tapisysprep.pdb
Overview
overview
10Static
static
3TapiSyspre...ep.dll
windows10-2004-x64
1TapiSyspre...fm.dll
windows10-2004-x64
1TapiSyspre...sh.dll
windows10-2004-x64
1TapiSyspre...is.dll
windows10-2004-x64
1acledit/Bl...is.dll
windows10-2004-x64
1acledit/De...er.dll
windows10-2004-x64
1acledit/acledit.dll
windows10-2004-x64
1acledit/printui.dll
windows10-2004-x64
1dsreg/dcntel.dll
windows10-2004-x64
1dsreg/dsound.dll
windows10-2004-x64
1dsreg/dsreg.dll
windows10-2004-x64
1dsreg/sensrsvc.dll
windows10-2004-x64
1pcwum/AppxSip.dll
windows10-2004-x64
8pcwum/asferror.dll
windows10-2004-x64
1pcwum/pcwum.dll
windows10-2004-x64
1pcwum/pdhui.dll
windows10-2004-x64
1setup.msi
windows7-x64
6setup.msi
windows10-2004-x64
10wcimage/SEMgrPS.dll
windows10-2004-x64
1wcimage/Se...pi.dll
windows10-2004-x64
1wcimage/ne...vc.dll
windows10-2004-x64
1wcimage/wcimage.dll
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
TapiSysprep/TapiSysprep.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
TapiSysprep/netprofm.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
TapiSysprep/rpcnsh.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
TapiSysprep/socialapis.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
acledit/BluetoothApis.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
acledit/DevDispItemProvider.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
acledit/acledit.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
acledit/printui.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
dsreg/dcntel.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
dsreg/dsound.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
dsreg/dsreg.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
dsreg/sensrsvc.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
pcwum/AppxSip.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral14
Sample
pcwum/asferror.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
pcwum/pcwum.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
pcwum/pdhui.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
setup.msi
Resource
win7-20240611-en
windows7-x64
9 signatures
150 seconds
Behavioral task
behavioral18
Sample
setup.msi
Resource
win10v2004-20240611-en
windows10-2004-x64
21 signatures
150 seconds
Behavioral task
behavioral19
Sample
wcimage/SEMgrPS.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
wcimage/SensorsApi.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
wcimage/netprofmsvc.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral22
Sample
wcimage/wcimage.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
x64__installer___x32__.zip
-
Size
25.2MB
-
MD5
6e7ed53c7bb1b9b415c85b3baf00ee61
-
SHA1
39d20e184ee82e99a28c4cf6455413d88b7d00ef
-
SHA256
46bae56db07a467a4c71b90bc20f165d481f1c4e1645ef09fb417f81a3a5ddb1
-
SHA512
da849b5b8cb7ab49b4a2fc1ab2ac3fb4741d7d95faa5e429279cf4b273a1e0dab4ead1a85c577a75a83895dc67e1cfb5659d5a1cf8ce6fecd56a9e6e92b196ee
-
SSDEEP
786432:rRmNnbAyfkymq1eaFu0JvhVlYbHnA/XBugL+rtghjl:rRmNEymIeAuiJYc/XBu6ytSjl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 16 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/TapiSysprep/TapiSysprep.dll unpack002/TapiSysprep/netprofm.dll unpack002/TapiSysprep/rpcnsh.dll unpack002/TapiSysprep/socialapis.dll unpack002/acledit/BluetoothApis.dll unpack002/acledit/acledit.dll unpack002/acledit/printui.dll unpack002/dsreg/dsound.dll unpack002/dsreg/sensrsvc.dll unpack002/pcwum/AppxSip.dll unpack002/pcwum/asferror.dll unpack002/pcwum/pdhui.dll unpack002/wcimage/SEMgrPS.dll unpack002/wcimage/SensorsApi.dll unpack002/wcimage/netprofmsvc.dll unpack002/wcimage/wcimage.dll
Files
-
x64__installer___x32__.zip.zip
Password: 2024
-
__x64___setup___x32__.zip.zip
Password: 2024
-
TapiSysprep/TapiSysprep.dll.dll windows:10 windows x64 arch:x64
Password: 2024
397bc475fccba616c4c1b87402a4b3b1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
_amsg_exit
__C_specific_handler
_initterm
malloc
free
_XcptFilter
advapi32
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
shlwapi
SHDeleteKeyW
wdscore
WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW
kernel32
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetTickCount
Sleep
GetLastError
GetCurrentProcessId
Exports
Exports
TapiSysPrepClean
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TapiSysprep/netprofm.dll.dll regsvr32 windows:10 windows x64 arch:x64
Password: 2024
affb8b2ee176e881ad572d4ee006ac27
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
netprofm.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
SetEvent
ReleaseMutex
CreateEventW
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled
EventActivityIdControl
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 158KB - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TapiSysprep/rpcnsh.dll.dll windows:10 windows x64 arch:x64
Password: 2024
00ce5d3d7014818cc40866bdfd22be77
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
rpcnsh.pdb
Imports
msvcrt
_wtoi
atol
memcpy
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
printf
swscanf
_wcsicmp
_vsnprintf
__C_specific_handler
memset
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmIsOptedIn
netsh.exe
RegisterContext
RegisterHelper
MatchToken
PrintMessage
PrintError
PreprocessCommand
PrintMessageFromModule
ws2_32
WSAStartup
WSAStringToAddressW
WSAGetLastError
inet_ntoa
inet_pton
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegSetValueExA
RegCloseKey
RegGetValueA
RegCreateKeyExA
RegDeleteKeyExA
RegOpenKeyExA
iphlpapi
GetIfEntry
GetIpAddrTable
kernel32
GetCurrentProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetLastError
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
LocalFree
UnhandledExceptionFilter
rpcrt4
UuidCreateSequential
UuidCreateNil
UuidIsNil
UuidEqual
fwpuclnt
FwpmFilterDeleteByKey0
FwpmEngineOpen0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmEngineClose0
FwpmFreeMemory0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0
Exports
Exports
InitHelperDll
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TapiSysprep/socialapis.dll.dll windows:10 windows x64 arch:x64
Password: 2024
d9b95dc964953cd6b1c3f52ff54556e6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SocialApis.pdb
Imports
msvcrt
_unlock
_onexit
_errno
_initterm
__C_specific_handler
_lock
__dllonexit
_amsg_exit
_XcptFilter
_callnewh
realloc
_purecall
memmove_s
wcsncpy_s
malloc
free
memcpy_s
__CxxFrameHandler3
memset
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-synch-l1-1-0
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-errorhandling-l1-1-0
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-threadpool-l1-2-0
SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
api-ms-win-security-base-l1-1-0
GetTokenInformation
RevertToSelf
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentThread
SetThreadToken
GetCurrentProcessId
TerminateProcess
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
acledit/BluetoothApis.dll.dll windows:10 windows x64 arch:x64
Password: 2024
80b20b2e5999a4d3296c31be629bac1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
BluetoothApis.pdb
Imports
msvcrt
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
_CxxThrowException
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
__dllonexit
_amsg_exit
?what@exception@@UEBAPEBDXZ
wcstombs
_onexit
memcmp
_vsnprintf_s
wcsncmp
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
_wcsicmp
_XcptFilter
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
swscanf
free
malloc
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_unlock
_initterm
_lock
memset
ntdll
RtlCompareMemory
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
RtlUnicodeToUTF8N
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-service-management-l1-1-0
OpenSCManagerW
CloseServiceHandle
OpenServiceW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetThreadLocale
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetModuleHandleW
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameA
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException
api-ms-win-core-synch-l1-1-0
ResetEvent
CreateEventW
SetEvent
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
CreateMutexExW
ReleaseSemaphore
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateSemaphoreExW
CreateEventExW
ReleaseSRWLockShared
rpcrt4
RpcBindingSetAuthInfoExW
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingFree
RpcBindingUnbind
RpcStringFreeW
RpcBindingBind
RpcBindingCreateW
RpcStringBindingComposeW
api-ms-win-security-base-l1-1-0
CreateWellKnownSid
api-ms-win-core-file-l1-1-0
CreateFileW
api-ms-win-core-io-l1-1-0
DeviceIoControl
GetOverlappedResult
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
CompareStringOrdinal
api-ms-win-core-com-l1-1-0
CLSIDFromString
StringFromGUID2
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeEx
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
oleaut32
SysAllocString
SysFreeString
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
api-ms-win-core-shlwapi-legacy-l1-1-0
PathIsRelativeW
PathFileExistsW
devobj
DevObjGetClassDevs
DevObjOpenDevRegKey
DevObjCreateDeviceInfoList
DevObjEnumDeviceInfo
DevObjDestroyDeviceInfoList
DevObjUninstallDevice
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjGetDeviceInstanceId
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
api-ms-win-devices-query-l1-1-1
DevCreateObjectQueryEx
api-ms-win-devices-query-l1-1-0
DevCloseObjectQuery
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolWorkCallbacks
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
api-ms-win-devices-config-l1-1-1
CM_Register_Notification
CM_Unregister_Notification
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
BluetoothAddressToString
BluetoothDisconnectDevice
BluetoothEnableDiscovery
BluetoothEnableIncomingConnections
BluetoothEnumerateInstalledServices
BluetoothEnumerateInstalledServicesEx
BluetoothEnumerateLocalServices
BluetoothFindBrowseGroupClose
BluetoothFindClassIdClose
BluetoothFindDeviceClose
BluetoothFindFirstBrowseGroup
BluetoothFindFirstClassId
BluetoothFindFirstDevice
BluetoothFindFirstProfileDescriptor
BluetoothFindFirstProtocolDescriptorStack
BluetoothFindFirstProtocolEntry
BluetoothFindFirstRadio
BluetoothFindFirstService
BluetoothFindFirstServiceEx
BluetoothFindNextBrowseGroup
BluetoothFindNextClassId
BluetoothFindNextDevice
BluetoothFindNextProfileDescriptor
BluetoothFindNextProtocolDescriptorStack
BluetoothFindNextProtocolEntry
BluetoothFindNextRadio
BluetoothFindNextService
BluetoothFindProfileDescriptorClose
BluetoothFindProtocolDescriptorStackClose
BluetoothFindProtocolEntryClose
BluetoothFindRadioClose
BluetoothFindServiceClose
BluetoothGATTAbortReliableWrite
BluetoothGATTBeginReliableWrite
BluetoothGATTEndReliableWrite
BluetoothGATTGetCharacteristicValue
BluetoothGATTGetCharacteristics
BluetoothGATTGetDescriptorValue
BluetoothGATTGetDescriptors
BluetoothGATTGetIncludedServices
BluetoothGATTGetServices
BluetoothGATTRegisterEvent
BluetoothGATTSetCharacteristicValue
BluetoothGATTSetDescriptorValue
BluetoothGATTUnregisterEvent
BluetoothGetDeviceInfo
BluetoothGetLocalServiceInfo
BluetoothGetRadioInfo
BluetoothGetServicePnpInstance
BluetoothIsConnectable
BluetoothIsDiscoverable
BluetoothIsVersionAvailable
BluetoothRegisterForAuthentication
BluetoothRegisterForAuthenticationEx
BluetoothRemoveDevice
BluetoothSdpEnumAttributes
BluetoothSdpGetAttributeValue
BluetoothSdpGetContainerElementData
BluetoothSdpGetElementData
BluetoothSdpGetString
BluetoothSendAuthenticationResponse
BluetoothSendAuthenticationResponseEx
BluetoothSetLocalServiceInfo
BluetoothSetServiceState
BluetoothSetServiceStateEx
BluetoothUnregisterAuthentication
BluetoothUpdateDeviceRecord
BthpCheckForUnsupportedGuid
BthpCleanupBRDeviceNode
BthpCleanupDeviceLocalServices
BthpCleanupDeviceRemoteServices
BthpCleanupLEDeviceNodes
BthpEnableA2DPIfPresent
BthpEnableAllServices
BthpEnableConnectableAndDiscoverable
BthpEnableRadioSoftware
BthpFindPnpInfo
BthpGATTCloseSession
BthpInnerRecord
BthpIsBluetoothServiceRunning
BthpIsConnectableByDefault
BthpIsDiscoverable
BthpIsDiscoverableByDefault
BthpIsRadioSoftwareEnabled
BthpIsTopOfServiceGroup
BthpMapStatusToErr
BthpNextRecord
BthpRegisterForAuthentication
BthpSetServiceState
BthpSetServiceStateEx
BthpTranspose16Bits
BthpTranspose32Bits
BthpTransposeAndExtendBytes
DllCanUnloadNow
FindNextOpenVCOMPort
InstallIncomingComPort
ShouldForceAuthentication
Sections
.text Size: 117KB - Virtual size: 116KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
acledit/DevDispItemProvider.dll.dll windows:10 windows x64 arch:x64
Password: 2024
8089ba1b3f1c44442ae3f651df4db9c4
Code Sign
33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15-12-2020 21:29Not After02-12-2021 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
de:73:92:59:7d:28:87:be:5f:9b:a8:91:66:ec:19:20:dc:1e:14:d2:2a:7a:8f:8b:3e:13:07:69:2e:40:35:f5Signer
Actual PE Digestde:73:92:59:7d:28:87:be:5f:9b:a8:91:66:ec:19:20:dc:1e:14:d2:2a:7a:8f:8b:3e:13:07:69:2e:40:35:f5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
DevDispItemProvider.pdb
Imports
msvcrt
memcmp
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
wcschr
wcsstr
_callnewh
malloc
free
_purecall
_wcsicmp
memset
ntdll
RtlPrefixUnicodeString
RtlFreeHeap
RtlGUIDFromString
RtlInitUnicodeStringEx
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAvlRemoveNode
RtlAvlInsertNodeEx
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
api-ms-win-eventing-classicprovider-l1-1-0
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceEnableLevel
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
api-ms-win-core-synch-l1-1-0
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
api-ms-win-core-com-l1-1-0
CLSIDFromString
StringFromGUID2
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx
CoIncrementMTAUsage
CoTaskMemAlloc
CoDecrementMTAUsage
PropVariantClear
api-ms-win-core-localization-l1-2-0
FormatMessageW
SetThreadPreferredUILanguages
LocaleNameToLCID
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-synch-l1-2-0
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-devices-query-l1-1-1
DevCreateObjectQueryFromIdsEx
DevCreateObjectQueryEx
DevCreateObjectQueryFromIdEx
api-ms-win-devices-query-l1-1-0
DevCloseObjectQuery
DevFreeObjects
DevFindProperty
DevCreateObjectQuery
DevSetObjectProperties
DevGetObjects
DevGetObjectProperties
DevFreeObjectProperties
api-ms-win-security-sddl-l1-1-0
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DevQueryEntry
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
acledit/acledit.dll.dll windows:10 windows x64 arch:x64
Password: 2024
02f6fc922b46bf9b846109dcfb249d30
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
acledit.pdb
Imports
msvcrt
_XcptFilter
__C_specific_handler
_initterm
malloc
free
_amsg_exit
memset
user32
LoadStringW
MessageBoxW
kernel32
Sleep
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DisableThreadLibraryCalls
TerminateProcess
Exports
Exports
DllMain
EditAuditInfo
EditOwnerInfo
EditPermissionInfo
FMExtensionProcW
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
acledit/printui.dll.dll regsvr32 windows:10 windows x64 arch:x64
944df35c81b605bbf59d0853a44df336
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
printui.pdb
Imports
msvcrt
wcsncmp
wcspbrk
sscanf_s
memcmp
memset
??1type_info@@UEAA@XZ
swscanf_s
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
iswspace
wcsstr
_wtoi
swscanf
qsort
wcsrchr
wcstoul
_wcsnicmp
memmove_s
__C_specific_handler
_wcsicmp
wcschr
??_V@YAXPEAX@Z
free
malloc
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
wcscmp
ntdll
NtQueryInformationToken
EtwTraceMessage
WinSqmAddToStream
WinSqmIncrementDWORD
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmAddToStreamEx
EtwUnregisterTraceGuids
api-ms-win-core-datetime-l1-1-0
GetDateFormatW
GetTimeFormatW
api-ms-win-core-datetime-l1-1-1
GetDateFormatEx
GetTimeFormatEx
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
GetFullPathNameW
GetFileAttributesW
CreateFileW
WriteFile
GetFileSize
ReadFile
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
FormatMessageW
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
LoadStringW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
DisableThreadLibraryCalls
FreeLibraryAndExitThread
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
LocalAlloc
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrStrW
QISearch
StrCmpNW
api-ms-win-core-privateprofile-l1-1-0
GetProfileIntW
GetProfileStringW
api-ms-win-core-localization-obsolete-l1-2-0
GetNumberFormatW
api-ms-win-core-processenvironment-l1-1-0
GetCurrentDirectoryW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
CreateThread
OpenProcessToken
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
CreateProcessW
GetCurrentProcess
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
InitOnceInitialize
Sleep
InitOnceBeginInitialize
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
CreateSemaphoreExW
InitializeSRWLock
ReleaseMutex
InitializeCriticalSectionEx
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateEventW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
ResetEvent
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WaitForSingleObject
api-ms-win-core-sysinfo-l1-1-0
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetLocalTime
advapi32
RegQueryValueExW
EventSetInformation
EventRegister
EventWriteTransfer
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
MapGenericMask
GetAce
SetEntriesInAclW
DeleteAce
AllocateAndInitializeSid
GetAclInformation
GetLengthSid
InitializeAcl
RegDeleteKeyExW
CredGetSessionTypes
RegGetValueW
RevertToSelf
ImpersonateLoggedOnUser
CreateWellKnownSid
LogonUserW
RegOpenKeyExW
CheckTokenMembership
EventActivityIdControl
RegCreateKeyExW
EventUnregister
RegDeleteValueW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
AddAce
AddAccessAllowedAceEx
user32
SetMenuDefaultItem
InsertMenuItemW
LoadImageW
DestroyMenu
EnumChildWindows
GetDlgItemTextW
SetDlgItemTextW
GetDlgCtrlID
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
ScreenToClient
CallWindowProcW
SetForegroundWindow
TrackPopupMenu
GetMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
CheckMenuItem
EnableMenuItem
RemoveMenu
GetMenuItemID
FindWindowW
FindWindowExW
RegisterClassExW
LoadMenuW
GetGUIThreadInfo
GetWindow
GetLastActivePopup
SetMenuItemInfoW
GetMenuInfo
SetMenuInfo
GetWindowTextLengthW
GetClassNameW
MonitorFromWindow
GetMonitorInfoW
UpdateWindow
GetPropW
SetPropW
DrawTextW
GetKeyState
LoadIconW
MsgWaitForMultipleObjectsEx
MessageBeep
SetProcessDPIAware
CharLowerW
SendMessageW
EnableWindow
GetClientRect
GetSystemMetrics
SetFocus
PostMessageW
SetWindowLongPtrW
GetMessagePos
MapWindowPoints
GetSysColor
SetWindowTextW
DialogBoxParamW
GetDlgItem
LoadCursorW
SetCursor
EndDialog
GetParent
ShowWindow
SendDlgItemMessageW
SetWindowLongW
GetWindowLongW
CheckRadioButton
GetWindowLongPtrW
GetWindowRect
IsWindowEnabled
IsDlgButtonChecked
RegisterClipboardFormatW
DestroyIcon
InvalidateRect
SetWindowPos
GetWindowPlacement
SetWindowPlacement
DefWindowProcW
GetDesktopWindow
SystemParametersInfoW
GetDC
ReleaseDC
RegisterWindowMessageW
DefDlgProcW
CheckDlgButton
GetWindowTextW
SetTimer
KillTimer
MoveWindow
UnregisterClassW
PostThreadMessageW
DestroyWindow
PostQuitMessage
TranslateMessage
AllowSetForegroundWindow
SendMessageTimeoutW
DestroyAcceleratorTable
LoadAcceleratorsW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateAcceleratorW
GetWindowThreadProcessId
gdi32
CreateCompatibleDC
SelectObject
DeleteDC
GetTextExtentPoint32W
CreateDCW
StartDocW
StartPage
EndPage
EndDoc
AbortDoc
StretchDIBits
SetTextColor
Polyline
CreateDIBSection
GdiIsUMPDSandboxingEnabled
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetTextCharset
winspool.drv
UnRegisterForPrintAsyncNotifications
RegisterForPrintAsyncNotifications
SetPrinterDataW
GetPrinterDataExW
XcvDataW
ord211
InstallPrinterDriverFromPackageW
ord207
AddPrinterConnection2W
EnumFormsW
DeleteFormW
AddFormW
SetFormW
GetPrinterDataW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
SetJobW
GetJobW
EnumMonitorsW
EnumPortsW
ord209
DocumentPropertiesW
EnumPrinterDriversW
EnumPrintersW
ord203
AddPortW
OpenPrinter2W
AddPrinterW
DeletePortW
ConfigurePortW
ClosePrinter
DevicePropertySheets
DeletePrinterDriverExW
DeletePrinterDriverW
SetPrinterW
GetPrinterW
GetPrinterDriverW
OpenPrinterW
DocumentPropertySheets
ord204
DeletePrinter
DeletePrinterConnectionW
setupapi
SetupDiDestroyDriverInfoList
SetupSetNonInteractiveMode
shell32
DragQueryFileW
ord893
ShellExecuteExW
SHGetStockIconInfo
ord100
ord213
ord214
ShellExecuteW
ord259
ord258
ord212
SHGetMalloc
ord22
ord129
ord134
ord132
SHCreateItemWithParent
ord71
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHCreateItemInKnownFolder
Shell_GetCachedImageIndexW
ord155
shlwapi
ord210
ord211
ord209
ord208
PathIsUNCW
StrRetToBufW
ord197
ord165
ord16
StrFormatByteSizeW
ord186
PathAppendW
puiapi
PUIAPI_ShowDriverPackageRemovalUI
STRAPI_TrimString
STRAPI_LoadString
STRAPI_Format
PUIAPI_ShowBrowseForPrinterDialog
XMLAPI_GetAttributeString
XMLAPI_GetAttributeLong
STRAPI_ConvertCase
kernel32
GetVersionExW
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
GetComputerNameW
GetLocaleInfoEx
GetUserPreferredUILanguages
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualQuery
QueryPerformanceCounter
PulseEvent
SystemTimeToTzSpecificLocalTime
WTSGetActiveConsoleSessionId
ReleaseActCtx
GetTimeZoneInformation
QueueUserWorkItem
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
DeactivateActCtx
GetSystemTime
FindClose
FindFirstFileW
SearchPathW
RegQueryValueExA
ExpandEnvironmentStringsA
RegOpenKeyExA
LoadLibraryExA
DelayLoadFailureHook
MulDiv
ResolveDelayLoadedAPI
LoadModule
CheckElevationEnabled
Exports
Exports
ConnectToPrinterDlg
ConstructPrinterFriendlyName
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
DocumentPropertiesWrap
LaunchPlatformHelp
PnPInterface
PrintNotifyTray_Exit
PrintNotifyTray_Init
PrintUIDownloadAndInstallLegacyDriver
PrintUIEntryDPIAwareW
PrintUIEntryW
PrinterPropPageProvider
RegisterPrintNotify
ReleaseArgv
ShowErrorMessageHR
ShowErrorMessageSC
ShowHelpLinkDialog
StringToArgv
UnregisterPrintNotify
bFolderEnumPrinters
bFolderGetPrinter
bFolderRefresh
bPrinterSetup
vDocumentDefaults
vPrinterPropPages
vQueueCreate
vServerPropPages
Sections
.text Size: 538KB - Virtual size: 538KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dsreg/dcntel.dll.dll windows:10 windows x64 arch:x64
297a2ad90ecd0a9d6f27b16387dae5ef
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-09-2021 18:23Not After01-09-2022 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37Signer
Actual PE Digesta2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dcntel.pdb
Imports
msvcrt
localeconv
strcspn
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
wcscpy_s
__uncaught_exception
___mb_cur_max_func
_ismbblead
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
memcmp
wcsncmp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
iswascii
_wtoi
wcstoul
wcscmp
strcmp
wcsstr
_wcslwr
wcscat_s
wcschr
_wcsnicmp
_wtof
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
rand_s
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
strcpy_s
__C_specific_handler
wcstol
?what@exception@@UEBAPEBDXZ
wcsrchr
_wcsupr
_wcslwr_s
wcstok_s
strchr
_errno
strstr
free
malloc
strnlen
swprintf_s
sprintf_s
_wcsicmp
_vsnprintf
_wcstoui64
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
calloc
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
CreateEventW
OpenWaitableTimerW
CreateEventExW
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
OpenSemaphoreW
SetEvent
WaitForSingleObject
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
SetWaitableTimer
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
api-ms-win-core-heap-l1-1-0
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
ExitProcess
GetCurrentProcess
OpenThreadToken
CreateThread
OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TerminateThread
api-ms-win-core-localization-l1-2-0
GetUserGeoID
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetLocaleInfoEx
FormatMessageW
GetLocaleInfoW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-version-l1-1-1
GetFileVersionInfoSizeW
GetFileVersionInfoW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoCreateFreeThreadedMarshaler
PropVariantClear
CoSetProxyBlanket
CoWaitForMultipleHandles
CoTaskMemFree
oleaut32
VariantTimeToSystemTime
VariantInit
SysAllocString
SafeArrayGetElement
VariantClear
SysStringLen
SysFreeString
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventWriteTransfer
api-ms-win-power-base-l1-1-0
CallNtPowerInformation
api-ms-win-core-file-l1-1-0
DeleteFileW
GetTempFileNameW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
WriteFile
ReadFile
GetLogicalDrives
GetDriveTypeW
FindClose
CreateFileW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-security-base-l1-1-0
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorOwner
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
StartTraceW
api-ms-win-eventing-consumer-l1-1-0
ProcessTrace
OpenTraceW
CloseTrace
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-sysinfo-l1-2-0
GetSystemFirmwareTable
VerSetConditionMask
GetProductInfo
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegFlushKey
RegDeleteTreeW
RegSetKeySecurity
RegSaveKeyExW
RegLoadAppKeyW
RegCloseKey
RegGetValueW
RegDeleteKeyExW
RegUnLoadKeyW
rpcrt4
UuidCreate
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
ExpandEnvironmentStringsW
api-ms-win-core-realtime-l1-1-0
QueryThreadCycleTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetComputerNameExW
GetSystemWindowsDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemTime
GetLogicalProcessorInformationEx
GetSystemInfo
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
LocalAlloc
logoncli
DsGetDcNameW
bcrypt
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
crypt32
CryptBinaryToStringW
netutils
NetApiBufferFree
api-ms-win-core-winrt-l1-1-0
RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
IsProcessorFeaturePresent
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-sysinfo-l1-2-1
GetPhysicallyInstalledSystemMemory
iphlpapi
GetAdaptersInfo
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
api-ms-win-eventing-legacy-l1-1-0
EnableTrace
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
EnumUILanguagesW
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrChrW
api-ms-win-core-processtopology-obsolete-l1-1-0
GetActiveProcessorCount
api-ms-win-shcore-stream-l1-1-0
SHCreateStreamOnFileEx
ntdll
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlAllocateAndInitializeSid
RtlFreeSid
RtlAdjustPrivilege
NtQueryKey
NtQueryLicenseValue
RtlCompareMemory
NtQuerySecurityPolicy
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmIsOptedInEx
NtPowerInformation
RtlFreeUnicodeString
RtlInitUnicodeString
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
RegDeleteKeyValueW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-synch-l1-2-1
CreateSemaphoreW
CreateWaitableTimerW
api-ms-win-core-memory-l1-1-0
VirtualFree
VirtualAlloc
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
winhttp
WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetCredentials
api-ms-win-security-credentials-l1-1-0
CredFree
CredReadW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
RegDeleteKeyW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
api-ms-win-core-kernel32-legacy-l1-1-0
WTSGetActiveConsoleSessionId
Exports
Exports
GetCensusPropertyAlloc
GetCensusRegistryLocation
RunSystemContextCensus
RunUserContextCensus
SetCustomTrigger
SetCustomTriggerEx
SysprepCleanupEnableCustomTrigger
Sections
.text Size: 524KB - Virtual size: 521KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 192KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dsreg/dsound.dll.dll windows:10 windows x64 arch:x64
7257aa932ac77b1d2e29b45383b4e0a6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dsound.pdb
Imports
msvcrt
_lock
_controlfp
__CxxFrameHandler3
_unlock
free
_vsnprintf
_aligned_free
_onexit
malloc
sqrtf
_initterm
_vsnwprintf
_XcptFilter
__dllonexit
_aligned_malloc
__C_specific_handler
_isnan
memcpy_s
_amsg_exit
atan2
atan2f
ceil
cos
cosf
floor
floorf
log
log10
logf
memcmp
memcpy
memmove
memset
pow
powf
sin
sqrt
tan
api-ms-win-core-file-l1-1-0
CreateFileW
ReadFile
GetFileSize
GetFullPathNameW
SetFilePointer
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExA
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-string-l2-1-0
CharUpperW
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapDestroy
GetProcessHeap
HeapFree
HeapCreate
HeapSize
api-ms-win-core-processthreads-l1-1-0
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeThread
GetCurrentProcess
GetCurrentThread
GetProcessTimes
TerminateProcess
SwitchToThread
CreateThread
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryA
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
api-ms-win-core-registry-l2-1-0
RegCreateKeyA
RegCreateKeyW
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
CreateMutexW
InitializeCriticalSection
SetEvent
EnterCriticalSection
ResetEvent
DeleteCriticalSection
ReleaseMutex
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
api-ms-win-power-setting-l1-1-0
PowerReadACValue
PowerGetActiveScheme
PowerReadDCValue
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
api-ms-win-core-synch-l1-2-0
InitOnceComplete
Sleep
InitOnceBeginInitialize
api-ms-win-mm-time-l1-1-0
timeEndPeriod
timeBeginPeriod
timeGetTime
api-ms-win-core-com-l1-1-0
CoCreateInstance
PropVariantClear
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CLSIDFromString
api-ms-win-core-processthreads-l1-1-1
OpenProcess
GetThreadTimes
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
api-ms-win-power-base-l1-1-0
CallNtPowerInformation
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-mm-mme-l1-1-0
waveInGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID
Sections
.text Size: 371KB - Virtual size: 370KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 201KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dsreg/dsreg.dll.dll windows:10 windows x64 arch:x64
1cac4312a6dde042a044bb0a45c42d48
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-05-2022 19:23Not After04-05-2023 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d8:be:18:66:a8:60:db:d1:00:3f:ed:d8:d2:23:25:60:b2:dd:63:a1:d6:7c:43:db:fa:4a:cc:87:f9:0f:95:8bSigner
Actual PE Digestd8:be:18:66:a8:60:db:d1:00:3f:ed:d8:d2:23:25:60:b2:dd:63:a1:d6:7c:43:db:fa:4a:cc:87:f9:0f:95:8bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dsreg.pdb
Imports
msvcrt
memcpy
memmove
free
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strchr
realloc
_wfopen_s
towupper
swprintf_s
wcsncpy
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetwc
fgetc
ungetwc
fputwc
fclose
fflush
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
getchar
fwprintf_s
wprintf
wcstok_s
wcsncmp
wcsncpy_s
_wcserror
wcsrchr
memcmp
wcsnlen
wcscpy_s
wcscspn
swprintf
wcschr
difftime
isdigit
strtol
isxdigit
isalpha
_wtof
_wcslwr
?what@exception@@UEBAPEBDXZ
_snwprintf_s
memset
_onexit
wcsstr
_wcsicmp
_wcsnicmp
__dllonexit
time
swscanf
_unlock
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_lock
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
_initterm
__CxxFrameHandler3
_amsg_exit
_XcptFilter
_callnewh
toupper
malloc
_CxxThrowException
wcscmp
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
TerminateProcess
ExitThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
CreateThread
api-ms-win-core-sysinfo-l1-1-0
GetComputerNameExW
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
msvcp110_win
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??_7facet@locale@std@@6B@
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??_7_Facet_base@std@@6B@
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
_Wcsxfrm
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
_Wcscoll
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_BADOFF@std@@3_JB
??0_Locinfo@std@@QEAA@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1_Locinfo@std@@QEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Winerror_map@std@@YAPEBDH@Z
?out@?$codecvt@GDH@std@@QEBAHAEAHPEBG1AEAPEBGPEAD3AEAPEAD@Z
?unshift@?$codecvt@GDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
?uncaught_exception@std@@YA_NXZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Incref@facet@locale@std@@UEAAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventProviderEnabled
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
api-ms-win-core-synch-l1-1-0
ResetEvent
ReleaseMutex
SetEvent
OpenMutexW
CreateEventExW
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
LeaveCriticalSection
CreateMutexW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSidToSidW
rpcrt4
UuidCompare
UuidIsNil
UuidFromStringW
UuidCreate
RpcBindingCreateW
RpcStringFreeW
UuidToStringW
RpcBindingBind
RpcBindingFree
I_RpcExceptionFilter
NdrClientCall3
I_RpcMapWin32Status
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
GlobalFree
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
LookupPrivilegeValueW
api-ms-win-security-base-l1-1-0
GetTokenInformation
AdjustTokenPrivileges
GetLengthSid
DuplicateToken
IsValidSid
CheckTokenMembership
CopySid
EqualSid
AllocateAndInitializeSid
FreeSid
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegOpenCurrentUser
RegDeleteTreeW
RegOpenKeyExW
RegCreateKeyExW
RegFlushKey
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegLoadKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegUnLoadKeyW
RegQueryValueExW
api-ms-win-core-com-l1-1-0
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
StringFromCLSID
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance
ntdll
RtlGetVersion
RtlPublishWnfStateData
RtlNtStatusToDosError
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation
api-ms-win-security-cryptoapi-l1-1-0
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptDestroyHash
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrStrIW
StrRStrIW
StrChrNW
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-security-lsalookup-l1-1-2
LsaLookupUserAccountType
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-file-l1-1-0
CompareFileTime
DeleteFileW
GetTempFileNameW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
oleaut32
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
VariantInit
SysFreeString
SysAllocString
SafeArrayDestroy
api-ms-win-core-console-l1-2-0
FreeConsole
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DsrBeginDelegatedWorkplaceJoin
DsrBeginDeviceAndResourceAccountJoin
DsrBeginDeviceJoin
DsrBeginDeviceUnjoin
DsrBeginDeviceUpdate
DsrBeginDiscover
DsrBeginPreprovisionedDeviceJoin
DsrBeginRecovery
DsrBeginWorkplaceJoin
DsrBeginWorkplaceUnjoin
DsrBeginWorkplaceUpdate
DsrCLI
DsrCanCurrentUserProvisionNgcKey
DsrCanCurrentUserResetNgcKey
DsrDeviceHostNameUpdate
DsrEndRecovery
DsrFreeCxhScenarioInfo
DsrFreeDiscoveryMetadata
DsrFreeJoinInfo
DsrFreeJoinInfoEx
DsrGetCurrentUserNgcProvisionStatus
DsrGetCxhScenarioInfo
DsrGetDomainRegistrationData
DsrGetJoinInfo
DsrGetJoinInfoEx
DsrGetPrtAuthorityInfo
DsrGetResourceAccount
DsrIsDeviceJoined
DsrIsDeviceJoinedEx
DsrIsWorkplaceJoined
DsrSaveDeviceTokenProperties
DsrSaveWorkplaceTokenProperties
DsrWriteAutoJoinSvcAdminEvent
DsrWriteAutoJoinSvcDebugEvent
DsrWriteAutoJoinSvcTriggerEvent
FidoDeregisterKey
FidoRegisterKey
NgcDeregisterKey
NgcGetKeyId
NgcGetLogonCertPolicy
NgcGetStatistics
NgcIncrementPinRetryAttempts
NgcNeedProvision
NgcNeedProvisionForAccount
NgcReadRegistryValue
NgcRegisterKey
NgcResetPinRetryAttempts
NgcUpdateCertEnrollStatistics
NgcUpdateStatistics
Sections
.text Size: 716KB - Virtual size: 716KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 458KB - Virtual size: 457KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
dsreg/sensrsvc.dll.dll windows:10 windows x64 arch:x64
7980291b053dc0ce2145ce6b777cd2ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SensrSvc.pdb
Imports
msvcrt
memcpy
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_callnewh
_onexit
_purecall
malloc
memset
free
memmove_s
_vsnwprintf
memcpy_s
__C_specific_handler
memcmp
acosf
atan2f
sqrtf
oleaut32
SysFreeString
SysAllocString
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
wpprecorderum
WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
SetEvent
api-ms-win-core-handle-l1-1-0
CloseHandle
propsys
PropVariantToUInt32
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
CreateThread
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
FreeLibrary
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateGuid
PropVariantClear
CoCreateInstance
StringFromGUID2
CoInitializeEx
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
UnregisterWait
api-ms-win-ntuser-sysparams-l1-1-0
EnumDisplaySettingsW
GetSystemMetrics
api-ms-win-core-synch-l1-2-0
InitOnceComplete
InitOnceBeginInitialize
Sleep
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-processthreads-l1-1-2
SetProtectedPolicy
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
ntdll
RtlInitUnicodeString
NtQuerySystemInformation
api-ms-win-core-sysinfo-l1-2-0
GetSystemFirmwareTable
Exports
Exports
ServiceCtrlHandler
ServiceMain
Sections
.text Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
pcwum/AppxSip.dll.dll regsvr32 windows:10 windows x64 arch:x64
e06fe0d53e5834d5eeea2d913edb0995
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
AppxSip.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
wcschr
wcsstr
_o__callnewh
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
wcscmp
wcsncmp
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
api-ms-win-core-util-l1-1-0
DecodePointer
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsAlloc
TlsGetValue
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-1-0
FindStringOrdinal
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExA
LoadResource
LockResource
SizeofResource
ntdll
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlReportException
NtQuerySystemInformation
RtlEnterCriticalSection
RtlSetLastWin32Error
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNtStatusToDosError
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFileAttributesW
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
api-ms-win-core-url-l1-1-0
PathIsURLW
api-ms-win-core-registry-l1-1-0
RegGetValueW
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentVariableW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
opcservices
ord12
ord8
ord16
ord15
api-ms-win-core-kernel32-legacy-l1-1-0
CopyFileW
FindResourceW
FileTimeToDosDateTime
DosDateTimeToFileTime
api-ms-win-core-file-l2-1-0
ReplaceFileW
MoveFileExW
api-ms-win-core-localization-obsolete-l1-2-0
CompareStringA
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateLoggedOnUser
Exports
Exports
AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData
Sections
.text Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 440B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
pcwum/asferror.dll.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
pcwum/pcwum.dll.dll windows:10 windows x64 arch:x64
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-05-2019 21:24Not After02-05-2020 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
89:70:f2:2d:e4:70:53:01:c8:9d:3a:40:1d:b6:c8:7f:77:5e:4f:34:e7:c7:93:57:53:a7:57:86:58:2a:80:b2Signer
Actual PE Digest89:70:f2:2d:e4:70:53:01:c8:9d:3a:40:1d:b6:c8:7f:77:5e:4f:34:e7:c7:93:57:53:a7:57:86:58:2a:80:b2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pcwum.pdb
Exports
Exports
PcwAddQueryItem
PcwClearCounterSetSecurity
PcwCollectData
PcwCompleteNotification
PcwCreateNotifier
PcwCreateQuery
PcwDisconnectCounterSet
PcwEnumerateInstances
PcwIsNotifierAlive
PcwQueryCounterSetSecurity
PcwReadNotificationData
PcwRegisterCounterSet
PcwRemoveQueryItem
PcwSendNotification
PcwSendStatelessNotification
PcwSetCounterSetSecurity
PcwSetQueryItemUserData
PerfCreateInstance
PerfDecrementULongCounterValue
PerfDecrementULongLongCounterValue
PerfDeleteInstance
PerfIncrementULongCounterValue
PerfIncrementULongLongCounterValue
PerfQueryInstance
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfSetULongLongCounterValue
PerfStartProvider
PerfStartProviderEx
PerfStopProvider
Sections
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
pcwum/pdhui.dll.dll windows:10 windows x64 arch:x64
aede04ec0542987e57567a203b6b82c7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pdhui.pdb
Imports
api-ms-win-crt-string-l1-1-0
wcsnlen
memset
strnlen
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__ltow_s
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_towlower
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
kernel32
GetModuleFileNameA
ActivateActCtx
WaitForSingleObject
CreateActCtxA
DeactivateActCtx
FormatMessageW
GetLastError
GetComputerNameW
LoadLibraryW
FreeLibrary
ReleaseActCtx
SetLastError
CompareStringOrdinal
CancelSynchronousIo
CreateThread
CloseHandle
GlobalUnlock
SearchPathW
MultiByteToWideChar
GetWindowsDirectoryW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GlobalLock
DisableThreadLibraryCalls
InitializeSListHead
comdlg32
GetOpenFileNameW
user32
DialogBoxParamW
LoadStringW
MessageBoxW
GetWindowTextW
EnableWindow
ReleaseDC
RegisterClipboardFormatA
GetWindowTextLengthA
GetDlgItem
GetClientRect
SetCursor
EndDeferWindowPos
SendMessageA
SetFocus
MoveWindow
IsWindowEnabled
SendDlgItemMessageW
SetWindowTextA
MapWindowPoints
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
MessageBeep
SetWindowTextW
GetSystemMetrics
EndDialog
SendMessageW
SetWindowLongPtrW
SetWindowPos
GetDC
LoadCursorA
IsDlgButtonChecked
GetDlgCtrlID
CheckRadioButton
GetFocus
GetWindow
DeferWindowPos
WinHelpW
GetWindowRect
gdi32
GetTextExtentPoint32W
ole32
CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium
pdh
PdhOpenLogA
PdhCloseLog
PdhConnectMachineW
PdhParseCounterPathW
PdhParseInstanceNameW
PdhEnumMachinesHW
PdhExpandCounterPathW
PdhEnumObjectsHW
PdhEnumObjectItemsHW
PdhParseCounterPathA
PdhMakeCounterPathW
PdhGetDefaultPerfObjectHW
PdhGetExplainText
PdhOpenLogW
Exports
Exports
PdhUiBrowseCountersA
PdhUiBrowseCountersExA
PdhUiBrowseCountersExHA
PdhUiBrowseCountersExHW
PdhUiBrowseCountersExW
PdhUiBrowseCountersHA
PdhUiBrowseCountersHW
PdhUiBrowseCountersW
PdhUiSelectDataSourceA
PdhUiSelectDataSourceW
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup.msi.msi
-
wcimage/SEMgrPS.dll.dll windows:10 windows x64 arch:x64
7dcc2d309d96727b06e1bbb65b6597f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SEMgrPS.pdb
Imports
msvcrt
__C_specific_handler
malloc
_initterm
free
_amsg_exit
_XcptFilter
rpcrt4
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubCall3
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserUnmarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient7
ObjectStublessClient15
NdrProxyForwardingFunction23
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction21
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient30
ObjectStublessClient16
NdrProxyForwardingFunction9
ObjectStublessClient18
NdrProxyForwardingFunction11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction29
NdrProxyForwardingFunction12
ObjectStublessClient4
NdrProxyForwardingFunction10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient13
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient27
NdrProxyForwardingFunction19
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
NdrProxyForwardingFunction24
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
NdrProxyForwardingFunction20
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
NdrProxyForwardingFunction16
NdrProxyForwardingFunction25
oleaut32
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wcimage/SensorsApi.dll.dll regsvr32 windows:10 windows x64 arch:x64
93f00183f6b2824f35a5ab3c1bf4de20
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SensorsApi.pdb
Imports
api-ms-win-crt-string-l1-1-0
memmove_s
wcsncmp
memset
wcscmp
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_strncat_s
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy
rpcrt4
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
NdrClientCall3
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
I_RpcExceptionFilter
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrOleFree
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient8
ObjectStublessClient16
ObjectStublessClient14
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient17
ObjectStublessClient13
ObjectStublessClient5
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetThreadLocale
SetThreadLocale
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
CreateEventW
WaitForSingleObjectEx
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForMultipleObjectsEx
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeSRWLock
api-ms-win-core-heap-l1-1-0
HeapDestroy
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException
api-ms-win-eventing-provider-l1-1-0
EventProviderEnabled
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentProcess
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
api-ms-win-core-file-l1-1-0
CreateFileW
ReadFile
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-processthreads-l1-1-1
OpenProcess
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-shcore-unicodeansi-l1-1-0
SHAnsiToUnicode
user32
DispatchMessageW
LoadStringW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
DialogBoxParamW
EndDialog
IsWindow
UnregisterClassA
MsgWaitForMultipleObjectsEx
sensorsutilsv2
PropVariantGetInformation
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
CollectionsListGetSerializedSize
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
CollectionsListCopyAndMarshall
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetUlong
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
IsCollectionListSame
PropKeyFindKeyGetGuid
CollectionsListDeserializeFromBuffer
sensorsnativeapi.v2
SensorGetCapabilitiesCollectionV2
SensorOpenByInterfaceV2
SensorCloseV2
SensorStartCollectionV2
SensorStartStateChangeNotificationV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorEnableIdleOperationV2
SensorSetDataIntervalV2
SensorSetDataThresholdsV2
SensorGetDataIntervalV2
SensorGetDataThresholdsV2
SensorGetPropertiesV2
SensorGetDataFieldPropertiesV2
SensorStopV2
SensorStopStateChangeNotificationV2
api-ms-win-core-marshal-l1-1-0
HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserFree
HWND_UserFree64
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
api-ms-win-core-threadpool-l1-2-0
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum
api-ms-win-security-base-l1-1-0
IsWellKnownSid
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
GetAce
AllocateAndInitializeSid
IsValidSid
AddAce
CopySid
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-psapi-l1-1-0
K32GetModuleBaseNameW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-io-l1-1-0
GetOverlappedResult
CancelIoEx
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
ntdll
WinSqmIsOptedIn
WinSqmAddToStreamEx
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetOrientationSensorThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM
Sections
.text Size: 289KB - Virtual size: 289KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wcimage/netprofmsvc.dll.dll windows:10 windows x64 arch:x64
ad45623529f9b4402c7d26b5ea54d733
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
netprofmsvc.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_abort
_o_calloc
_o_free
_o_malloc
_o_strcpy_s
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
api-ms-win-crt-string-l1-1-0
wcsspn
memset
wcspbrk
wcsncmp
wcsnlen
ntdll
RtlIpv4StringToAddressExW
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventWriteTransfer
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryWnfStateData
RtlIpv6StringToAddressExW
NtCreateWnfStateName
EtwEventRegister
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
EtwEventUnregister
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
FindResourceExW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
LoadResource
SizeofResource
FreeResource
LockResource
GetProcAddress
FreeLibrary
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
CreateEventW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetProcessId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventProviderEnabled
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegQueryValueExA
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-0
InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-com-l1-1-0
StringFromGUID2
IIDFromString
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoDisconnectContext
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoCreateGuid
CoSetProxyBlanket
api-ms-win-core-winrt-l1-1-0
RoRegisterActivationFactories
RoRevokeActivationFactories
api-ms-win-core-kernel32-legacy-l1-1-0
UnregisterWait
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetTickCount
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-service-management-l1-1-0
OpenSCManagerW
OpenServiceW
CloseServiceHandle
api-ms-win-core-threadpool-l1-2-0
TrySubmitThreadpoolCallback
DisassociateCurrentThreadFromCallback
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolTimer
CloseThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
FreeLibraryWhenCallbackReturns
CloseThreadpoolWait
CreateThreadpoolCleanupGroup
SetThreadpoolWait
SetThreadpoolTimer
api-ms-win-security-isolatedcontainer-l1-1-1
IsProcessInWDAGContainer
iphlpapi
ConvertInterfaceIndexToLuid
NotifyUnicastIpAddressChange
CloseGetIPPhysicalInterfaceForDestination
ConvertInterfaceLuidToNameW
ConvertInterfaceGuidToLuid
GetIfEntry2Ex
GetAdaptersAddresses
GetIfEntry2
CancelMibChangeNotify2
GetIfStackTable
FreeMibTable
NotifyRouteChange2
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid
GetSessionCompartmentId
InternalGetIPPhysicalInterfaceForDestination
GetBestInterfaceEx
GetBestInterface
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
UnregisterWaitEx
CreateTimerQueueTimer
ws2_32
inet_addr
htons
InetNtopW
closesocket
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
WSASocketW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpW
api-ms-win-security-base-l1-1-0
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
GetTokenInformation
wkscli
NetGetJoinInformation
netutils
NetApiBufferFree
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetFileSize
ReadFile
SetFileAttributesW
CreateFileW
WriteFile
DeleteFileW
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
rpcrt4
RpcStringFreeW
UuidToStringW
RpcExceptionFilter
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFree
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcStringBindingParseW
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
dhcpcsvc
DhcpFreeLeaseInfo
DhcpQueryLeaseInfoEx
DhcpIsEnabled
winhttp
WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpCrackUrl
dnsapi
DnsFlushResolverCache
api-ms-win-service-private-l1-1-0
UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications
api-ms-win-security-grouppolicy-l1-1-0
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
LeaveCriticalPolicySectionInternal
EnterCriticalPolicySectionInternal
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
combase
ord66
ord69
ord68
ord67
nlaapi
NlaRegisterQuery
NlaAddToTypeSet
NlaCreateTypeSet
NlaQueryNetSignatures
NlaCreatePluginRequests
NlaAddToPluginRequests
NlaOpenQuery
NlaRefreshQuery
NlaQueryNetDataEx
NlaDeleteTypeSet
NlaCloseQuery
NlaDeleteDataSet
NlaDeletePluginRequests
NlaQueryNetData
winnsi
NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer
NsiRpcRegisterChangeNotification
msvcp_win
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
ncsi
NcsiGetWebProbeConfig
Exports
Exports
DllMain
ServiceMain
SvchostPushServiceGlobalsEx
Sections
.text Size: 668KB - Virtual size: 668KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 159KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wcimage/wcimage.dll.dll windows:10 windows x64 arch:x64
f8fb756be0e3bc5854c867138bb76490
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wcimage.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___std_type_info_destroy_list
_o__configure_narrow_argv
wcsrchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
wcsncmp
memset
wcsnlen
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegGetKeySecurity
RegEnumValueW
RegCloseKey
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
RegEnumKeyW
ntdll
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlRunOnceBeginInitialize
NtOpenFile
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlFreeHeap
NtClose
RtlImpersonateSelf
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtSetInformationFile
RtlAllocateHeap
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetTickCount64
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
CreateDirectoryW
DeleteFileW
FindFirstFileExW
SetFileInformationByHandle
SetFileAttributesW
GetFinalPathNameByHandleW
WriteFile
ReadFile
RemoveDirectoryW
FindNextFileW
GetFileAttributesW
FlushFileBuffers
GetFileSizeEx
FindClose
CreateFileW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
LeaveCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
CreateHardLinkW
api-ms-win-security-provider-l1-1-0
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l2-1-0
LocalFree
fltlib
FilterConnectCommunicationPort
FilterInstanceClose
FilterLoad
FilterSendMessage
FilterInstanceCreate
FilterDetach
FilterAttach
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
Sleep
api-ms-win-core-com-l1-1-0
CoTaskMemFree
api-ms-win-core-path-l1-1-0
PathCchAddBackslash
api-ms-win-core-kernel32-legacy-l1-1-1
SetVolumeMountPointW
api-ms-win-shcore-stream-l1-1-0
SHCreateStreamOnFileW
xmllite
CreateXmlReader
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
TlsGetValue
TlsAlloc
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsFree
CreateThread
GetCurrentThreadId
TlsSetValue
OpenThreadToken
OpenProcessToken
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleW
virtdisk
OpenVirtualDisk
CreateVirtualDisk
DetachVirtualDisk
AttachVirtualDisk
GetVirtualDiskPhysicalPath
wimgapi
WIMCloseHandle
WIMSetTemporaryPath
WIMApplyImage
WIMCreateFile
WIMLoadImage
drvstore
DriverStoreEnumObjectsW
DriverStoreClose
DriverStoreOpenW
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateSelf
FreeSid
GetSecurityDescriptorLength
AdjustTokenPrivileges
AllocateAndInitializeSid
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
SetPrivateObjectSecurityEx
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-file-l1-2-0
GetVolumeNameForVolumeMountPointW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
WcCompressFile
WcCompressFileAsync
WcConvertToReparsePoint
WcCreateContainerImageFromPortableBaseLayer
WcCreateContainerImageFromWim
WcCreateContainerImageFromWimEx
WcDismountVirtualDisk
WcDismountVirtualDiskFromHandle
WcEnsurePathExists
WcExpandContainerWim
WcMountVirtualDisk
WcProcessContainerLayer
WcSetVirtualDiskAttributes
WcWaitForPendingFileCompressionOperations
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 76B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
password.jpg.jpg