Reg Organizer[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Reg Organizer.zip
Size

18.8MB
MD5

cf31f4c1e9a3eaadec527da112452ba7
SHA1

38eb217184546aa1ebd3e278049e36febe162077
SHA256

3e2ff02df42952cba243e9b3ff99a20111824f1ef46c5c40a4895440c1756cb0
SHA512

fdfa22f92b2c60a15e65fd3a4bd1d84e52be37d92711034d14d97a297d49de5bdc9b98a1570b3f84044ab9d4600129000dcf70c72a65da1975d36591f13a3898
SSDEEP

393216:jCh4XrdwpKCKUT8DFhI9iDgHpjpbWpyCFdgPDCLKhjSo8+Gd8z/:js4XrFCBoDA98gJjJWpNFdgphjSC

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Reg Organizer/App/Reg Organizer/RegOrganizer.exe
unpack001/Reg Organizer/App/Reg Organizer/sciter.dll
unpack001/Reg Organizer/RegOrganizerPortable.exe
unpack003/$PLUGINSDIR/Registry.dll
unpack003/$PLUGINSDIR/nsExec.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/Reg Organizer/RegOrganizerPortable.exe	nsis_installer_1
static1/unpack001/Reg Organizer/RegOrganizerPortable.exe	nsis_installer_2

Files

Reg Organizer.zip
.zip
Reg Organizer/App/Reg Organizer/AppUninstIgnore.bkp.xml
Reg Organizer/App/Reg Organizer/CleanupIgnore.bkp.xml
Reg Organizer/App/Reg Organizer/CloseApplication.dll
.dll windows:4 windows x86 arch:x86

f07c28f46b964aea5f9a4c58988e34f7

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:1b:52:19:9d:5d:ef:3c:e9:ce:56:86:17:31:b4:40:be:04:eb:e7:81:4b:79:e6:87:2d:97:84:44:66:55:a0
Signer

Actual PE Digest

b2:1b:52:19:9d:5d:ef:3c:e9:ce:56:86:17:31:b4:40:be:04:eb:e7:81:4b:79:e6:87:2d:97:84:44:66:55:a0

Digest Algorithm

sha256

PE Digest Matches

true

4f:23:56:b2:cf:04:46:0e:a5:76:d8:d2:96:90:63:fb:ed:2c:e5:e1
Signer

Actual PE Digest

4f:23:56:b2:cf:04:46:0e:a5:76:d8:d2:96:90:63:fb:ed:2c:e5:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoW
EnumSystemLocalesW
ExitProcess
ExitThread
FindClose
FindFirstFileW
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetExitCodeThread
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetThreadLocale
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapSize
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenEventW
OpenFileMappingA
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenW

netapi32

NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

CharLowerBuffW
CharNextW
CharUpperBuffW
CharUpperW
EnumThreadWindows
GetSystemMetrics
LoadStringW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
wsprintfA

ole32

CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Exports

Exports

CloseApplication
TMethodImplementationIntercept
___CPPdebugHook
dbkFCallWrapperAddr

Sections

.text
Size: 909KB - Virtual size: 912KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/Documentation/English/Documentation.chm
.chm
Reg Organizer/App/Reg Organizer/Documentation/Russian/Documentation.chm
.chm
Reg Organizer/App/Reg Organizer/HardwareConstant.dll
.dll windows:6 windows x64 arch:x64

084762fe48a3e3eb868df335d21ebabd

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:74:61:a2:f1:b8:02:cb:97:41:f4:ec:ca:50:38:bb:dd:7e:c3:22:78:78:2f:66:90:73:ad:5f:90:5f:49:0e
Signer

Actual PE Digest

28:74:61:a2:f1:b8:02:cb:97:41:f4:ec:ca:50:38:bb:dd:7e:c3:22:78:78:2f:66:90:73:ad:5f:90:5f:49:0e

Digest Algorithm

sha256

PE Digest Matches

true

a8:98:d9:c2:20:08:d2:a7:c0:be:2b:30:e6:be:de:2e:94:be:6c:2f
Signer

Actual PE Digest

a8:98:d9:c2:20:08:d2:a7:c0:be:2b:30:e6:be:de:2e:94:be:6c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\..Programmer Tasks\.Finished and delayed\HardwareID\bin\Win64\HardwareConstant.pdb

Imports

kernel32

DeviceIoControl
HeapSize
GetVolumePathNameW
MultiByteToWideChar
GetLastError
CloseHandle
CreateFileW
WriteConsoleW
FormatMessageW
ReadConsoleW
SetStdHandle
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
RtlUnwind

user32

wsprintfW

advapi32

CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash

shell32

SHGetSpecialFolderPathW

Exports

Exports

GetHardwareConstant
GetHardwareInfo
HardwareConstantUnitTest

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/IgnoreRegCleaner.bkp.xml
Reg Organizer/App/Reg Organizer/Languages/Russian.sib
Reg Organizer/App/Reg Organizer/Notifications.dll
.dll windows:6 windows x64 arch:x64

c647402a2b85054cbc04a910b059cfc1

Code Sign

db:52:19:e7:15:f1:fa:1f:17:fc:9a:29:68:04:2f:7a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2021, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Konstantin Polyakov,O=Konstantin Polyakov,L=Yekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:36:f3:2d:0d:17:65:81:b1:d2:db:d5:c1:32:be:ce:3d:04:a8:f9
Signer

Actual PE Digest

02:36:f3:2d:0d:17:65:81:b1:d2:db:d5:c1:32:be:ce:3d:04:a8:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\.Secondary\NotificationsDemo\Win64\Release\Notifications.pdb

Imports

kernel32

AcquireSRWLockExclusive
EncodePointer
ReleaseSRWLockShared
AcquireSRWLockShared
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
ReleaseSRWLockExclusive
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
DecodePointer
Sleep
FlushFileBuffers
GetTickCount
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

SendMessageTimeoutW
FindWindowExW

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoIncrementMTAUsage
StringFromCLSID
CoTaskMemFree
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoUninitialize
CoRevokeClassObject

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
RoOriginateErrorW
GetRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoRevokeActivationFactories
RoRegisterActivationFactories
RoUninitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsPreallocateStringBuffer
WindowsDeleteStringBuffer
WindowsPromoteStringBuffer
WindowsCreateString

ole32

CoReleaseServerProcess
CoAddRefServerProcess

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

oleaut32

SysFreeString

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

Activate
GetApi

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/ProgramDataStorage.const
Reg Organizer/App/Reg Organizer/RegOrganizer.exe
.exe windows:5 windows x64 arch:x64

5adfac66cce2452d65095977122269ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
BuildTrusteeWithSidW
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateProcessAsUserW
DeleteService
DuplicateTokenEx
EnumServicesStatusW
FreeInheritedFromArray
GetEffectiveRightsFromAclW
GetInheritanceSourceW
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetTokenInformation
GetUserNameW
ImpersonateLoggedOnUser
InitiateSystemShutdownExW
IsValidSecurityDescriptor
LookupPrivilegeValueW
MapGenericMask
OpenProcessToken
OpenSCManagerW
OpenServiceW
PrivilegeCheck
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatus
QueryServiceStatusEx
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyExW
RegSaveKeyW
RegSetKeySecurity
RegSetValueExW
RegUnLoadKeyW
RevertToSelf
SetNamedSecurityInfoW
SetThreadToken
SetTokenInformation
StartServiceW

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CancelWaitableTimer
CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
CreateWaitableTimerW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceA
FindResourceW
FindVolumeClose
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetOverlappedResult
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount64
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalHandle
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
K32EnumProcesses
K32GetModuleFileNameExW
K32GetProcessMemoryInfo
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
LockFileEx
LockResource
MapViewOfFile
Module32FirstW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
OpenFileMappingW
OpenMutexW
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadDirectoryChangesW
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetProcessShutdownParameters
SetThreadLocale
SetThreadPriority
SetWaitableTimer
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualQueryEx
VirtualUnlock
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcmpA
lstrcmpW
lstrcpyW
lstrcpynW
lstrlenW
RtlRestoreContext
RtlUnwindEx

netapi32

NetApiBufferFree
NetUserGetInfo
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

comctl32

DefSubclassProc
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
LoadIconWithScaleDown
PropertySheetW
RemoveWindowSubclass
SetWindowSubclass
_TrackMouseEvent

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

gdi32

AbortDoc
AddFontMemResourceEx
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePatternBrush
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtTextOutW
FillRgn
FrameRgn
GdiFlush
GetBitmapBits
GetBkMode
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectA
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextColor
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetViewportOrgEx
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
OffsetRgn
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
PolyPolyline
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCPenColor
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetGraphicsMode
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
SetWorldTransform
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutW
TranslateCharsetInfo
UnrealizeObject

shell32

CommandLineToArgvW
ExtractAssociatedIconW
ExtractIconW
SHAddToRecentDocs
SHBrowseForFolderW
SHFileOperationW
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHQueryRecycleBinW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
ILFree
IsUserAnAdmin
SHBindToParent
SHGetFolderLocation
SHGetKnownFolderPath

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CountClipboardFormats
CreateAcceleratorTableW
CreateCaret
CreateIcon
CreateIconFromResourceEx
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeferWindowPos
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndMenu
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoExW
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetComboBoxInfo
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsCharAlphaNumericW
IsCharAlphaW
IsCharUpperW
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ReplyMessage
ScreenToClient
ScrollWindow
ScrollWindowEx
SendInput
SendMessageA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SubtractRect
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UpdateLayeredWindow
UpdateWindow
ValidateRect
WaitForInputIdle
WaitMessage
WindowFromPoint
GetClassLongPtrW
GetWindowLongPtrW
SetClassLongPtrW
SetWindowLongPtrW
wsprintfA
wsprintfW

winmm

timeGetTime

ole32

CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize
PropVariantClear
StringFromCLSID

oleaut32

CreateErrorInfo
GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

urlmon

URLDownloadToFileW

wininet

FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
HttpQueryInfoA
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlA
InternetOpenW
InternetQueryOptionW
InternetReadFile

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeRect
GetThemeSysSize
IsThemeActive
OpenThemeData

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

ws2_32

WSACleanup
WSAGetLastError
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSASetServiceW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
listen
recv
select
send
setsockopt
socket

shlwapi

PathCanonicalizeW
PathIsRelativeW
SHCreateMemStream
SHRegGetPathW
StrCmpLogicalW
StrRetToBufW
StrRetToStrW
StrToInt64ExW
UrlEscapeW
UrlUnescapeW

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData

aclui

CreateSecurityPage

hardwareconstant

GetHardwareConstant

Exports

Exports

AboutForm
AddToFavoritesAndCommentsEditingForm
ApplicationsDeletedForm
ApplicationsDidYouKnowTipsData
ApplicationsExternalDeleteModule
ApplicationsFrame
ApplicationsLogCreateForm
ApplicationsLogNotationsForm
ApplicationsLogViewForm
ApplicationsRemovalToolsForm
ApplicationsRevertLogResultForm
ApplicationsUninstallForm
ArticlesFrame
BackgroundTasksModule
BinaryValueForm
CleanupBrowsersModule
CleanupCloudPartsModule
CleanupDiskModule
CleanupFrame
CleanupInfrastructureModule
CleanupRegistryModule
CleanupScheduledForm
CommonTextStringsDataModule
CreateRegistrySnapshotForm
DidYouKnowCenterForm
DidYouKnowCenterTipsData
EntryChangingForm
FindAppUninstallKeyByFileDataModule
Form27
Form30
Form43
IgnoreListsFileMasksDataModule
ImportantRegistryPartsFrame
IntegerValueForm
InterfaceHintsDataModule
ItemsForCleanupViewingForm
KeyPropertiesForm
LicenseKeysDataModule
LicensingKeyEnteringForm
LicensingNagScreenForm
LicensingOldKeysForm
LicensingSubscriptionExpiredForm
LicensingSubscriptionReminderForm
LockedImageControlDataModule
MainForm
MultiLanguageSupportForm
MultiStringValueForm
NewIgnoreListItemForm
NewStartupItemForm
NewVersionAvailableForm
NonModaInformersDataModule
NotificationsDataModule
ProgressFrame
RegistryFavoritesRemoveForm
RegistryOptimizationForm
RegistrySearchProfileForm
RegistrySnapshotsForm
SearchMatchForm
SettingsForm
SharedAndDependentDataModule
SilentUpdatesCheckDataModule
SocialShareFrame
StartupManagerFrame
StringEnteringForm
StringValueForm
TaskDialogFrame
TweaksChangeStateForm
TweaksCreateTweakForm
TweaksDocDataModule
TweaksForm
TweaksManagementForm
TweaksRegistryValueEditingForm
UndoingChangesCenterForm
UniqueFunctionsDataModule
VisualElementsDataModule
_ZTR10TAboutForm
_ZTR11TTweaksForm
_ZTR12DesktopShade
_ZTR12THiddingForm
_ZTR13TCleanupFrame
_ZTR13TSettingsForm
_ZTR14TArticlesFrame
_ZTR14TPageControlEx
_ZTR14TProgressFrame
_ZTR14TTimeoutThread
_ZTR15TDownloadThread
_ZTR15TSilentMaskEdit
_ZTR16TAppTracesThread
_ZTR16TBinaryValueForm
_ZTR16TCloudDataThread
_ZTR16TSearchMatchForm
_ZTR16TStringValueForm
_ZTR16TTaskDialogFrame
_ZTR17TCleanupPartsScan
_ZTR17TIntegerValueForm
_ZTR17TSocialShareFrame
_ZTR18TApplicationsFrame
_ZTR18TCleanupCleanFound
_ZTR18TCleanupDiskModule
_ZTR18TEntryChangingForm
_ZTR18TGetDocumentThread
_ZTR18TKeyPropertiesForm
_ZTR19TNewStartupItemForm
_ZTR19TStringEnteringForm
_ZTR20TCloseProgramWaiting
_ZTR20TOnShowActionsThread
_ZTR20TPageControlExHelper
_ZTR20TStartupManagerFrame
_ZTR20TTweaksDocDataModule
_ZTR21TCleanupScheduledForm
_ZTR21TDidYouKnowCenterForm
_ZTR21TLicensingOldKeysForm
_ZTR21TMultiStringValueForm
_ZTR21TRarelyUsedAppsThread
_ZTR21TTweaksManagementForm
_ZTR21TUCStartupItemsThread
_ZTR22TBackgroundTasksModule
_ZTR22TCleanupBrowsersModule
_ZTR22TCleanupRegistryModule
_ZTR22TClickableLabelControl
_ZTR22TGetArticlesDataThread
_ZTR22TLicenseKeysDataModule
_ZTR22TNewIgnoreListItemForm
_ZTR22TRegistrySnapshotsForm
_ZTR22TTweaksChangeStateForm
_ZTR22TTweaksCreateTweakForm
_ZTR23TLicensingNagScreenForm
_ZTR23TPasscodeActivateThread
_ZTR24TApplicationsDeletedForm
_ZTR24TApplicationsLogViewForm
_ZTR24TCleanupCloudPartsModule
_ZTR24TNewVersionAvailableForm
_ZTR24TNotificationsDataModule
_ZTR24TProcessCompletionWaiter
_ZTR24TRatingTranslationThread
_ZTR25TDidYouKnowCenterTipsData
_ZTR25TInterfaceHintsDataModule
_ZTR25TLicensingKeyEnteringForm
_ZTR25TMultiLanguageSupportForm
_ZTR25TRegistryOptimizationForm
_ZTR25TToastTaskDialogFrameForm
_ZTR25TUndoingChangesCenterForm
_ZTR25TVisualElementsDataModule
_ZTR26TApplicationsLogCreateForm
_ZTR26TApplicationsUninstallForm
_ZTR26TCleanupScanNextQueuedPart
_ZTR26TGetLatestAvailableVersion
_ZTR26TRegistrySearchProfileForm
_ZTR26TUniqueFunctionsDataModule
_ZTR27TBottomPanelShowIfNecessary
_ZTR27TCreateRegistrySnapshotForm
_ZTR27TItemsForCleanupViewingForm
_ZTR27TNonModaInformersDataModule
_ZTR28TCleanupInfrastructureModule
_ZTR28TCommonTextStringsDataModule
_ZTR28TImportantRegistryPartsFrame
_ZTR28TRegistryFavoritesRemoveForm
_ZTR28TRegistrySearchReplaceThread
_ZTR28TStartupItemsGatheringThread
_ZTR29TApplicationsLogNotationsForm
_ZTR29TApplicationsRemovalToolsForm
_ZTR29TCorrectTerminatedCheckThread
_ZTR29TLockedImageControlDataModule
_ZTR29TSearchReplaceResultsListView
_ZTR29TSharedAndDependentDataModule
_ZTR29TSilentUpdatesCheckDataModule
_ZTR30TCheckForMultiLangEventsThread
_ZTR30TProcessCompletionWaiterHelper
_ZTR31TApplicationsDidYouKnowTipsData
_ZTR31TDeletedAppsRevertChangesThread
_ZTR31TIgnoreListsFileMasksDataModule
_ZTR31TSecondaryItemsPropertiesThread
_ZTR31TTweaksRegistryValueEditingForm
_ZTR32TApplicationsRevertLogResultForm
_ZTR32TCleanupCleanFoundProgressUpdate
_ZTR33TApplicationsExternalDeleteModule
_ZTR33TLicensingSubscriptionExpiredForm
_ZTR34TGetDownloadableTranslationsThread
_ZTR34TLicensingSubscriptionReminderForm
_ZTR34TRestoringSystemRestorePointThread
_ZTR36TFindAppUninstallKeyByFileDataModule
_ZTR37TAddToFavoritesAndCommentsEditingForm
_ZTR37TGetDocumentThread_ThreadsListSupport
_ZTR37TGetRecommendedDelayCalculationThread
_ZTR40TIsTranslationAvailableOnTheServerThread
_ZTR7TForm27
_ZTR7TForm30
_ZTR7TForm43
_ZTR8IUnknown
_ZTR9TMainForm
_ZTRN11SciterStuff17TSciterHostWindowE
_ZTRN11debug_stuff8internal12TIdleHandlerE
_ZTRN12_GLOBAL__N_114TSaveKeyThreadE
_ZTRN12_GLOBAL__N_117TSaveTracesToFileE
_ZTRN12_GLOBAL__N_117TTracesFindThreadE
_ZTRN12_GLOBAL__N_119TChangeTreeExpanderE
_ZTRN12_GLOBAL__N_120TChangeLogLoadThreadE
_ZTRN12_GLOBAL__N_120TUndoChangeLogThreadE
_ZTRN12_GLOBAL__N_126TRunProcessesAndWaitThreadE
_ZTRN12_GLOBAL__N_129TSaveTracesToFileAndLogsMergeE
_ZTRN12expresscheck17TCleanupBlockShowE
_ZTRN12expresscheck17TPrivacyBlockShowE
_ZTRN12expresscheck17TStartupBlockShowE
_ZTRN12expresscheck18TSecurityBlockShowE
_ZTRN12expresscheck19TAppTracesBlockShowE
_ZTRN14CacheWebHelper12TFindUpdates11TWorkThreadE
_ZTRN14CacheWebHelper12TFindUpdates15TGetLinksThreadE
_ZTRN14CacheWebHelper18TGetAppsPropertiesE
_ZTRN14CacheWebHelper22TInWorkUpdateInstallerE
_ZTRN14CacheWebHelper23TInWorkUpdateDownloaderE
_ZTRN14SciterControls14TAppIconLoader5TImplE
_ZTRN15BackgroundTasks13TEventsThreadE
_ZTRN15NS_Interactions15UserStartupItemE
_ZTRN15NS_Interactions16InteractionsSoapE
_ZTRN15NS_Interactions16UserStartupItem2E
_ZTRN15NS_Interactions19CoreUserStartupItemE
_ZTRN15NS_Interactions19IMultiWebHelperSOAPE
_ZTRN15NS_Interactions24StartupItemProperties_V1E
_ZTRN15RegistryTracing10TRegNotify5TImplE
_ZTRN15RegistryTracing17TRegSnapShotAsync5TImplE
_ZTRN15RegistryTracing20TProgressObservation5TImplE
_ZTRN15RegistryTracing22TSeparateThreadCapture5TImplE
_ZTRN16CleanupScheduled15TScanningThreadE
_ZTRN16CleanupScheduled22TCleanFromNotificationE
_ZTRN16DidYouKnowCenter8Internal23TIsActualContinueThreadE
_ZTRN16LicensingOldKeys19TExchangeKeysThreadE
_ZTRN17StartupStatistics19TStartupMeasurement19TMeasurementProcessE
_ZTRN17StartupStatistics19TStartupMeasurement20TMeasurementObserverE
_ZTRN18AppsExternalDelete7TNotify18TCommonDataRefreshE
_ZTRN18AppsExternalDelete7TNotify19TAppDataRememberingE
_ZTRN18AppsExternalDelete7TNotify20TUninstallKeyChangesE
_ZTRN18AppsExternalDelete7TNotify25TDeletedCreatedKeyActionsE
_ZTRN18LowCleanupBrowsers19TIEExitDialogCloserE
_ZTRN19ApplicationsDeleted18TPreliminaryLookupE
_ZTRN19ApplicationsDeleted21TDeepCheckDeletedAppsE
_ZTRN19ApplicationsDeleted34TAreNewInstalledAppsAppearedThreadE
_ZTRN19ApplicationsDeleted36TRevealAndSendThePrimaryTracesThreadE
_ZTRN19UninstallerAppsData13TGetWinRTAppsE
_ZTRN19UninstallerAppsData15TFileTracesFindE
_ZTRN19UninstallerAppsData16TUpdateSomeItemsE
_ZTRN19UninstallerAppsData17TChangeLogsFinderE
_ZTRN19UninstallerAppsData21TWin32AppsIconsFinderE
_ZTRN19UninstallerAppsData23TRemovalToolsLinkThreadE
_ZTRN19UninstallerAppsData25TIsFilteredWinRTAppExistsE
_ZTRN20NS_InteractionsCache13AppPropertiesE
_ZTRN20NS_InteractionsCache13AppUpdateLinkE
_ZTRN20NS_InteractionsCache13AppWithUpdateE
_ZTRN20NS_InteractionsCache15AppUpdateLinkExE
_ZTRN20NS_InteractionsCache15AppWithUpdateExE
_ZTRN20NS_InteractionsCache16InteractionsSoapE
_ZTRN20NS_InteractionsCache18UserUpdateCheckAppE
_ZTRN21TRunProcessesParallel5TImplE
_ZTRN24NS_DeletedAppsWebService15AppDataFromUserE
_ZTRN24NS_DeletedAppsWebService16InteractionsSoapE
_ZTRN25TTaskDialogFrameFormToast11TWorkThreadE
_ZTRN28TStandardCleanupPartsFactory18TCreatePartsThreadE
_ZTRN29TUnlockAndRemoveRegistryItems5TImplE
_ZTRN6System10IInterfaceE
_ZTRN6System10IInvokableE
_ZTRN6System12DynamicArrayINS_13UnicodeStringEEE
_ZTRN6System12DynamicArrayIPN15NS_Interactions15UserStartupItemEEE
_ZTRN6System12DynamicArrayIPN15NS_Interactions16UserStartupItem2EEE
_ZTRN6System12DynamicArrayIPN15NS_Interactions24StartupItemProperties_V1EEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache13AppPropertiesEEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache13AppUpdateLinkEEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache13AppWithUpdateEEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache15AppUpdateLinkExEEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache15AppWithUpdateExEEE
_ZTRN6System12DynamicArrayIPN20NS_InteractionsCache18UserUpdateCheckAppEEE
_ZTRN6System12DynamicArrayIiEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN12_GLOBAL__N_117TTracesFindThread9OnExecuteERN5boost8optionalIbEEE4$_27MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN15BackgroundTasks13TEventsThread9OnExecuteERN5boost8optionalIbEEE3$_7MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN15RegistryTracing20TProgressObservation11EndProgressEvEUlvE_MS5_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN16CleanupScheduled22TCleanFromNotification9OnExecuteERN5boost8optionalIbEEE4$_16MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN16CleanupScheduled22TCleanFromNotification9OnExecuteERN5boost8optionalIbEEE4$_17MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN16CleanupScheduled22TCleanFromNotification9OnExecuteERN5boost8optionalIbEEE4$_19MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN17TCleanupPartsScan9OnExecuteERN5boost8optionalIbEEE4$_26MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN18TCleanupCleanFound9OnExecuteERN5boost8optionalIbEEE4$_46MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN25TTaskDialogFrameFormToast11TWorkThread25WindowMovingWithAnimationEbEUlvE_MS5_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN25TTaskDialogFrameFormToast11TWorkThread9OnExecuteERSt8optionalIbEEUlvE0_MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN25TTaskDialogFrameFormToast11TWorkThread9OnExecuteERSt8optionalIbEEUlvE1_MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN25TTaskDialogFrameFormToast11TWorkThread9OnExecuteERSt8optionalIbEEUlvE2_MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN26TApplicationsUninstallForm32OnCompleteUninstallWinRTCallbackEPKwE4$_13MS6_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN26TCleanupScanNextQueuedPart9OnExecuteERN5boost8optionalIbEEE4$_33MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN26TCleanupScanNextQueuedPart9OnExecuteERN5boost8optionalIbEEE4$_36MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN26TCleanupScanNextQueuedPart9OnExecuteERN5boost8optionalIbEEE4$_40MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZN26TCleanupScanNextQueuedPart9OnExecuteERN5boost8optionalIbEEE4$_41MS8_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN17TCleanupPartsScan9OnExecuteERN5boost8optionalIbEEENK4$_23clEsEUlvE_MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN17TCleanupPartsScan9OnExecuteERN5boost8optionalIbEEENK4$_24clEibEUlvE0_MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN17TCleanupPartsScan9OnExecuteERN5boost8optionalIbEEENK4$_24clEibEUlvE_MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN18TCleanupCleanFound9OnExecuteERN5boost8optionalIbEEENK4$_45clEsEUlvE_MS9_KFvvEEE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN18TGetDocumentThread7ExecuteEvENK3$_0clEixEUlvE_MS5_KFvvEEE
_ZTRN6System13InvokeWrapperINS_8Sysutils5TProcEZZN13CloudDatabase11TTaskRunnerclERKNS_13UnicodeStringEN5boost8functionIFvNS8_9function0IbEEEEEENK3$_5clIRNS3_15TTaskRunnerImplEEEDaOT_EUlvE_MSL_KFvvEEE
_ZTRN6System20TCppInterfacedObjectINS_7Classes16TThreadProcedureE8IUnknownNS_10IInterfaceEEE
_ZTRN6System20TCppInterfacedObjectINS_8Sysutils5TProcE8IUnknownNS_10IInterfaceEEE
_ZTRN6System7Classes16TThreadProcedureE
_ZTRN6System8Sysutils5TProcE
_ZTRN7Startup14TChangesNotify13TDetectThreadE
_ZTRN7Startup14TChangesNotify17TItemRevealThreadE
_ZTRN9apptraces16TRunThreadHelperE
_ZTRN9apptraces17TCommonDataHolder14TRefreshThreadE
_ZTRU9__closurePFvPN6System7TObjectEE
_ZTRZL29StartCreateWinRTAppsChangeLogP18TApplicationsFrameRKN6System13UnicodeStringERK17TWinRTPackageInfoE21TWinRTAppTracesThread
_ZTRZN13TCleanupFrame16RestoreToDefaultEP20TCleanupPartsFactoryE15TPartsGetThread
_ZTRZZN13CloudDatabase3TDbISt6vectorIN12RemovalTools5TToolESaIS3_EELb0EE8GetAsyncEN5boost8functionIFvNS7_8optionalIS5_EEEEERKN6System13UnicodeStringEbiENKUlNS7_9function0IbEEE_clESI_E9TCallWrap
_ZTRZZN13CloudDatabase3TDbISt6vectorIN17CleanupCloudParts17TCloudPartProfileESaIS3_EELb0EE8GetAsyncEN5boost8functionIFvNS7_8optionalIS5_EEEEERKN6System13UnicodeStringEbiENKUlNS7_9function0IbEEE_clESI_E9TCallWrap
__CPPdebugHook

Sections

.text
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.6MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 863KB - Virtual size: 862KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 626KB - Virtual size: 625KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/Shell/ShellContextMenuInstaller.exe
.exe windows:6 windows x64 arch:x64

db69705e374e0bab197dd252fc796938

Code Sign

db:52:19:e7:15:f1:fa:1f:17:fc:9a:29:68:04:2f:7a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2021, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Konstantin Polyakov,O=Konstantin Polyakov,L=Yekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b2:bb:f4:45:bc:f4:6b:c3:98:fd:85:0f:15:89:67:97:48:3c:67:1f
Signer

Actual PE Digest

b2:bb:f4:45:bc:f4:6b:c3:98:fd:85:0f:15:89:67:97:48:3c:67:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\.Secondary\ShellIntegration\Bin\Win64\Shell\ShellContextMenuInstaller.pdb

Imports

shell32

CommandLineToArgvW
SHChangeNotify

shlwapi

PathCanonicalizeW

kernel32

LoadLibraryW
FormatMessageW
HeapFree
WriteConsoleW
HeapSize
CreateFileW
HeapAlloc
GetFileType
FlushFileBuffers
GetConsoleOutputCP
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CompareStringW
GetModuleHandleExW
GetModuleFileNameW
GetLastError
FindFirstFileW
FindClose
GetModuleHandleW
WaitForSingleObject
CloseHandle
GetCommandLineW
LocalFree
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
SetFilePointerEx
EncodePointer
DecodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetProcAddress
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
LCMapStringW
GetConsoleMode

user32

MessageBoxW
GetDesktopWindow

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegSetValueExW
RegCloseKey

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/Shell/ShellContextMenuInstallerRO.msix
.appx
Reg Organizer/App/Reg Organizer/Shell/ShellContextMenu_4.dll
.dll regsvr32 windows:6 windows x64 arch:x64

a6271ab031e150f90c4f321bb59c51b5

Code Sign

db:52:19:e7:15:f1:fa:1f:17:fc:9a:29:68:04:2f:7a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2021, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Konstantin Polyakov,O=Konstantin Polyakov,L=Yekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:9a:e7:85:00:2f:9a:41:1d:f3:0b:72:19:fb:c6:43:b4:13:b0:95
Signer

Actual PE Digest

79:9a:e7:85:00:2f:9a:41:1d:f3:0b:72:19:fb:c6:43:b4:13:b0:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\.Secondary\ShellIntegration\Bin\Win64\Shell\ShellContextMenu_4.pdb

Imports

shlwapi

SHStrDupW
ord219
PathCanonicalizeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetModuleFileNameW
GetLastError
FindFirstFileW
FindClose
GetUserDefaultLangID
GetModuleHandleW
GetTickCount
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
VerSetConditionMask
GetModuleHandleExW
GetProcAddress
GlobalLock
GlobalUnlock
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
VerifyVersionInfoW
FindNextFileW
FindFirstFileExW
HeapReAlloc
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
EncodePointer
DecodePointer
InitializeCriticalSectionEx
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
LCMapStringW
HeapFree
HeapAlloc
GetStdHandle
GetFileType

user32

SetMenuItemBitmaps
InsertMenuW
DestroyIcon
DrawIconEx
GetDC
GetIconInfo

gdi32

CreateCompatibleDC
GetObjectW
CreateDIBSection
DeleteObject
SelectObject

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetFileInfoW
ExtractAssociatedIconW
SHChangeNotify
ShellExecuteExW
DragQueryFileW

ole32

CoTaskMemFree
ReleaseStgMedium
StringFromGUID2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetDllApi

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/StartupCheckingService.exe
.exe windows:5 windows x64 arch:x64

2626af0bf84eb3bccde509966b432059

Code Sign

db:52:19:e7:15:f1:fa:1f:17:fc:9a:29:68:04:2f:7a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2021, 00:00

Not After

10/05/2024, 23:59

Subject

CN=Konstantin Polyakov,O=Konstantin Polyakov,L=Yekaterinburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f7:af:65:bd:30:5d:df:41:84:9f:33:8c:11:4e:67:9c:45:b1:1a:d6
Signer

Actual PE Digest

f7:af:65:bd:30:5d:df:41:84:9f:33:8c:11:4e:67:9c:45:b1:1a:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
ConvertSidToStringSidW
CreateServiceW
DeleteService
EnumServicesStatusW
GetTokenInformation
GetUserNameW
ImpersonateLoggedOnUser
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
PrivilegeCheck
QueryServiceConfig2W
QueryServiceConfigW
QueryServiceStatusEx
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteKeyW
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW
RegisterServiceCtrlHandlerExW
RevertToSelf
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MulDiv
MultiByteToWideChar
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcmpW
lstrcpyW
lstrcpynW
lstrlenW
RtlRestoreContext
RtlUnwindEx

netapi32

NetApiBufferFree
NetWkstaGetInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
GetDefaultPrinterW
OpenPrinterW

comctl32

DefSubclassProc
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
InitCommonControls
InitializeFlatSB
RemoveWindowSubclass
SetWindowSubclass
_TrackMouseEvent

comdlg32

FindTextW

gdi32

AbortDoc
AddFontMemResourceEx
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

CommandLineToArgvW
ExtractAssociatedIconW
ExtractIconW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
IsUserAnAdmin
SHGetKnownFolderPath

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringA
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendInput
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UpdateWindow
WaitMessage
WindowFromPoint
GetClassLongPtrW
GetWindowLongPtrW
SetClassLongPtrW
SetWindowLongPtrW
wsprintfA

ole32

CLSIDFromProgID
CoCreateGuid
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize
StringFromCLSID

oleaut32

CreateErrorInfo
GetActiveObject
GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

urlmon

URLDownloadToFileW

wininet

HttpQueryInfoA
HttpQueryInfoW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlA
InternetOpenW
InternetQueryOptionW
InternetReadFile

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken
WTSSendMessageW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CryptQueryObject

userenv

LoadUserProfileW
UnloadUserProfile

ws2_32

WSACleanup
WSAGetLastError
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSASetServiceW
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
listen
recv
select
send
setsockopt
socket

shlwapi

StrCmpLogicalW

Exports

Exports

_ZTR18TGetDocumentThread
_ZTR20TCloseProgramWaiting
_ZTR29TCorrectTerminatedCheckThread
_ZTR37TGetDocumentThread_ThreadsListSupport
_ZTR8IUnknown
_ZTRN11debug_stuff8internal12TIdleHandlerE
_ZTRN3aux11TUserThreadE
_ZTRN6System10IInterfaceE
_ZTRN6System13InvokeWrapperINS_7Classes16TThreadProcedureEZZN18TGetDocumentThread7ExecuteEvENK3$_0clEixEUlvE_MS5_KFvvEEE
_ZTRN6System20TCppInterfacedObjectINS_7Classes16TThreadProcedureE8IUnknownNS_10IInterfaceEEE
_ZTRN6System7Classes16TThreadProcedureE
_ZTRN7Startup14TChangesNotify13TDetectThreadE
_ZTRN7Startup14TChangesNotify17TItemRevealThreadE
__CPPdebugHook

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 355KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 670KB - Virtual size: 670KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 811B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/UndoingChangesCenterUnit.const
Reg Organizer/App/Reg Organizer/WhatsNew-Russian.txt
Reg Organizer/App/Reg Organizer/WinRTApps.dll
.dll windows:6 windows x64 arch:x64

49b257470c0c3f037c3ce129f89330cd

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/05/2016, 00:00

Not After

19/05/2021, 23:59

Subject

CN=Konstantin Polyakov IP,O=Konstantin Polyakov IP,POSTALCODE=620049,STREET=of. 300\, 3 Sofi Kovalevskoi ul.,L=Ekaterinburg,ST=Sverdlovskaya Oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:28:fd:a9:95:27:80:64:be:94:23:3d:82:d4:56:60:33:1d:ee:5e:9f:00:e1:8a:19:5a:76:59:b4:c6:37:8e
Signer

Actual PE Digest

93:28:fd:a9:95:27:80:64:be:94:23:3d:82:d4:56:60:33:1d:ee:5e:9f:00:e1:8a:19:5a:76:59:b4:c6:37:8e

Digest Algorithm

sha256

PE Digest Matches

true

62:b5:a1:4e:ec:72:a6:57:65:67:50:41:68:c9:5b:44:81:9d:1b:fe
Signer

Actual PE Digest

62:b5:a1:4e:ec:72:a6:57:65:67:50:41:68:c9:5b:44:81:9d:1b:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\work\FullUninstall\.Related\WinRTApps.dll\Output\Win64\WinRTApps.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
GetLocaleInfoEx
ResolveLocaleName
FindFirstFileW
FindClose
FindNextFileW
DecodePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EncodePointer
ReleaseSRWLockShared
AcquireSRWLockShared
MultiByteToWideChar
WakeConditionVariable
SleepConditionVariableSRW
VerifyVersionInfoW
VerSetConditionMask
RaiseException
WriteConsoleW
SetEndOfFile
HeapSize
GetConsoleCP
WriteFile
FlushFileBuffers
SetFilePointerEx
SetStdHandle
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
HeapAlloc
ReadConsoleW
GetConsoleMode
ReadFile
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
WideCharToMultiByte
GetStringTypeW
GetLastError
RtlPcToFileHeader
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsDeleteString
WindowsPreallocateStringBuffer
WindowsCreateString
WindowsConcatString
WindowsDeleteStringBuffer
WindowsCreateStringReference
WindowsIsStringEmpty
WindowsGetStringRawBuffer
WindowsPromoteStringBuffer

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoGetObjectContext
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects

api-ms-win-core-winrt-error-l1-1-0

GetRestrictedErrorInfo
SetRestrictedErrorInfo
RoOriginateErrorW
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoRevokeActivationFactories
RoRegisterActivationFactories
RoInitialize
RoActivateInstance

oleaut32

SysFreeString

ole32

CoCreateInstance
CoAddRefServerProcess
CoReleaseServerProcess

shlwapi

SHCreateStreamOnFileEx
ord487
ord12

shell32

SHGetKnownFolderPath

api-ms-win-core-winrt-error-l1-1-1

RoOriginateLanguageException

Exports

Exports

GetWinRTAppsApi

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/links.xml
.xml
Reg Organizer/App/Reg Organizer/sciter.dll
.dll windows:6 windows x64 arch:x64

38e241b7354ac0ffea5535289d6afcaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\sciter\sciter\sdk.js\bin\windows\x64\sciter.pdb

Imports

ws2_32

GetAddrInfoW
WSAIoctl
FreeAddrInfoW
WSARecv
connect
socket
getsockname
getpeername
listen
freeaddrinfo
getaddrinfo
select
ioctlsocket
WSASocketW
htons
closesocket
getsockopt
ntohl
ntohs
WSASetLastError
WSAStartup
WSASendTo
WSARecvFrom
bind
WSASend
setsockopt
htonl
shutdown
WSAGetLastError

wininet

InternetErrorDlg
InternetConnectA
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile
HttpSendRequestA
InternetSetOptionW
InternetOpenA
InternetQueryOptionW
InternetCloseHandle
HttpQueryInfoA

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ord74
DragQueryFileW
ShellExecuteW
ord727
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW

advapi32

RegOpenKeyExW
CryptAcquireContextW
CryptGenRandom
SystemFunction036
RegCloseKey
RegGetValueW
RegQueryValueExW
GetUserNameW
CryptReleaseContext
OpenProcessToken

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
StringFromCLSID
OleInitialize
OleUninitialize
CoUninitialize
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

SysFreeString
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SafeArrayPutElement

gdi32

SetViewportOrgEx
GetClipBox
GetFontUnicodeRanges
GetGlyphIndicesW
CreateSolidBrush
SetLayout
GetStockObject
BitBlt
StartPage
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
StretchDIBits
RestoreDC
DeleteObject
CreateBitmap
CreateDIBSection
GetDIBits
GetObjectA
CreateFontW
SaveDC
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW
AddFontMemResourceEx
EnumFontFamiliesExW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError

winspool.drv

ord203

kernel32

HeapReAlloc
DeleteFileW
EnumSystemLocalesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetStringTypeW
SetThreadPriority
InitializeCriticalSectionEx
DecodePointer
lstrlenW
GlobalFree
FormatMessageW
LocalAlloc
LocalSize
WaitForMultipleObjects
lstrcmpW
LoadLibraryW
GetThreadPriority
GetTickCount
GetExitCodeThread
CreateTimerQueue
IsValidLocale
HeapSize
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetComputerNameW
GetUserDefaultLCID
GetSystemDefaultLCID
GetLocaleInfoW
LoadLibraryExW
GetProcAddress
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
OutputDebugStringW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
MulDiv
GetTempPathA
GetTempFileNameA
GetLastError
GetFileAttributesW
Sleep
GetCurrentThreadId
GetCPInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
SleepConditionVariableCS
TryEnterCriticalSection
TlsSetValue
SignalObjectAndWait
GetCurrentProcess
ReleaseSemaphore
WakeConditionVariable
LeaveCriticalSection
InitializeCriticalSection
InitializeConditionVariable
WaitForSingleObject
ResumeThread
DuplicateHandle
CreateEventW
SetEvent
GetCurrentThread
TlsAlloc
GetNativeSystemInfo
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
SetLastError
SetEnvironmentVariableW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFree
FormatMessageA
DebugBreak
GetModuleHandleA
LoadLibraryA
ReadFile
SetNamedPipeHandleState
CreateNamedPipeA
WriteFile
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
GetNamedPipeHandleStateW
CancelIoEx
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CreateDirectoryW
GetFileInformationByHandleEx
GetFileSizeEx
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
GetConsoleMode
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetHandleInformation
CancelIo
SetFileCompletionNotificationModes
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
GetFileType
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetStdHandle
ExitProcess
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibrary
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
LoadLibraryExA
GetModuleFileNameA
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
CreateThread
ExitThread
FreeLibraryAndExitThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
GetModuleHandleExW
SetStdHandle
GetConsoleOutputCP
GetFileAttributesExW
FindFirstFileExW
EnterCriticalSection
SetFileAttributesW

user32

EndPaint
BeginPaint
GetForegroundWindow
CreateWindowExW
SetTimer
MoveWindow
SetWindowLongPtrW
ShowWindow
DefWindowProcW
GetParent
SendMessageW
DestroyWindow
WindowFromPoint
SetForegroundWindow
IsIconic
ScreenToClient
ClientToScreen
MapWindowPoints
RegisterWindowMessageW
LoadIconW
RegisterClassExW
AdjustWindowRectEx
SetClassLongW
GetClassLongW
PostMessageW
KillTimer
GetAsyncKeyState
SetWindowLongW
GetMessageTime
PeekMessageW
IsWindowUnicode
GetFocus
SetFocus
SetCursor
SetScrollInfo
GetScrollInfo
RegisterClassW
SetWindowTextW
SetCapture
GetUpdateRect
GetCapture
ReleaseCapture
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetActiveWindow
IsChild
GetMonitorInfoW
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsRectEmpty
GetWindow
FlashWindowEx
MonitorFromPoint
CreateMenu
GetMenuItemCount
RemoveMenu
InsertMenuW
GetMenu
SetMenu
GetKeyboardLayout
CreateCaret
DestroyCaret
SetCaretPos
FindWindowW
IsClipboardFormatAvailable
SetClipboardData
EnumClipboardFormats
AnimateWindow
SetWindowPos
CountClipboardFormats
CloseClipboard
GetWindowLongPtrW
GetWindowTextW
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
GetDesktopWindow
MessageBeep
NotifyWinEvent
CallMsgFilterW
EnumDisplayDevicesW
PostQuitMessage
GetDoubleClickTime
GetWindowThreadProcessId
GetSystemMetrics
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
LoadCursorFromFileA
LoadCursorW
DestroyCursor
GetSysColor
ReleaseDC
GetDC
GetWindowLongW
SystemParametersInfoW
UpdateWindow
GetMessageW
MapVirtualKeyW
DispatchMessageW
TranslateMessage
GetWindowPlacement
InvalidateRect
GetCursorPos
GetClientRect
IsWindowEnabled
EnableWindow
IsWindow
GetWindowRect
GetKeyState
MonitorFromWindow
EnumThreadWindows
EnumDisplayMonitors
UpdateLayeredWindow
SetActiveWindow
MessageBoxW
BeginDeferWindowPos
PostThreadMessageW
GetQueueStatus
MsgWaitForMultipleObjects
GetClipboardData

userenv

GetUserProfileDirectoryW

shlwapi

PathIsRelativeW

winmm

timeGetTime
timeEndPeriod
timeKillEvent
timeBeginPeriod
timeSetEvent

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_DrawEx

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmNotifyIME
ImmIsIME
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext

usp10

ScriptPlace
ScriptApplyDigitSubstitution
ScriptFreeCache
ScriptBreak
ScriptItemize
ScriptShape

gdiplus

GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipCloneImage
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDisposeImage
GdipDeletePen

Exports

Exports

SciterAPI

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Reg Organizer/App/Reg Organizer/tweaks.bkp.xml
.xml
Reg Organizer/Data/AppData/Reg Organizer/KnownStartupItemsV3.zip
.zip
KnownStartupItemsV3.txt
Reg Organizer/Data/AppData/Reg Organizer/ListsHistory.bin
Reg Organizer/Data/AppData/Reg Organizer/Tweaks.xml
.xml
Reg Organizer/Data/Local/Reg Organizer/AdditionalStartupItemsData.xml
.xml
Reg Organizer/Data/Local/Reg Organizer/AppsCache.bin
Reg Organizer/Data/Local/Reg Organizer/DeletedApps/Apps.txt
Reg Organizer/Data/Local/Reg Organizer/PrivacyCleanup.xml
.xml
Reg Organizer/Data/Local/Reg Organizer/Tweaks.log
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/15838648.ucc
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/30413026.reg
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/45339869.reg
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/48871954.reg
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/59254429.reg
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/94884309.reg
Reg Organizer/Data/Local/Reg Organizer/UndoChangesCenter/data.uccdata
Reg Organizer/Data/Local/Shared/StartupItems/TSchedulerAtSystemStartupFactory/TSchedulerAtSystemStartupFactory.xml
.xml
Reg Organizer/Data/Local/Shared/StartupItems/TSchedulerFactory/TSchedulerFactory.xml
.xml
Reg Organizer/Data/Local/Shared/StartupItems/TServicesFactory.xml
.xml
Reg Organizer/Data/settings/Reg.reg
Reg Organizer/RegOrganizerPortable.exe
.exe windows:4 windows x86 arch:x86

f251951da7a0c1575236301f43162251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetCurrentDirectoryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetLastError
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
SetErrorMode

user32

EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
ScreenToClient
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
TrackPopupMenu
GetClassInfoA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA

comctl32

ImageList_Destroy
ImageList_AddMasked
ord17
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

71bdc958ac6d69036b003a26a5863c6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
CreatePipe
GetModuleHandleA
GetVersion
DeleteFileA
lstrcmpiA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07c28f46b964aea5f9a4c58988e34f7

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b2:1b:52:19:9d:5d:ef:3c:e9:ce:56:86:17:31:b4:40:be:04:eb:e7:81:4b:79:e6:87:2d:97:84:44:66:55:a0Signer

4f:23:56:b2:cf:04:46:0e:a5:76:d8:d2:96:90:63:fb:ed:2c:e5:e1Signer

Headers

File Characteristics

Imports

advapi32

kernel32

netapi32

version

user32

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 909KB - Virtual size: 912KB

.data Size: 28KB - Virtual size: 92KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.didata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 18KB - Virtual size: 20KB

.reloc Size: 80KB - Virtual size: 84KB

084762fe48a3e3eb868df335d21ebabd

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5aCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

28:74:61:a2:f1:b8:02:cb:97:41:f4:ec:ca:50:38:bb:dd:7e:c3:22:78:78:2f:66:90:73:ad:5f:90:5f:49:0eSigner

a8:98:d9:c2:20:08:d2:a7:c0:be:2b:30:e6:be:de:2e:94:be:6c:2fSigner

Headers

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b2:1b:52:19:9d:5d:ef:3c:e9:ce:56:86:17:31:b4:40:be:04:eb:e7:81:4b:79:e6:87:2d:97:84:44:66:55:a0
Signer

4f:23:56:b2:cf:04:46:0e:a5:76:d8:d2:96:90:63:fb:ed:2c:e5:e1
Signer

.text
Size: 909KB - Virtual size: 912KB

.data
Size: 28KB - Virtual size: 92KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.didata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 18KB - Virtual size: 20KB

.reloc
Size: 80KB - Virtual size: 84KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

69:88:a6:07:96:78:b1:06:2c:d8:ce:b6:f3:ad:ab:5a
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

28:74:61:a2:f1:b8:02:cb:97:41:f4:ec:ca:50:38:bb:dd:7e:c3:22:78:78:2f:66:90:73:ad:5f:90:5f:49:0e
Signer

a8:98:d9:c2:20:08:d2:a7:c0:be:2b:30:e6:be:de:2e:94:be:6c:2f
Signer

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 8KB - Virtual size: 13KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB

db:52:19:e7:15:f1:fa:1f:17:fc:9a:29:68:04:2f:7a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

02:36:f3:2d:0d:17:65:81:b1:d2:db:d5:c1:32:be:ce:3d:04:a8:f9
Signer

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 9KB - Virtual size: 13KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB