFCancelCreateFile
MFEndCreateFile
MFBeginCreateFile
MFCreateMediaEvent
MFCreateMediaEventResult
CreatePropVariant
MFGetSockaddrFromNumericName
MFPutWorkItemEx2
MFUnlockPlatform
MFLockPlatform
MFScheduleWorkItemEx
MFGetConfigurationDWORD
MFGetSystemTime
MFGetNumericNameFromSockaddr
MFCreateMemoryStream
MFGetContentProtectionSystemCLSID
MFCreateAttributes
MFInitAttributesFromBlob
MFGetAttributesAsBlob
MFGetAttributesAsBlobSize

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName

crypt32

CryptStringToBinaryW

api-ms-win-security-cryptoapi-l1-1-0

CryptVerifySignatureW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateByteCacheFile
MFCreateCacheManager
MFCreateFileBlockMap

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfperfhelper.dll
.dll windows:10 windows x64 arch:x64

56251d1dff922af65db9f398cd460051

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:62:00:d9:9d:d1:8d:b0:57:ff:45:00:bf:9d:9b:b7:3a:64:cf:8d:c2:6c:4f:ba:0d:e5:99:91:06:c6:b5:65
Signer

Actual PE Digest

8c:62:00:d9:9d:d1:8d:b0:57:ff:45:00:bf:9d:9b:b7:3a:64:cf:8d:c2:6c:4f:ba:0d:e5:99:91:06:c6:b5:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfperfhelper.pdb

Imports

msvcrt

__C_specific_handler
_initterm
_XcptFilter
free
_callnewh
malloc
floor
memcpy
sin
_amsg_exit
cos
sqrt
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfplat.dll
.dll windows:10 windows x64 arch:x64

2546b48c4df1e3ff81444a976a8b52dc

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:ce:31:4c:69:23:ba:ad:c9:30:6e:04:2d:d5:33:7c:fc:ce:49:95:55:64:4a:a4:d4:af:4c:1d:24:d6:8e:25
Signer

Actual PE Digest

2e:ce:31:4c:69:23:ba:ad:c9:30:6e:04:2d:d5:33:7c:fc:ce:49:95:55:64:4a:a4:d4:af:4c:1d:24:d6:8e:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFPLAT.pdb

Imports

msvcrt

_vsnwprintf
free
rand
strcpy_s
strchr
sprintf_s
calloc
_purecall
strtoul
strcat_s
_ultow
memset
wcsrchr
realloc
qsort
_splitpath_s
memcpy
memmove
strncmp
strnlen
strstr
_itoa_s
memcpy_s
strncpy_s
wcsncmp
_wcsicmp
sinf
_onexit
__dllonexit
atoi
_wcslwr_s
wcstombs_s
memmove_s
swscanf
iswdigit
iswalpha
towupper
wcscspn
_unlock
memcmp
swscanf_s
_lock
cosf
_strcmpi
towlower
__C_specific_handler
_initterm
malloc
_amsg_exit
wcsstr
_vsnprintf
_gcvt_s
__CxxFrameHandler3
_callnewh
wcscat_s
wcscpy_s
_strnicmp
_wcsnicmp
_wsplitpath_s
_ultoa_s
_XcptFilter
_ltoa_s
_i64toa_s
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
GetModuleHandleW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegCloseKey

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetProcessId
CreateThread
OpenProcessToken
GetExitCodeThread
TlsGetValue
GetProcessTimes
TlsSetValue
TlsFree
TlsAlloc
GetCurrentProcessId
OpenThread
TerminateProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetVersion
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemDirectoryA
GetTickCount64
GetSystemDirectoryW
GetSystemInfo
GetTickCount

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseMutex
ReleaseSRWLockShared
CreateEventExW
LeaveCriticalSection
InitializeCriticalSectionEx
InitializeSRWLock
OpenSemaphoreW
EnterCriticalSection
SetEvent
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
CreateEventW
ResetEvent
AcquireSRWLockShared
ReleaseSemaphore
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterFile
WerUnregisterFile

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-url-l1-1-0

UrlCreateFromPathW
PathCreateFromUrlW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualFree
MapViewOfFile
UnmapViewOfFile
VirtualQueryEx
MapViewOfFileEx
CreateFileMappingW

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesExW
SetFilePointer
FlushFileBuffers
GetFullPathNameW
SetEndOfFile
WriteFile
ReadFile
GetFinalPathNameByHandleW
GetFileSize

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx
GetOverlappedResult

api-ms-win-core-io-l1-1-1

CancelSynchronousIo

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation
K32EnumProcessModules
K32GetProcessMemoryInfo

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
GlobalFree
LocalAlloc

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-devices-config-l1-1-1

CM_Register_Notification
CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_Device_Interface_ListW
CM_Unregister_Notification
CM_Open_Device_Interface_KeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

ntdll

RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtQueryInformationFile

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetMediaFoundationCodecLoading
AppPolicyGetWindowingModel

