AppxSip.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240221-en
windows7-x64
10 signatures
120 seconds
Behavioral task
behavioral2
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240226-en
windows10-2004-x64
14 signatures
120 seconds
Behavioral task
behavioral3
Sample
__x64___setup___x32__/setup.msi
Resource
win11-20240419-en
windows11-21h2-x64
7 signatures
120 seconds
General
-
Target
__x64___setup___x32__.zip
-
Size
26.2MB
-
MD5
e5a83ba069f873253b132ec3ec166c24
-
SHA1
1e4ce10856435de93df2d95b128672bf5e97f449
-
SHA256
d1a0115f4afe30d9a973cb18bf95d34b67b2d548b4d49989fd0e36399dc562d0
-
SHA512
8650c791c1b5cd3e22cb94d73e001aa7f832ab860882fbeccce79aa684b4940886d36d86c73ce9df7febf9f072edba7fa1a2762aac5f35c52d451791d03b0828
-
SSDEEP
786432:V7lANnpo2nHaN04j/Qpv3p2MmSg3jcUXQR6:s1po2n14DU3GZ3wUAU
Score
3/10
Malware Config
Signatures
-
Unsigned PE 16 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/__x64___setup___x32__/AppxSip/AppxSip.dll unpack001/__x64___setup___x32__/AppxSip/MSVidCtl.dll unpack001/__x64___setup___x32__/AppxSip/deploymentcsps.dll unpack001/__x64___setup___x32__/dsreg/dsound.dll unpack001/__x64___setup___x32__/dsreg/sensrsvc.dll unpack001/__x64___setup___x32__/netprofm/TapiSysprep.dll unpack001/__x64___setup___x32__/netprofm/netprofm.dll unpack001/__x64___setup___x32__/netprofm/rpcnsh.dll unpack001/__x64___setup___x32__/netprofm/socialapis.dll unpack001/__x64___setup___x32__/pcwum/AppxSip.dll unpack001/__x64___setup___x32__/pcwum/asferror.dll unpack001/__x64___setup___x32__/pcwum/pdhui.dll unpack001/__x64___setup___x32__/wcimage/SEMgrPS.dll unpack001/__x64___setup___x32__/wcimage/SensorsApi.dll unpack001/__x64___setup___x32__/wcimage/netprofmsvc.dll unpack001/__x64___setup___x32__/wcimage/wcimage.dll
Files
-
__x64___setup___x32__.zip.zip
-
__x64___setup___x32__/AppxSip/AppxSip.dll.dll regsvr32 windows:10 windows x64 arch:x64
e06fe0d53e5834d5eeea2d913edb0995
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
wcschr
wcsstr
_o__callnewh
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
wcscmp
wcsncmp
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
api-ms-win-core-util-l1-1-0
DecodePointer
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsAlloc
TlsGetValue
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-1-0
FindStringOrdinal
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExA
LoadResource
LockResource
SizeofResource
ntdll
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlReportException
NtQuerySystemInformation
RtlEnterCriticalSection
RtlSetLastWin32Error
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNtStatusToDosError
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFileAttributesW
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
api-ms-win-core-url-l1-1-0
PathIsURLW
api-ms-win-core-registry-l1-1-0
RegGetValueW
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentVariableW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
opcservices
ord12
ord8
ord16
ord15
api-ms-win-core-kernel32-legacy-l1-1-0
CopyFileW
FindResourceW
FileTimeToDosDateTime
DosDateTimeToFileTime
api-ms-win-core-file-l2-1-0
ReplaceFileW
MoveFileExW
api-ms-win-core-localization-obsolete-l1-2-0
CompareStringA
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateLoggedOnUser
Exports
Exports
AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData
Sections
.text Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 440B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/AppxSip/MSVidCtl.dll.dll regsvr32 windows:10 windows x64 arch:x64
dd5e8a87d388e7f0e0dcb3f9ea5a64ef
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
MSVidCtl.pdb
Imports
msvcrt
_wsplitpath_s
wcscspn
swscanf
_wcsicmp
wcsncmp
iswalpha
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memset
memmove
memcpy
memcmp
floor
__CxxFrameHandler3
_ui64tow
_errno
wcstol
wcsstr
iswspace
??8type_info@@QEBAHAEBV0@@Z
wcstoul
_vsnprintf
_wcsnicmp
_vsnwprintf
_itow
_wtoi
iswdigit
_purecall
realloc
wcscat_s
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
wcsnlen
free
wcscpy_s
__C_specific_handler
_CxxThrowException
wcscmp
ole32
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
CoGetMalloc
CoInitializeEx
CoWaitForMultipleHandles
CoUninitialize
ProgIDFromCLSID
StringFromCLSID
OleSaveToStream
WriteClassStm
OleLoadFromStream
StringFromGUID2
CoCreateFreeThreadedMarshaler
CLSIDFromString
CreateItemMoniker
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
ReadClassStm
HDC_UserSize64
HDC_UserMarshal
HDC_UserUnmarshal64
HDC_UserFree
HDC_UserUnmarshal
HDC_UserMarshal64
HDC_UserSize
HDC_UserFree64
HWND_UserUnmarshal64
HWND_UserMarshal64
HWND_UserMarshal
HWND_UserSize
HWND_UserSize64
HWND_UserFree64
HWND_UserFree
HWND_UserUnmarshal
CoTaskMemAlloc
oleaut32
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringLen
SafeArrayDestroy
LoadRegTypeLi
SafeArrayAccessData
CreateErrorInfo
VariantInit
VariantChangeTypeEx
VarCmp
OleCreatePictureIndirect
OleCreatePropertyFrame
SetErrorInfo
VariantChangeType
SysAllocStringByteLen
VarUI4FromStr
VariantClear
VariantCopy
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserSize
BSTR_UserMarshal64
BSTR_UserSize64
BSTR_UserFree64
VARIANT_UserUnmarshal64
VARIANT_UserFree64
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserUnmarshal64
BSTR_UserFree
VARIANT_UserMarshal64
VARIANT_UserSize64
BSTR_UserSize
SysFreeString
SafeArrayCreate
kernel32
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetProcessHeap
TerminateProcess
HeapAlloc
EncodePointer
LoadLibraryExA
VirtualFree
HeapFree
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetTempPathW
GetLocalTime
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount64
GetCurrentProcessId
IsValidLocale
LoadLibraryW
GetSystemDirectoryW
WideCharToMultiByte
GetVersionExW
GetDriveTypeW
DeviceIoControl
CreateFileW
Sleep
GetLocaleInfoW
SetThreadExecutionState
DecodeSystemPointer
SizeofResource
GetCurrentProcess
DuplicateHandle
WaitForMultipleObjects
CreateThread
ResetEvent
SetEvent
SetUnhandledExceptionFilter
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
DecodePointer
CreateMutexW
LockResource
LoadResource
FindResourceW
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateEventW
MultiByteToWideChar
FormatMessageW
lstrlenA
OutputDebugStringW
DebugBreak
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
GetModuleHandleW
lstrcpynW
lstrcmpiW
lstrlenW
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
FreeLibrary
EncodeSystemPointer
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
user32
SetWindowLongPtrW
FillRect
LoadCursorW
wsprintfW
GetWindowLongPtrW
CreateWindowExW
RegisterClassExW
DefWindowProcW
BeginPaint
EndPaint
UnionRect
OffsetRect
SetWindowRgn
GetClassInfoExW
SetWindowPos
GetClientRect
PtInRect
SendMessageW
DestroyWindow
SetCursor
LoadImageW
DestroyAcceleratorTable
ShowWindow
CallWindowProcW
CharNextW
LoadStringW
CharPrevW
wvsprintfW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
IsWindow
CopyRect
MapWindowPoints
EqualRect
ReleaseDC
GetDC
SystemParametersInfoW
GetWindowRect
GetParent
IntersectRect
PostMessageW
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetDesktopWindow
InvalidateRect
SetFocus
GetFocus
IsChild
advapi32
RegQueryValueW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptAcquireContextW
RegQueryValueExW
RegSetValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
gdi32
DeleteDC
CreateCompatibleDC
SelectObject
CreateDIBitmap
DeleteMetaFile
CloseMetaFile
GetDeviceCaps
SetWindowOrgEx
SaveDC
SetWindowExtEx
CreateMetaFileW
CreateRectRgnIndirect
CreateSolidBrush
DeleteObject
RestoreDC
shlwapi
UrlIsW
PathCreateFromUrlW
rpcrt4
NdrCStdStubBuffer_Release
NdrStubForwardingFunction
NdrDllCanUnloadNow
IUnknown_AddRef_Proxy
NdrOleFree
IUnknown_Release_Proxy
NdrOleAllocate
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_Invoke
NdrClientCall3
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
slc
SLGetWindowsInformationDWORD
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 266KB - Virtual size: 270KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 314KB - Virtual size: 314KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/AppxSip/deploymentcsps.dll.dll windows:10 windows x64 arch:x64
2e29e86a1a3973521736ecbfb4f9b5b5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
deploymentcsps.pdb
Imports
msvcrt
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
__dllonexit
_vsnwprintf
memcpy_s
_unlock
_lock
_XcptFilter
_onexit
free
malloc
wcsncpy_s
_CxxThrowException
__C_specific_handler
_purecall
??_V@YAXPEAX@Z
__CxxFrameHandler3
_initterm
_amsg_exit
memcpy
memmove
_errno
realloc
??3@YAXPEAX@Z
_wcsicmp
_vsnprintf
wcschr
_wcsnicmp
toupper
??1type_info@@UEAA@XZ
memset
ntdll
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeHeap
oleaut32
SysAllocString
VarUI4FromStr
VariantInit
SysFreeString
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleW
LoadLibraryExW
FindResourceExW
GetModuleFileNameW
FreeLibrary
GetModuleFileNameA
LoadResource
DisableThreadLibraryCalls
GetProcAddress
SizeofResource
api-ms-win-core-com-l1-1-0
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegGetValueW
RegEnumKeyExW
api-ms-win-core-synch-l1-1-0
AcquireSRWLockExclusive
DeleteCriticalSection
ReleaseSRWLockExclusive
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventSetInformation
EventProviderEnabled
EventRegister
EventWriteTransfer
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
CreateProcessW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
wdscore
CurrentIP
ConstructPartialMsgVW
WdsTerminate
WdsSetupLogMessageW
WdsInitialize
api-ms-win-core-heap-l2-1-0
LocalAlloc
api-ms-win-core-file-l1-1-0
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 992B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/AppxSip/devenum.dll.dll regsvr32 windows:10 windows x64 arch:x64
4c9079c33bef679868c8dc14bf0fe71a
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04-03-2020 18:30Not After03-03-2021 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1cSigner
Actual PE Digest6f:9e:99:aa:cf:23:07:0a:2d:84:76:5f:a8:29:7f:7f:a9:06:5a:9a:c4:e4:91:14:01:d7:c1:31:9f:48:ee:1cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
devenum.pdb
Imports
msvcrt
__C_specific_handler
memcpy
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_purecall
malloc
free
realloc
memcpy_s
_vsnwprintf
memset
kernel32
HeapDestroy
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
DebugBreak
lstrcmpiW
HeapAlloc
IsDebuggerPresent
GetVersionExW
DisableThreadLibraryCalls
CompareStringW
lstrlenW
lstrcmpW
CreateMutexW
LocalAlloc
LocalFree
OpenMutexW
CompareStringOrdinal
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
MultiByteToWideChar
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleExW
lstrcpynW
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
SizeofResource
GetModuleFileNameA
LoadLibraryExW
user32
CharNextW
LoadStringW
advapi32
RegDeleteKeyW
RegGetValueW
RegEnumKeyW
SetEntriesInAclW
ConvertSidToStringSidW
SetSecurityDescriptorDacl
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
IsValidSid
RegSetValueExW
OpenProcessToken
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
RegQueryValueExW
GetTokenInformation
RegCreateKeyExW
CopySid
ole32
PropVariantClear
CreateAntiMoniker
IIDFromString
StringFromGUID2
CreateBindCtx
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
oleaut32
SafeArrayAccessData
SafeArrayCreate
VariantClear
SysAllocString
VarI4FromStr
SysFreeString
VariantInit
SafeArrayUnaccessData
winmm
waveOutMessage
waveInGetNumDevs
waveOutGetDevCapsW
waveInMessage
waveInGetDevCapsW
midiOutGetNumDevs
midiOutGetDevCapsW
cfgmgr32
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_PropertyW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_MapCrToWin32Err
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 668B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dsreg/dcntel.dll.dll windows:10 windows x64 arch:x64
297a2ad90ecd0a9d6f27b16387dae5ef
Code Sign
33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-09-2021 18:23Not After01-09-2022 18:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37Signer
Actual PE Digesta2:ba:2b:ba:3b:18:07:1d:93:91:91:64:be:09:eb:23:9c:c3:b2:1b:8c:70:be:45:03:52:85:88:56:17:23:37Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dcntel.pdb
Imports
msvcrt
localeconv
strcspn
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
wcscpy_s
__uncaught_exception
___mb_cur_max_func
_ismbblead
abort
memset
_wcsdup
__crtLCMapStringW
_wsetlocale
memcmp
wcsncmp
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@AEBV0@@Z
iswascii
_wtoi
wcstoul
wcscmp
strcmp
wcsstr
_wcslwr
wcscat_s
wcschr
_wcsnicmp
_wtof
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
rand_s
memmove
memcpy
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
strcpy_s
__C_specific_handler
wcstol
?what@exception@@UEBAPEBDXZ
wcsrchr
_wcsupr
_wcslwr_s
wcstok_s
strchr
_errno
strstr
free
malloc
strnlen
swprintf_s
sprintf_s
_wcsicmp
_vsnprintf
_wcstoui64
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
calloc
_purecall
memcpy_s
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
api-ms-win-core-libraryloader-l1-2-0
GetModuleHandleExA
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
CreateEventW
OpenWaitableTimerW
CreateEventExW
InitializeCriticalSection
ReleaseSemaphore
CreateMutexExW
LeaveCriticalSection
ReleaseMutex
OpenSemaphoreW
SetEvent
WaitForSingleObject
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
EnterCriticalSection
SetWaitableTimer
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
api-ms-win-core-heap-l1-1-0
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
RaiseException
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
ExitProcess
GetCurrentProcess
OpenThreadToken
CreateThread
OpenProcessToken
SetThreadToken
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
TerminateThread
api-ms-win-core-localization-l1-2-0
GetUserGeoID
GetUserPreferredUILanguages
GetSystemPreferredUILanguages
GetLocaleInfoEx
FormatMessageW
GetLocaleInfoW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringA
DebugBreak
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-version-l1-1-1
GetFileVersionInfoSizeW
GetFileVersionInfoW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoCreateInstance
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CoCreateFreeThreadedMarshaler
PropVariantClear
CoSetProxyBlanket
CoWaitForMultipleHandles
CoTaskMemFree
oleaut32
VariantTimeToSystemTime
VariantInit
SysAllocString
SafeArrayGetElement
VariantClear
SysStringLen
SysFreeString
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventWriteTransfer
api-ms-win-power-base-l1-1-0
CallNtPowerInformation
api-ms-win-core-file-l1-1-0
DeleteFileW
GetTempFileNameW
GetVolumePathNameW
FindFirstFileW
GetFileAttributesW
WriteFile
ReadFile
GetLogicalDrives
GetDriveTypeW
FindClose
CreateFileW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-security-base-l1-1-0
CheckTokenMembership
AllocateAndInitializeSid
DuplicateTokenEx
FreeSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetTokenInformation
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorOwner
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
StartTraceW
api-ms-win-eventing-consumer-l1-1-0
ProcessTrace
OpenTraceW
CloseTrace
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-sysinfo-l1-2-0
GetSystemFirmwareTable
VerSetConditionMask
GetProductInfo
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryInfoKeyW
RegLoadKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
RegFlushKey
RegDeleteTreeW
RegSetKeySecurity
RegSaveKeyExW
RegLoadAppKeyW
RegCloseKey
RegGetValueW
RegDeleteKeyExW
RegUnLoadKeyW
rpcrt4
UuidCreate
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
ExpandEnvironmentStringsW
api-ms-win-core-realtime-l1-1-0
QueryThreadCycleTime
api-ms-win-core-sysinfo-l1-1-0
GetSystemDirectoryW
GetComputerNameExW
GetSystemWindowsDirectoryW
GetVersionExW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GetSystemTime
GetLogicalProcessorInformationEx
GetSystemInfo
api-ms-win-core-heap-l2-1-0
LocalFree
GlobalFree
LocalAlloc
logoncli
DsGetDcNameW
bcrypt
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
crypt32
CryptBinaryToStringW
netutils
NetApiBufferFree
api-ms-win-core-winrt-l1-1-0
RoInitialize
RoGetActivationFactory
RoUninitialize
RoActivateInstance
api-ms-win-core-processthreads-l1-1-1
GetProcessMitigationPolicy
IsProcessorFeaturePresent
api-ms-win-core-winrt-error-l1-1-0
SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-sysinfo-l1-2-1
GetPhysicallyInstalledSystemMemory
iphlpapi
GetAdaptersInfo
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-shlwapi-legacy-l1-1-0
PathFileExistsW
api-ms-win-eventing-legacy-l1-1-0
EnableTrace
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
api-ms-win-core-localization-obsolete-l1-2-0
GetSystemDefaultUILanguage
EnumUILanguagesW
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrChrW
api-ms-win-core-processtopology-obsolete-l1-1-0
GetActiveProcessorCount
api-ms-win-shcore-stream-l1-1-0
SHCreateStreamOnFileEx
ntdll
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
RtlRandomEx
RtlStringFromGUID
RtlDosPathNameToRelativeNtPathName_U
NtLoadKeyEx
RtlReleaseRelativeName
RtlAllocateAndInitializeSid
RtlFreeSid
RtlAdjustPrivilege
NtQueryKey
NtQueryLicenseValue
RtlCompareMemory
NtQuerySecurityPolicy
NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetDeviceFamilyInfoEnum
WinSqmIsOptedInEx
NtPowerInformation
RtlFreeUnicodeString
RtlInitUnicodeString
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
RegDeleteKeyValueW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-synch-l1-2-1
CreateSemaphoreW
CreateWaitableTimerW
api-ms-win-core-memory-l1-1-0
VirtualFree
VirtualAlloc
api-ms-win-eventing-classicprovider-l1-1-0
TraceMessage
winhttp
WinHttpGetDefaultProxyConfiguration
WinHttpReadData
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetCredentials
api-ms-win-security-credentials-l1-1-0
CredFree
CredReadW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
RegDeleteKeyW
api-ms-win-security-provider-l1-1-0
SetEntriesInAclW
api-ms-win-core-kernel32-legacy-l1-1-0
WTSGetActiveConsoleSessionId
Exports
Exports
GetCensusPropertyAlloc
GetCensusRegistryLocation
RunSystemContextCensus
RunUserContextCensus
SetCustomTrigger
SetCustomTriggerEx
SysprepCleanupEnableCustomTrigger
Sections
.text Size: 524KB - Virtual size: 521KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 192KB - Virtual size: 190KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 984B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dsreg/dsound.dll.dll windows:10 windows x64 arch:x64
7257aa932ac77b1d2e29b45383b4e0a6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dsound.pdb
Imports
msvcrt
_lock
_controlfp
__CxxFrameHandler3
_unlock
free
_vsnprintf
_aligned_free
_onexit
malloc
sqrtf
_initterm
_vsnwprintf
_XcptFilter
__dllonexit
_aligned_malloc
__C_specific_handler
_isnan
memcpy_s
_amsg_exit
atan2
atan2f
ceil
cos
cosf
floor
floorf
log
log10
logf
memcmp
memcpy
memmove
memset
pow
powf
sin
sqrt
tan
api-ms-win-core-file-l1-1-0
CreateFileW
ReadFile
GetFileSize
GetFullPathNameW
SetFilePointer
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
LoadStringW
GetProcAddress
LoadLibraryExA
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
api-ms-win-core-string-l2-1-0
CharUpperW
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapDestroy
GetProcessHeap
HeapFree
HeapCreate
HeapSize
api-ms-win-core-processthreads-l1-1-0
SetThreadPriority
GetCurrentThreadId
GetCurrentProcessId
GetExitCodeThread
GetCurrentProcess
GetCurrentThread
GetProcessTimes
TerminateProcess
SwitchToThread
CreateThread
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryA
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
api-ms-win-core-registry-l2-1-0
RegCreateKeyA
RegCreateKeyW
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceMessage
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
CreateMutexW
InitializeCriticalSection
SetEvent
EnterCriticalSection
ResetEvent
DeleteCriticalSection
ReleaseMutex
CreateMutexExW
CreateSemaphoreExW
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventW
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-kernel32-legacy-l1-1-0
GetSystemPowerStatus
api-ms-win-power-setting-l1-1-0
PowerReadACValue
PowerGetActiveScheme
PowerReadDCValue
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
OutputDebugStringA
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister
api-ms-win-core-synch-l1-2-0
InitOnceComplete
Sleep
InitOnceBeginInitialize
api-ms-win-mm-time-l1-1-0
timeEndPeriod
timeBeginPeriod
timeGetTime
api-ms-win-core-com-l1-1-0
CoCreateInstance
PropVariantClear
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CLSIDFromString
api-ms-win-core-processthreads-l1-1-1
OpenProcess
GetThreadTimes
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-memory-l1-1-0
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
api-ms-win-core-largeinteger-l1-1-0
MulDiv
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount
api-ms-win-power-base-l1-1-0
CallNtPowerInformation
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-mm-mme-l1-1-0
waveInGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID
Sections
.text Size: 371KB - Virtual size: 370KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
RT_CODE Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 201KB - Virtual size: 200KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dsreg/dsreg.dll.dll windows:10 windows x64 arch:x64
1cac4312a6dde042a044bb0a45c42d48
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05-05-2022 19:23Not After04-05-2023 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d8:be:18:66:a8:60:db:d1:00:3f:ed:d8:d2:23:25:60:b2:dd:63:a1:d6:7c:43:db:fa:4a:cc:87:f9:0f:95:8bSigner
Actual PE Digestd8:be:18:66:a8:60:db:d1:00:3f:ed:d8:d2:23:25:60:b2:dd:63:a1:d6:7c:43:db:fa:4a:cc:87:f9:0f:95:8bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dsreg.pdb
Imports
msvcrt
memcpy
memmove
free
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
strchr
realloc
_wfopen_s
towupper
swprintf_s
wcsncpy
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetwc
fgetc
ungetwc
fputwc
fclose
fflush
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
getchar
fwprintf_s
wprintf
wcstok_s
wcsncmp
wcsncpy_s
_wcserror
wcsrchr
memcmp
wcsnlen
wcscpy_s
wcscspn
swprintf
wcschr
difftime
isdigit
strtol
isxdigit
isalpha
_wtof
_wcslwr
?what@exception@@UEBAPEBDXZ
_snwprintf_s
memset
_onexit
wcsstr
_wcsicmp
_wcsnicmp
__dllonexit
time
swscanf
_unlock
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_lock
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
_initterm
__CxxFrameHandler3
_amsg_exit
_XcptFilter
_callnewh
toupper
malloc
_CxxThrowException
wcscmp
api-ms-win-core-synch-l1-2-0
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
TerminateProcess
ExitThread
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
GetCurrentProcessId
CreateThread
api-ms-win-core-sysinfo-l1-1-0
GetComputerNameExW
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0
RaiseException
GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
msvcp110_win
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?widen@?$ctype@G@std@@QEBAGD@Z
?_Add_vtordisp2@?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAAXXZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??_7facet@locale@std@@6B@
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??_7_Facet_base@std@@6B@
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
_Wcsxfrm
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
_Wcscoll
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?id@?$collate@G@std@@2V0locale@2@A
?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_BADOFF@std@@3_JB
??0_Locinfo@std@@QEAA@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@GDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAG3AEAPEAG@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
??1_Locinfo@std@@QEAA@XZ
?_Add_vtordisp1@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Winerror_map@std@@YAPEBDH@Z
?out@?$codecvt@GDH@std@@QEBAHAEAHPEBG1AEAPEBGPEAD3AEAPEAD@Z
?unshift@?$codecvt@GDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?_Getcat@?$codecvt@GDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?_Add_vtordisp1@?$basic_istream@GU?$char_traits@G@std@@@std@@UEAAXXZ
??1?$basic_istream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?_Add_vtordisp2@?$basic_ios@GU?$char_traits@G@std@@@std@@UEAAXXZ
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
?clear@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXXZ
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
?uncaught_exception@std@@YA_NXZ
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Incref@facet@locale@std@@UEAAXXZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventProviderEnabled
EventActivityIdControl
EventWriteTransfer
EventSetInformation
EventRegister
api-ms-win-core-libraryloader-l1-2-0
LoadStringW
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
api-ms-win-core-synch-l1-1-0
ResetEvent
ReleaseMutex
SetEvent
OpenMutexW
CreateEventExW
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
DeleteCriticalSection
WaitForSingleObject
CreateMutexExW
LeaveCriticalSection
CreateMutexW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapReAlloc
HeapFree
HeapAlloc
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-security-sddl-l1-1-0
ConvertSidToStringSidW
ConvertStringSidToSidW
rpcrt4
UuidCompare
UuidIsNil
UuidFromStringW
UuidCreate
RpcBindingCreateW
RpcStringFreeW
UuidToStringW
RpcBindingBind
RpcBindingFree
I_RpcExceptionFilter
NdrClientCall3
I_RpcMapWin32Status
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
GlobalFree
api-ms-win-security-lsalookup-l2-1-0
LookupAccountSidW
LookupPrivilegeValueW
api-ms-win-security-base-l1-1-0
GetTokenInformation
AdjustTokenPrivileges
GetLengthSid
DuplicateToken
IsValidSid
CheckTokenMembership
CopySid
EqualSid
AllocateAndInitializeSid
FreeSid
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegOpenCurrentUser
RegDeleteTreeW
RegOpenKeyExW
RegCreateKeyExW
RegFlushKey
RegGetValueW
RegEnumKeyExW
RegCloseKey
RegLoadKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyExW
RegUnLoadKeyW
RegQueryValueExW
api-ms-win-core-com-l1-1-0
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoTaskMemFree
StringFromCLSID
api-ms-win-core-winrt-string-l1-1-0
WindowsGetStringRawBuffer
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance
ntdll
RtlGetVersion
RtlPublishWnfStateData
RtlNtStatusToDosError
RtlIsMultiSessionSku
RtlGetDeviceFamilyInfoEnum
RtlGetPersistedStateLocation
api-ms-win-security-cryptoapi-l1-1-0
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptDestroyHash
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrStrIW
StrRStrIW
StrChrNW
api-ms-win-core-string-l1-1-0
CompareStringW
CompareStringEx
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-security-lsalookup-l1-1-2
LsaLookupUserAccountType
api-ms-win-core-registry-l1-1-1
RegSetKeyValueW
api-ms-win-core-file-l1-1-0
CompareFileTime
DeleteFileW
GetTempFileNameW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
oleaut32
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
VariantInit
SysFreeString
SysAllocString
SafeArrayDestroy
api-ms-win-core-console-l1-2-0
FreeConsole
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DsrBeginDelegatedWorkplaceJoin
DsrBeginDeviceAndResourceAccountJoin
DsrBeginDeviceJoin
DsrBeginDeviceUnjoin
DsrBeginDeviceUpdate
DsrBeginDiscover
DsrBeginPreprovisionedDeviceJoin
DsrBeginRecovery
DsrBeginWorkplaceJoin
DsrBeginWorkplaceUnjoin
DsrBeginWorkplaceUpdate
DsrCLI
DsrCanCurrentUserProvisionNgcKey
DsrCanCurrentUserResetNgcKey
DsrDeviceHostNameUpdate
DsrEndRecovery
DsrFreeCxhScenarioInfo
DsrFreeDiscoveryMetadata
DsrFreeJoinInfo
DsrFreeJoinInfoEx
DsrGetCurrentUserNgcProvisionStatus
DsrGetCxhScenarioInfo
DsrGetDomainRegistrationData
DsrGetJoinInfo
DsrGetJoinInfoEx
DsrGetPrtAuthorityInfo
DsrGetResourceAccount
DsrIsDeviceJoined
DsrIsDeviceJoinedEx
DsrIsWorkplaceJoined
DsrSaveDeviceTokenProperties
DsrSaveWorkplaceTokenProperties
DsrWriteAutoJoinSvcAdminEvent
DsrWriteAutoJoinSvcDebugEvent
DsrWriteAutoJoinSvcTriggerEvent
FidoDeregisterKey
FidoRegisterKey
NgcDeregisterKey
NgcGetKeyId
NgcGetLogonCertPolicy
NgcGetStatistics
NgcIncrementPinRetryAttempts
NgcNeedProvision
NgcNeedProvisionForAccount
NgcReadRegistryValue
NgcRegisterKey
NgcResetPinRetryAttempts
NgcUpdateCertEnrollStatistics
NgcUpdateStatistics
Sections
.text Size: 716KB - Virtual size: 716KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 458KB - Virtual size: 457KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 90KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/dsreg/sensrsvc.dll.dll windows:10 windows x64 arch:x64
7980291b053dc0ce2145ce6b777cd2ca
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SensrSvc.pdb
Imports
msvcrt
memcpy
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__dllonexit
_callnewh
_onexit
_purecall
malloc
memset
free
memmove_s
_vsnwprintf
memcpy_s
__C_specific_handler
memcmp
acosf
atan2f
sqrtf
oleaut32
SysFreeString
SysAllocString
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventSetInformation
EventRegister
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
GetTraceLoggerHandle
GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
wpprecorderum
WppAutoLogStart
WppAutoLogStop
WppAutoLogTrace
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException
UnhandledExceptionFilter
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseMutex
EnterCriticalSection
ReleaseSRWLockShared
InitializeCriticalSectionEx
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
WaitForSingleObject
CreateMutexExW
WaitForSingleObjectEx
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockExclusive
OpenSemaphoreW
SetEvent
api-ms-win-core-handle-l1-1-0
CloseHandle
propsys
PropVariantToUInt32
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
CreateThread
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
FreeLibrary
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-com-l1-1-0
CoUninitialize
CoCreateGuid
PropVariantClear
CoCreateInstance
StringFromGUID2
CoInitializeEx
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
UnregisterWait
api-ms-win-ntuser-sysparams-l1-1-0
EnumDisplaySettingsW
GetSystemMetrics
api-ms-win-core-synch-l1-2-0
InitOnceComplete
InitOnceBeginInitialize
Sleep
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-1
WaitForMultipleObjects
api-ms-win-core-processthreads-l1-1-2
SetProtectedPolicy
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-rtcore-ntuser-powermanagement-l1-1-0
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
ntdll
RtlInitUnicodeString
NtQuerySystemInformation
api-ms-win-core-sysinfo-l1-2-0
GetSystemFirmwareTable
Exports
Exports
ServiceCtrlHandler
ServiceMain
Sections
.text Size: 142KB - Virtual size: 141KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/netprofm/TapiSysprep.dll.dll windows:10 windows x64 arch:x64
397bc475fccba616c4c1b87402a4b3b1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
tapisysprep.pdb
Imports
msvcrt
_amsg_exit
__C_specific_handler
_initterm
malloc
free
_XcptFilter
advapi32
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
shlwapi
SHDeleteKeyW
wdscore
WdsSetupLogMessageW
CurrentIP
ConstructPartialMsgVW
kernel32
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetTickCount
Sleep
GetLastError
GetCurrentProcessId
Exports
Exports
TapiSysPrepClean
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/netprofm/netprofm.dll.dll regsvr32 windows:10 windows x64 arch:x64
affb8b2ee176e881ad572d4ee006ac27
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
netprofm.pdb
Imports
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
memmove
_o_calloc
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__cexit
_o___stdio_common_vsnprintf_s
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__configure_narrow_argv
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleFileNameW
api-ms-win-core-synch-l1-1-0
CreateSemaphoreExW
InitializeCriticalSectionEx
OpenSemaphoreW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
LeaveCriticalSection
WaitForSingleObject
ReleaseSRWLockExclusive
ResetEvent
SetEvent
ReleaseMutex
CreateEventW
CreateMutexExW
InitializeCriticalSection
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForSingleObjectEx
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
CreateThread
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-provider-l1-1-0
EventSetInformation
EventRegister
EventWriteTransfer
EventUnregister
EventProviderEnabled
EventActivityIdControl
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegCloseKey
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyW
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
CreateTimerQueueTimer
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 158KB - Virtual size: 158KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 328B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/netprofm/rpcnsh.dll.dll windows:10 windows x64 arch:x64
00ce5d3d7014818cc40866bdfd22be77
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
rpcnsh.pdb
Imports
msvcrt
_wtoi
atol
memcpy
_initterm
_amsg_exit
_XcptFilter
free
_callnewh
malloc
wcsrchr
printf
swscanf
_wcsicmp
_vsnprintf
__C_specific_handler
memset
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmIsOptedIn
netsh.exe
RegisterContext
RegisterHelper
MatchToken
PrintMessage
PrintError
PreprocessCommand
PrintMessageFromModule
ws2_32
WSAStartup
WSAStringToAddressW
WSAGetLastError
inet_ntoa
inet_pton
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegSetValueExA
RegCloseKey
RegGetValueA
RegCreateKeyExA
RegDeleteKeyExA
RegOpenKeyExA
iphlpapi
GetIfEntry
GetIpAddrTable
kernel32
GetCurrentProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
GetLastError
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
LocalFree
UnhandledExceptionFilter
rpcrt4
UuidCreateSequential
UuidCreateNil
UuidIsNil
UuidEqual
fwpuclnt
FwpmFilterDeleteByKey0
FwpmEngineOpen0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmEngineClose0
FwpmFreeMemory0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0
Exports
Exports
InitHelperDll
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/netprofm/socialapis.dll.dll windows:10 windows x64 arch:x64
d9b95dc964953cd6b1c3f52ff54556e6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SocialApis.pdb
Imports
msvcrt
_unlock
_onexit
_errno
_initterm
__C_specific_handler
_lock
__dllonexit
_amsg_exit
_XcptFilter
_callnewh
realloc
_purecall
memmove_s
wcsncpy_s
malloc
free
memcpy_s
__CxxFrameHandler3
memset
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
api-ms-win-core-synch-l1-2-0
InitOnceExecuteOnce
Sleep
api-ms-win-core-synch-l1-1-0
AcquireSRWLockShared
InitializeSRWLock
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DeleteCriticalSection
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-errorhandling-l1-1-0
GetLastError
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-threadpool-l1-2-0
SubmitThreadpoolWork
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
api-ms-win-security-base-l1-1-0
GetTokenInformation
RevertToSelf
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentThread
SetThreadToken
GetCurrentProcessId
TerminateProcess
api-ms-win-core-processthreads-l1-1-1
OpenProcess
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
Sections
.text Size: 85KB - Virtual size: 85KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 296B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/pcwum/AppxSip.dll.dll regsvr32 windows:10 windows x64 arch:x64
e06fe0d53e5834d5eeea2d913edb0995
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
AppxSip.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__register_onexit_function
_o__seh_filter_dll
_o__strnicmp
memmove
_o__wcsicmp
_o_free
_o_malloc
_o_qsort
_o_wcscpy_s
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o__cexit
_o___stdio_common_vswprintf
wcschr
wcsstr
_o__callnewh
_o__crt_atexit
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__configure_narrow_argv
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsrchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
wcscmp
wcsncmp
api-ms-win-core-errorhandling-l1-1-0
RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
api-ms-win-core-util-l1-1-0
DecodePointer
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-processthreads-l1-1-0
OpenThreadToken
GetCurrentThread
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
TlsAlloc
TlsGetValue
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetVersionExW
GetLocalTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-1-0
FindStringOrdinal
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryExA
LoadResource
LockResource
SizeofResource
ntdll
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlReportException
NtQuerySystemInformation
RtlEnterCriticalSection
RtlSetLastWin32Error
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlEnumerateGenericTableWithoutSplayingAvl
RtlNtStatusToDosError
RtlInitUnicodeString
RtlLeaveCriticalSection
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-1-0
CreateFileW
DeleteFileW
DeleteFileA
GetFullPathNameW
GetFileAttributesW
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
CompareStringOrdinal
CompareStringEx
api-ms-win-core-url-l1-1-0
PathIsURLW
api-ms-win-core-registry-l1-1-0
RegGetValueW
api-ms-win-core-processenvironment-l1-1-0
GetEnvironmentVariableW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
opcservices
ord12
ord8
ord16
ord15
api-ms-win-core-kernel32-legacy-l1-1-0
CopyFileW
FindResourceW
FileTimeToDosDateTime
DosDateTimeToFileTime
api-ms-win-core-file-l2-1-0
ReplaceFileW
MoveFileExW
api-ms-win-core-localization-obsolete-l1-2-0
CompareStringA
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateLoggedOnUser
Exports
Exports
AppxBundleSipCreateIndirectData
AppxBundleSipGetSignedDataMsg
AppxBundleSipIsFileSupportedName
AppxBundleSipPutSignedDataMsg
AppxBundleSipRemoveSignedDataMsg
AppxBundleSipVerifyIndirectData
AppxSipCreateIndirectData
AppxSipGetSignedDataMsg
AppxSipIsFileSupportedName
AppxSipPutSignedDataMsg
AppxSipRemoveSignedDataMsg
AppxSipVerifyIndirectData
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer
EappxBundleSipCreateIndirectData
EappxBundleSipGetSignedDataMsg
EappxBundleSipIsFileSupportedName
EappxBundleSipPutSignedDataMsg
EappxBundleSipRemoveSignedDataMsg
EappxBundleSipVerifyIndirectData
EappxSipCreateIndirectData
EappxSipGetSignedDataMsg
EappxSipIsFileSupportedName
EappxSipPutSignedDataMsg
EappxSipRemoveSignedDataMsg
EappxSipVerifyIndirectData
P7xSipCreateIndirectData
P7xSipGetSignedDataMsg
P7xSipIsFileSupportedName
P7xSipPutSignedDataMsg
P7xSipRemoveSignedDataMsg
P7xSipVerifyIndirectData
Sections
.text Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 440B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 832B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/pcwum/asferror.dll.dll windows:10 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/pcwum/pcwum.dll.dll windows:10 windows x64 arch:x64
Code Sign
33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02-05-2019 21:24Not After02-05-2020 21:24SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
89:70:f2:2d:e4:70:53:01:c8:9d:3a:40:1d:b6:c8:7f:77:5e:4f:34:e7:c7:93:57:53:a7:57:86:58:2a:80:b2Signer
Actual PE Digest89:70:f2:2d:e4:70:53:01:c8:9d:3a:40:1d:b6:c8:7f:77:5e:4f:34:e7:c7:93:57:53:a7:57:86:58:2a:80:b2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pcwum.pdb
Exports
Exports
PcwAddQueryItem
PcwClearCounterSetSecurity
PcwCollectData
PcwCompleteNotification
PcwCreateNotifier
PcwCreateQuery
PcwDisconnectCounterSet
PcwEnumerateInstances
PcwIsNotifierAlive
PcwQueryCounterSetSecurity
PcwReadNotificationData
PcwRegisterCounterSet
PcwRemoveQueryItem
PcwSendNotification
PcwSendStatelessNotification
PcwSetCounterSetSecurity
PcwSetQueryItemUserData
PerfCreateInstance
PerfDecrementULongCounterValue
PerfDecrementULongLongCounterValue
PerfDeleteInstance
PerfIncrementULongCounterValue
PerfIncrementULongLongCounterValue
PerfQueryInstance
PerfSetCounterRefValue
PerfSetCounterSetInfo
PerfSetULongCounterValue
PerfSetULongLongCounterValue
PerfStartProvider
PerfStartProviderEx
PerfStopProvider
Sections
.rdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/pcwum/pdhui.dll.dll windows:10 windows x64 arch:x64
aede04ec0542987e57567a203b6b82c7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
pdhui.pdb
Imports
api-ms-win-crt-string-l1-1-0
wcsnlen
memset
strnlen
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__ltow_s
_o__seh_filter_dll
memcpy
_o_free
_o_malloc
_o_towlower
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
kernel32
GetModuleFileNameA
ActivateActCtx
WaitForSingleObject
CreateActCtxA
DeactivateActCtx
FormatMessageW
GetLastError
GetComputerNameW
LoadLibraryW
FreeLibrary
ReleaseActCtx
SetLastError
CompareStringOrdinal
CancelSynchronousIo
CreateThread
CloseHandle
GlobalUnlock
SearchPathW
MultiByteToWideChar
GetWindowsDirectoryW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GlobalLock
DisableThreadLibraryCalls
InitializeSListHead
comdlg32
GetOpenFileNameW
user32
DialogBoxParamW
LoadStringW
MessageBoxW
GetWindowTextW
EnableWindow
ReleaseDC
RegisterClipboardFormatA
GetWindowTextLengthA
GetDlgItem
GetClientRect
SetCursor
EndDeferWindowPos
SendMessageA
SetFocus
MoveWindow
IsWindowEnabled
SendDlgItemMessageW
SetWindowTextA
MapWindowPoints
BeginDeferWindowPos
ShowWindow
GetWindowLongPtrW
MessageBeep
SetWindowTextW
GetSystemMetrics
EndDialog
SendMessageW
SetWindowLongPtrW
SetWindowPos
GetDC
LoadCursorA
IsDlgButtonChecked
GetDlgCtrlID
CheckRadioButton
GetFocus
GetWindow
DeferWindowPos
WinHelpW
GetWindowRect
gdi32
GetTextExtentPoint32W
ole32
CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium
pdh
PdhOpenLogA
PdhCloseLog
PdhConnectMachineW
PdhParseCounterPathW
PdhParseInstanceNameW
PdhEnumMachinesHW
PdhExpandCounterPathW
PdhEnumObjectsHW
PdhEnumObjectItemsHW
PdhParseCounterPathA
PdhMakeCounterPathW
PdhGetDefaultPerfObjectHW
PdhGetExplainText
PdhOpenLogW
Exports
Exports
PdhUiBrowseCountersA
PdhUiBrowseCountersExA
PdhUiBrowseCountersExHA
PdhUiBrowseCountersExHW
PdhUiBrowseCountersExW
PdhUiBrowseCountersHA
PdhUiBrowseCountersHW
PdhUiBrowseCountersW
PdhUiSelectDataSourceA
PdhUiSelectDataSourceW
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 84B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/setup.msi.msi
-
__x64___setup___x32__/wcimage/SEMgrPS.dll.dll windows:10 windows x64 arch:x64
7dcc2d309d96727b06e1bbb65b6597f9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SEMgrPS.pdb
Imports
msvcrt
__C_specific_handler
malloc
_initterm
free
_amsg_exit
_XcptFilter
rpcrt4
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrStubCall3
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
api-ms-win-core-winrt-string-l1-1-0
HSTRING_UserUnmarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserFree
HSTRING_UserMarshal64
HSTRING_UserUnmarshal
HSTRING_UserFree64
HSTRING_UserMarshal
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient7
ObjectStublessClient15
NdrProxyForwardingFunction23
ObjectStublessClient6
ObjectStublessClient8
ObjectStublessClient9
NdrProxyForwardingFunction21
ObjectStublessClient3
ObjectStublessClient10
ObjectStublessClient5
ObjectStublessClient11
ObjectStublessClient14
ObjectStublessClient12
ObjectStublessClient30
ObjectStublessClient16
NdrProxyForwardingFunction9
ObjectStublessClient18
NdrProxyForwardingFunction11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction29
NdrProxyForwardingFunction12
ObjectStublessClient4
NdrProxyForwardingFunction10
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction6
CStdStubBuffer2_Disconnect
CStdStubBuffer2_QueryInterface
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
ObjectStublessClient13
CStdStubBuffer2_Connect
ObjectStublessClient22
ObjectStublessClient27
NdrProxyForwardingFunction19
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient23
ObjectStublessClient19
ObjectStublessClient26
ObjectStublessClient17
ObjectStublessClient29
ObjectStublessClient21
ObjectStublessClient24
ObjectStublessClient25
NdrProxyForwardingFunction27
NdrProxyForwardingFunction26
NdrProxyForwardingFunction24
NdrProxyForwardingFunction18
NdrProxyForwardingFunction22
NdrProxyForwardingFunction17
NdrProxyForwardingFunction14
ObjectStublessClient31
NdrProxyForwardingFunction15
NdrProxyForwardingFunction20
NdrProxyForwardingFunction28
NdrProxyForwardingFunction8
NdrProxyForwardingFunction16
NdrProxyForwardingFunction25
oleaut32
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserMarshal64
BSTR_UserSize64
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 264B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/wcimage/SensorsApi.dll.dll regsvr32 windows:10 windows x64 arch:x64
93f00183f6b2824f35a5ab3c1bf4de20
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SensorsApi.pdb
Imports
api-ms-win-crt-string-l1-1-0
memmove_s
wcsncmp
memset
wcscmp
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_calloc
_o_free
_o_malloc
_o_strncat_s
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
wcsrchr
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__C_specific_handler
__CxxFrameHandler4
memcmp
memcpy
rpcrt4
CStdStubBuffer_AddRef
CStdStubBuffer_Invoke
IUnknown_Release_Proxy
NdrClientCall3
NdrDllUnregisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
I_RpcExceptionFilter
RpcBindingFree
RpcBindingBind
RpcBindingCreateW
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
NdrOleFree
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient8
ObjectStublessClient16
ObjectStublessClient14
ObjectStublessClient3
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient10
ObjectStublessClient15
ObjectStublessClient17
ObjectStublessClient13
ObjectStublessClient5
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
LoadLibraryExW
DisableThreadLibraryCalls
GetModuleHandleExW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
api-ms-win-core-localization-l1-2-0
FormatMessageW
GetThreadLocale
SetThreadLocale
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
InitOnceComplete
InitOnceBeginInitialize
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
api-ms-win-core-synch-l1-1-0
EnterCriticalSection
DeleteCriticalSection
CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
CreateEventW
WaitForSingleObjectEx
ReleaseSemaphore
ResetEvent
InitializeCriticalSectionEx
AcquireSRWLockShared
WaitForMultipleObjectsEx
CreateEventExW
ReleaseMutex
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeSRWLock
api-ms-win-core-heap-l1-1-0
HeapDestroy
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
RaiseException
api-ms-win-eventing-provider-l1-1-0
EventProviderEnabled
EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess
CreateThread
OpenProcessToken
GetCurrentProcess
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
SetRestrictedErrorInfo
api-ms-win-core-util-l1-1-0
DecodePointer
api-ms-win-core-file-l1-1-0
CreateFileW
ReadFile
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-processthreads-l1-1-1
OpenProcess
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-shcore-unicodeansi-l1-1-0
SHAnsiToUnicode
user32
DispatchMessageW
LoadStringW
LoadCursorW
SetCursor
TranslateMessage
PostQuitMessage
PeekMessageW
DialogBoxParamW
EndDialog
IsWindow
UnregisterClassA
MsgWaitForMultipleObjectsEx
sensorsutilsv2
PropVariantGetInformation
PropKeyFindKeySetPropVariant
PropKeyFindKeyGetFloat
PropKeyFindKeyGetDouble
CollectionsListGetSerializedSize
InitPropVariantFromFloat
PropKeyFindKeyGetPropVariant
CollectionsListCopyAndMarshall
PropKeyFindKeyGetFileTime
PropKeyFindKeyGetUlong
IsKeyPresentInCollectionList
CollectionsListGetMarshalledSize
IsCollectionListSame
PropKeyFindKeyGetGuid
CollectionsListDeserializeFromBuffer
sensorsnativeapi.v2
SensorGetCapabilitiesCollectionV2
SensorOpenByInterfaceV2
SensorCloseV2
SensorStartCollectionV2
SensorStartStateChangeNotificationV2
SensorGetSupportedDataFieldsV2
SensorGetDataCollectionV2
SensorEnableIdleOperationV2
SensorSetDataIntervalV2
SensorSetDataThresholdsV2
SensorGetDataIntervalV2
SensorGetDataThresholdsV2
SensorGetPropertiesV2
SensorGetDataFieldPropertiesV2
SensorStopV2
SensorStopStateChangeNotificationV2
api-ms-win-core-marshal-l1-1-0
HWND_UserSize
HWND_UserSize64
HWND_UserUnmarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
HWND_UserMarshal
HWND_UserFree
HWND_UserFree64
msvcp_win
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
api-ms-win-core-threadpool-l1-2-0
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
CloseThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolTimer
SetThreadpoolThreadMinimum
WaitForThreadpoolTimerCallbacks
SetThreadpoolThreadMaximum
api-ms-win-security-base-l1-1-0
IsWellKnownSid
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
AddAccessAllowedAceEx
InitializeAcl
InitializeSecurityDescriptor
CheckTokenMembership
FreeSid
GetAce
AllocateAndInitializeSid
IsValidSid
AddAce
CopySid
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-winrt-error-l1-1-1
RoGetMatchingRestrictedErrorInfo
api-ms-win-core-psapi-l1-1-0
K32GetModuleBaseNameW
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-io-l1-1-0
GetOverlappedResult
CancelIoEx
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
ntdll
WinSqmIsOptedIn
WinSqmAddToStreamEx
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SensorCloseCOM
SensorEnableIdleOperationCOM
SensorGetAccDataCOM
SensorGetAlsDataCOM
SensorGetAlsDataWithColorCOM
SensorGetBarDataCOM
SensorGetCapabilitiesCollectionCOM
SensorGetDataCollectionCOM
SensorGetDeviceIdCOM
SensorGetFusDataCOM
SensorGetGyrDataCOM
SensorGetMagDataCOM
SensorGetPropertiesCOM
SensorGetPrxDataCOM
SensorGetThresholdsCOM
SensorOpenByInterfaceCOM
SensorPermissionsHandler
SensorPermissionsHandlerA
SensorPermissionsHandlerW
SensorRegisterEventCOM
SensorSetAccThresholdsCOM
SensorSetAlsThresholdsCOM
SensorSetAlsWithColorThresholdsCOM
SensorSetBarThresholdsCOM
SensorSetFusThresholdsCOM
SensorSetGyrThresholdsCOM
SensorSetIntervalCOM
SensorSetMagThresholdsCOM
SensorSetOrientationSensorThresholdsCOM
SensorSetThresholdsCOM
SensorStartCollectionCOM
SensorStopCOM
SensorUnregisterEventCOM
Sections
.text Size: 289KB - Virtual size: 289KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 1024B - Virtual size: 632B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/wcimage/netprofmsvc.dll.dll windows:10 windows x64 arch:x64
ad45623529f9b4402c7d26b5ea54d733
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
netprofmsvc.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
memmove
_o_abort
_o_calloc
_o_free
_o_malloc
_o_strcpy_s
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcstod
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf
memcmp
memcpy
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
api-ms-win-crt-string-l1-1-0
wcsspn
memset
wcspbrk
wcsncmp
wcsnlen
ntdll
RtlIpv4StringToAddressExW
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
EtwEventWriteTransfer
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryWnfStateData
RtlIpv6StringToAddressExW
NtCreateWnfStateName
EtwEventRegister
RtlGetCurrentServiceSessionId
NtDeleteWnfStateName
EtwEventUnregister
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
FindResourceExW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
LoadResource
SizeofResource
FreeResource
LockResource
GetProcAddress
FreeLibrary
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
WaitForSingleObject
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSection
CreateEventW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateSemaphoreExW
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
GetProcessHeap
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
GetLastError
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetProcessId
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
RoOriginateErrorW
RoOriginateError
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer
EventProviderEnabled
api-ms-win-eventing-classicprovider-l1-1-0
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegQueryValueExA
api-ms-win-service-core-l1-1-0
SetServiceStatus
RegisterServiceCtrlHandlerExW
api-ms-win-core-synch-l1-2-0
InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize
api-ms-win-core-util-l1-1-0
EncodePointer
DecodePointer
api-ms-win-core-com-l1-1-0
StringFromGUID2
IIDFromString
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoDisconnectContext
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoGetCallContext
CoImpersonateClient
CoRevertToSelf
CoCreateGuid
CoSetProxyBlanket
api-ms-win-core-winrt-l1-1-0
RoRegisterActivationFactories
RoRevokeActivationFactories
api-ms-win-core-kernel32-legacy-l1-1-0
UnregisterWait
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsIsStringEmpty
WindowsDeleteString
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetTickCount
GetLocalTime
GetSystemDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-service-management-l1-1-0
OpenSCManagerW
OpenServiceW
CloseServiceHandle
api-ms-win-core-threadpool-l1-2-0
TrySubmitThreadpoolCallback
DisassociateCurrentThreadFromCallback
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CreateThreadpoolTimer
CreateThreadpoolWait
CloseThreadpoolTimer
CloseThreadpool
SetThreadpoolThreadMaximum
SubmitThreadpoolWork
SetThreadpoolThreadMinimum
CreateThreadpool
FreeLibraryWhenCallbackReturns
CloseThreadpoolWait
CreateThreadpoolCleanupGroup
SetThreadpoolWait
SetThreadpoolTimer
api-ms-win-security-isolatedcontainer-l1-1-1
IsProcessInWDAGContainer
iphlpapi
ConvertInterfaceIndexToLuid
NotifyUnicastIpAddressChange
CloseGetIPPhysicalInterfaceForDestination
ConvertInterfaceLuidToNameW
ConvertInterfaceGuidToLuid
GetIfEntry2Ex
GetAdaptersAddresses
GetIfEntry2
CancelMibChangeNotify2
GetIfStackTable
FreeMibTable
NotifyRouteChange2
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToGuid
GetSessionCompartmentId
InternalGetIPPhysicalInterfaceForDestination
GetBestInterfaceEx
GetBestInterface
api-ms-win-core-threadpool-legacy-l1-1-0
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
UnregisterWaitEx
CreateTimerQueueTimer
ws2_32
inet_addr
htons
InetNtopW
closesocket
WSAIoctl
WSAGetLastError
WSACleanup
WSAStartup
WSASocketW
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpW
api-ms-win-security-base-l1-1-0
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
GetTokenInformation
wkscli
NetGetJoinInformation
netutils
NetApiBufferFree
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
api-ms-win-core-file-l1-1-0
GetFileAttributesW
GetFileSize
ReadFile
SetFileAttributesW
CreateFileW
WriteFile
DeleteFileW
api-ms-win-core-file-l2-1-2
CopyFileW
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-security-sddl-l1-1-0
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
oleaut32
SysFreeString
VariantClear
SysAllocString
VariantInit
rpcrt4
RpcStringFreeW
UuidToStringW
RpcExceptionFilter
NdrClientCall3
NdrServerCallAll
NdrServerCall2
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFree
RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcStringBindingParseW
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
api-ms-win-core-string-l1-1-0
WideCharToMultiByte
MultiByteToWideChar
dhcpcsvc
DhcpFreeLeaseInfo
DhcpQueryLeaseInfoEx
DhcpIsEnabled
winhttp
WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpReceiveResponse
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpCrackUrl
dnsapi
DnsFlushResolverCache
api-ms-win-service-private-l1-1-0
UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications
api-ms-win-security-grouppolicy-l1-1-0
UnregisterGPNotificationInternal
RegisterGPNotificationInternal
LeaveCriticalPolicySectionInternal
EnterCriticalPolicySectionInternal
api-ms-win-core-threadpool-private-l1-1-0
RegisterWaitForSingleObjectEx
combase
ord66
ord69
ord68
ord67
nlaapi
NlaRegisterQuery
NlaAddToTypeSet
NlaCreateTypeSet
NlaQueryNetSignatures
NlaCreatePluginRequests
NlaAddToPluginRequests
NlaOpenQuery
NlaRefreshQuery
NlaQueryNetDataEx
NlaDeleteTypeSet
NlaCloseQuery
NlaDeleteDataSet
NlaDeletePluginRequests
NlaQueryNetData
winnsi
NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer
NsiRpcRegisterChangeNotification
msvcp_win
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-stateseparation-helpers-l1-1-0
GetPersistedRegistryLocationW
ncsi
NcsiGetWebProbeConfig
Exports
Exports
DllMain
ServiceMain
SvchostPushServiceGlobalsEx
Sections
.text Size: 668KB - Virtual size: 668KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 159KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
__x64___setup___x32__/wcimage/wcimage.dll.dll windows:10 windows x64 arch:x64
f8fb756be0e3bc5854c867138bb76490
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
wcimage.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__seh_filter_dll
memmove
_o__wcsicmp
_o__wcsnicmp
_o_calloc
_o_free
_o_malloc
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
_o_wcstok_s
__C_specific_handler
_o__cexit
_o__aligned_malloc
_o__aligned_free
_o___std_type_info_destroy_list
_o__configure_narrow_argv
wcsrchr
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
wcsncmp
memset
wcsnlen
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
api-ms-win-core-registry-l1-1-0
RegQueryInfoKeyW
RegGetKeySecurity
RegEnumValueW
RegCloseKey
api-ms-win-core-registry-l2-1-0
RegOpenKeyW
RegEnumKeyW
ntdll
RtlUpcaseUnicodeChar
RtlRunOnceComplete
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlRunOnceBeginInitialize
NtOpenFile
RtlNtStatusToDosError
RtlAdjustPrivilege
RtlFreeHeap
NtClose
RtlImpersonateSelf
RtlDosPathNameToNtPathName_U_WithStatus
RtlFreeUnicodeString
NtSetInformationFile
RtlAllocateHeap
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-sysinfo-l1-1-0
GetVersionExW
GetTickCount64
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo
api-ms-win-core-errorhandling-l1-1-0
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
CreateDirectoryW
DeleteFileW
FindFirstFileExW
SetFileInformationByHandle
SetFileAttributesW
GetFinalPathNameByHandleW
WriteFile
ReadFile
RemoveDirectoryW
FindNextFileW
GetFileAttributesW
FlushFileBuffers
GetFileSizeEx
FindClose
CreateFileW
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
LeaveCriticalSection
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
api-ms-win-core-file-l2-1-0
GetFileInformationByHandleEx
CreateHardLinkW
api-ms-win-security-provider-l1-1-0
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l2-1-0
LocalFree
fltlib
FilterConnectCommunicationPort
FilterInstanceClose
FilterLoad
FilterSendMessage
FilterInstanceCreate
FilterDetach
FilterAttach
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeConditionVariable
WakeConditionVariable
Sleep
api-ms-win-core-com-l1-1-0
CoTaskMemFree
api-ms-win-core-path-l1-1-0
PathCchAddBackslash
api-ms-win-core-kernel32-legacy-l1-1-1
SetVolumeMountPointW
api-ms-win-shcore-stream-l1-1-0
SHCreateStreamOnFileW
xmllite
CreateXmlReader
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
TlsGetValue
TlsAlloc
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
TlsFree
CreateThread
GetCurrentThreadId
TlsSetValue
OpenThreadToken
OpenProcessToken
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleW
virtdisk
OpenVirtualDisk
CreateVirtualDisk
DetachVirtualDisk
AttachVirtualDisk
GetVirtualDiskPhysicalPath
wimgapi
WIMCloseHandle
WIMSetTemporaryPath
WIMApplyImage
WIMCreateFile
WIMLoadImage
drvstore
DriverStoreEnumObjectsW
DriverStoreClose
DriverStoreOpenW
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateSelf
FreeSid
GetSecurityDescriptorLength
AdjustTokenPrivileges
AllocateAndInitializeSid
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
SetPrivateObjectSecurityEx
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-file-l1-2-0
GetVolumeNameForVolumeMountPointW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
WcCompressFile
WcCompressFileAsync
WcConvertToReparsePoint
WcCreateContainerImageFromPortableBaseLayer
WcCreateContainerImageFromWim
WcCreateContainerImageFromWimEx
WcDismountVirtualDisk
WcDismountVirtualDiskFromHandle
WcEnsurePathExists
WcExpandContainerWim
WcMountVirtualDisk
WcProcessContainerLayer
WcSetVirtualDiskAttributes
WcWaitForPendingFileCompressionOperations
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 76B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