| filename | advapi32.dll | |
|---|---|---|
| size | 640512 (0x9c600) | |
| md5 | 95e2376b3323f062eb562b8586d0f14a | |
| type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xe0 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 149 | 30729 | 11 |
| 1 | 0 | 659 |
| 147 | 30729 | 27 |
| 146 | 30729 | 1 |
| 132 | 30729 | 18 |
| 131 | 30729 | 128 |
| 148 | 30729 | 1 |
| 145 | 30729 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x71d05 | 0x71e00 | R-X CODE | |
| .data | 0x73000 | 0x3588 | 0x2e00 | RW- IDATA | |
| .rsrc | 0x77000 | 0x23140 | 0x23200 | R-- IDATA | |
| .reloc | 0x9b000 | 0x404c | 0x4200 | R-- IDATA DISCARDABLE |
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| msvcrt.dll | 1228 | iswctype | |
| msvcrt.dll | 1031 | _wcstoui64 | |
| msvcrt.dll | 404 | _ftol2 | |
| msvcrt.dll | 1337 | tolower | |
| msvcrt.dll | 926 | _ultow | |
| msvcrt.dll | 1382 | wcstok | |
| msvcrt.dll | 1213 | isalnum | |
| msvcrt.dll | 1222 | isspace | |
| msvcrt.dll | 342 | _errno | |
| msvcrt.dll | 1253 | mbstowcs | |
| msvcrt.dll | 345 | _except_handler4_common | |
| msvcrt.dll | 1361 | wcschr | |
| msvcrt.dll | 1376 | wcsrchr | |
| msvcrt.dll | 1262 | memset | |
| msvcrt.dll | 1260 | memmove | |
| msvcrt.dll | 1007 | _wcsicmp | |
| msvcrt.dll | 974 | _vsnwprintf | |
| msvcrt.dll | 1258 | memcpy | |
| msvcrt.dll | 1365 | wcscpy_s | |
| msvcrt.dll | 862 | _stricmp | |
| msvcrt.dll | 1299 | strchr | |
| msvcrt.dll | 1316 | strrchr | |
| msvcrt.dll | 1318 | strstr | |
| msvcrt.dll | 968 | _vsnprintf | |
| msvcrt.dll | 1385 | wcstombs | |
| msvcrt.dll | 1380 | wcsstr | |
| msvcrt.dll | 1326 | swprintf_s | |
| msvcrt.dll | 1373 | wcsncpy_s | |
| msvcrt.dll | 1371 | wcsncmp | |
| msvcrt.dll | 1328 | swscanf_s | |
| msvcrt.dll | 1017 | _wcsnicmp | |
| msvcrt.dll | 1387 | wcstoul | |
| msvcrt.dll | 1360 | wcscat_s | |
| ntdll.dll | 1131 | RtlRunOnceExecuteOnce | |
| ntdll.dll | 122 | LdrLoadDll | |
| ntdll.dll | 115 | LdrGetProcedureAddress | |
| ntdll.dll | 1129 | RtlRunOnceBeginInitialize | |
| ntdll.dll | 146 | LdrUnloadDll | |
| ntdll.dll | 346 | NtOpenKey | |
| ntdll.dll | 430 | NtQueryValueKey | |
| ntdll.dll | 355 | NtOpenProcessToken | |
| ntdll.dll | 401 | NtQueryInformationToken | |
| ntdll.dll | 212 | NtClose | |
| ntdll.dll | 909 | RtlImageNtHeader | |
| ntdll.dll | 59 | EtwEventWriteEx | |
| ntdll.dll | 1 | ||
| ntdll.dll | 838 | RtlFreeAnsiString | |
| ntdll.dll | 859 | RtlGetCurrentTransaction | |
| ntdll.dll | 32 | DbgPrint | |
| ntdll.dll | 779 | RtlEnterCriticalSection | |
| ntdll.dll | 1004 | RtlLeaveCriticalSection | |
| ntdll.dll | 988 | RtlIsTextUnicode | |
| ntdll.dll | 1218 | RtlUnicodeStringToAnsiString | |
| ntdll.dll | 1225 | RtlUnicodeToMultiByteSize | |
| ntdll.dll | 1007 | RtlLengthSid | |
| ntdll.dll | 681 | RtlCopyUnicodeString | |
| ntdll.dll | 1052 | RtlOemStringToUnicodeString | |
| ntdll.dll | 915 | RtlInitAnsiString | |
| ntdll.dll | 616 | RtlAnsiStringToUnicodeString | |
| ntdll.dll | 845 | RtlFreeUnicodeString | |
| ntdll.dll | 924 | RtlInitUnicodeString | |
| ntdll.dll | 759 | RtlDosPathNameToNtPathName_U | |
| ntdll.dll | 840 | RtlFreeHeap | |
| ntdll.dll | 611 | RtlAllocateHeap | |
| ntdll.dll | 1044 | RtlNtStatusToDosError | |
| ntdll.dll | 730 | RtlDeleteCriticalSection | |
| ntdll.dll | 931 | RtlInitializeCriticalSection | |
| ntdll.dll | 650 | RtlCompareMemory | |
| ntdll.dll | 1310 | RtlxUnicodeStringToAnsiSize | |
| ntdll.dll | 160 | NlsMbCodePageTag | |
| ntdll.dll | 1027 | RtlMakeSelfRelativeSD | |
| ntdll.dll | 925 | RtlInitUnicodeStringEx | |
| ntdll.dll | 1308 | RtlxAnsiStringToUnicodeSize | |
| ntdll.dll | 499 | NtSetInformationThread | |
| ntdll.dll | 363 | NtOpenThreadToken | |
| ntdll.dll | 1093 | RtlRandom | |
| ntdll.dll | 427 | NtQuerySystemTime | |
| ntdll.dll | 882 | RtlGetNtProductType | |
| ntdll.dll | 895 | RtlGetThreadPreferredUILanguages | |
| ntdll.dll | 1190 | RtlSubAuthoritySid | |
| ntdll.dll | 1189 | RtlSubAuthorityCountSid | |
| ntdll.dll | 678 | RtlCopySid | |
| ntdll.dll | 1220 | RtlUnicodeStringToInteger | |
| ntdll.dll | 666 | RtlConvertSidToUnicodeString | |
| ntdll.dll | 610 | RtlAllocateHandle | |
| ntdll.dll | 991 | RtlIsValidIndexHandle | |
| ntdll.dll | 839 | RtlFreeHandle | |
| ntdll.dll | 791 | RtlEqualSid | |
| ntdll.dll | 500 | NtSetInformationToken | |
| ntdll.dll | 586 | RtlAddAccessAllowedAceEx | |
| ntdll.dll | 843 | RtlFreeSid | |
| ntdll.dll | 609 | RtlAllocateAndInitializeSid | |
| ntdll.dll | 218 | NtCompareTokens | |
| ntdll.dll | 275 | NtDuplicateToken | |
| ntdll.dll | 1160 | RtlSetOwnerSecurityDescriptor | |
| ntdll.dll | 699 | RtlCreateSecurityDescriptor | |
| ntdll.dll | 785 | RtlEnumerateGenericTableWithoutSplaying | |
| ntdll.dll | 983 | RtlIsGenericTableEmpty | |
| ntdll.dll | 398 | NtQueryInformationProcess | |
| ntdll.dll | 408 | NtQueryKey | |
| ntdll.dll | 873 | RtlGetLastNtStatus | |
| ntdll.dll | 270 | NtDeviceIoControlFile | |
| ntdll.dll | 343 | NtOpenFile | |
| ntdll.dll | 802 | RtlExpandEnvironmentStrings_U | |
| ntdll.dll | 768 | RtlDuplicateUnicodeString | |
| ntdll.dll | 705 | RtlCreateUnicodeString | |
| ntdll.dll | 57 | EtwEventWrite | |
| ntdll.dll | 55 | EtwEventRegister | |
| ntdll.dll | 232 | NtCreateKey | |
| ntdll.dll | 522 | NtSetValueKey | |
| ntdll.dll | 731 | RtlDeleteElementGenericTable | |
| ntdll.dll | 266 | NtDeleteKey | |
| ntdll.dll | 621 | RtlAppendUnicodeToString | |
| ntdll.dll | 945 | RtlInsertElementGenericTable | |
| ntdll.dll | 938 | RtlInitializeHandleTable | |
| ntdll.dll | 56 | EtwEventUnregister | |
| ntdll.dll | 746 | RtlDestroyHandleTable | |
| ntdll.dll | 279 | NtEnumerateKey | |
| ntdll.dll | 952 | RtlIntegerToUnicodeString | |
| ntdll.dll | 620 | RtlAppendUnicodeStringToString | |
| ntdll.dll | 1188 | RtlStringFromGUID | |
| ntdll.dll | 834 | RtlFormatCurrentUserKeyPath | |
| ntdll.dll | 936 | RtlInitializeGenericTable | |
| ntdll.dll | 1022 | RtlLookupElementGenericTable | |
| ntdll.dll | 1084 | RtlQueryRegistryValues | |
| ntdll.dll | 1046 | RtlNumberGenericTableElements | |
| ntdll.dll | 1255 | RtlValidSid | |
| ntdll.dll | 847 | RtlGUIDFromString | |
| ntdll.dll | 1237 | RtlUpcaseUnicodeChar | |
| ntdll.dll | 432 | NtQueryVolumeInformationFile | |
| ntdll.dll | 1060 | RtlPrefixUnicodeString | |
| ntdll.dll | 422 | NtQuerySymbolicLinkObject | |
| ntdll.dll | 361 | NtOpenSymbolicLinkObject | |
| ntdll.dll | 753 | RtlDetermineDosPathNameType_U | |
| ntdll.dll | 395 | NtQueryInformationFile | |
| ntdll.dll | 868 | RtlGetFullPathName_U | |
| ntdll.dll | 1045 | RtlNtStatusToDosErrorNoTeb | |
| ntdll.dll | 1224 | RtlUnicodeToMultiByteN | |
| ntdll.dll | 1032 | RtlMultiByteToUnicodeN | |
| ntdll.dll | 614 | RtlAnsiCharToUnicodeChar | |
| ntdll.dll | 755 | RtlDllShutdownInProgress | |
| ntdll.dll | 226 | NtCreateEvent | |
| ntdll.dll | 535 | NtTerminateThread | |
| ntdll.dll | 555 | NtWaitForSingleObject | |
| ntdll.dll | 487 | NtSetEvent | |
| ntdll.dll | 211 | NtClearEvent | |
| ntdll.dll | 261 | NtDelayExecution | |
| ntdll.dll | 800 | RtlExitUserThread | |
| ntdll.dll | 1102 | RtlRegisterThreadWithCsrss | |
| ntdll.dll | 207 | NtCancelIoFile | |
| ntdll.dll | 553 | NtWaitForMultipleObjects | |
| ntdll.dll | 274 | NtDuplicateObject | |
| ntdll.dll | 1108 | RtlReleaseRelativeName | |
| ntdll.dll | 228 | NtCreateFile | |
| ntdll.dll | 761 | RtlDosPathNameToRelativeNtPathName_U | |
| ntdll.dll | 1157 | RtlSetLastWin32Error | |
| ntdll.dll | 539 | NtTraceControl | |
| ntdll.dll | 76 | EtwSendNotification | |
| ntdll.dll | 50 | EtwDeliverDataBlock | |
| ntdll.dll | 51 | EtwEnumerateProcessRegGuids | |
| ntdll.dll | 514 | NtSetSystemInformation | |
| ntdll.dll | 1088 | RtlQueryTimeZoneInformation | |
| ntdll.dll | 1079 | RtlQueryPerformanceFrequency | |
| ntdll.dll | 84 | EtwpGetCpuSpeed | |
| ntdll.dll | 425 | NtQuerySystemInformation | |
| ntdll.dll | 415 | NtQueryPerformanceCounter | |
| ntdll.dll | 928 | RtlInitializeBitMap | |
| ntdll.dll | 879 | RtlGetNativeSystemInformation | |
| ntdll.dll | 953 | RtlInterlockedClearBitRun | |
| ntdll.dll | 682 | RtlCreateAcl | |
| ntdll.dll | 540 | NtTraceEvent | |
| ntdll.dll | 1072 | RtlQueryHeapInformation | |
| ntdll.dll | 751 | RtlDestroyQueryDebugBuffer | |
| ntdll.dll | 1081 | RtlQueryProcessDebugInformation | |
| ntdll.dll | 697 | RtlCreateQueryDebugBuffer | |
| ntdll.dll | 607 | RtlAdjustPrivilege | |
| ntdll.dll | 913 | RtlImpersonateSelf | |
| ntdll.dll | 71 | EtwProcessPrivateLoggerRequest | |
| ntdll.dll | 369 | NtPowerInformation | |
| ntdll.dll | 965 | RtlIpv4AddressToStringW | |
| ntdll.dll | 973 | RtlIpv6AddressToStringW | |
| ntdll.dll | 916 | RtlInitAnsiStringEx | |
| ntdll.dll | 653 | RtlCompareUnicodeString | |
| ntdll.dll | 706 | RtlCreateUnicodeStringFromAsciiz | |
| ntdll.dll | 454 | NtRenameKey | |
| ntdll.dll | 322 | NtLoadKeyEx | |
| ntdll.dll | 944 | RtlInitializeSid | |
| ntdll.dll | 830 | RtlFirstFreeAce | |
| ntdll.dll | 1252 | RtlValidAcl | |
| ntdll.dll | 591 | RtlAddAce | |
| ntdll.dll | 597 | RtlAddAuditAccessObjectAce | |
| ntdll.dll | 590 | RtlAddAccessDeniedObjectAce | |
| ntdll.dll | 589 | RtlAddAccessDeniedAceEx | |
| ntdll.dll | 596 | RtlAddAuditAccessAceEx | |
| ntdll.dll | 587 | RtlAddAccessAllowedObjectAce | |
| ntdll.dll | 853 | RtlGetControlSecurityDescriptor | |
| ntdll.dll | 889 | RtlGetSaclSecurityDescriptor | |
| ntdll.dll | 860 | RtlGetDaclSecurityDescriptor | |
| ntdll.dll | 871 | RtlGetGroupSecurityDescriptor | |
| ntdll.dll | 884 | RtlGetOwnerSecurityDescriptor | |
| ntdll.dll | 574 | RtlAbsoluteToSelfRelativeSD | |
| ntdll.dll | 1164 | RtlSetSaclSecurityDescriptor | |
| ntdll.dll | 1147 | RtlSetDaclSecurityDescriptor | |
| ntdll.dll | 1153 | RtlSetGroupSecurityDescriptor | |
| ntdll.dll | 680 | RtlCopyString | |
| ntdll.dll | 1197 | RtlTimeToSecondsSince1970 | |
| ntdll.dll | 1111 | RtlReleaseSRWLockShared | |
| ntdll.dll | 581 | RtlAcquireSRWLockShared | |
| ntdll.dll | 1110 | RtlReleaseSRWLockExclusive | |
| ntdll.dll | 580 | RtlAcquireSRWLockExclusive | |
| ntdll.dll | 400 | NtQueryInformationThread | |
| ntdll.dll | 943 | RtlInitializeSRWLock | |
| ntdll.dll | 793 | RtlEqualUnicodeString | |
| ntdll.dll | 412 | NtQueryObject | |
| ntdll.dll | 411 | NtQueryMutant | |
| ntdll.dll | 198 | NtAlpcQueryInformation | |
| ntdll.dll | 585 | RtlAddAccessAllowedAce | |
| ntdll.dll | 233 | NtCreateKeyTransacted | |
| ntdll.dll | 1054 | RtlOpenCurrentUser | |
| ntdll.dll | 348 | NtOpenKeyTransacted | |
| ntdll.dll | 410 | NtQueryMultipleValueKey | |
| ntdll.dll | 347 | NtOpenKeyEx | |
| ntdll.dll | 349 | NtOpenKeyTransactedEx | |
| ntdll.dll | 1253 | RtlValidRelativeSecurityDescriptor | |
| ntdll.dll | 456 | NtReplaceKey | |
| ntdll.dll | 473 | NtSaveKey | |
| ntdll.dll | 475 | NtSaveMergedKeys | |
| ntdll.dll | 420 | NtQuerySecurityObject | |
| ntdll.dll | 68 | EtwLogTraceEvent | |
| ntdll.dll | 901 | RtlGetVersion | |
| ntdll.dll | 437 | NtReadFile | |
| ntdll.dll | 560 | NtWriteFile | |
| ntdll.dll | 1095 | RtlReAllocateHeap | |
| ntdll.dll | 1006 | RtlLengthSecurityDescriptor | |
| ntdll.dll | 1254 | RtlValidSecurityDescriptor | |
| KERNELBASE.dll | 137 | EnumUILanguagesW | |
| KERNELBASE.dll | 331 | GetUserDefaultUILanguage | |
| KERNELBASE.dll | 305 | GetSystemDefaultUILanguage | |
| KERNELBASE.dll | 26 | AreFileApisANSI | |
| API-MS-WIN-Service-Core-L1-1-0.dll | RegisterServiceCtrlHandlerExW | ||
| API-MS-WIN-Service-Core-L1-1-0.dll | 2 | StartServiceCtrlDispatcherW | |
| API-MS-WIN-Service-Core-L1-1-0.dll | 1 | SetServiceStatus | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 11 | I_ScRpcBindW | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 25 | StartServiceCtrlDispatcherA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 24 | StartServiceA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 23 | RegisterServiceCtrlHandlerW | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 22 | RegisterServiceCtrlHandlerExA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 21 | RegisterServiceCtrlHandlerA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 20 | QueryServiceStatus | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 19 | QueryServiceConfigA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 18 | QueryServiceConfig2A | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 17 | OpenServiceA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 16 | OpenSCManagerA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 15 | NotifyServiceStatusChangeA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 4 | CreateServiceA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 3 | ControlServiceExA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 2 | ControlService | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 1 | ChangeServiceConfigA | |
| API-MS-WIN-Service-winsvc-L1-1-0.dll | ChangeServiceConfig2A | ||
| API-MS-WIN-Service-winsvc-L1-1-0.dll | 10 | I_ScRpcBindA | |
| API-MS-WIN-Service-Management-L1-1-0.dll | 1 | ControlServiceExW | |
| API-MS-WIN-Service-Management-L1-1-0.dll | 4 | OpenSCManagerW | |
| API-MS-WIN-Service-Management-L1-1-0.dll | 5 | OpenServiceW | |
| API-MS-WIN-Service-Management-L1-1-0.dll | 2 | CreateServiceW | |
| API-MS-WIN-Service-Management-L1-1-0.dll | 3 | DeleteService | |
| API-MS-WIN-Service-Management-L1-1-0.dll | CloseServiceHandle | ||
| API-MS-WIN-Service-Management-L1-1-0.dll | 6 | StartServiceW | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 3 | QueryServiceConfig2W | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 2 | NotifyServiceStatusChangeW | |
| API-MS-WIN-Service-Management-L2-1-0.dll | ChangeServiceConfig2W | ||
| API-MS-WIN-Service-Management-L2-1-0.dll | 1 | ChangeServiceConfigW | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 4 | QueryServiceConfigW | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 5 | QueryServiceObjectSecurity | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 6 | QueryServiceStatusEx | |
| API-MS-WIN-Service-Management-L2-1-0.dll | 7 | SetServiceObjectSecurity | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 34 | RegSaveKeyExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 22 | RegNotifyChangeKeyValue | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 27 | RegQueryInfoKeyA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 28 | RegQueryInfoKeyW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 29 | RegQueryValueExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 20 | RegLoadMUIStringA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 33 | RegSaveKeyExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 30 | RegQueryValueExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 15 | RegGetKeySecurity | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 35 | RegSetKeySecurity | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 31 | RegRestoreKeyA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 32 | RegRestoreKeyW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 37 | RegSetValueExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 18 | RegLoadKeyA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 19 | RegLoadKeyW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 25 | RegOpenKeyExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 3 | RegDeleteKeyExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 4 | RegDeleteKeyExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 7 | RegDeleteValueA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 8 | RegDeleteValueW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 10 | RegEnumKeyExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 11 | RegEnumKeyExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 12 | RegEnumValueA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 13 | RegEnumValueW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 16 | RegGetValueA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 17 | RegGetValueW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 1 | RegCreateKeyExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 2 | RegCreateKeyExW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 14 | RegFlushKey | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 23 | RegOpenCurrentUser | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 24 | RegOpenKeyExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 9 | RegDisablePredefinedCacheEx | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 21 | RegLoadMUIStringW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 26 | RegOpenUserClassesRoot | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 36 | RegSetValueExA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 38 | RegUnLoadKeyA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 39 | RegUnLoadKeyW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 6 | RegDeleteTreeW | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | 5 | RegDeleteTreeA | |
| API-MS-Win-Core-LocalRegistry-L1-1-0.dll | RegCloseKey | ||
| API-MS-Win-Core-NamedPipe-L1-1-0.dll | 6 | ImpersonateNamedPipeClient | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 5 | CreateThread | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 12 | GetCurrentThread | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 42 | TerminateProcess | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 10 | GetCurrentProcess | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 16 | GetPriorityClass | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 27 | OpenThread | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 13 | GetCurrentThreadId | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 39 | SetThreadToken | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 28 | OpenThreadToken | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 26 | OpenProcessToken | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 1 | CreateProcessAsUserW | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 11 | GetCurrentProcessId | |
| API-MS-Win-Core-ProcessThreads-L1-1-0.dll | 17 | GetProcessId | |
| API-MS-Win-Security-Base-L1-1-0.dll | 55 | GetSidLengthRequired | |
| API-MS-Win-Security-Base-L1-1-0.dll | 56 | GetSidSubAuthority | |
| API-MS-Win-Security-Base-L1-1-0.dll | 57 | GetSidSubAuthorityCount | |
| API-MS-Win-Security-Base-L1-1-0.dll | 59 | GetWindowsAccountDomainSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 60 | ImpersonateAnonymousToken | |
| API-MS-Win-Security-Base-L1-1-0.dll | 61 | ImpersonateLoggedOnUser | |
| API-MS-Win-Security-Base-L1-1-0.dll | 62 | ImpersonateSelf | |
| API-MS-Win-Security-Base-L1-1-0.dll | 63 | InitializeAcl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 64 | InitializeSecurityDescriptor | |
| API-MS-Win-Security-Base-L1-1-0.dll | 65 | InitializeSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 66 | IsTokenRestricted | |
| API-MS-Win-Security-Base-L1-1-0.dll | 67 | IsValidAcl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 68 | IsValidRelativeSecurityDescriptor | |
| API-MS-Win-Security-Base-L1-1-0.dll | 69 | IsValidSecurityDescriptor | |
| API-MS-Win-Security-Base-L1-1-0.dll | 71 | IsWellKnownSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 72 | MakeAbsoluteSD | |
| API-MS-Win-Security-Base-L1-1-0.dll | 73 | MakeAbsoluteSD2 | |
| API-MS-Win-Security-Base-L1-1-0.dll | 54 | GetSidIdentifierAuthority | |
| API-MS-Win-Security-Base-L1-1-0.dll | 75 | MapGenericMask | |
| API-MS-Win-Security-Base-L1-1-0.dll | 80 | PrivilegeCheck | |
| API-MS-Win-Security-Base-L1-1-0.dll | 82 | QuerySecurityAccessMask | |
| API-MS-Win-Security-Base-L1-1-0.dll | 83 | RevertToSelf | |
| API-MS-Win-Security-Base-L1-1-0.dll | 84 | SetAclInformation | |
| API-MS-Win-Security-Base-L1-1-0.dll | 86 | SetKernelObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 87 | SetPrivateObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 88 | SetPrivateObjectSecurityEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 36 | EqualDomainSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 89 | SetSecurityAccessMask | |
| API-MS-Win-Security-Base-L1-1-0.dll | 90 | SetSecurityDescriptorControl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 91 | SetSecurityDescriptorDacl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 92 | SetSecurityDescriptorGroup | |
| API-MS-Win-Security-Base-L1-1-0.dll | 93 | SetSecurityDescriptorOwner | |
| API-MS-Win-Security-Base-L1-1-0.dll | 94 | SetSecurityDescriptorRMControl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 95 | SetSecurityDescriptorSacl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 96 | SetTokenInformation | |
| API-MS-Win-Security-Base-L1-1-0.dll | 53 | GetSecurityDescriptorSacl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 52 | GetSecurityDescriptorRMControl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 51 | GetSecurityDescriptorOwner | |
| API-MS-Win-Security-Base-L1-1-0.dll | 50 | GetSecurityDescriptorLength | |
| API-MS-Win-Security-Base-L1-1-0.dll | 49 | GetSecurityDescriptorGroup | |
| API-MS-Win-Security-Base-L1-1-0.dll | 48 | GetSecurityDescriptorDacl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 47 | GetSecurityDescriptorControl | |
| API-MS-Win-Security-Base-L1-1-0.dll | 46 | GetPrivateObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 45 | GetLengthSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 44 | GetKernelObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 42 | GetAclInformation | |
| API-MS-Win-Security-Base-L1-1-0.dll | 41 | GetAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 40 | FreeSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 39 | FindFirstFreeAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 74 | MakeSelfRelativeSD | |
| API-MS-Win-Security-Base-L1-1-0.dll | 38 | EqualSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 70 | IsValidSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 1 | AccessCheckAndAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 3 | AccessCheckByTypeAndAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 6 | AccessCheckByTypeResultListAndAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 5 | AccessCheckByTypeResultListAndAuditAlarmByHandleW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 78 | ObjectOpenAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 79 | ObjectPrivilegeAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 76 | ObjectCloseAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 77 | ObjectDeleteAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 81 | PrivilegedServiceAuditAlarmW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 85 | SetFileSecurityW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 43 | GetFileSecurityW | |
| API-MS-Win-Security-Base-L1-1-0.dll | 26 | CopySid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 58 | GetTokenInformation | |
| API-MS-Win-Security-Base-L1-1-0.dll | AccessCheck | ||
| API-MS-Win-Security-Base-L1-1-0.dll | 2 | AccessCheckByType | |
| API-MS-Win-Security-Base-L1-1-0.dll | 4 | AccessCheckByTypeResultList | |
| API-MS-Win-Security-Base-L1-1-0.dll | 7 | AddAccessAllowedAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 8 | AddAccessAllowedAceEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 9 | AddAccessAllowedObjectAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 10 | AddAccessDeniedAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 11 | AddAccessDeniedAceEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 12 | AddAccessDeniedObjectAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 13 | AddAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 14 | AddAuditAccessAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 15 | AddAuditAccessAceEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 16 | AddAuditAccessObjectAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 18 | AdjustTokenGroups | |
| API-MS-Win-Security-Base-L1-1-0.dll | 19 | AdjustTokenPrivileges | |
| API-MS-Win-Security-Base-L1-1-0.dll | 20 | AllocateAndInitializeSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 21 | AllocateLocallyUniqueId | |
| API-MS-Win-Security-Base-L1-1-0.dll | 22 | AreAllAccessesGranted | |
| API-MS-Win-Security-Base-L1-1-0.dll | 23 | AreAnyAccessesGranted | |
| API-MS-Win-Security-Base-L1-1-0.dll | 24 | CheckTokenMembership | |
| API-MS-Win-Security-Base-L1-1-0.dll | 25 | ConvertToAutoInheritPrivateObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 27 | CreatePrivateObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 28 | CreatePrivateObjectSecurityEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 29 | CreatePrivateObjectSecurityWithMultipleInheritance | |
| API-MS-Win-Security-Base-L1-1-0.dll | 30 | CreateRestrictedToken | |
| API-MS-Win-Security-Base-L1-1-0.dll | 31 | CreateWellKnownSid | |
| API-MS-Win-Security-Base-L1-1-0.dll | 32 | DeleteAce | |
| API-MS-Win-Security-Base-L1-1-0.dll | 33 | DestroyPrivateObjectSecurity | |
| API-MS-Win-Security-Base-L1-1-0.dll | 34 | DuplicateToken | |
| API-MS-Win-Security-Base-L1-1-0.dll | 35 | DuplicateTokenEx | |
| API-MS-Win-Security-Base-L1-1-0.dll | 37 | EqualPrefixSid | |
| KERNEL32.dll | 1254 | VirtualAllocEx | |
| KERNEL32.dll | 1256 | VirtualFree | |
| KERNEL32.dll | 894 | OpenProcess | |
| KERNEL32.dll | 703 | GlobalMemoryStatusEx | |
| KERNEL32.dll | 360 | GetActiveProcessorCount | |
| KERNEL32.dll | 625 | GetSystemInfo | |
| KERNEL32.dll | 220 | DeviceIoControl | |
| KERNEL32.dll | 634 | GetSystemWindowsDirectoryW | |
| KERNEL32.dll | 677 | GetVolumeInformationW | |
| KERNEL32.dll | 466 | GetDriveTypeW | |
| KERNEL32.dll | 517 | GetLogicalDriveStringsW | |
| KERNEL32.dll | 1014 | ReleaseMutex | |
| KERNEL32.dll | 723 | HeapSize | |
| KERNEL32.dll | 398 | GetComputerNameW | |
| KERNEL32.dll | 283 | ExpandEnvironmentStringsA | |
| KERNEL32.dll | 980 | RegKrnInitialize | |
| KERNEL32.dll | 529 | GetModuleFileNameW | |
| KERNEL32.dll | 845 | LocalUnlock | |
| KERNEL32.dll | 841 | LocalLock | |
| KERNEL32.dll | 395 | GetComputerNameA | |
| KERNEL32.dll | 1109 | SetEvent | |
| KERNEL32.dll | 231 | DuplicateHandle | |
| KERNEL32.dll | 158 | CreateMutexW | |
| KERNEL32.dll | 959 | ReadProcessMemory | |
| KERNEL32.dll | 201 | DecodePointer | |
| KERNEL32.dll | 233 | EncodePointer | |
| KERNEL32.dll | 354 | FreeLibraryAndExitThread | |
| KERNEL32.dll | 781 | IsWow64Process | |
| KERNEL32.dll | 569 | GetPrivateProfileIntW | |
| KERNEL32.dll | 1035 | ResetEvent | |
| KERNEL32.dll | 721 | HeapReAlloc | |
| KERNEL32.dll | 629 | GetSystemTime | |
| KERNEL32.dll | 155 | CreateMutexA | |
| KERNEL32.dll | 738 | InitializeCriticalSection | |
| KERNEL32.dll | 1299 | Wow64RevertWow64FsRedirection | |
| KERNEL32.dll | 850 | LockResource | |
| KERNEL32.dll | 1197 | SizeofResource | |
| KERNEL32.dll | 1295 | Wow64DisableWow64FsRedirection | |
| KERNEL32.dll | 829 | LoadLibraryExW | |
| KERNEL32.dll | 493 | GetFileSize | |
| KERNEL32.dll | 227 | DosDateTimeToFileTime | |
| KERNEL32.dll | 290 | FileTimeToDosDateTime | |
| KERNEL32.dll | 495 | GetFileTime | |
| KERNEL32.dll | 1108 | SetErrorMode | |
| KERNEL32.dll | 324 | FindNextFileW | |
| KERNEL32.dll | 307 | FindFirstFileExW | |
| KERNEL32.dll | 1119 | SetFileInformationByHandle | |
| KERNEL32.dll | 117 | CopyFileW | |
| KERNEL32.dll | 1344 | lstrcmpiA | |
| KERNEL32.dll | 494 | GetFileSizeEx | |
| KERNEL32.dll | 1134 | SetLastError | |
| KERNEL32.dll | 839 | LocalFree | |
| KERNEL32.dll | 835 | LocalAlloc | |
| KERNEL32.dll | 842 | LocalReAlloc | |
| KERNEL32.dll | 1293 | WideCharToMultiByte | |
| KERNEL32.dll | 1354 | lstrlenW | |
| KERNEL32.dll | 869 | MultiByteToWideChar | |
| KERNEL32.dll | 397 | GetComputerNameExW | |
| KERNEL32.dll | 578 | GetProcAddress | |
| KERNEL32.dll | 827 | LoadLibraryA | |
| KERNEL32.dll | 82 | CloseHandle | |
| KERNEL32.dll | 165 | CreateProcessInternalA | |
| KERNEL32.dll | 353 | FreeLibrary | |
| KERNEL32.dll | 511 | GetLastError | |
| KERNEL32.dll | 830 | LoadLibraryW | |
| KERNEL32.dll | 824 | LeaveCriticalSection | |
| KERNEL32.dll | 237 | EnterCriticalSection | |
| KERNEL32.dll | 979 | RegKrnGetGlobalState | |
| KERNEL32.dll | 1201 | SleepEx | |
| KERNEL32.dll | 657 | GetTickCount | |
| KERNEL32.dll | 714 | HeapAlloc | |
| KERNEL32.dll | 583 | GetProcessHeap | |
| KERNEL32.dll | 143 | CreateFileW | |
| KERNEL32.dll | 504 | GetFullPathNameW | |
| KERNEL32.dll | 718 | HeapFree | |
| KERNEL32.dll | 487 | GetFileAttributesW | |
| KERNEL32.dll | 1049 | SearchPathW | |
| KERNEL32.dll | 205 | DelayLoadFailureHook | |
| KERNEL32.dll | 744 | InterlockedCompareExchange | |
| KERNEL32.dll | 828 | LoadLibraryExA | |
| KERNEL32.dll | 931 | QueryPerformanceCounter | |
| KERNEL32.dll | 631 | GetSystemTimeAsFileTime | |
| KERNEL32.dll | 1231 | UnhandledExceptionFilter | |
| KERNEL32.dll | 1184 | SetUnhandledExceptionFilter | |
| KERNEL32.dll | 133 | CreateEventW | |
| KERNEL32.dll | 656 | GetThreadUILanguage | |
| KERNEL32.dll | 1345 | lstrcmpiW | |
| KERNEL32.dll | 390 | GetCommandLineW | |
| KERNEL32.dll | 1342 | lstrcmpW | |
| KERNEL32.dll | 1198 | Sleep | |
| KERNEL32.dll | 532 | GetModuleHandleExW | |
| KERNEL32.dll | 1313 | WriteFile | |
| KERNEL32.dll | 284 | ExpandEnvironmentStringsW | |
| KERNEL32.dll | 865 | MoveFileW | |
| KERNEL32.dll | 213 | DeleteFileW | |
| KERNEL32.dll | 484 | GetFileAttributesExW | |
| KERNEL32.dll | 1121 | SetFilePointer | |
| KERNEL32.dll | 902 | OutputDebugStringW | |
| KERNEL32.dll | 512 | GetLocalTime | |
| KERNEL32.dll | 349 | FormatMessageW | |
| KERNEL32.dll | 533 | GetModuleHandleW | |
| KERNEL32.dll | 140 | CreateFileMappingW | |
| KERNEL32.dll | 956 | ReadFile | |
| KERNEL32.dll | 853 | MapViewOfFile | |
| KERNEL32.dll | 1234 | UnmapViewOfFile | |
| KERNEL32.dll | 96 | CompareFileTime | |
| KERNEL32.dll | 524 | GetLongPathNameW | |
| KERNEL32.dll | 832 | LoadResource | |
| KERNEL32.dll | 332 | FindResourceExW | |
| KERNEL32.dll | 681 | GetVolumePathNameW | |
| KERNEL32.dll | 208 | DeleteCriticalSection | |
| KERNEL32.dll | 1269 | WaitForSingleObject | |
| KERNEL32.dll | 301 | FindClose | |
| KERNEL32.dll | 492 | GetFileMUIPath | |
| KERNEL32.dll | 746 | InterlockedDecrement | |
| KERNEL32.dll | 750 | InterlockedIncrement | |
| KERNEL32.dll | 747 | InterlockedExchange | |
| KERNEL32.dll | 1257 | VirtualFreeEx | |
| KERNEL32.dll | 461 | GetDiskFreeSpaceExW | |
| KERNEL32.dll | 622 | GetSystemDirectoryW | |
| KERNEL32.dll | 501 | GetFullPathNameA | |
| KERNEL32.dll | 565 | GetOverlappedResult | |
| RPCRT4.dll | 348 | RpcBindingCreateW | |
| RPCRT4.dll | 507 | UuidCreate | |
| RPCRT4.dll | 364 | RpcBindingSetAuthInfoA | |
| RPCRT4.dll | 383 | RpcEpResolveBinding | |
| RPCRT4.dll | 82 | I_RpcSNCHOption | |
| RPCRT4.dll | 512 | UuidFromStringW | |
| RPCRT4.dll | 516 | UuidToStringW | |
| RPCRT4.dll | 394 | RpcExceptionFilter | |
| RPCRT4.dll | 367 | RpcBindingSetAuthInfoW | |
| RPCRT4.dll | 483 | RpcSsDestroyClientContext | |
| RPCRT4.dll | 62 | I_RpcMapWin32Status | |
| RPCRT4.dll | 45 | I_RpcExceptionFilter | |
| RPCRT4.dll | 149 | NdrClientCall2 | |
| RPCRT4.dll | 366 | RpcBindingSetAuthInfoExW | |
| RPCRT4.dll | 494 | RpcStringBindingComposeW | |
| RPCRT4.dll | 351 | RpcBindingFromStringBindingW | |
| RPCRT4.dll | 498 | RpcStringFreeW | |
| RPCRT4.dll | 349 | RpcBindingFree | |
| RPCRT4.dll | 365 | RpcBindingSetAuthInfoExA | |
| RPCRT4.dll | 431 | RpcRaiseException | |
| RPCRT4.dll | 345 | RpcBindingBind |
StringTable 040904B0
| CompanyName | Microsoft Corporation |
| FileDescription | Advanced Windows 32 Base API |
| FileVersion | 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
| InternalName | advapi32.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | advapi32.dll |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 6.1.7601.17514 |
VS_FIXEDFILEINFO
| FileVersion | 6.1.7601.17514 |
| ProductVersion | 6.1.7601.17514 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 2 |
| FileSubtype | 0 |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x278