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-memory-l1-1-1

GetProcessWorkingSetSizeEx

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeBeginPeriod

Exports

Exports

CopyPropVariant
CreatePropVariant
CreatePropertyStore
DestroyPropVariant
FormatTagFromWfx
GetAMSubtypeFromD3DFormat
GetD3DFormatFromMFSubtype
MFAddPeriodicCallback
MFAllocateSerialWorkQueue
MFAllocateWorkQueue
MFAllocateWorkQueueEx
MFAppendCollection
MFAverageTimePerFrameToFrameRate
MFBeginCreateFile
MFBeginGetHostByName
MFBeginRegisterWorkQueueWithMMCSS
MFBeginRegisterWorkQueueWithMMCSSEx
MFBeginUnregisterWorkQueueWithMMCSS
MFCalculateBitmapImageSize
MFCalculateImageSize
MFCallStackTracingClearSnapshot
MFCallStackTracingLogSessionErrors
MFCallStackTracingRestoreSnapshot
MFCallStackTracingTakeSnapshot
MFCancelCreateFile
MFCancelWorkItem
MFCheckEnabledViaAppService
MFClearLocalMFTs
MFCompareFullToPartialMediaType
MFCompareSockaddrAddresses
MFConvertColorInfoFromDXVA
MFConvertColorInfoToDXVA
MFConvertFromFP16Array
MFConvertToFP16Array
MFCopyImage
MFCreate2DMediaBuffer
MFCreate2DMediaBufferOn1DMediaBuffer
MFCreateAMMediaTypeFromMFMediaType
MFCreateAlignedMemoryBuffer
MFCreateAlignedSharedMemoryBuffer
MFCreateAsyncResult
MFCreateAttributes
MFCreateAudioMediaType
MFCreateByteStreamHandlerAppServiceActivate
MFCreateCollection
MFCreateContentDecryptorContext
MFCreateContentProtectionDevice
MFCreateD3D12SyncObject
MFCreateDXGIDeviceManager
MFCreateDXGISurfaceBuffer
MFCreateDXSurfaceBuffer
MFCreateEventQueue
MFCreateFile
MFCreateFileFromHandle
MFCreateLegacyMediaBufferOnMFMediaBuffer
MFCreateMFByteStreamOnIStreamWithFlags
MFCreateMFByteStreamOnStream
MFCreateMFByteStreamOnStreamEx
MFCreateMFByteStreamWrapper
MFCreateMFVideoFormatFromMFMediaType
MFCreateMediaBufferFromMediaType
MFCreateMediaBufferWrapper
MFCreateMediaEvent
MFCreateMediaEventResult
MFCreateMediaExtensionActivate
MFCreateMediaExtensionActivateNoInit
MFCreateMediaExtensionAppServiceActivate
MFCreateMediaExtensionInprocActivate
MFCreateMediaType
MFCreateMediaTypeFromProperties
MFCreateMediaTypeFromRepresentation
MFCreateMemoryBuffer
MFCreateMemoryBufferFromRawBuffer
MFCreateMemoryStream
MFCreateMuxStreamAttributes
MFCreateMuxStreamMediaType
MFCreateMuxStreamSample
MFCreateOOPMFTProxy
MFCreateOOPMFTRemote
MFCreatePathFromURL
MFCreatePresentationDescriptor
MFCreatePropertiesFromMediaType
MFCreateReusableByteStream
MFCreateReusableByteStreamWithSharedLock
MFCreateSample
MFCreateSecureBufferAllocator
MFCreateSharedMemoryMediaBufferFromMediaType
MFCreateSocket
MFCreateSocketListener
MFCreateSourceResolver
MFCreateSourceResolverInternal
MFCreateStagingSurfaceWrapper
MFCreateStreamDescriptor
MFCreateStreamOnMFByteStream
MFCreateStreamOnMFByteStreamEx
MFCreateSystemTimeSource
MFCreateTelemetrySession
MFCreateTempFile
MFCreateTrackedSample
MFCreateTransformActivate
MFCreateURLFromPath
MFCreateUdpSockets
MFCreateVideoDecryptorContext
MFCreateVideoMediaType
MFCreateVideoMediaTypeFromBitMapInfoHeader
MFCreateVideoMediaTypeFromBitMapInfoHeaderEx
MFCreateVideoMediaTypeFromSubtype
MFCreateVideoMediaTypeFromVideoInfoHeader
MFCreateVideoMediaTypeFromVideoInfoHeader2
MFCreateVideoSampleAllocatorEx
MFCreateWICBitmapBuffer
MFCreateWaveFormatExFromMFMediaType
MFDeserializeAttributesFromStream
MFDeserializeEvent
MFDeserializeMediaTypeFromStream
MFDeserializePresentationDescriptor
MFEndCreateFile
MFEndGetHostByName
MFEndRegisterWorkQueueWithMMCSS
MFEndUnregisterWorkQueueWithMMCSS
MFEnumLocalMFTRegistrations
MFFrameRateToAverageTimePerFrame
MFFreeAdaptersAddresses
MFGetAdaptersAddresses
MFGetAttributesAsBlob
MFGetAttributesAsBlobSize
MFGetCallStackTracingWeakReference
MFGetConfigurationDWORD
MFGetConfigurationPolicy
MFGetConfigurationStore
MFGetConfigurationString
MFGetContentProtectionSystemCLSID
MFGetMFTMerit
MFGetNumericNameFromSockaddr
MFGetPlaneSize
MFGetPlatformFlags
MFGetPlatformVersion
MFGetPluginControl
MFGetRandomNumber
MFGetSockaddrFromNumericName
MFGetStrideForBitmapInfoHeader
MFGetSupportedMimeTypes
MFGetSupportedSchemes
MFGetSystemTime
MFGetTimerPeriodicity
MFGetUncompressedVideoFormat
MFGetWorkQueueMMCSSClass
MFGetWorkQueueMMCSSPriority
MFGetWorkQueueMMCSSTaskId
MFHasLocallyRegisteredByteStreamHandlers
MFHasLocallyRegisteredSchemeHandlers
MFHeapAlloc
MFHeapFree
MFInitAMMediaTypeFromMFMediaType
MFInitAttributesFromBlob
MFInitMediaTypeFromAMMediaType
MFInitMediaTypeFromMFVideoFormat
MFInitMediaTypeFromMPEG1VideoInfo
MFInitMediaTypeFromMPEG2VideoInfo
MFInitMediaTypeFromVideoInfoHeader
MFInitMediaTypeFromVideoInfoHeader2
MFInitMediaTypeFromWaveFormatEx
MFInitVideoFormat
MFInitVideoFormat_RGB
MFInvalidateMFTEnumCache
MFInvokeCallback
MFIsBottomUpFormat
MFIsContentProtectionDeviceSupported
MFIsFeatureEnabled
MFIsLocallyRegisteredMimeType
MFIsLocallyRegisteredSchemeHandler
MFJoinWorkQueue
MFLockDXGIDeviceManager
MFLockPlatform
MFLockSharedWorkQueue
MFLockWorkQueue
MFMapDX9FormatToDXGIFormat
MFMapDXGIFormatToDX9Format
MFPlatformBigEndian
MFPlatformLittleEndian
MFPutWaitingWorkItem
MFPutWorkItem
MFPutWorkItem2
MFPutWorkItemEx
MFPutWorkItemEx2
MFRegisterLocalByteStreamHandler
MFRegisterLocalSchemeHandler
MFRegisterPlatformWithMMCSS
MFRemovePeriodicCallback
MFScheduleWorkItem
MFScheduleWorkItemEx
MFSerializeAttributesToStream
MFSerializeEvent
MFSerializeMediaTypeToStream
MFSerializePresentationDescriptor
MFSetMinimumMemoryAlignment
MFSetSockaddrAny
MFSetWindowForContentProtection
MFShutdown
MFStartup
MFStreamDescriptorProtectMediaType
MFTEnum
MFTEnum2
MFTEnumEx
MFTGetInfo
MFTRegister
MFTRegisterLocal
MFTRegisterLocalByCLSID
MFTUnregister
MFTUnregisterLocal
MFTUnregisterLocalByCLSID
MFTraceError
MFTraceFuncEnter
MFUnjoinWorkQueue
MFUnlockDXGIDeviceManager
MFUnlockPlatform
MFUnlockWorkQueue
MFUnregisterPlatformFromMMCSS
MFUnwrapMediaType
MFValidateMediaTypeSize
MFWrapMediaType
MFWrapSocket
MFllMulDiv
PropVariantFromStream
PropVariantToStream
ValidateWaveFormat

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfreadwrite.dll
.dll windows:10 windows x64 arch:x64

e3b197a928de3d884c0bad3ababd5e36

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:e1:3c:90:1e:db:21:d6:28:63:62:d0:97:9e:59:ba:d5:f6:ab:bb:a7:cd:37:13:0d:1f:b1:b5:3a:6c:12:05
Signer

Actual PE Digest

77:e1:3c:90:1e:db:21:d6:28:63:62:d0:97:9e:59:ba:d5:f6:ab:bb:a7:cd:37:13:0d:1f:b1:b5:3a:6c:12:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFReadWrite.pdb

Imports

msvcrt

strnlen
_vsnwprintf
strncpy_s
_errno
_lock
_XcptFilter
_unlock
__dllonexit
_initterm
_callnewh
_ultoa_s
_ltoa_s
_i64toa_s
_gcvt_s
_onexit
_vsnprintf
_amsg_exit
realloc
_wcsicmp
wcsrchr
_purecall
memcpy_s
free
malloc
wcsncpy_s
memmove
__C_specific_handler
qsort
memcmp
memcpy
memset

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
UnregisterTraceGuids

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
LoadResource
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
SizeofResource
FreeLibrary
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForMultipleObjectsEx
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
LeaveCriticalSection
WaitForSingleObject
ResetEvent
CreateEventW
EnterCriticalSection
WaitForSingleObjectEx

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TlsGetValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateSinkWriterFromMediaSink
MFCreateSinkWriterFromURL
MFCreateSourceReaderFromByteStream
MFCreateSourceReaderFromMediaSource
MFCreateSourceReaderFromURL

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfsrcsnk.dll
.dll windows:10 windows x64 arch:x64

44d29f54d827ff50dd7180f5f946e881

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:0e:15:55:18:17:44:ab:a5:cd:0d:c1:ee:a1:63:a5:c1:d0:f9:0c:5f:d2:c9:6d:d9:f1:e1:04:22:c5:10:82
Signer

Actual PE Digest

36:0e:15:55:18:17:44:ab:a5:cd:0d:c1:ee:a1:63:a5:c1:d0:f9:0c:5f:d2:c9:6d:d9:f1:e1:04:22:c5:10:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mfsrcsnk.pdb

Imports

msvcrt

_ultow_s
sscanf_s
iswspace
isdigit
_ui64toa_s
_snprintf_s
memmove_s
swprintf_s
_vsnwprintf
swscanf_s
_wcsnicmp
_strcmpi
towupper
atoi
wcstol
_wtol
_callnewh
_wcsicmp
_gcvt_s
_i64toa_s
_ultoa_s
_XcptFilter
_amsg_exit
_initterm
iswprint
wcsncmp
_ltoa_s
_vsnprintf
_itoa_s
strnlen
strncpy_s
strncmp
qsort
wcsncpy_s
malloc
free
_purecall
memcpy_s
_errno
realloc
_lock
_unlock
__dllonexit
_onexit
sqrtf
_stricmp
__C_specific_handler
vsprintf_s
logf
memcmp
memcpy
memmove
memset
strcmp

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
SizeofResource
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadResource
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateEventW
SetEvent
InitializeCriticalSection
LeaveCriticalSection

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegGetValueW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
EventEnabled

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
RegisterTraceGuidsW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
WideCharToMultiByte
CompareStringW

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsSetValue
GetCurrentProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpiA
lstrcmpiW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
IsValidLocaleName
GetUserDefaultLocaleName

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

mfplat

MFPlatformBigEndian
MFPlatformLittleEndian
ValidateWaveFormat
MFCreateVideoMediaTypeFromBitMapInfoHeaderEx
MFCreateMediaEventResult
MFPutWorkItemEx2
MFUnlockPlatform
MFLockPlatform
MFGetCallStackTracingWeakReference
MFGetConfigurationDWORD
MFGetSystemTime
CreatePropertyStore
MFCreateWaveFormatExFromMFMediaType
MFCreateMemoryBuffer
MFPutWorkItemEx
MFPutWorkItem
MFCalculateImageSize
MFGetStrideForBitmapInfoHeader
MFCreateSourceResolver
MFShutdown
MFStartup
MFCreateTelemetrySession
MFCreateMFByteStreamOnStream
MFllMulDiv
MFInitMediaTypeFromWaveFormatEx
MFScheduleWorkItem
MFCancelWorkItem
MFCreateMediaBufferWrapper
MFCreateMemoryStream
MFSerializeAttributesToStream
MFCreateAttributes
MFCreateMFByteStreamOnStreamEx
CreatePropVariant
MFUnwrapMediaType
MFCreateMediaEvent
DestroyPropVariant
MFInvokeCallback
MFCreatePresentationDescriptor
MFCreateMediaType
MFCreateStreamDescriptor
MFCreateSample
MFIsBottomUpFormat
MFCreateAsyncResult

rtworkq

RtwqSetLongRunning

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-http-time-l1-1-0

InternetTimeToSystemTimeA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateAVIMediaSink
MFCreateWAVEMediaSink

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mfsvr.dll
.dll windows:10 windows x64 arch:x64

926f40862e9bf1073f4b229a07d88ab9

Code Sign

33:00:00:02:65:51:ae:1b:bd:00:5c:bf:bd:00:00:00:00:02:65
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:84:83:f5:ad:68:fa:ca:bd:e5:5f:98:db:3a:cd:64:22:85:ae:7f:ee:47:6f:cc:9a:68:98:21:5d:ea:23:46
Signer

Actual PE Digest

ab:84:83:f5:ad:68:fa:ca:bd:e5:5f:98:db:3a:cd:64:22:85:ae:7f:ee:47:6f:cc:9a:68:98:21:5d:ea:23:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFSVR.pdb

Imports

msvcrt

??0exception@@QEAA@XZ
_vsnprintf_s
??0exception@@QEAA@AEBQEBDH@Z
rand
srand
strcspn
realloc
_gcvt_s
localeconv
_get_current_locale
??0bad_cast@@QEAA@PEBD@Z
_i64toa_s
__crtLCMapStringW
_ltoa_s
_ultoa_s
??1bad_cast@@UEAA@XZ
memcmp
??0bad_cast@@QEAA@AEBV0@@Z
_finite
sprintf_s
vsprintf_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
__C_specific_handler
time
ctime
wcsncmp
wcscat_s
??9type_info@@QEBAHAEBV0@@Z
??8type_info@@QEBAHAEBV0@@Z
_wcsdup
__uncaught_exception
calloc
__pctype_func
wcscpy_s
memset
_ismbblead
_CxxThrowException
___lc_codepage_func
_vsnprintf
___lc_handle_func
___mb_cur_max_func
_free_locale
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
memcpy
__CxxFrameHandler3
sqrt
__dllonexit
_onexit
_XcptFilter
strnlen
strncpy_s
qsort
_amsg_exit
_errno
_initterm
_unlock
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
setlocale
memcpy_s
_vsnwprintf
_callnewh
malloc
strcmp
free
sqrtf
floor
_purecall
memmove
wcscmp

mfplat

MFCreateEventQueue
MFSerializeAttributesToStream
MFDeserializeAttributesFromStream
MFCreateMediaEvent
MFGetSystemTime
MFCreateCollection
MFPutWorkItem2
MFCreateSample
MFCreateWICBitmapBuffer
MFCreateAsyncResult
MFPutWaitingWorkItem
MFCreateDXGISurfaceBuffer
MFGetPlaneSize
MFCreateMediaType
MFCreateAttributes
MFCreateDXGIDeviceManager
MFGetCallStackTracingWeakReference
MFAllocateSerialWorkQueue
MFMapDXGIFormatToDX9Format
MFLockDXGIDeviceManager
MFLockSharedWorkQueue
MFUnlockDXGIDeviceManager
MFCreateVideoMediaType
MFInitVideoFormat_RGB
MFScheduleWorkItem
MFCancelWorkItem
MFllMulDiv
MFPutWorkItem
MFCreateVideoSampleAllocatorEx
MFLockWorkQueue
MFUnlockWorkQueue

ntdll

RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtPowerInformation

rpcrt4

NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient10
ObjectStublessClient9
ObjectStublessClient8
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
NdrProxyForwardingFunction25
ObjectStublessClient16
ObjectStublessClient29
ObjectStublessClient24
ObjectStublessClient5
ObjectStublessClient13
ObjectStublessClient7
NdrProxyForwardingFunction6
ObjectStublessClient23
ObjectStublessClient15
ObjectStublessClient20
ObjectStublessClient28
ObjectStublessClient18
ObjectStublessClient27
ObjectStublessClient3
ObjectStublessClient22
ObjectStublessClient21
ObjectStublessClient11
ObjectStublessClient14
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient4
NdrProxyForwardingFunction26
ObjectStublessClient17
ObjectStublessClient19
ObjectStublessClient12

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer
EventSetInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags

api-ms-win-core-synch-l1-1-0

CreateWaitableTimerExW
LeaveCriticalSection
SetEvent
ResetEvent
EnterCriticalSection
SetWaitableTimer
DeleteCriticalSection
CancelWaitableTimer
InitializeCriticalSection
AcquireSRWLockExclusive
InitializeSRWLock
AcquireSRWLockShared
CreateMutexExW
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSemaphore
WaitForSingleObject
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSRWLockShared

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TlsGetValue
OpenProcessToken
GetCurrentProcess
TlsSetValue
TerminateProcess
GetProcessTimes
GetCurrentThreadId
GetExitCodeThread
CreateThread

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
GlobalMemoryStatusEx
GetTickCount64

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
PropVariantCopy

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
GetStringTypeW
WideCharToMultiByte

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegGetValueW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
OpenProcess

crypt32

CryptBinaryToStringA

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerReadDCValue
PowerGetActiveScheme
PowerSettingRegisterNotification

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-kernel32-legacy-l1-1-0

PulseEvent
GetSystemPowerStatus

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA

api-ms-win-core-file-l1-1-0

FlushFileBuffers
CreateFileW
GetFileSize
ReadFile
SetFilePointerEx
CreateFileA
SetFilePointer
WriteFile

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-console-l1-1-0

AllocConsole

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

api-ms-win-security-systemfunctions-l1-1-0

SystemFunction036

api-ms-win-appmodel-runtime-l1-1-2

AppPolicyGetWindowingModel

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

bcrypt

BCryptGetProperty
BCryptDestroyKey
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptImportKeyPair

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
MFCreateHDCPStatus
MFCreateMediaEngineVideoOTA
MFCreateOPMHelper
MFCreateTimedTextRenderer

Sections

.text
Size: 982KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/mgmtprovider.dll
.dll regsvr32 windows:10 windows x64 arch:x64

d0542e960278de69efd6155707b1e29b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mgmtprovider.pdb

Imports

msvcrt

swprintf_s
_vsnwprintf
??1exception@@UEAA@XZ
_purecall
memcpy_s
??0exception@@QEAA@AEBV0@@Z
_wfopen_s
fclose
_wmakepath_s
_wsplitpath_s
?what@exception@@UEBAPEBDXZ
_wcsicmp
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??_V@YAXPEAX@Z
wcsspn
_wcslwr_s
memmove
memset
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
??8type_info@@QEBAHAEBV0@@Z
__CxxFrameHandler3
__C_specific_handler
swscanf_s
swscanf
??3@YAXPEAX@Z
towupper
wcschr
wcsstr
_vscwprintf
vswprintf_s
_isnan
calloc
wcscspn
memmove_s
wcsrchr
fread
malloc
free
feof
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernelbase

ResolveDelayLoadedAPI
GetSystemDefaultUILanguage

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultLocaleName

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
LocalFree
GlobalLock
GlobalFree
GlobalAlloc
GlobalSize

mi

mi_clientFT_V1

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlWriter
CreateXmlReader
CreateXmlWriterOutputWithEncodingName

api-ms-win-core-path-l1-1-0

PathCchFindExtension

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetVersionExW
GetSystemTimeAsFileTime
GetComputerNameExW
GetTickCount
GlobalMemoryStatusEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-libraryloader-l1-2-0

LockResource
FreeLibrary
LoadLibraryExW
LoadResource
FindResourceExW
GetProcAddress
SizeofResource
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey

api-ms-win-core-file-l1-1-0

LocalFileTimeToFileTime
FindFirstFileExW
FindNextFileW
FileTimeToLocalFileTime
FindClose
GetFileAttributesW
ReadFile
SetFilePointerEx
WriteFile
CreateFileW
GetFileSizeEx
DeleteFileW
GetFileAttributesExW

api-ms-win-core-com-l1-1-0

CoImpersonateClient
CreateStreamOnHGlobal
CoRevertToSelf
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid
GetHGlobalFromStream
CoGetCallContext

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfig2W
QueryServiceConfigW

api-ms-win-core-localization-l1-2-0

GetSystemDefaultLCID
SetThreadUILanguage
GetLocaleInfoEx
FormatMessageW
GetThreadUILanguage

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

iphlpapi

ParseNetworkString

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapSize
HeapDestroy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

??0?$CEnumeratorAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@MgmtProvider@@QEAA@AEBV01@@Z
??0?$CEnumeratorAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@MgmtProvider@@QEAA@XZ
??0?$CWmiObject@U_MSFT_ServerBpaResult@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerBpaResult@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerClusterInformation@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerClusterInformation@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerFeature@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerFeature@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerOperatingSystem@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerOperatingSystem@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObject@U_MSFT_ServerPerformanceCounterSamples@@@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiObject@U_MSFT_ServerPerformanceCounterSamples@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@IEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@123@@Z
??0?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA@AEBV0123@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV012@@Z
??0?$CWmiOutObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@12@@Z
??0CBpaConfiguration@Bpa@MgmtProvider@@QEAA@$$QEAV012@@Z
??0CBpaConfiguration@Bpa@MgmtProvider@@QEAA@AEBV012@@Z
??0CBpaConfiguration@Bpa@MgmtProvider@@QEAA@AEBVCWin32Services@Win32@2@@Z
??0CBpaXPath@Bpa@MgmtProvider@@QEAA@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AEBVCBpaConfiguration@12@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CCluster@Cluster@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CCounterSampleEnumerator@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CCounterSampleEnumerator@PerformanceCounters@MgmtProvider@@QEAA@V?$shared_ptr@X@tr1@std@@KAEBV?$CAtlArray@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@2@@ATL@@_J2AEBVCWin32Services@Win32@2@@Z
??0CGetCounterSamplesAtTimeTask@PerformanceCounters@MgmtProvider@@QEAA@PEBGPEBQEBG_K_J3IAEBV?$CFilterAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@2@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetCounterSamplesInTimeRangeTask@PerformanceCounters@MgmtProvider@@QEAA@PEBGPEBQEBG_K_J3IAEBV?$CFilterAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@2@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetCounterSamplesTaskBase@PerformanceCounters@MgmtProvider@@QEAA@PEBGPEBQEBG_K_J3IAEBV?$CFilterAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@2@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@$$QEAV012@@Z
??0CGetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CGetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@PEBGAEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerBpaResultTask@Bpa@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerBpaResult@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerClusterNameTask@Cluster@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerClusterName@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerEventDetailExTask@EventMonitoring@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerEventDetailEx@@AEBV?$CAtlArray@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@2@@ATL@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@QEAA@AEBV?$CAtlArray@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@2@@ATL@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerEventDetail@@AEBV?$CAtlArray@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@2@@ATL@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerFeatureTask@Inventory@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerFeature@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerInventoryTask@Inventory@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerInventory@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CGetServerServiceDetailTask@ServiceMonitoring@MgmtProvider@@QEAA@PEBU_MSFT_ServerManagerTasks_GetServerServiceDetail@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerBpaResult@Bpa@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerBpaResult@Bpa@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerClusterName@Cluster@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerClusterName@Cluster@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerFeature@Inventory@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerFeature@Inventory@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerInventory@Inventory@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerInventory@Inventory@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftServerBpaResult@Bpa@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftServerBpaResult@Bpa@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftServerClusterInformation@Inventory@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftServerClusterInformation@Inventory@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftServerFeature@Inventory@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftServerFeature@Inventory@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftServerOperatingSystem@Inventory@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftServerOperatingSystem@Inventory@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAA@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@@Z
??0COperatingSystem@Win32@MgmtProvider@@QEAA@$$QEAV012@@Z
??0COperatingSystem@Win32@MgmtProvider@@QEAA@AEBV012@@Z
??0COperatingSystem@Win32@MgmtProvider@@QEAA@AEBVCWin32Services@12@@Z
??0CRegistry@MgmtProvider@@QEAA@AEBV01@@Z
??0CRegistry@MgmtProvider@@QEAA@AEBVCWin32Services@Win32@1@@Z
??0CRemoveServerPerformanceLogTask@PerformanceCounters@MgmtProvider@@QEAA@$$QEAV012@@Z
??0CRemoveServerPerformanceLogTask@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CRemoveServerPerformanceLogTask@PerformanceCounters@MgmtProvider@@QEAA@AEBVCComBSTR@ATL@@_KAEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CServerFeatureStore@Inventory@MgmtProvider@@QEAA@V?$shared_ptr@VCXmlDocument@MgmtProvider@@@tr1@std@@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CSetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@$$QEAV012@@Z
??0CSetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@AEBV012@@Z
??0CSetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@PEBGW4DataCollectorSetState@12@AEBV?$CWmiServicesT@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@2@AEBVCWin32Services@Win32@2@@Z
??0CWin32Services@Win32@MgmtProvider@@QEAA@XZ
??1?$CEnumeratorAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@MgmtProvider@@UEAA@XZ
??1?$CWmiObject@U_MSFT_ServerBpaResult@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerClusterInformation@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerFeature@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerOperatingSystem@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObject@U_MSFT_ServerPerformanceCounterSamples@@@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@MEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@UEAA@XZ
??1?$CWmiOutObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@UEAA@XZ
??1CBpaConfiguration@Bpa@MgmtProvider@@QEAA@XZ
??1CBpaXPath@Bpa@MgmtProvider@@QEAA@XZ
??1CCluster@Cluster@MgmtProvider@@QEAA@XZ
??1CCounterSampleEnumerator@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CGetCounterSamplesAtTimeTask@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CGetCounterSamplesInTimeRangeTask@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CGetCounterSamplesTaskBase@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CGetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CGetServerEventDetailExTask@EventMonitoring@MgmtProvider@@QEAA@XZ
??1CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@QEAA@XZ
??1CGetServerServiceDetailTask@ServiceMonitoring@MgmtProvider@@UEAA@XZ
??1CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CMsftGetServerBpaResult@Bpa@MgmtProvider@@UEAA@XZ
??1CMsftGetServerClusterName@Cluster@MgmtProvider@@UEAA@XZ
??1CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@UEAA@XZ
??1CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@UEAA@XZ
??1CMsftGetServerFeature@Inventory@MgmtProvider@@UEAA@XZ
??1CMsftGetServerInventory@Inventory@MgmtProvider@@UEAA@XZ
??1CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@UEAA@XZ
??1CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CMsftServerBpaResult@Bpa@MgmtProvider@@UEAA@XZ
??1CMsftServerClusterInformation@Inventory@MgmtProvider@@UEAA@XZ
??1CMsftServerFeature@Inventory@MgmtProvider@@UEAA@XZ
??1CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAA@XZ
??1CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@UEAA@XZ
??1COperatingSystem@Win32@MgmtProvider@@QEAA@XZ
??1CRegistry@MgmtProvider@@QEAA@XZ
??1CRemoveServerPerformanceLogTask@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CServerFeatureStore@Inventory@MgmtProvider@@QEAA@XZ
??1CSetPerformanceCollectorStateTask@PerformanceCounters@MgmtProvider@@QEAA@XZ
??1CWin32Services@Win32@MgmtProvider@@UEAA@XZ
??4?$CEnumeratorAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@MgmtProvider@@QEAAAEAV01@AEBV01@@Z
??4?$CWmiObject@U_MSFT_ServerBpaResult@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerClusterInformation@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerFeature@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerOperatingSystem@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObject@U_MSFT_ServerPerformanceCounterSamples@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAAAEAV0123@AEBV0123@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4?$CWmiOutObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CBpaConfiguration@Bpa@MgmtProvider@@QEAAAEAV012@$$QEAV012@@Z
??4CBpaConfiguration@Bpa@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerBpaResult@Bpa@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerClusterName@Cluster@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerFeature@Inventory@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerInventory@Inventory@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftServerBpaResult@Bpa@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftServerClusterInformation@Inventory@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftServerFeature@Inventory@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftServerOperatingSystem@Inventory@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@QEAAAEAV012@AEBV012@@Z
??4CUtilities@MgmtProvider@@QEAAAEAV01@$$QEAV01@@Z
??4CUtilities@MgmtProvider@@QEAAAEAV01@AEBV01@@Z
??B?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerBpaResult@@XZ
??B?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerClusterInformation@@XZ
??B?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerFeature@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerBpaResult@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerClusterName@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerEventDetail@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerEventDetailEx@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerInventory@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerServiceDetail@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@XZ
??B?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerOperatingSystem@@XZ
??B?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEAA?BT_MI_Value@@XZ
??B?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MI_Instance@@XZ
??B?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@QEBAPEBU_MSFT_ServerPerformanceCounterSamples@@XZ
??BCMsftGetServerFeature@Inventory@MgmtProvider@@QEBA?BT_MI_Value@@XZ
??BCMsftGetServerFeature@Inventory@MgmtProvider@@QEBAPEBU_MSFT_ServerManagerTasks_GetServerFeature@@XZ
??_7?$CEnumeratorAbstractBase@V?$shared_ptr@UCounterSampleList@PerformanceCounters@MgmtProvider@@@tr1@std@@@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerBpaResult@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerClusterInformation@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerFeature@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerOperatingSystem@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObject@U_MSFT_ServerPerformanceCounterSamples@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerClusterInformation@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerFeature@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerBpaResult@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerClusterName@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerInventory@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerOperatingSystem@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiObjectT@U_MSFT_ServerPerformanceCounterSamples@@VCEmptyClass@MgmtProvider@@@UnitTestInfrastructure@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesAtTime@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetCounterSamplesInTimeRange@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetPerformanceCollectorState@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerBpaResult@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerClusterName@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetail@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerEventDetailEx@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerInventory@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_GetServerServiceDetail@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_RemoveServerPerformanceLog@@@Wmi@MgmtProvider@@6B@
??_7?$CWmiOutObject@U_MSFT_ServerManagerTasks_SetPerformanceCollectorState@@@Wmi@MgmtProvider@@6B@
??_7CCounterSampleEnumerator@PerformanceCounters@MgmtProvider@@6B@
??_7CGetCounterSamplesAtTimeTask@PerformanceCounters@MgmtProvider@@6B@
??_7CGetCounterSamplesInTimeRangeTask@PerformanceCounters@MgmtProvider@@6B@
??_7CGetCounterSamplesTaskBase@PerformanceCounters@MgmtProvider@@6B@
??_7CGetServerEventDetailExTask@EventMonitoring@MgmtProvider@@6B@
??_7CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@6B@
??_7CGetServerServiceDetailTask@ServiceMonitoring@MgmtProvider@@6B@
??_7CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@6B@
??_7CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@6B@
??_7CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@6B@
??_7CMsftGetServerBpaResult@Bpa@MgmtProvider@@6B@
??_7CMsftGetServerClusterName@Cluster@MgmtProvider@@6B@
??_7CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@6B@
??_7CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@6B@
??_7CMsftGetServerFeature@Inventory@MgmtProvider@@6B@
??_7CMsftGetServerInventory@Inventory@MgmtProvider@@6B@
??_7CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@6B@
??_7CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@6B@
??_7CMsftServerBpaResult@Bpa@MgmtProvider@@6B@
??_7CMsftServerClusterInformation@Inventory@MgmtProvider@@6B@
??_7CMsftServerFeature@Inventory@MgmtProvider@@6B@
??_7CMsftServerOperatingSystem@Inventory@MgmtProvider@@6B@
??_7CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@6B@
??_7CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@6B@
??_7CWin32Services@Win32@MgmtProvider@@6B@
?AddIpAddress@CCluster@Cluster@MgmtProvider@@IEAAXQEAU_HCLUSTER@@QEAU_HRESOURCE@@@Z
?AddLevelFilter@CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@IEBAXPEAV?$CEventQueryT@VCEmptyClass@MgmtProvider@@@UnitTestsInfrastructure@23@E@Z
?AddMachineToCounterPath@CUtilities@MgmtProvider@@SA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEBGAEBVCWin32Services@Win32@2@@Z
?AddNetworkName@CCluster@Cluster@MgmtProvider@@IEAAXQEAU_HCLUSTER@@QEAU_HRESOURCE@@W4ClusterNetworkNameType@23@@Z
?AddTimerangeFilter@CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@IEBAXPEAV?$CEventQueryT@VCEmptyClass@MgmtProvider@@@UnitTestsInfrastructure@23@PEB_K1@Z
?Attach@CRegistry@MgmtProvider@@QEAAXPEAUHKEY__@@@Z
?BrandingFormatString@CWin32Services@Win32@MgmtProvider@@UEBAPEAGPEBG@Z
?BrandingLoadString@CWin32Services@Win32@MgmtProvider@@UEBAHPEBGIPEAGH@Z
?CheckCoreSystem@CUtilities@MgmtProvider@@SA_NXZ
?CheckCoreSystem@CWin32Services@Win32@MgmtProvider@@QEAA_NXZ
?ClearArchitecture@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearBpaModels@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearBpaXPath@CMsftServerBpaResult@Bpa@MgmtProvider@@UEAAXXZ
?ClearBuildNumber@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearClusterInformation@CMsftGetServerInventory@Inventory@MgmtProvider@@UEAAXXZ
?ClearConfigurationStatus@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearCounterPaths@CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearDisplayName@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearEventDetail@CGetServerEventDetailTask@EventMonitoring@MgmtProvider@@IEBAXAEAVCMsftServerEventDetail@23@@Z
?ClearEventQuery@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearGroupType@CMsftServerClusterInformation@Inventory@MgmtProvider@@UEAAXXZ
?ClearId@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearLanguage@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearLatestEventTimestamp@CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetCounterSamplesAtTime@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetCounterSamplesInTimeRange@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerBpaResult@Bpa@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerClusterName@Cluster@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerEventDetail@EventMonitoring@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerEventDetailEx@EventMonitoring@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerInventory@Inventory@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftGetServerServiceDetail@ServiceMonitoring@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftRemoveServerPerformanceLog@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearMIReturn@CMsftSetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearMajorVersion@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearMinorVersion@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearName@CMsftServerClusterInformation@Inventory@MgmtProvider@@UEAAXXZ
?ClearName@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearObjectType@CMsftServerClusterInformation@Inventory@MgmtProvider@@UEAAXXZ
?ClearOperatingSystem@CMsftGetServerInventory@Inventory@MgmtProvider@@UEAAXXZ
?ClearParentName@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearRequiresReboot@CMsftGetServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearSKU@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearSKUId@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearSPMajorVersion@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearSPMinorVersion@CMsftServerOperatingSystem@Inventory@MgmtProvider@@UEAAXXZ
?ClearServerInventory@CMsftGetServerInventory@Inventory@MgmtProvider@@UEAAXXZ
?ClearServices@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearState@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearTimestamps@CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearType@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearUniqueName@CMsftServerFeature@Inventory@MgmtProvider@@UEAAXXZ
?ClearValues@CMsftServerBpaResult@Bpa@MgmtProvider@@UEAAXXZ
?ClearValues@CMsftServerPerformanceCounterSamples@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearcmdletOutput@CMsftGetPerformanceCollectorState@PerformanceCounters@MgmtProvider@@UEAAXXZ
?ClearcmdletOutput@CMsftGetServerClusterName@Cluster@MgmtProvider@@UEAAXXZ
?Close@CRegistry@MgmtProvider@@QEAAXXZ
?CloseCluster@CWin32Services@Win32@MgmtProvider@@UEBAHPEAU_HCLUSTER@@@Z
?CloseClusterGroup@CWin32Services@Win32@MgmtProvider@@UEBAHPEAU_HGROUP@@@Z
?CloseClusterResource@CWin32Services@Win32@MgmtProvider@@UEBAHPEAU_HRESOURCE@@@Z
?CloseServiceHandle@CWin32Services@Win32@MgmtProvider@@UEBAHPEAUSC_HANDLE__@@@Z
?ClusterCloseEnum@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HCLUSENUM@@@Z
?ClusterEnum@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HCLUSENUM@@KPEAKPEAG1@Z
?ClusterGroupControl@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HGROUP@@PEAU_HNODE@@KPEAXK2KPEAK@Z
?ClusterOpenEnum@CWin32Services@Win32@MgmtProvider@@UEBAPEAU_HCLUSENUM@@PEAU_HCLUSTER@@K@Z
?ClusterResourceControl@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HRESOURCE@@PEAU_HNODE@@KPEAXK2KPEAK@Z
?ClusterResourceTypeCloseEnum@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HRESTYPEENUM@@@Z
?ClusterResourceTypeEnum@CWin32Services@Win32@MgmtProvider@@UEBAKPEAU_HRESTYPEENUM@@KPEAKPEAG1@Z
?ClusterResourceTypeOpenEnum@CWin32Services@Win32@MgmtProvider@@UEBAPEAU_HRESTYPEENUM@@PEAU_HCLUSTER@@PEBGK@Z
?CoCreateGuid@CWin32Services@Win32@MgmtProvider@@UEBAJPEAU_GUID@@@Z
?CoGetCallContext@CWin32Services@Win32@MgmtProvider@@UEBAJAEBU_GUID@@PEAPEAX@Z
?CoImpersonateClient@CWin32Services@Win32@MgmtProvider@@UEBAJXZ
?CoRevertToSelf@CWin32Services@Win32@MgmtProvider@@UEBAJXZ
?CompareTimestampInFilename@CUtilities@MgmtProvider@@SAHAEBV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
?CountersResolved@CGetCounterSamplesTaskBase@PerformanceCounters@MgmtProvider@@MEAAXAEBV?$CAtlArray@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V?$CElementTraits@V?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@@2@@ATL@@@Z
?CreateSafeString@CUtilities@MgmtProvider@@SA?AV?$shared_ptr@G@tr1@std@@PEBG@Z
?CreateStreamOnHGlobal@CWin32Services@Win32@MgmtProvider@@UEBAJPEAXHPEAPEAUIStream@@@Z
?CreateUxdGERSInputParameter@CServerFeatureStore@Inventory@MgmtProvider@@IEAA?AV?$shared_ptr@U_MI_Instance@@@tr1@std@@PEBU_MI_Instance@@PEAU_MI_Application@@@Z
?CreateUxdGSCAInputParameter@CServerFeatureStore@Inventory@MgmtProvider@@IEAA?AV?$shared_ptr@U_MI_Instance@@@tr1@std@@PEBU_MI_Instance@@PEAU_MI_Application@@@Z
?CreateUxdRequestGuid@CServerFeatureStore@Inventory@MgmtProvider@@IEAA?AV?$shared_ptr@U_MI_Instance@@@tr1@std@@PEBTUxdRequestGuid@23@PEAU_MI_Application@@@Z

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/micaut.dll
.dll regsvr32 windows:10 windows x64 arch:x64

dd75e179332ec10f6951842583d6de24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

micaut.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
_purecall
malloc
free
wcsncpy_s
_resetstkoflw
swprintf_s
calloc
_callnewh
memmove_s
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
_errno
realloc
sqrtf
memset
memmove
memcpy
memcmp
floorf
ceilf
ceil
_CxxThrowException
__CxxFrameHandler3
_wtoi
_wcsicmp
_wtol
iswdigit
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
_ltow_s
_ltow
__C_specific_handler
wcscmp

ntdll

EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
EtwEventSetInformation
EtwEventRegister
RtlVirtualUnwind
EtwEventUnregister

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW

gdi32

SetBkMode
GetGlyphIndicesW
ScriptTextOut
GetCurrentObject
GetBkColor
ScriptGetLogicalWidths
ScriptItemize
ScriptPlace
ScriptShape
GetGlyphOutlineW
GetOutlineTextMetricsW
GetFontData
ScriptFreeCache
ScriptGetCMap
TranslateCharsetInfo
GetPixel
GetTextCharsetInfo
GetTextMetricsA
GetObjectA
CreateFontIndirectA
CreateICW
EnumFontFamiliesExW
RealizePalette
SelectPalette
CreatePalette
Escape
GetObjectType
SetBkColor
SetTextAlign
ExtTextOutW
ExtTextOutA
GetOutlineTextMetricsA
GetCharWidthW
GetCharWidth32A
GetCharWidthA
GetCharABCWidthsW
GetTextFaceW
StretchDIBits
SetWindowExtEx
ScriptGetProperties
CreateCompatibleBitmap
Polyline
CreateFontW
DeleteDC
SetLayout
BitBlt
RestoreDC
GetDeviceCaps
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
CreateRectRgnIndirect
CreateRectRgn
DeleteObject
SetROP2
SetDCBrushColor
GetStockObject
GetTextColor
GetTextExtentPointW
GetTextMetricsW
CreateFontIndirectW
StretchBlt
GetDIBColorTable
ExtCreateRegion
OffsetRgn
SetStretchBltMode
GetObjectW
SetDIBColorTable
SetTextColor
ExtSelectClipRgn
CreateRoundRectRgn
CombineRgn
GetRegionData
PatBlt
LineTo
MoveToEx
CreatePen
SelectClipRgn
CreateDIBSection
SelectObject
CreateCompatibleDC
PtInRegion
CreateSolidBrush
CreateBitmap
GetBitmapBits
Ellipse

kernel32

LoadLibraryExW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
LockResource
MulDiv
GetStringTypeExW
WideCharToMultiByte
VirtualFree
GetCurrentProcess
VirtualAlloc
LoadLibraryExA
EncodePointer
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
InitOnceBeginInitialize
InitializeCriticalSection
LeaveCriticalSection
InitOnceComplete
GetModuleFileNameW
OpenSemaphoreW
WaitForSingleObject
HeapSize
HeapReAlloc
GetACP
GetSystemDefaultLCID
GetVersionExA
GetProfileIntA
GetUserDefaultLCID
GetSystemDefaultLangID
DisableThreadLibraryCalls
HeapDestroy
ResetEvent
WaitForMultipleObjects
TryEnterCriticalSection
SetEvent
ResumeThread
SetThreadPriority
CreateThread
CreateEventW
LoadLibraryW
GetLocaleInfoW
GetUserDefaultUILanguage
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FindResourceW
LocalFree
LocalAlloc
GetProcessMitigationPolicy
DeleteCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
FreeLibrary
ReleaseMutex
ReleaseSemaphore
CloseHandle
GetModuleHandleW
FormatMessageW
GetCurrentThreadId
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
HeapFree
GetProcessHeap
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetLastError
GetProcAddress
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapAlloc
RaiseException

user32

SetWindowsHookExW
CopyRect
IsRectEmpty
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
CallWindowProcW
GetKeyboardLayout
GetKeyboardLayoutList
UnregisterClassW
EqualRect
SendMessageA
IsWindowUnicode
GetWindowDC
LoadCursorA
GetDesktopWindow
CreateCursor
MonitorFromRect
LoadBitmapA
SetMenuItemInfoW
AppendMenuW
CreatePopupMenu
DestroyIcon
DrawIconEx
SetCursor
GetMessageTime
LoadBitmapW
GetDoubleClickTime
SetCaretBlinkTime
InvertRect
DestroyCaret
MenuItemFromPoint
CallNextHookEx
SetWindowLongW
WindowFromDC
GetSystemMetrics
SetFocus
DeleteMenu
GetCursorPos
DestroyCursor
RegisterClassW
GetClassInfoW
DrawTextW
SystemParametersInfoW
GetParent
DrawFrameControl
InflateRect
RegisterWindowMessageW
NotifyWinEvent
GetMessagePos
UnregisterClassA
GetWindow
SetTimer
SetForegroundWindow
GetForegroundWindow
ShowWindow
SendMessageW
LoadIconW
KillTimer
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
InvalidateRect
GetKeyState
PtInRect
UnionRect
IsChild
GetFocus
GetClipboardFormatNameW
RegisterClipboardFormatW
SetWindowRgn
GetClientRect
ReleaseCapture
SetCapture
LoadImageW
IsWindow
SetWindowTextW
PostMessageW
SetPropW
ClientToScreen
SetWindowPos
DestroyWindow
SetRectEmpty
TrackPopupMenuEx
EndMenu
BeginPaint
GetDC
EndPaint
ReleaseDC
CharNextW
ScreenToClient
FillRect
TrackMouseEvent
GetSysColor
GetPropW
EnumDisplayMonitors
GetMonitorInfoW
OffsetRect
BeginDeferWindowPos
DeferWindowPos
GetWindowRect
EndDeferWindowPos
AdjustWindowRectEx
GetWindowLongW
GetUpdateRect
ValidateRect
GetSysColorBrush
FrameRect
IntersectRect
RemovePropW
UnhookWindowsHookEx

ole32

OleRegGetMiscStatus
RevokeDragDrop
OleRegGetUserType
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder
OleRegEnumVerbs
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoGetClassObject
RegisterDragDrop
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocStringLen
SysAllocString
VarUI4FromStr
LoadRegTypeLi
VarBstrCat
OleCreatePictureIndirect
SafeArrayCreateVector
SafeArrayDestroy
LoadTypeLi
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
OleCreatePropertyFrame
VariantClear
SysStringLen
DispCallFunc
SysStringByteLen
SysFreeString
VariantInit

oleacc

LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangleI
GdipCreatePen1
GdipDeletePen
GdipDrawLineI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipCreateFromHDC
GdipGetImagePaletteSize
GdipCreateSolidFill
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipDrawRectangleI
GdipSetPenDashArray
GdipSetPenDashStyle
GdipCreatePen2
GdipCreateLineBrushI
GdipSetClipRectI
GdipCreateFromHWND
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipDrawEllipseI
GdipFillEllipseI
GdipReleaseDC
GdipGetImageWidth
GdipGetDC

comctl32

ord8

uxtheme

IsThemeActive
OpenThemeData
DrawThemeTextEx
CloseThemeData
DrawThemeBackground
GetThemeBackgroundRegion
DrawThemeIcon
DrawThemeText
GetThemeColor
GetThemePartSize
GetThemeMargins
DrawThemeEdge

msimg32

TransparentBlt
GradientFill
AlphaBlend

dwmapi

DwmEnableBlurBehindWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 910KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Bin/microsoft.bing.client.graph.dll
.dll windows:10 windows x64 arch:x64

c3879e91d6516da2f0fb70dfe656b24d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Microsoft.Bing.Client.Graph.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

_iswxdigit_l
_iswdigit_l
wcsspn
wcsncmp
_iswalpha_l
_iswspace_l
wcscspn
wcscmp
memset
_iswalnum_l

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__create_locale
_o__crt_atexit
_o__execute_onexit_table
_o__free_locale
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo_noreturn
_o__isctype_l
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o__tolower_l
_o__wcsicmp_l
_o__wcsnicmp_l
_o__wcstod_l
_o__wcstoi64_l
_o__wcstol_l
_o_free
_o_isdigit
_o_iswalnum
_o_malloc
_o_terminate
_o_wcscat_s
_o_wcscpy_s
_o_wcsncat_s
_o_wcsncpy_s
__C_specific_handler
_CxxThrowException
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
wcschr
wcsstr
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventExW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetObjectContext
CoCreateGuid
CoCreateInstance
CoGetApartmentType
CoCreateFreeThreadedMarshaler
CoTaskMemFree
StringFromGUID2

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsCreateString

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-timezone-l1-1-0

TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-localization-l1-2-0

LocaleNameToLCID

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RDFINIT
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MODINIT
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x86 arch:x86

1186293b831ff45d8016d71d51f87333

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:c5:30:70:3a:21:0e:c1:d6:f8:3c:b4:fe:11:18:c5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/09/2022, 00:00

Not After

19/10/2023, 23:59

Subject

SERIALNUMBER=5567037485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:98:69:16:c1:0c:09:7e:c2:b9:bb:f9:73:7b:14:79:11:fd:05:21:a5:64:e3:7c:47:b1:1c:e9:ea:c9:5b:31
Signer

Actual PE Digest

30:98:69:16:c1:0c:09:7e:c2:b9:bb:f9:73:7b:14:79:11:fd:05:21:a5:64:e3:7c:47:b1:1c:e9:ea:c9:5b:31

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetCursorPos

kernel32

GetProcAddress
CreateFileW
CloseHandle
GetConsoleWindow
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapSize
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
WriteConsoleW
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 357KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

e02521237686dec6cddc813023ca54e5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-console-l3-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-power-base-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

xmllite

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-appmodel-runtime-l1-1-2

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-dx-d3dkmt-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-console-l2-2-0

bcrypt

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

rtworkq

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 631KB - Virtual size: 631KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 126KB - Virtual size: 125KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 24KB - Virtual size: 24KB

Password: 2024

2f4b7710dad8e8fc13c0a1e3f351e5bd

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

88:58:ba:06:98:f4:ca:82:29:cb:3e:9f:73:af:12:c0:a9:21:a8:2e:e8:e7:c8:3b:f8:00:73:43:fc:17:ae:18Signer

Headers

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 631KB - Virtual size: 631KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 126KB - Virtual size: 125KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 24KB - Virtual size: 24KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

88:58:ba:06:98:f4:ca:82:29:cb:3e:9f:73:af:12:c0:a9:21:a8:2e:e8:e7:c8:3b:f8:00:73:43:fc:17:ae:18
Signer

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 8KB

.didat
Size: 1024B - Virtual size: 544B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 2KB - Virtual size: 2KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e4:81:73:1d:2a:9b:b9:81:8e:81:b8:a2:37:e1:ed:33:a6:39:6e:ba:df:9a:fc:1e:fb:c5:7c:1b:38:43:33:09
Signer

.text
Size: 185KB - Virtual size: 185KB

.nep
Size: 1024B - Virtual size: 1024B

.rdata
Size: 508KB - Virtual size: 508KB

.data
Size: 5KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB