EDR-Agent-Personal_1[.]1[.]19[.]15_windows_x64[.]exe

resource
unpack001/$PLUGINSDIR/BgWorker.dll
unpack001/$PLUGINSDIR/NsisEdrThread.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/BgWorker.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsExec.dll
unpack005/$PLUGINSDIR/BgWorker.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/nsDialogs.dll
unpack005/$PLUGINSDIR/nsExec.dll

EDR-Agent-Personal_1.1.19.15_windows_x64.exe

.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

6e:1e:07:b9:c0:c4:e3:d1:02:11:6e:7a:42:fb:ef:7f:83:72:42:39:c5:cb:29:45:11:62:03:c1:09:0e:13:80:e9:4f:d9:70:7d:bb:90:fb:95:85:75:eb:3d:1e:ff:a0:d7:a2:f9:10:22:25:b5:d8:33:09:1c:2b:9a:d2:23:59
Signer

Actual PE Digest

6e:1e:07:b9:c0:c4:e3:d1:02:11:6e:7a:42:fb:ef:7f:83:72:42:39:c5:cb:29:45:11:62:03:c1:09:0e:13:80:e9:4f:d9:70:7d:bb:90:fb:95:85:75:eb:3d:1e:ff:a0:d7:a2:f9:10:22:25:b5:d8:33:09:1c:2b:9a:d2:23:59

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW

RegEnumKeyW

RegQueryValueExW

RegSetValueExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

AdjustTokenPrivileges

LookupPrivilegeValueW

OpenProcessToken

SetFileSecurityW

RegOpenKeyExW

RegEnumValueW

shell32

SHGetSpecialFolderLocation

SHFileOperationW

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteExW

SHGetFileInfoW

ole32

OleInitialize

OleUninitialize

CoCreateInstance

IIDFromString

CoTaskMemFree

comctl32

ord17

ImageList_Create

ImageList_Destroy

ImageList_AddMasked

user32

GetClientRect

EndPaint

DrawTextW

IsWindowEnabled

DispatchMessageW

wsprintfA

CharNextA

CharPrevW

MessageBoxIndirectW

GetDlgItemTextW

SetDlgItemTextW

GetSystemMetrics

FillRect

AppendMenuW

TrackPopupMenu

OpenClipboard

SetClipboardData

CloseClipboard

IsWindowVisible

CallWindowProcW

GetMessagePos

CheckDlgButton

LoadCursorW

SetCursor

GetSysColor

SetWindowPos

GetWindowLongW

PeekMessageW

SetClassLongW

GetSystemMenu

EnableMenuItem

GetWindowRect

ScreenToClient

EndDialog

RegisterClassW

SystemParametersInfoW

CreateWindowExW

GetClassInfoW

DialogBoxParamW

CharNextW

ExitWindowsEx

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

FindWindowExW

IsWindow

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

ReleaseDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

EmptyClipboard

CreatePopupMenu

gdi32

SetBkMode

SetBkColor

GetDeviceCaps

CreateFontIndirectW

CreateBrushIndirect

DeleteObject

SetTextColor

SelectObject

kernel32

GetExitCodeProcess

WaitForSingleObject

GetModuleHandleA

GetProcAddress

GetSystemDirectoryW

lstrcatW

Sleep

lstrcpyA

WriteFile

GetTempFileNameW

CreateFileW

lstrcmpiA

RemoveDirectoryW

CreateProcessW

CreateDirectoryW

GetLastError

CreateThread

GlobalLock

GlobalUnlock

GetDiskFreeSpaceW

WideCharToMultiByte

lstrcpynW

lstrlenW

SetErrorMode

GetVersionExW

GetCommandLineW

GetTempPathW

GetWindowsDirectoryW

SetEnvironmentVariableW

CopyFileW

ExitProcess

GetCurrentProcess

GetModuleFileNameW

GetFileSize

GetTickCount

MulDiv

SetFileAttributesW

GetFileAttributesW

SetCurrentDirectoryW

MoveFileW

GetFullPathNameW

GetShortPathNameW

SearchPathW

CompareFileTime

SetFileTime

CloseHandle

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalFree

GlobalAlloc

GetModuleHandleW

LoadLibraryExW

MoveFileExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

lstrlenA

MultiByteToWideChar

ReadFile

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/BgWorker.dll

.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA

GetModuleHandleA

CloseHandle

SetThreadPriority

CreateThread

user32

IsWindowUnicode

PostMessageA

DispatchMessageA

TranslateMessage

PeekMessageA

MsgWaitForMultipleObjects

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/NsisCompChecker.dll

.dll windows:6 windows x86 arch:x86

e8ae300ff0169803ae353083e7d9bf0e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

bb:0b:df:a6:b7:e9:c3:80:f0:fb:1e:ea:ce:4b:1c:21:18:3e:28:4c:f7:16:7a:1b:89:67:1b:e0:19:16:06:7f:9c:b3:78:33:dc:40:cb:d2:4f:be:98:8f:05:c8:e2:80:59:b8:d8:8a:fd:ec:f3:57:fb:da:df:59:8d:3e:36:d7
Signer

Actual PE Digest

bb:0b:df:a6:b7:e9:c3:80:f0:fb:1e:ea:ce:4b:1c:21:18:3e:28:4c:f7:16:7a:1b:89:67:1b:e0:19:16:06:7f:9c:b3:78:33:dc:40:cb:d2:4f:be:98:8f:05:c8:e2:80:59:b8:d8:8a:fd:ec:f3:57:fb:da:df:59:8d:3e:36:d7

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\nsis_compchecker\NsisCompChecker.pdb

Imports

wtsapi32

WTSEnumerateProcessesW

kernel32

VerSetConditionMask

OpenProcess

FreeLibrary

GetProcAddress

LoadLibraryW

VerifyVersionInfoW

K32GetModuleFileNameExA

CreateFileW

GetDriveTypeA

DecodePointer

CloseHandle

RaiseException

GetLastError

HeapDestroy

MultiByteToWideChar

HeapReAlloc

HeapFree

HeapSize

GetProcessHeap

DeviceIoControl

InitializeCriticalSectionEx

DeleteCriticalSection

GetLogicalDriveStringsA

Sleep

GlobalMemoryStatusEx

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

WideCharToMultiByte

GlobalAlloc

lstrcpynW

lstrcpyW

GlobalFree

SetEnvironmentVariableW

HeapAlloc

CloseThreadpoolWait

QueryPerformanceCounter

QueryPerformanceFrequency

FormatMessageA

InitOnceBeginInitialize

InitOnceComplete

InitOnceExecuteOnce

EnterCriticalSection

LeaveCriticalSection

SetFileInformationByHandle

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

InitializeSRWLock

ReleaseSRWLockExclusive

AcquireSRWLockExclusive

InitializeConditionVariable

WakeConditionVariable

WakeAllConditionVariable

SleepConditionVariableCS

SleepConditionVariableSRW

CreateEventExW

CreateSemaphoreExW

FlushProcessWriteBuffers

GetCurrentProcessorNumber

GetSystemTimeAsFileTime

GetTickCount64

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

CreateThreadpoolTimer

SetThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CloseThreadpoolTimer

CreateThreadpoolWait

SetThreadpoolWait

SetEndOfFile

GetModuleHandleW

GetFileInformationByHandleEx

CreateSymbolicLinkW

LocalFree

EncodePointer

CompareStringEx

GetCPInfo

LCMapStringEx

GetLocaleInfoEx

GetStringTypeW

InitializeCriticalSectionAndSpinCount

SetEvent

ResetEvent

WaitForSingleObjectEx

CreateEventW

IsProcessorFeaturePresent

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

GetCurrentProcess

TerminateProcess

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwind

InterlockedPushEntrySList

InterlockedFlushSList

SetLastError

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

GetDriveTypeW

GetFileInformationByHandle

GetFileType

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

GetStdHandle

GetModuleFileNameW

GetModuleHandleExW

WriteConsoleW

ExitProcess

GetCurrentThread

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

SetConsoleCtrlHandler

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

ReadFile

GetFileSizeEx

SetFilePointerEx

ReadConsoleW

SetCurrentDirectoryW

GetCurrentDirectoryW

GetFullPathNameW

SetStdHandle

GetTimeZoneInformation

GetFileAttributesExW

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

user32

wsprintfW

UnregisterClassA

advapi32

RegDeleteTreeW

RegSetValueExW

RegCreateKeyExW

RegQueryValueExW

RegOpenKeyExW

RegCloseKey

RegGetValueW

Exports

CheckIfPackageValid

CheckMemorySpaceSufficient

CheckSelectPathIsAvailable

DetectOS

GetIncompatibleAppName

GetIncompatibleAppNum

GetInstallTimeStamp

GetLocalDiskDrive

GetRegSysCrashControl

InitJsonPath

UpdateQuarantineConfigFile

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/NsisEdrThread.dll

.dll windows:6 windows x86 arch:x86

0ba57245203e0d94172188352e19f651

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\lq_test\edr_agent_compile\edr_agent\output\nsis_edrthread\NsisEdrThread.pdb

Imports

kernel32

CloseHandle

Sleep

CreateThread

GlobalFree

lstrcpyW

lstrcpynW

GlobalAlloc

WideCharToMultiByte

MultiByteToWideChar

GetCurrentProcess

GetModuleHandleW

IsProcessorFeaturePresent

GetStartupInfoW

SetUnhandledExceptionFilter

UnhandledExceptionFilter

IsDebuggerPresent

InitializeSListHead

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCurrentProcessId

QueryPerformanceCounter

TerminateProcess

user32

wsprintfW

vcruntime140

__std_type_info_destroy_list

_except_handler4_common

memset

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table

terminate

_initterm_e

_initterm

_initialize_narrow_environment

_crt_atexit

_cexit

_seh_filter_dll

_crt_at_quick_exit

_configure_narrow_argv

_register_onexit_function

_initialize_onexit_table

Exports

Start

Stop

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW

GlobalFree

GlobalSize

lstrcpynW

lstrcpyW

GetProcAddress

WideCharToMultiByte

VirtualFree

FreeLibrary

lstrlenW

LoadLibraryW

GlobalAlloc

MultiByteToWideChar

VirtualAlloc

VirtualProtect

GetLastError

user32

wsprintfW

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/bg.bmp

$PLUGINSDIR/bgrepair.bmp

$PLUGINSDIR/compatible.json

$PLUGINSDIR/global_sign.cer

$PLUGINSDIR/installconfig.ini

$PLUGINSDIR/nsDialogs.dll

.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW

lstrcpyW

MulDiv

lstrlenW

HeapFree

GetCurrentDirectoryW

lstrcmpiW

GetProcessHeap

HeapReAlloc

GlobalFree

lstrcpynW

GlobalAlloc

SetCurrentDirectoryW

HeapAlloc

user32

DestroyWindow

CallWindowProcW

SetCursor

LoadCursorW

GetPropW

CharPrevW

DrawFocusRect

GetWindowLongW

DrawTextW

GetClientRect

SetWindowLongW

GetDlgItem

GetSysColor

SetWindowPos

CreateDialogParamW

MapDialogRect

GetWindowRect

SetPropW

CreateWindowExW

IsWindow

SetTimer

KillTimer

DispatchMessageW

TranslateMessage

GetMessageW

IsDialogMessageW

ShowWindow

wsprintfW

CharNextW

SendMessageW

MapWindowPoints

RemovePropW

GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

comdlg32

GetSaveFileNameW

GetOpenFileNameW

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Create

CreateControl

CreateItem

CreateTimer

GetUserData

KillTimer

OnBack

OnChange

OnClick

OnNotify

SelectFileDialog

SelectFolderDialog

SetRTL

SetUserData

Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsExec.dll

.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

IsTextUnicode

user32

wsprintfW

CharNextExA

SendMessageW

FindWindowExW

CharNextW

CharPrevW

kernel32

CreatePipe

DeleteFileW

lstrcmpiW

GetCommandLineW

ExitProcess

Sleep

TerminateProcess

GlobalReAlloc

MultiByteToWideChar

IsDBCSLeadByteEx

ReadFile

PeekNamedPipe

GetExitCodeProcess

WaitForSingleObject

GetTickCount

lstrcpyW

CreateProcessW

GetStartupInfoW

CreateFileMappingW

GetVersion

GetCurrentProcess

lstrcpynW

lstrlenW

lstrcatW

CloseHandle

UnmapViewOfFile

MapViewOfFile

GlobalFree

CreateFileW

CopyFileW

GetTempFileNameW

GlobalAlloc

GetModuleFileNameW

GetProcAddress

GetModuleHandleA

Exports

Exec

ExecToLog

ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/EDRClient.exe

.exe windows:6 windows x64 arch:x64

fd0d9b6b9ad7d9b70d2e57bcb41b230e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

49:02:04:8b:f0:f4:21:5f:14:04:44:43:5c:93:dc:54:4b:5f:ca:93:62:f0:5b:bf:29:34:17:ba:4e:85:d0:12:c6:5a:90:99:79:3d:1e:a8:ae:0f:ee:98:20:f6:dd:10:c6:d4:95:05:ec:89:66:f3:a5:be:da:ed:ed:a0:61:c4
Signer

Actual PE Digest

49:02:04:8b:f0:f4:21:5f:14:04:44:43:5c:93:dc:54:4b:5f:ca:93:62:f0:5b:bf:29:34:17:ba:4e:85:d0:12:c6:5a:90:99:79:3d:1e:a8:ae:0f:ee:98:20:f6:dd:10:c6:d4:95:05:ec:89:66:f3:a5:be:da:ed:ed:a0:61:c4

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRClient.pdb

Imports

edrlineedit

??1EdrLineEdit@@UEAA@XZ

?SetError@EdrLineEdit@@QEAAX_N0@Z

?eventFilter@EdrLineEdit@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

?focusInEvent@EdrLineEdit@@MEAAXPEAVQFocusEvent@@@Z

?focusOutEvent@EdrLineEdit@@MEAAXPEAVQFocusEvent@@@Z

?metaObject@EdrLineEdit@@UEBAPEBUQMetaObject@@XZ

??0EdrLineEdit@@QEAA@PEAVQWidget@@@Z

?qt_metacall@EdrLineEdit@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@EdrLineEdit@@UEAAPEAXPEBD@Z

?Text@EdrLineEdit@@QEBA?AVQString@@XZ

?SetText@EdrLineEdit@@QEAAXAEBVQString@@@Z

?staticMetaObject@EdrLineEdit@@2UQMetaObject@@B

?SetReadOnly@EdrLineEdit@@QEAAX_N@Z

edrswitchbutton

?staticMetaObject@EdrSwitchButton@@2UQMetaObject@@B

?qt_metacast@EdrSwitchButton@@UEAAPEAXPEBD@Z

?qt_metacall@EdrSwitchButton@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@EdrSwitchButton@@MEAAXPEAVQPaintEvent@@@Z

?mousePressEvent@EdrSwitchButton@@MEAAXPEAVQMouseEvent@@@Z

?metaObject@EdrSwitchButton@@UEBAPEBUQMetaObject@@XZ

?SetChecked@EdrSwitchButton@@QEAAX_N@Z

?StatusChanged@EdrSwitchButton@@QEAAX_N@Z

?Checked@EdrSwitchButton@@QEBA_NXZ

??0EdrSwitchButton@@QEAA@PEAVQWidget@@@Z

??1EdrSwitchButton@@UEAA@XZ

edrradiobutton

?qt_metacast@EdrRadioButton@@UEAAPEAXPEBD@Z

??0EdrRadioButton@@QEAA@PEAVQWidget@@@Z

?SetEnabled@EdrRadioButton@@QEAAX_N@Z

??1EdrRadioButton@@UEAA@XZ

?metaObject@EdrRadioButton@@UEBAPEBUQMetaObject@@XZ

?qt_metacall@EdrRadioButton@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

edrtablewidget

?SetModel@EdrTableView@@UEAAXPEAVEdrStandardItemModel@@_N@Z

?SetRowHeight@EdrTableView@@MEAAXH@Z

?metaObject@EdrTableView@@UEBAPEBUQMetaObject@@XZ

?qt_metacall@EdrTableView@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@EdrTableView@@UEAAPEAXPEBD@Z

??1EdrTableView@@UEAA@XZ

?SetPagedModel@EdrTableWidget@@QEAAXPEAVPagedEdrItemModel@@_N@Z

?GetTableView@EdrTableWidget@@QEAAPEAVEdrTableView@@XZ

?SetHeaderCheckBoxEnabled@EdrTableView@@QEAAX_N@Z

?SetModel@EdrTableWidget@@QEAAXPEAVEdrStandardItemModel@@_N@Z

?UpdateView@EdrTableView@@QEAAXXZ

?RegisterLogFunc@EdrTableView@@SAXP6AXW4ComponentsLogLevel@@PEBDZZ@Z

?SetColumnWidth@EdrTableView@@QEAAXHH@Z

??0EdrTableView@@QEAA@PEAVQWidget@@@Z

??0EdrTableWidget@@QEAA@PEAVQWidget@@@Z

edrpushbutton

?eventFilter@EdrPushButton@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

??1EdrPushButton@@UEAA@XZ

?SetEnabled@EdrPushButton@@QEAAX_N@Z

?staticMetaObject@EdrPushButton@@2UQMetaObject@@B

?qt_metacast@EdrPushButton@@UEAAPEAXPEBD@Z

?qt_metacall@EdrPushButton@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?metaObject@EdrPushButton@@UEBAPEBUQMetaObject@@XZ

??0EdrPushButton@@QEAA@PEAVQWidget@@@Z

edrsimplepagebar

?SetPageSize@EdrSimplePageBar@@QEAAXH@Z

?SetTotalNum@EdrSimplePageBar@@QEAAXH@Z

?ConnectPagedEdrItemModel@EdrSimplePageBar@@QEAAXPEAVPagedEdrItemModel@@_N@Z

??0EdrSimplePageBar@@QEAA@PEAVQWidget@@@Z

?metaObject@EdrSimplePageBar@@UEBAPEBUQMetaObject@@XZ

?qt_metacall@EdrSimplePageBar@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@EdrSimplePageBar@@UEAAPEAXPEBD@Z

??0EdrComboBox@@QEAA@PEAVQWidget@@@Z

?AddItem@EdrComboBox@@QEAAXAEBVQString@@@Z

?AddItem@EdrComboBox@@QEAAXAEBVQIcon@@AEBVQString@@@Z

??1EdrSimplePageBar@@UEAA@XZ

edrdynamicborderwidget

?Stop@EdrDynamicBorderWidget@@QEAAXXZ

?Pause@EdrDynamicBorderWidget@@QEAAXXZ

??0EdrDynamicBorderWidget@@QEAA@PEAVQWidget@@@Z

?SetGradientStartColor@EdrDynamicBorderWidget@@QEAAXAEBVQColor@@@Z

?SetGradientEndColor@EdrDynamicBorderWidget@@QEAAXAEBVQColor@@@Z

?Start@EdrDynamicBorderWidget@@QEAAXXZ

edrpngmovieplayer

?timerEvent@EdrPngMoviePlayer@@MEAAXPEAVQTimerEvent@@@Z

?qt_metacast@EdrPngMoviePlayer@@UEAAPEAXPEBD@Z

?qt_metacall@EdrPngMoviePlayer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@EdrPngMoviePlayer@@MEAAXPEAVQPaintEvent@@@Z

??0EdrPngMoviePlayer@@QEAA@PEAVQWidget@@@Z

?Start@EdrPngMoviePlayer@@QEAAXXZ

?Stop@EdrPngMoviePlayer@@QEAAXXZ

??1EdrPngMoviePlayer@@UEAA@XZ

?metaObject@EdrPngMoviePlayer@@UEBAPEBUQMetaObject@@XZ

edrcheckbox

??1EdrCheckBox@@UEAA@XZ

?qt_metacast@EdrCheckBox@@UEAAPEAXPEBD@Z

?metaObject@EdrCheckBox@@UEBAPEBUQMetaObject@@XZ

??0EdrCheckBox@@QEAA@PEAVQWidget@@@Z

?qt_metacall@EdrCheckBox@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

edrtableview

?staticMetaObject@EdrTableView@@2UQMetaObject@@B

?SetCheckBoxHeader@EdrTableView@@QEAAX_N@Z

qt5widgets

?keyPressEvent@QAbstractButton@@MEAAXPEAVQKeyEvent@@@Z

?staticMetaObject@QStyledItemDelegate@@2UQMetaObject@@B

?qt_metacall@QStyledItemDelegate@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QStyledItemDelegate@@UEAAPEAXPEBD@Z

?updateEditorGeometry@QStyledItemDelegate@@UEBAXPEAVQWidget@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?unpolish@QProxyStyle@@UEAAXPEAVQWidget@@@Z

?unpolish@QProxyStyle@@UEAAXPEAVQApplication@@@Z

?subElementRect@QProxyStyle@@UEBA?AVQRect@@W4SubElement@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z

?subControlRect@QProxyStyle@@UEBA?AVQRect@@W4ComplexControl@QStyle@@PEBVQStyleOptionComplex@@W4SubControl@4@PEBVQWidget@@@Z

?styleHint@QProxyStyle@@UEBAHW4StyleHint@QStyle@@PEBVQStyleOption@@PEBVQWidget@@PEAVQStyleHintReturn@@@Z

?standardPixmap@QProxyStyle@@UEBA?AVQPixmap@@W4StandardPixmap@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z

?standardPalette@QProxyStyle@@UEBA?AVQPalette@@XZ

?standardIcon@QProxyStyle@@UEBA?AVQIcon@@W4StandardPixmap@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z

?sizeHint@QStyledItemDelegate@@UEBA?AVQSize@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?sizeFromContents@QProxyStyle@@UEBA?AVQSize@@W4ContentsType@QStyle@@PEBVQStyleOption@@AEBV2@PEBVQWidget@@@Z

?setModelData@QStyledItemDelegate@@UEBAXPEAVQWidget@@PEAVQAbstractItemModel@@AEBVQModelIndex@@@Z

?setEditorData@QStyledItemDelegate@@UEBAXPEAVQWidget@@AEBVQModelIndex@@@Z

?qt_metacast@QProxyStyle@@UEAAPEAXPEBD@Z

?qt_metacall@QProxyStyle@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?polish@QProxyStyle@@UEAAXPEAVQWidget@@@Z

?polish@QProxyStyle@@UEAAXPEAVQApplication@@@Z

?polish@QProxyStyle@@UEAAXAEAVQPalette@@@Z

?paintingRoles@QAbstractItemDelegate@@UEBA?AV?$QVector@H@@XZ

?metaObject@QProxyStyle@@UEBAPEBUQMetaObject@@XZ

?layoutSpacing@QProxyStyle@@UEBAHW4ControlType@QSizePolicy@@0W4Orientation@Qt@@PEBVQStyleOption@@PEBVQWidget@@@Z

?itemTextRect@QProxyStyle@@UEBA?AVQRect@@AEBVQFontMetrics@@AEBV2@H_NAEBVQString@@@Z

?itemPixmapRect@QProxyStyle@@UEBA?AVQRect@@AEBV2@HAEBVQPixmap@@@Z

?initStyleOption@QStyledItemDelegate@@MEBAXPEAVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?hitTestComplexControl@QProxyStyle@@UEBA?AW4SubControl@QStyle@@W4ComplexControl@3@PEBVQStyleOptionComplex@@AEBVQPoint@@PEBVQWidget@@@Z

?helpEvent@QAbstractItemDelegate@@UEAA_NPEAVQHelpEvent@@PEAVQAbstractItemView@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?generatedIconPixmap@QProxyStyle@@UEBA?AVQPixmap@@W4Mode@QIcon@@AEBV2@PEBVQStyleOption@@@Z

?eventFilter@QStyledItemDelegate@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

?event@QProxyStyle@@MEAA_NPEAVQEvent@@@Z

?editorEvent@QStyledItemDelegate@@MEAA_NPEAVQEvent@@PEAVQAbstractItemModel@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?drawPrimitive@QProxyStyle@@UEBAXW4PrimitiveElement@QStyle@@PEBVQStyleOption@@PEAVQPainter@@PEBVQWidget@@@Z

?drawItemText@QProxyStyle@@UEBAXPEAVQPainter@@AEBVQRect@@HAEBVQPalette@@_NAEBVQString@@W4ColorRole@4@@Z

?drawItemPixmap@QProxyStyle@@UEBAXPEAVQPainter@@AEBVQRect@@HAEBVQPixmap@@@Z

?drawControl@QProxyStyle@@UEBAXW4ControlElement@QStyle@@PEBVQStyleOption@@PEAVQPainter@@PEBVQWidget@@@Z

?drawComplexControl@QProxyStyle@@UEBAXW4ComplexControl@QStyle@@PEBVQStyleOptionComplex@@PEAVQPainter@@PEBVQWidget@@@Z

?displayText@QStyledItemDelegate@@UEBA?AVQString@@AEBVQVariant@@AEBVQLocale@@@Z

?destroyEditor@QAbstractItemDelegate@@UEBAXPEAVQWidget@@AEBVQModelIndex@@@Z

?createEditor@QStyledItemDelegate@@UEBAPEAVQWidget@@PEAV2@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?paint@QStyledItemDelegate@@UEBAXPEAVQPainter@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

??1QStyledItemDelegate@@UEAA@XZ

??0QStyledItemDelegate@@QEAA@PEAVQObject@@@Z

?model@QAbstractItemView@@QEBAPEAVQAbstractItemModel@@XZ

??1QStyleOptionViewItem@@QEAA@XZ

??0QStyleOptionViewItem@@QEAA@AEBV0@@Z

?pixelMetric@QProxyStyle@@UEBAHW4PixelMetric@QStyle@@PEBVQStyleOption@@PEBVQWidget@@@Z

??1QProxyStyle@@UEAA@XZ

??0QProxyStyle@@QEAA@PEAVQStyle@@@Z

?warning@QMessageBox@@SA?AW4StandardButton@1@PEAVQWidget@@AEBVQString@@1V?$QFlags@W4StandardButton@QMessageBox@@@@W421@@Z

?styleSheet@QWidget@@QEBA?AVQString@@XZ

?fontMetrics@QApplication@@SA?AVQFontMetrics@@XZ

?style@QApplication@@SAPEAVQStyle@@XZ

?staticMetaObject@QSplitter@@2UQMetaObject@@B

?sizeHint@QSplitter@@UEBA?AVQSize@@XZ

?resizeEvent@QSplitter@@MEAAXPEAVQResizeEvent@@@Z

?qt_metacast@QSplitter@@UEAAPEAXPEBD@Z

?qt_metacall@QSplitter@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?minimumSizeHint@QSplitter@@UEBA?AVQSize@@XZ

?metaObject@QSplitter@@UEBAPEBUQMetaObject@@XZ

?event@QSplitter@@MEAA_NPEAVQEvent@@@Z

?createHandle@QSplitter@@MEAAPEAVQSplitterHandle@@XZ

?childEvent@QSplitter@@MEAAXPEAVQChildEvent@@@Z

?changeEvent@QSplitter@@MEAAXPEAVQEvent@@@Z

?clear@QComboBox@@QEAAXXZ

?insertItem@QComboBox@@QEAAXHAEBVQIcon@@AEBVQString@@AEBVQVariant@@@Z

?itemText@QComboBox@@QEBA?AVQString@@H@Z

?setEditable@QComboBox@@QEAAX_N@Z

?count@QComboBox@@QEBAHXZ

?splitterMoved@QSplitter@@QEAAXHH@Z

?setHandleWidth@QSplitter@@QEAAXH@Z

?sizes@QSplitter@@QEBA?AV?$QList@H@@XZ

?setChildrenCollapsible@QSplitter@@QEAAX_N@Z

?setOrientation@QSplitter@@QEAAXW4Orientation@Qt@@@Z

?addWidget@QSplitter@@QEAAXPEAVQWidget@@@Z

??1QSplitter@@UEAA@XZ

??0QSplitter@@QEAA@PEAVQWidget@@@Z

?setDefault@QPushButton@@QEAAX_N@Z

?verticalHeader@QTableView@@QEBAPEAVQHeaderView@@XZ

?doubleClicked@QAbstractItemView@@QEAAXAEBVQModelIndex@@@Z

?setSelectionBehavior@QAbstractItemView@@QEAAXW4SelectionBehavior@1@@Z

?setSelectionMode@QAbstractItemView@@QEAAXW4SelectionMode@1@@Z

??1QFileIconProvider@@UEAA@XZ

??0QFileIconProvider@@QEAA@XZ

?whatsThis@QWidget@@QEBA?AVQString@@XZ

?setWhatsThis@QWidget@@QEAAXAEBVQString@@@Z

?header@QTreeView@@QEBAPEAVQHeaderView@@XZ

?setMinimumSectionSize@QHeaderView@@QEAAXH@Z

?setStretchLastSection@QHeaderView@@QEAAX_N@Z

?setSectionResizeMode@QHeaderView@@QEAAXW4ResizeMode@1@@Z

?setHorizontalScrollMode@QAbstractItemView@@QEAAXW4ScrollMode@1@@Z

?currentIndex@QAbstractItemView@@QEBA?AVQModelIndex@@XZ

?staticMetaObject@QComboBox@@2UQMetaObject@@B

?currentIndexChanged@QComboBox@@QEAAXH@Z

?setCurrentIndex@QComboBox@@QEAAXH@Z

?currentText@QComboBox@@QEBA?AVQString@@XZ

?findData@QComboBox@@QEBAHAEBVQVariant@@HV?$QFlags@W4MatchFlag@Qt@@@@@Z

?setRowHeight@QTableView@@QEAAXHH@Z

?setIndexWidget@QAbstractItemView@@QEAAXAEBVQModelIndex@@PEAVQWidget@@@Z

?addAction@QMenu@@QEAAPEAVQAction@@AEBVQString@@@Z

?staticMetaObject@QTreeView@@2UQMetaObject@@B

?visualRegionForSelection@QTreeView@@MEBA?AVQRegion@@AEBVQItemSelection@@@Z

?visualRect@QTreeView@@UEBA?AVQRect@@AEBVQModelIndex@@@Z

?viewportSizeHint@QTreeView@@MEBA?AVQSize@@XZ

?viewportEvent@QTreeView@@MEAA_NPEAVQEvent@@@Z

?viewOptions@QAbstractItemView@@MEBA?AVQStyleOptionViewItem@@XZ

?verticalScrollbarValueChanged@QTreeView@@MEAAXH@Z

?verticalScrollbarAction@QAbstractItemView@@MEAAXH@Z

?verticalOffset@QTreeView@@MEBAHXZ

?updateGeometries@QTreeView@@MEAAXXZ

?timerEvent@QTreeView@@MEAAXPEAVQTimerEvent@@@Z

?sizeHintForRow@QAbstractItemView@@UEBAHH@Z

?sizeHintForColumn@QTreeView@@MEBAHH@Z

?setSelectionModel@QTreeView@@UEAAXPEAVQItemSelectionModel@@@Z

?setSelection@QTreeView@@MEAAXAEBVQRect@@V?$QFlags@W4SelectionFlag@QItemSelectionModel@@@@@Z

?setRootIndex@QTreeView@@UEAAXAEBVQModelIndex@@@Z

?setModel@QTreeView@@UEAAXPEAVQAbstractItemModel@@@Z

?selectionChanged@QTreeView@@MEAAXAEBVQItemSelection@@0@Z

?selectedIndexes@QTreeView@@MEBA?AV?$QList@VQModelIndex@@@@XZ

?selectAll@QTreeView@@UEAAXXZ

?scrollTo@QTreeView@@UEAAXAEBVQModelIndex@@W4ScrollHint@QAbstractItemView@@@Z

?scrollContentsBy@QTreeView@@MEAAXHH@Z

?rowsInserted@QTreeView@@MEAAXAEBVQModelIndex@@HH@Z

?rowsAboutToBeRemoved@QTreeView@@MEAAXAEBVQModelIndex@@HH@Z

?reset@QTreeView@@UEAAXXZ

?qt_metacast@QTreeView@@UEAAPEAXPEBD@Z

?qt_metacall@QTreeView@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@QTreeView@@MEAAXPEAVQPaintEvent@@@Z

?moveCursor@QTreeView@@MEAA?AVQModelIndex@@W4CursorAction@QAbstractItemView@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z

?mouseReleaseEvent@QTreeView@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QTreeView@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QTreeView@@MEAAXPEAVQMouseEvent@@@Z

?mouseDoubleClickEvent@QTreeView@@MEAAXPEAVQMouseEvent@@@Z

?metaObject@QTreeView@@UEBAPEBUQMetaObject@@XZ

?keyboardSearch@QTreeView@@UEAAXAEBVQString@@@Z

?keyPressEvent@QTreeView@@MEAAXPEAVQKeyEvent@@@Z

?isIndexHidden@QTreeView@@MEBA_NAEBVQModelIndex@@@Z

?indexAt@QTreeView@@UEBA?AVQModelIndex@@AEBVQPoint@@@Z

?horizontalScrollbarAction@QTreeView@@MEAAXH@Z

?horizontalOffset@QTreeView@@MEBAHXZ

?drawRow@QTreeView@@MEBAXPEAVQPainter@@AEBVQStyleOptionViewItem@@AEBVQModelIndex@@@Z

?drawBranches@QTreeView@@MEBAXPEAVQPainter@@AEBVQRect@@AEBVQModelIndex@@@Z

?dragMoveEvent@QTreeView@@MEAAXPEAVQDragMoveEvent@@@Z

?doItemsLayout@QTreeView@@UEAAXXZ

?wheelEvent@QMenu@@MEAAXPEAVQWheelEvent@@@Z

?dataChanged@QTreeView@@UEAAXAEBVQModelIndex@@0AEBV?$QVector@H@@@Z

?currentChanged@QTreeView@@MEAAXAEBVQModelIndex@@0@Z

?expanded@QTreeView@@QEAAXAEBVQModelIndex@@@Z

?setHeaderHidden@QTreeView@@QEAAX_N@Z

??1QTreeView@@UEAA@XZ

??0QTreeView@@QEAA@PEAVQWidget@@@Z

?setEditTriggers@QAbstractItemView@@QEAAXV?$QFlags@W4EditTrigger@QAbstractItemView@@@@@Z

?setSpacing@QGridLayout@@QEAAXH@Z

?setColumnWidth@QTableView@@QEAAXHH@Z

?checkState@QCheckBox@@QEBA?AW4CheckState@Qt@@XZ

?setMaximumHeight@QWidget@@QEAAXH@Z

?setDisabled@QWidget@@QEAAX_N@Z

?staticMetaObject@QAbstractItemView@@2UQMetaObject@@B

?clicked@QAbstractItemView@@QEAAXAEBVQModelIndex@@@Z

?clearSelection@QAbstractItemView@@QEAAXXZ

?setAcceptDrops@QWidget@@QEAAX_N@Z

?setContextMenuPolicy@QWidget@@QEAAXW4ContextMenuPolicy@Qt@@@Z

?setIndent@QLabel@@QEAAXH@Z

?setTextFormat@QLabel@@QEAAXW4TextFormat@Qt@@@Z

?takeAt@QFormLayout@@UEAAPEAVQLayoutItem@@H@Z

?sizeHint@QFormLayout@@UEBA?AVQSize@@XZ

?setGeometry@QFormLayout@@UEAAXAEBVQRect@@@Z

?qt_metacast@QFormLayout@@UEAAPEAXPEBD@Z

?qt_metacall@QFormLayout@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?minimumSize@QFormLayout@@UEBA?AVQSize@@XZ

?metaObject@QFormLayout@@UEBAPEBUQMetaObject@@XZ

?maximumSize@QLayout@@UEBA?AVQSize@@XZ

?itemAt@QFormLayout@@UEBAPEAVQLayoutItem@@H@Z

?invalidate@QFormLayout@@UEAAXXZ

?heightForWidth@QFormLayout@@UEBAHH@Z

?hasHeightForWidth@QFormLayout@@UEBA_NXZ

?expandingDirections@QFormLayout@@UEBA?AV?$QFlags@W4Orientation@Qt@@@@XZ

?count@QFormLayout@@UEBAHXZ

?addItem@QFormLayout@@UEAAXPEAVQLayoutItem@@@Z

?setWidget@QFormLayout@@QEAAXHW4ItemRole@1@PEAVQWidget@@@Z

?setVerticalSpacing@QFormLayout@@QEAAXH@Z

?setHorizontalSpacing@QFormLayout@@QEAAXH@Z

??1QFormLayout@@UEAA@XZ

??0QFormLayout@@QEAA@PEAVQWidget@@@Z

?qt_metacall@QSystemTrayIcon@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QSystemTrayIcon@@UEAAPEAXPEBD@Z

?finished@QDialog@@QEAAXH@Z

?staticMetaObject@QSystemTrayIcon@@2UQMetaObject@@B

?event@QSystemTrayIcon@@MEAA_NPEAVQEvent@@@Z

?exec@QMenu@@QEAAPEAVQAction@@AEBVQPoint@@PEAV2@@Z

?activated@QSystemTrayIcon@@QEAAXW4ActivationReason@1@@Z

?setToolTip@QSystemTrayIcon@@QEAAXAEBVQString@@@Z

?toolTip@QSystemTrayIcon@@QEBA?AVQString@@XZ

?setIcon@QSystemTrayIcon@@QEAAXAEBVQIcon@@@Z

??1QSystemTrayIcon@@UEAA@XZ

??0QSystemTrayIcon@@QEAA@PEAVQObject@@@Z

?setFixedHeight@QWidget@@QEAAXH@Z

?staticMetaObject@QCheckBox@@2UQMetaObject@@B

?visualRegionForSelection@QTableView@@MEBA?AVQRegion@@AEBVQItemSelection@@@Z

?visualRect@QTableView@@UEBA?AVQRect@@AEBVQModelIndex@@@Z

?viewportSizeHint@QTableView@@MEBA?AVQSize@@XZ

?viewportEvent@QAbstractItemView@@MEAA_NPEAVQEvent@@@Z

?viewOptions@QTableView@@MEBA?AVQStyleOptionViewItem@@XZ

?verticalScrollbarValueChanged@QAbstractItemView@@MEAAXH@Z

?verticalScrollbarAction@QTableView@@MEAAXH@Z

?verticalOffset@QTableView@@MEBAHXZ

?updateGeometries@QTableView@@MEAAXXZ

?updateEditorGeometries@QAbstractItemView@@MEAAXXZ

?updateEditorData@QAbstractItemView@@MEAAXXZ

?timerEvent@QTableView@@MEAAXPEAVQTimerEvent@@@Z

?startDrag@QAbstractItemView@@MEAAXV?$QFlags@W4DropAction@Qt@@@@@Z

?sizeHintForRow@QTableView@@MEBAHH@Z

?sizeHintForColumn@QTableView@@MEBAHH@Z

?setSelectionModel@QTableView@@UEAAXPEAVQItemSelectionModel@@@Z

?setSelection@QTableView@@MEAAXAEBVQRect@@V?$QFlags@W4SelectionFlag@QItemSelectionModel@@@@@Z

?setRootIndex@QTableView@@UEAAXAEBVQModelIndex@@@Z

?setModel@QTableView@@UEAAXPEAVQAbstractItemModel@@@Z

?selectionCommand@QAbstractItemView@@MEBA?AV?$QFlags@W4SelectionFlag@QItemSelectionModel@@@@AEBVQModelIndex@@PEBVQEvent@@@Z

?selectionChanged@QTableView@@MEAAXAEBVQItemSelection@@0@Z

?selectedIndexes@QTableView@@MEBA?AV?$QList@VQModelIndex@@@@XZ

?selectAll@QAbstractItemView@@UEAAXXZ

?scrollTo@QTableView@@UEAAXAEBVQModelIndex@@W4ScrollHint@QAbstractItemView@@@Z

?scrollContentsBy@QTableView@@MEAAXHH@Z

?rowsInserted@QAbstractItemView@@MEAAXAEBVQModelIndex@@HH@Z

?rowsAboutToBeRemoved@QAbstractItemView@@MEAAXAEBVQModelIndex@@HH@Z

?resizeEvent@QAbstractItemView@@MEAAXPEAVQResizeEvent@@@Z

?reset@QAbstractItemView@@UEAAXXZ

?paintEvent@QTableView@@MEAAXPEAVQPaintEvent@@@Z

?moveCursor@QTableView@@MEAA?AVQModelIndex@@W4CursorAction@QAbstractItemView@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z

?mouseReleaseEvent@QAbstractItemView@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QAbstractItemView@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QAbstractItemView@@MEAAXPEAVQMouseEvent@@@Z

?mouseDoubleClickEvent@QAbstractItemView@@MEAAXPEAVQMouseEvent@@@Z

?keyboardSearch@QAbstractItemView@@UEAAXAEBVQString@@@Z

?keyPressEvent@QAbstractItemView@@MEAAXPEAVQKeyEvent@@@Z

?isIndexHidden@QTableView@@MEBA_NAEBVQModelIndex@@@Z

?inputMethodQuery@QAbstractItemView@@UEBA?AVQVariant@@W4InputMethodQuery@Qt@@@Z

?inputMethodEvent@QAbstractItemView@@MEAAXPEAVQInputMethodEvent@@@Z

?indexAt@QTableView@@UEBA?AVQModelIndex@@AEBVQPoint@@@Z

?horizontalScrollbarValueChanged@QAbstractItemView@@MEAAXH@Z

?horizontalScrollbarAction@QTableView@@MEAAXH@Z

?horizontalOffset@QTableView@@MEBAHXZ

?focusOutEvent@QAbstractItemView@@MEAAXPEAVQFocusEvent@@@Z

?focusNextPrevChild@QAbstractItemView@@MEAA_N_N@Z

?focusInEvent@QAbstractItemView@@MEAAXPEAVQFocusEvent@@@Z

?eventFilter@QAbstractItemView@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

?event@QAbstractItemView@@MEAA_NPEAVQEvent@@@Z

?editorDestroyed@QAbstractItemView@@MEAAXPEAVQObject@@@Z

?edit@QAbstractItemView@@MEAA_NAEBVQModelIndex@@W4EditTrigger@1@PEAVQEvent@@@Z

?dropEvent@QAbstractItemView@@MEAAXPEAVQDropEvent@@@Z

?dragMoveEvent@QAbstractItemView@@MEAAXPEAVQDragMoveEvent@@@Z

?dragLeaveEvent@QAbstractItemView@@MEAAXPEAVQDragLeaveEvent@@@Z

?dragEnterEvent@QAbstractItemView@@MEAAXPEAVQDragEnterEvent@@@Z

?doItemsLayout@QTableView@@UEAAXXZ

?dataChanged@QAbstractItemView@@MEAAXAEBVQModelIndex@@0AEBV?$QVector@H@@@Z

?currentChanged@QTableView@@MEAAXAEBVQModelIndex@@0@Z

?commitData@QAbstractItemView@@MEAAXPEAVQWidget@@@Z

?closeEditor@QAbstractItemView@@MEAAXPEAVQWidget@@W4EndEditHint@QAbstractItemDelegate@@@Z

?stateChanged@QCheckBox@@QEAAXH@Z

?click@QAbstractButton@@QEAAXXZ

??1QCheckBox@@UEAA@XZ

??0QCheckBox@@QEAA@PEAVQWidget@@@Z

?setFont@QWidget@@QEAAXAEBVQFont@@@Z

?setWindowModality@QWidget@@QEAAXW4WindowModality@Qt@@@Z

?setShortcut@QAbstractButton@@QEAAXAEBVQKeySequence@@@Z

?raise@QWidget@@QEAAXXZ

?currentIndex@QStackedWidget@@QEBAHXZ

?qt_metacast@QRadioButton@@UEAAPEAXPEBD@Z

?qt_metacall@QRadioButton@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?metaObject@QRadioButton@@UEBAPEBUQMetaObject@@XZ

??1QRadioButton@@UEAA@XZ

??0QRadioButton@@QEAA@PEAVQWidget@@@Z

?sizeHint@QRadioButton@@UEBA?AVQSize@@XZ

?paintEvent@QRadioButton@@MEAAXPEAVQPaintEvent@@@Z

?mouseMoveEvent@QRadioButton@@MEAAXPEAVQMouseEvent@@@Z

?minimumSizeHint@QRadioButton@@UEBA?AVQSize@@XZ

?hitButton@QRadioButton@@MEBA_NAEBVQPoint@@@Z

?event@QRadioButton@@MEAA_NPEAVQEvent@@@Z

?setStretch@QBoxLayout@@QEAAXHH@Z

?setSizeConstraint@QLayout@@QEAAXW4SizeConstraint@1@@Z

?setSizeIncrement@QWidget@@QEAAXAEBVQSize@@@Z

?textChanged@QLineEdit@@QEAAXAEBVQString@@@Z

?setValidator@QLineEdit@@QEAAXPEBVQValidator@@@Z

?horizontalScrollBar@QAbstractScrollArea@@QEBAPEAVQScrollBar@@XZ

?verticalScrollBar@QAbstractScrollArea@@QEBAPEAVQScrollBar@@XZ

?setMargin@QLabel@@QEAAXH@Z

?addItem@QGridLayout@@QEAAXPEAVQLayoutItem@@HHHHV?$QFlags@W4AlignmentFlag@Qt@@@@@Z

?setVerticalSpacing@QGridLayout@@QEAAXH@Z

?setHorizontalSpacing@QGridLayout@@QEAAXH@Z

?setFocus@QWidget@@QEAAXW4FocusReason@Qt@@@Z

?staticMetaObject@QButtonGroup@@2UQMetaObject@@B

?wheelEvent@QAbstractScrollArea@@MEAAXPEAVQWheelEvent@@@Z

?viewportSizeHint@QScrollArea@@MEBA?AVQSize@@XZ

?sizeHint@QScrollArea@@UEBA?AVQSize@@XZ

?scrollContentsBy@QScrollArea@@MEAAXHH@Z

?resizeEvent@QScrollArea@@MEAAXPEAVQResizeEvent@@@Z

?qt_metacast@QScrollArea@@UEAAPEAXPEBD@Z

?qt_metacast@QFrame@@UEAAPEAXPEBD@Z

?qt_metacall@QScrollArea@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacall@QFrame@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@QAbstractScrollArea@@MEAAXPEAVQPaintEvent@@@Z

?mouseReleaseEvent@QAbstractScrollArea@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QAbstractScrollArea@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QAbstractScrollArea@@MEAAXPEAVQMouseEvent@@@Z

?mouseDoubleClickEvent@QAbstractScrollArea@@MEAAXPEAVQMouseEvent@@@Z

?metaObject@QScrollArea@@UEBAPEBUQMetaObject@@XZ

?metaObject@QFrame@@UEBAPEBUQMetaObject@@XZ

?keyPressEvent@QAbstractScrollArea@@MEAAXPEAVQKeyEvent@@@Z

?focusNextPrevChild@QScrollArea@@UEAA_N_N@Z

?eventFilter@QScrollArea@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

?event@QScrollArea@@MEAA_NPEAVQEvent@@@Z

?event@QFrame@@MEAA_NPEAVQEvent@@@Z

?dropEvent@QAbstractScrollArea@@MEAAXPEAVQDropEvent@@@Z

?dragMoveEvent@QAbstractScrollArea@@MEAAXPEAVQDragMoveEvent@@@Z

?dragLeaveEvent@QAbstractScrollArea@@MEAAXPEAVQDragLeaveEvent@@@Z

?dragEnterEvent@QAbstractScrollArea@@MEAAXPEAVQDragEnterEvent@@@Z

?contextMenuEvent@QAbstractScrollArea@@MEAAXPEAVQContextMenuEvent@@@Z

?currentWidget@QStackedWidget@@QEBAPEAVQWidget@@XZ

?setWidgetResizable@QScrollArea@@QEAAX_N@Z

?setWidget@QScrollArea@@QEAAXPEAVQWidget@@@Z

??1QScrollArea@@UEAA@XZ

??0QScrollArea@@QEAA@PEAVQWidget@@@Z

?setHorizontalScrollBarPolicy@QAbstractScrollArea@@QEAAXW4ScrollBarPolicy@Qt@@@Z

?setVerticalScrollBarPolicy@QAbstractScrollArea@@QEAAXW4ScrollBarPolicy@Qt@@@Z

?setChecked@QAbstractButton@@QEAAX_N@Z

?setAutoExclusive@QAbstractButton@@QEAAX_N@Z

?setCheckable@QAbstractButton@@QEAAX_N@Z

?text@QAbstractButton@@QEBA?AVQString@@XZ

?setMidLineWidth@QFrame@@QEAAXH@Z

?setLineWidth@QFrame@@QEAAXH@Z

?setFrameShadow@QFrame@@QEAAXW4Shadow@1@@Z

?setFrameShape@QFrame@@QEAAXW4Shape@1@@Z

??1QFrame@@UEAA@XZ

??0QFrame@@QEAA@PEAVQWidget@@V?$QFlags@W4WindowType@Qt@@@@@Z

?idClicked@QButtonGroup@@QEAAXH@Z

?button@QButtonGroup@@QEBAPEAVQAbstractButton@@H@Z

?addButton@QButtonGroup@@QEAAXPEAVQAbstractButton@@H@Z

??1QButtonGroup@@UEAA@XZ

??0QButtonGroup@@QEAA@PEAVQObject@@@Z

?setLayout@QWidget@@QEAAXPEAVQLayout@@@Z

?setGeometry@QWidget@@QEAAXAEBVQRect@@@Z

?setHidden@QWidget@@QEAAX_N@Z

?setToolTip@QWidget@@QEAAXAEBVQString@@@Z

?staticMetaObject@QLineEdit@@2UQMetaObject@@B

?sizeHint@QLineEdit@@UEBA?AVQSize@@XZ

?paintEvent@QLineEdit@@MEAAXPEAVQPaintEvent@@@Z

?mouseReleaseEvent@QLineEdit@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QLineEdit@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QLineEdit@@MEAAXPEAVQMouseEvent@@@Z

?mouseDoubleClickEvent@QLineEdit@@MEAAXPEAVQMouseEvent@@@Z

?minimumSizeHint@QLineEdit@@UEBA?AVQSize@@XZ

?keyPressEvent@QLineEdit@@MEAAXPEAVQKeyEvent@@@Z

?inputMethodQuery@QLineEdit@@UEBA?AVQVariant@@W4InputMethodQuery@Qt@@@Z

?inputMethodEvent@QLineEdit@@MEAAXPEAVQInputMethodEvent@@@Z

?event@QLineEdit@@UEAA_NPEAVQEvent@@@Z

?dropEvent@QLineEdit@@MEAAXPEAVQDropEvent@@@Z

?dragMoveEvent@QLineEdit@@MEAAXPEAVQDragMoveEvent@@@Z

?dragLeaveEvent@QLineEdit@@MEAAXPEAVQDragLeaveEvent@@@Z

?dragEnterEvent@QLineEdit@@MEAAXPEAVQDragEnterEvent@@@Z

?contextMenuEvent@QLineEdit@@MEAAXPEAVQContextMenuEvent@@@Z

?changeEvent@QLineEdit@@MEAAXPEAVQEvent@@@Z

?returnPressed@QLineEdit@@QEAAXXZ

?textEdited@QLineEdit@@QEAAXAEBVQString@@@Z

?setPlaceholderText@QLineEdit@@QEAAXAEBVQString@@@Z

?text@QLineEdit@@QEBA?AVQString@@XZ

?hasFocus@QWidget@@QEBA_NXZ

?wheelEvent@QTextEdit@@MEAAXPEAVQWheelEvent@@@Z

?viewportSizeHint@QAbstractScrollArea@@MEBA?AVQSize@@XZ

?viewportEvent@QAbstractScrollArea@@MEAA_NPEAVQEvent@@@Z

?timerEvent@QTextEdit@@MEAAXPEAVQTimerEvent@@@Z

?sizeHint@QAbstractScrollArea@@UEBA?AVQSize@@XZ

?showEvent@QTextEdit@@MEAAXPEAVQShowEvent@@@Z

?setupViewport@QAbstractScrollArea@@UEAAXPEAVQWidget@@@Z

?scrollContentsBy@QTextEdit@@MEAAXHH@Z

?resizeEvent@QTextEdit@@MEAAXPEAVQResizeEvent@@@Z

?qt_metacast@QTextEdit@@UEAAPEAXPEBD@Z

?qt_metacall@QTextEdit@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@QTextEdit@@MEAAXPEAVQPaintEvent@@@Z

?mouseReleaseEvent@QTextEdit@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QTextEdit@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QTextEdit@@MEAAXPEAVQMouseEvent@@@Z

?mouseDoubleClickEvent@QTextEdit@@MEAAXPEAVQMouseEvent@@@Z

?minimumSizeHint@QAbstractScrollArea@@UEBA?AVQSize@@XZ

?metaObject@QTextEdit@@UEBAPEBUQMetaObject@@XZ

?loadResource@QTextEdit@@UEAA?AVQVariant@@HAEBVQUrl@@@Z

?keyReleaseEvent@QTextEdit@@MEAAXPEAVQKeyEvent@@@Z

?keyPressEvent@QTextEdit@@MEAAXPEAVQKeyEvent@@@Z

?insertFromMimeData@QTextEdit@@MEAAXPEBVQMimeData@@@Z

?inputMethodQuery@QTextEdit@@UEBA?AVQVariant@@W4InputMethodQuery@Qt@@@Z

?inputMethodEvent@QTextEdit@@MEAAXPEAVQInputMethodEvent@@@Z

?focusOutEvent@QTextEdit@@MEAAXPEAVQFocusEvent@@@Z

?focusNextPrevChild@QTextEdit@@MEAA_N_N@Z

?focusInEvent@QTextEdit@@MEAAXPEAVQFocusEvent@@@Z

?eventFilter@QAbstractScrollArea@@MEAA_NPEAVQObject@@PEAVQEvent@@@Z

?event@QTextEdit@@MEAA_NPEAVQEvent@@@Z

?keyReleaseEvent@QAbstractButton@@MEAAXPEAVQKeyEvent@@@Z

?mousePressEvent@QAbstractButton@@MEAAXPEAVQMouseEvent@@@Z

?mouseReleaseEvent@QAbstractButton@@MEAAXPEAVQMouseEvent@@@Z

?timerEvent@QMenu@@MEAAXPEAVQTimerEvent@@@Z

?sizeHint@QMenu@@UEBA?AVQSize@@XZ

?qt_metacast@QAction@@UEAAPEAXPEBD@Z

?qt_metacall@QAction@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@QMenu@@MEAAXPEAVQPaintEvent@@@Z

?mouseReleaseEvent@QMenu@@MEAAXPEAVQMouseEvent@@@Z

?mousePressEvent@QMenu@@MEAAXPEAVQMouseEvent@@@Z

?mouseMoveEvent@QMenu@@MEAAXPEAVQMouseEvent@@@Z

?metaObject@QAction@@UEBAPEBUQMetaObject@@XZ

?leaveEvent@QMenu@@MEAAXPEAVQEvent@@@Z

?keyPressEvent@QMenu@@MEAAXPEAVQKeyEvent@@@Z

?hideEvent@QMenu@@MEAAXPEAVQHideEvent@@@Z

?focusNextPrevChild@QMenu@@MEAA_N_N@Z

?event@QMenu@@MEAA_NPEAVQEvent@@@Z

?event@QAction@@MEAA_NPEAVQEvent@@@Z

?enterEvent@QMenu@@MEAAXPEAVQEvent@@@Z

?changeEvent@QMenu@@MEAAXPEAVQEvent@@@Z

?actionEvent@QMenu@@MEAAXPEAVQActionEvent@@@Z

?setIcon@QMenu@@QEAAXAEBVQIcon@@@Z

?setTitle@QMenu@@QEAAXAEBVQString@@@Z

?addMenu@QMenu@@QEAAPEAVQAction@@PEAV1@@Z

??1QMenu@@UEAA@XZ

??0QMenu@@QEAA@PEAVQWidget@@@Z

?triggered@QAction@@QEAAX_N@Z

??1QAction@@UEAA@XZ

??0QAction@@QEAA@AEBVQIcon@@AEBVQString@@PEAVQObject@@@Z

?addAction@QWidget@@QEAAXPEAVQAction@@@Z

?staticMetaObject@QMenu@@2UQMetaObject@@B

?qt_metacall@QMenu@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QMenu@@UEAAPEAXPEBD@Z

?staticMetaObject@QLabel@@2UQMetaObject@@B

?staticMetaObject@QAbstractButton@@2UQMetaObject@@B

?text@QProgressBar@@UEBA?AVQString@@XZ

?takeAt@QBoxLayout@@UEAAPEAVQLayoutItem@@H@Z

?spacerItem@QSpacerItem@@UEAAPEAV1@XZ

?sizeHint@QSpacerItem@@UEBA?AVQSize@@XZ

?sizeHint@QPushButton@@UEBA?AVQSize@@XZ

?sizeHint@QProgressBar@@UEBA?AVQSize@@XZ

?sizeHint@QFrame@@UEBA?AVQSize@@XZ

?sizeHint@QBoxLayout@@UEBA?AVQSize@@XZ

?setGeometry@QSpacerItem@@UEAAXAEBVQRect@@@Z

?setGeometry@QBoxLayout@@UEAAXAEBVQRect@@@Z

?qt_metacast@QVBoxLayout@@UEAAPEAXPEBD@Z

?qt_metacast@QStackedWidget@@UEAAPEAXPEBD@Z

?qt_metacast@QPushButton@@UEAAPEAXPEBD@Z

?qt_metacast@QProgressBar@@UEAAPEAXPEBD@Z

?qt_metacast@QHBoxLayout@@UEAAPEAXPEBD@Z

?qt_metacall@QVBoxLayout@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacall@QStackedWidget@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacall@QPushButton@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacall@QProgressBar@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacall@QHBoxLayout@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?paintEvent@QPushButton@@MEAAXPEAVQPaintEvent@@@Z

?paintEvent@QProgressBar@@MEAAXPEAVQPaintEvent@@@Z

?paintEvent@QFrame@@MEAAXPEAVQPaintEvent@@@Z

?nextCheckState@QAbstractButton@@MEAAXXZ

?mouseMoveEvent@QAbstractButton@@MEAAXPEAVQMouseEvent@@@Z

?minimumSizeHint@QPushButton@@UEBA?AVQSize@@XZ

?minimumSizeHint@QProgressBar@@UEBA?AVQSize@@XZ

?minimumSize@QSpacerItem@@UEBA?AVQSize@@XZ

?minimumSize@QBoxLayout@@UEBA?AVQSize@@XZ

?minimumHeightForWidth@QLayoutItem@@UEBAHH@Z

?minimumHeightForWidth@QBoxLayout@@UEBAHH@Z

?metaObject@QWidget@@UEBAPEBUQMetaObject@@XZ

?metaObject@QVBoxLayout@@UEBAPEBUQMetaObject@@XZ

?metaObject@QStackedWidget@@UEBAPEBUQMetaObject@@XZ

?metaObject@QPushButton@@UEBAPEBUQMetaObject@@XZ

?metaObject@QProgressBar@@UEBAPEBUQMetaObject@@XZ

?metaObject@QHBoxLayout@@UEBAPEBUQMetaObject@@XZ

?maximumSize@QSpacerItem@@UEBA?AVQSize@@XZ

?maximumSize@QBoxLayout@@UEBA?AVQSize@@XZ

?layout@QLayoutItem@@UEAAPEAVQLayout@@XZ

?keyPressEvent@QPushButton@@MEAAXPEAVQKeyEvent@@@Z

?itemAt@QBoxLayout@@UEBAPEAVQLayoutItem@@H@Z

?isEmpty@QSpacerItem@@UEBA_NXZ

?invalidate@QLayoutItem@@UEAAXXZ

?invalidate@QBoxLayout@@UEAAXXZ

?hitButton@QPushButton@@MEBA_NAEBVQPoint@@@Z

?heightForWidth@QLayoutItem@@UEBAHH@Z

?heightForWidth@QBoxLayout@@UEBAHH@Z

?hasHeightForWidth@QLayoutItem@@UEBA_NXZ

?hasHeightForWidth@QBoxLayout@@UEBA_NXZ

?geometry@QSpacerItem@@UEBA?AVQRect@@XZ

?focusOutEvent@QPushButton@@MEAAXPEAVQFocusEvent@@@Z

?focusInEvent@QPushButton@@MEAAXPEAVQFocusEvent@@@Z

?expandingDirections@QSpacerItem@@UEBA?AV?$QFlags@W4Orientation@Qt@@@@XZ

?expandingDirections@QBoxLayout@@UEBA?AV?$QFlags@W4Orientation@Qt@@@@XZ

?event@QStackedWidget@@MEAA_NPEAVQEvent@@@Z

?event@QPushButton@@MEAA_NPEAVQEvent@@@Z

?event@QProgressBar@@MEAA_NPEAVQEvent@@@Z

?count@QBoxLayout@@UEBAHXZ

?controlTypes@QLayoutItem@@UEBA?AV?$QFlags@W4ControlType@QSizePolicy@@@@XZ

?checkStateSet@QAbstractButton@@MEAAXXZ

?changeEvent@QFrame@@MEAAXPEAVQEvent@@@Z

?addItem@QBoxLayout@@UEAAXPEAVQLayoutItem@@@Z

?setCurrentIndex@QStackedWidget@@QEAAXH@Z

?addWidget@QStackedWidget@@QEAAHPEAVQWidget@@@Z

??1QStackedWidget@@UEAA@XZ

??0QStackedWidget@@QEAA@PEAVQWidget@@@Z

?setFlat@QPushButton@@QEAAX_N@Z

qt5gui

?setKerning@QFont@@QEAAX_N@Z

?setStyleStrategy@QFont@@QEAAXW4StyleStrategy@1@@Z

?setPointSize@QFont@@QEAAXH@Z

?setQuitOnLastWindowClosed@QGuiApplication@@SAX_N@Z

?row@QStandardItem@@QEBAHXZ

?setForeground@QStandardItem@@QEAAXAEBVQBrush@@@Z

?setFont@QStandardItem@@QEAAXAEBVQFont@@@Z

?horizontalAdvance@QFontMetrics@@QEBAHVQChar@@@Z

?setPixelSize@QFont@@QEAAXH@Z

??0QFont@@QEAA@AEBV0@@Z

??0QFont@@QEAA@AEBVQString@@HH_N@Z

?horizontalHeaderItem@QStandardItemModel@@QEBAPEAVQStandardItem@@H@Z

?toolTip@QStandardItem@@QEBA?AVQString@@XZ

?icon@QStandardItem@@QEBA?AVQIcon@@XZ

?isNull@QIcon@@QEBA_NXZ

?staticMetaObject@QStandardItemModel@@2UQMetaObject@@B

?itemChanged@QStandardItemModel@@QEAAXPEAVQStandardItem@@@Z

?invisibleRootItem@QStandardItemModel@@QEBAPEAVQStandardItem@@XZ

?appendRow@QStandardItem@@QEAAXPEAV1@@Z

?insertRow@QStandardItemModel@@QEAAXHAEBV?$QList@PEAVQStandardItem@@@@@Z

?itemFromIndex@QStandardItemModel@@QEBAPEAVQStandardItem@@AEBVQModelIndex@@@Z

?setText@QClipboard@@QEAAXAEBVQString@@W4Mode@1@@Z

?clipboard@QGuiApplication@@SAPEAVQClipboard@@XZ

?restoreOverrideCursor@QGuiApplication@@SAXXZ

?setOverrideCursor@QGuiApplication@@SAXAEBVQCursor@@@Z

??0QColor@@QEAA@PEBD@Z

?whatsThis@QStandardItem@@QEBA?AVQString@@XZ

?setWhatsThis@QStandardItem@@QEAAXAEBVQString@@@Z

?appendRow@QStandardItemModel@@QEAAXAEBV?$QList@PEAVQStandardItem@@@@@Z

?clear@QStandardItemModel@@QEAAXXZ

??0QStandardItemModel@@QEAA@PEAVQObject@@@Z

?setItem@QStandardItemModel@@QEAAXHHPEAVQStandardItem@@@Z

?setCheckable@QStandardItem@@QEAAX_N@Z

?setEnabled@QStandardItem@@QEAAX_N@Z

?isEnabled@QStandardItem@@QEBA_NXZ

?checkState@QStandardItem@@QEBA?AW4CheckState@Qt@@XZ

?setText@QStandardItem@@QEAAXAEBVQString@@@Z

??0QStandardItem@@QEAA@XZ

?index@QStandardItem@@QEBA?AVQModelIndex@@XZ

?setIcon@QStandardItem@@QEAAXAEBVQIcon@@@Z

?pos@QCursor@@SA?AVQPoint@@XZ

?write@QStandardItem@@UEBAXAEAVQDataStream@@@Z

?type@QStandardItem@@UEBAHXZ

?setData@QStandardItem@@UEAAXAEBVQVariant@@H@Z

?read@QStandardItem@@UEAAXAEAVQDataStream@@@Z

?data@QStandardItem@@UEBA?AVQVariant@@H@Z

?clone@QStandardItem@@UEBAPEAV1@XZ

??MQStandardItem@@UEBA_NAEBV0@@Z

?setColumnCount@QStandardItemModel@@QEAAXH@Z

?setRowCount@QStandardItemModel@@QEAAXH@Z

?setHorizontalHeaderItem@QStandardItemModel@@QEAAXHPEAVQStandardItem@@@Z

?item@QStandardItemModel@@QEBAPEAVQStandardItem@@HH@Z

??1QStandardItemModel@@UEAA@XZ

?setToolTip@QStandardItem@@QEAAXAEBVQString@@@Z

?text@QStandardItem@@QEBA?AVQString@@XZ

??1QStandardItem@@UEAA@XZ

??0QStandardItem@@QEAA@AEBVQIcon@@AEBVQString@@@Z

??0QStandardItem@@QEAA@AEBVQString@@@Z

?availableGeometry@QScreen@@QEBA?AVQRect@@XZ

?primaryScreen@QGuiApplication@@SAPEAVQScreen@@XZ

?setStyle@QFont@@QEAAXW4Style@1@@Z

?setWeight@QFont@@QEAAXH@Z

?setFamily@QFont@@QEAAXAEBVQString@@@Z

??1QFont@@QEAA@XZ

??0QFont@@QEAA@XZ

??1QKeySequence@@QEAA@XZ

??0QKeySequence@@QEAA@AEBVQString@@W4SequenceFormat@0@@Z

?validate@QRegularExpressionValidator@@UEBA?AW4State@QValidator@@AEAVQString@@AEAH@Z

?qt_metacast@QRegularExpressionValidator@@UEAAPEAXPEBD@Z

?qt_metacall@QRegularExpressionValidator@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?metaObject@QRegularExpressionValidator@@UEBAPEBUQMetaObject@@XZ

?fixup@QValidator@@UEBAXAEAVQString@@@Z

??1QRegularExpressionValidator@@UEAA@XZ

??0QRegularExpressionValidator@@QEAA@AEBVQRegularExpression@@PEAVQObject@@@Z

?elidedText@QFontMetrics@@QEBA?AVQString@@AEBV2@W4TextElideMode@Qt@@HH@Z

?horizontalAdvance@QFontMetrics@@QEBAHAEBVQString@@H@Z

??1QFontMetrics@@QEAA@XZ

??0QFontMetrics@@QEAA@AEBVQFont@@@Z

??BQIcon@@QEBA?AVQVariant@@XZ

??1QPixmap@@UEAA@XZ

??0QPixmap@@QEAA@AEBVQString@@PEBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z

?addFile@QIcon@@QEAAXAEBVQString@@AEBVQSize@@W4Mode@1@W4State@1@@Z

??0QIcon@@QEAA@XZ

??1QCursor@@QEAA@XZ

??0QCursor@@QEAA@W4CursorShape@Qt@@@Z

?openUrl@QDesktopServices@@SA_NAEBVQUrl@@@Z

?dropMimeData@QStandardItemModel@@UEAA_NPEBVQMimeData@@W4DropAction@Qt@@HHAEBVQModelIndex@@@Z

?mimeData@QStandardItemModel@@UEBAPEAVQMimeData@@AEBV?$QList@VQModelIndex@@@@@Z

?mimeTypes@QStandardItemModel@@UEBA?AVQStringList@@XZ

?sort@QStandardItemModel@@UEAAXHW4SortOrder@Qt@@@Z

?setItemData@QStandardItemModel@@UEAA_NAEBVQModelIndex@@AEBV?$QMap@HVQVariant@@@@@Z

?itemData@QStandardItemModel@@UEBA?AV?$QMap@HVQVariant@@@@AEBVQModelIndex@@@Z

?supportedDropActions@QStandardItemModel@@UEBA?AV?$QFlags@W4DropAction@Qt@@@@XZ

?flags@QStandardItemModel@@UEBA?AV?$QFlags@W4ItemFlag@Qt@@@@AEBVQModelIndex@@@Z

?removeColumns@QStandardItemModel@@UEAA_NHHAEBVQModelIndex@@@Z

?removeRows@QStandardItemModel@@UEAA_NHHAEBVQModelIndex@@@Z

?insertColumns@QStandardItemModel@@UEAA_NHHAEBVQModelIndex@@@Z

?insertRows@QStandardItemModel@@UEAA_NHHAEBVQModelIndex@@@Z

?setHeaderData@QStandardItemModel@@UEAA_NHW4Orientation@Qt@@AEBVQVariant@@H@Z

?headerData@QStandardItemModel@@UEBA?AVQVariant@@HW4Orientation@Qt@@H@Z

?setData@QStandardItemModel@@UEAA_NAEBVQModelIndex@@AEBVQVariant@@H@Z

?data@QStandardItemModel@@UEBA?AVQVariant@@AEBVQModelIndex@@H@Z

?sibling@QStandardItemModel@@UEBA?AVQModelIndex@@HHAEBV2@@Z

?hasChildren@QStandardItemModel@@UEBA_NAEBVQModelIndex@@@Z

?columnCount@QStandardItemModel@@UEBAHAEBVQModelIndex@@@Z

?rowCount@QStandardItemModel@@UEBAHAEBVQModelIndex@@@Z

?parent@QStandardItemModel@@UEBA?AVQModelIndex@@AEBV2@@Z

?index@QStandardItemModel@@UEBA?AVQModelIndex@@HHAEBV2@@Z

?qt_metacall@QStandardItemModel@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QStandardItemModel@@UEAAPEAXPEBD@Z

?metaObject@QStandardItemModel@@UEBAPEBUQMetaObject@@XZ

?setRenderHints@QPainter@@QEAAXV?$QFlags@W4RenderHint@QPainter@@@@_N@Z

?drawText@QPainter@@QEAAXAEBVQRect@@HAEBVQString@@PEAV2@@Z

?drawRoundedRect@QPainter@@QEAAXAEBVQRect@@NNW4SizeMode@Qt@@@Z

?drawPolygon@QPainter@@QEAAXAEBVQPolygon@@W4FillRule@Qt@@@Z

?restore@QPainter@@QEAAXXZ

?save@QPainter@@QEAAXXZ

?setBrush@QPainter@@QEAAXAEBVQBrush@@@Z

?setPen@QPainter@@QEAAXW4PenStyle@Qt@@@Z

?setPen@QPainter@@QEAAXAEBVQColor@@@Z

??1QPainter@@QEAA@XZ

??0QPainter@@QEAA@PEAVQPaintDevice@@@Z

??8QBrush@@QEBA_NAEBV0@@Z

??4QBrush@@QEAAAEAV0@AEBV0@@Z

??0QBrush@@QEAA@AEBV0@@Z

??0QBrush@@QEAA@W4BrushStyle@Qt@@@Z

??1QPolygon@@QEAA@XZ

??0QPolygon@@QEAA@XZ

??4QColor@@QEAAAEAV0@AEBV0@@Z

??0QColor@@QEAA@AEBV0@@Z

??0QColor@@QEAA@W4GlobalColor@Qt@@@Z

?qt_metacast@QMovie@@UEAAPEAXPEBD@Z

?qt_metacall@QMovie@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?metaObject@QMovie@@UEBAPEBUQMetaObject@@XZ

?setSpeed@QMovie@@QEAAXH@Z

?stop@QMovie@@QEAAXXZ

?start@QMovie@@QEAAXXZ

??1QMovie@@UEAA@XZ

??0QMovie@@QEAA@AEBVQString@@AEBVQByteArray@@PEAVQObject@@@Z

?setBrush@QPalette@@QEAAXW4ColorGroup@1@W4ColorRole@1@AEBVQBrush@@@Z

??1QPalette@@QEAA@XZ

??0QPalette@@QEAA@AEBV0@@Z

??1QBrush@@QEAA@XZ

??0QBrush@@QEAA@AEBVQColor@@W4BrushStyle@Qt@@@Z

??0QColor@@QEAA@HHHH@Z

?staticMetaObject@QScreen@@2UQMetaObject@@B

?globalPos@QMouseEvent@@QEBA?AVQPoint@@XZ

?screenAt@QGuiApplication@@SAPEAVQScreen@@AEBVQPoint@@@Z

?screens@QGuiApplication@@SA?AV?$QList@PEAVQScreen@@@@XZ

?logicalDotsPerInchChanged@QScreen@@QEAAXN@Z

?geometry@QScreen@@QEBA?AVQRect@@XZ

?setHighDpiScaleFactorRoundingPolicy@QGuiApplication@@SAXW4HighDpiScaleFactorRoundingPolicy@Qt@@@Z

??0QIcon@@QEAA@AEBVQString@@@Z

??1QIcon@@QEAA@XZ

?name@QScreen@@QEBA?AVQString@@XZ

qt5core

?qt_metacast@QTimer@@UEAAPEAXPEBD@Z

?toLongLong@QString@@QEBA_JPEA_NH@Z

?timerEvent@QTimer@@MEAAXPEAVQTimerEvent@@@Z

?arg@QString@@QEBA?AV1@_JHHVQChar@@@Z

??1QDateTime@@QEAA@XZ

?toString@QDateTime@@QEBA?AVQString@@AEBV2@@Z

?fromMSecsSinceEpoch@QDateTime@@SA?AV1@_J@Z

?height@QSize@@QEBAHXZ

?width@QSize@@QEBAHXZ

?qt_metacall@QTimer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

??0QByteArray@@QEAA@XZ

?event@QObject@@UEAA_NPEAVQEvent@@@Z

?absolutePath@QDir@@QEBA?AVQString@@XZ

?inherits@QObject@@QEBA_NPEBD@Z

?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z

??1QFile@@UEAA@XZ

??0QFile@@QEAA@AEBVQString@@@Z

?close@QFileDevice@@UEAAXXZ

?readAll@QIODevice@@QEAA?AVQByteArray@@XZ

?isOpen@QIODevice@@QEBA_NXZ

?remove@QString@@QEAAAEAV1@HH@Z

?left@QString@@QEBA?AV1@H@Z

??0QString@@QEAA@VQLatin1String@@@Z

?constData@QByteArray@@QEBAPEBDXZ

??0QChar@@QEAA@H@Z

?load@QTranslator@@QEAA_NAEBVQString@@000@Z

??1QTranslator@@UEAA@XZ

??0QTranslator@@QEAA@PEAVQObject@@@Z

?installTranslator@QCoreApplication@@SA_NPEAVQTranslator@@@Z

?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z

?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z

?endResetModel@QAbstractItemModel@@IEAAXXZ

?beginResetModel@QAbstractItemModel@@IEAAXXZ

?blockSignals@QObject@@QEAA_N_N@Z

?argToQString@QtPrivate@@YA?AVQString@@VQStringView@@_KPEAPEBUArgBase@1@@Z

??4QString@@QEAAAEAV0@PEBD@Z

?number@QString@@SA?AV1@NDH@Z

?data@QString@@QEBAPEBVQChar@@XZ

?dataChanged@QAbstractItemModel@@QEAAXAEBVQModelIndex@@0AEBV?$QVector@H@@@Z

??8QModelIndex@@QEBA_NAEBV0@@Z

?isValid@QModelIndex@@QEBA_NXZ

?parent@QModelIndex@@QEBA?AV1@XZ

?internalId@QModelIndex@@QEBA_KXZ

?cmp@QVariant@@QEBA_NAEBV1@@Z

?drives@QDir@@SA?AV?$QList@VQFileInfo@@@@XZ

?filePath@QFileInfo@@QEBA?AVQString@@XZ

??0QFileInfo@@QEAA@AEBV0@@Z

?toStdWString@QString@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

?fromWCharArray@QString@@SA?AV1@PEB_WH@Z

?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z

?rootPath@QDir@@SA?AVQString@@XZ

?homePath@QDir@@SA?AVQString@@XZ

?cdUp@QDir@@QEAA_NXZ

?filePath@QDir@@QEBA?AVQString@@AEBV2@@Z

?path@QDir@@QEBA?AVQString@@XZ

?isRoot@QFileInfo@@QEBA_NXZ

?isDir@QFileInfo@@QEBA_NXZ

?absoluteFilePath@QFileInfo@@QEBA?AVQString@@XZ

?exists@QFileInfo@@QEBA_NXZ

??0QVariant@@QEAA@XZ

??BQCharRef@@QEBA?AVQChar@@XZ

?append@QString@@QEAAAEAV1@PEBD@Z

?endsWith@QString@@QEBA_NVQChar@@W4CaseSensitivity@Qt@@@Z

?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z

?count@QString@@QEBAHAEBV1@W4CaseSensitivity@Qt@@@Z

?front@QString@@QEBA?AVQChar@@XZ

??AQString@@QEAA?AVQCharRef@@H@Z

?chop@QString@@QEAAXH@Z

??MQModelIndex@@QEBA_NAEBV0@@Z

?release@QSemaphore@@QEAAXH@Z

?acquire@QSemaphore@@QEAAXH@Z

?data@QModelIndex@@QEBA?AVQVariant@@H@Z

?toString@QVariant@@QEBA?AVQString@@XZ

?staticMetaObject@QThread@@2UQMetaObject@@B

?qt_metacall@QThread@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QThread@@UEAAPEAXPEBD@Z

?event@QThread@@UEAA_NPEAVQEvent@@@Z

??1QSemaphore@@QEAA@XZ

??0QSemaphore@@QEAA@H@Z

?isEmpty@QString@@QEBA_NXZ

?compare@QString@@QEBAHAEBV1@W4CaseSensitivity@Qt@@@Z

?append@QString@@QEAAAEAV1@VQChar@@@Z

?column@QModelIndex@@QEBAHXZ

?row@QModelIndex@@QEBAHXZ

??8QString@@QEBA_NPEBD@Z

?path@QFileInfo@@QEBA?AVQString@@XZ

?fileName@QFileInfo@@QEBA?AVQString@@XZ

??1QFileInfo@@QEAA@XZ

??0QFileInfo@@QEAA@AEBVQString@@@Z

??YQString@@QEAAAEAV0@VQChar@@@Z

?system@QLocale@@SA?AV1@XZ

?name@QLocale@@QEBA?AVQString@@XZ

??1QLocale@@QEAA@XZ

?realloc@QListData@@QEAAXH@Z

?wait@QThread@@QEAA_NVQDeadlineTimer@@@Z

?quit@QThread@@QEAAXXZ

?start@QThread@@QEAAXW4Priority@1@@Z

??1QThread@@UEAA@XZ

??0QThread@@QEAA@PEAVQObject@@@Z

??0QDeadlineTimer@@QEAA@W4ForeverConstant@0@W4TimerType@Qt@@@Z

?moveToThread@QObject@@QEAAXPEAVQThread@@@Z

??M@YA_NAEBVQString@@0@Z

??0QVariant@@QEAA@N@Z

?isEmpty@QListData@@QEBA_NXZ

?append@QListData@@QEAAPEAPEAXXZ

?erase@QListData@@QEAAPEAPEAXPEAPEAX@Z

?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z

?append@QString@@QEAAAEAV1@AEBV1@@Z

?setQObjectShared@ExternalRefCountData@QtSharedPointer@@QEAAXPEBVQObject@@_N@Z

?shared_null@QListData@@2UData@1@B

??0QModelIndex@@QEAA@XZ

?width@QRect@@QEBAHXZ

??4QString@@QEAAAEAV0@AEBV0@@Z

?hasNext@QDirIterator@@QEBA_NXZ

??1QDirIterator@@QEAA@XZ

??0QDirIterator@@QEAA@AEBVQString@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4IteratorFlag@QDirIterator@@@@@Z

?separator@QDir@@SA?AVQChar@@XZ

?isRoot@QDir@@QEBA_NXZ

?exists@QDir@@QEBA_NXZ

?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z

??1QDir@@QEAA@XZ

??0QDir@@QEAA@AEBVQString@@@Z

??1QRegularExpression@@QEAA@XZ

??0QRegularExpression@@QEAA@AEBVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z

?removeEventFilter@QObject@@QEAAXPEAV1@@Z

?at@QListData@@QEBAPEAPEAXH@Z

?size@QListData@@QEBAHXZ

?fromStdString@QString@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?split@QString@@QEBA?AVQStringList@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z

?arg@QString@@QEBA?AV1@KHHVQChar@@@Z

?arg@QString@@QEBA?AV1@_KHHVQChar@@@Z

?staticMetaObject@QObject@@2UQMetaObject@@B

?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z

?qt_metacast@QObject@@UEAAPEAXPEBD@Z

?nextNode@QMapNodeBase@@QEBAPEBU1@XZ

?hasShrunk@QHashData@@QEAAXXZ

?freeNode@QHashData@@QEAAXPEAX@Z

??1QObject@@UEAA@XZ

??0QObject@@QEAA@PEAV0@@Z

?sharedNull@QArrayData@@SAPEAU1@XZ

?deallocate@QArrayData@@SAXPEAU1@_K1@Z

?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z

?qBadAlloc@@YAXXZ

??0QVariant@@QEAA@AEBVQString@@@Z

??0QVariant@@QEAA@_N@Z

??0QVariant@@QEAA@H@Z

??0QVariant@@QEAA@HPEBXI@Z

??1QVariant@@QEAA@XZ

??1QUrl@@QEAA@XZ

??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z

?nextNode@QHashData@@SAPEAUNode@1@PEAU21@@Z

??0QSize@@QEAA@XZ

?disconnectImpl@QObject@@CA_NPEBV1@PEAPEAX01PEBUQMetaObject@@@Z

?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z

?installEventFilter@QObject@@QEAAXPEAV1@@Z

?tr@QObject@@SA?AVQString@@PEBD0H@Z

?unregisterConverterFunction@QMetaType@@SAXHH@Z

?registerConverterFunction@QMetaType@@SA_NPEBUAbstractConverterFunction@QtPrivate@@HH@Z

?hasRegisteredConverterFunction@QMetaType@@SA_NHH@Z

?typeName@QMetaType@@SAPEBDH@Z

?registerNormalizedTypedef@QMetaType@@SAHAEBVQByteArray@@H@Z

?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z

?toStdString@QString@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z

?arg@QString@@QEBA?AV1@HHHVQChar@@@Z

?append@QByteArray@@QEAAAEAV1@PEBDH@Z

?append@QByteArray@@QEAAAEAV1@PEBD@Z

?append@QByteArray@@QEAAAEAV1@D@Z

?endsWith@QByteArray@@QEBA_ND@Z

?reserve@QByteArray@@QEAAXH@Z

?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z

?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z

?className@QMetaObject@@QEBAPEBDXZ

?revert@QAbstractItemModel@@UEAAXXZ

?submit@QAbstractItemModel@@UEAA_NXZ

?roleNames@QAbstractItemModel@@UEBA?AV?$QHash@HVQByteArray@@@@XZ

?span@QAbstractItemModel@@UEBA?AVQSize@@AEBVQModelIndex@@@Z

?match@QAbstractItemModel@@UEBA?AV?$QList@VQModelIndex@@@@AEBVQModelIndex@@HAEBVQVariant@@HV?$QFlags@W4MatchFlag@Qt@@@@@Z

?buddy@QAbstractItemModel@@UEBA?AVQModelIndex@@AEBV2@@Z

?canFetchMore@QAbstractItemModel@@UEBA_NAEBVQModelIndex@@@Z

?fetchMore@QAbstractItemModel@@UEAAXAEBVQModelIndex@@@Z

?moveColumns@QAbstractItemModel@@UEAA_NAEBVQModelIndex@@HH0H@Z

?moveRows@QAbstractItemModel@@UEAA_NAEBVQModelIndex@@HH0H@Z

?supportedDragActions@QAbstractItemModel@@UEBA?AV?$QFlags@W4DropAction@Qt@@@@XZ

?canDropMimeData@QAbstractItemModel@@UEBA_NPEBVQMimeData@@W4DropAction@Qt@@HHAEBVQModelIndex@@@Z

?staticMetaObject@QTimer@@2UQMetaObject@@B

?timeout@QTimer@@QEAAXUQPrivateSignal@1@@Z

?stop@QTimer@@QEAAXXZ

?start@QTimer@@QEAAXH@Z

??1QTimer@@UEAA@XZ

??0QTimer@@QEAA@PEAVQObject@@@Z

?height@QRect@@QEBAHXZ

?center@QRect@@QEBA?AVQPoint@@XZ

??0QRect@@QEAA@HHHH@Z

?append@?$QVector@VQPoint@@@@QEAAX$$QEAVQPoint@@@Z

?arg@QString@@QEBA?AV1@NHDHVQChar@@@Z

??4QString@@QEAAAEAV0@$$QEAV0@@Z

??0QChar@@QEAA@UQLatin1Char@@@Z

?translate@QCoreApplication@@SA?AVQString@@PEBD00H@Z

??0QSize@@QEAA@HH@Z

?setObjectName@QObject@@QEAAXAEBVQString@@@Z

?objectName@QObject@@QEBA?AVQString@@XZ

?fromUtf8@QString@@SA?AV1@PEBDH@Z

??0QString@@QEAA@XZ

??1QByteArray@@QEAA@XZ

?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z

?connectSlotsByName@QMetaObject@@SAXPEAVQObject@@@Z

?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z

?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z

?y@QRect@@QEBAHXZ

?x@QRect@@QEBAHXZ

??1Connection@QMetaObject@@QEAA@XZ

?end@QListData@@QEBAPEAPEAXXZ

?begin@QListData@@QEBAPEAPEAXXZ

?dispose@QListData@@SAXPEAUData@1@@Z

?dispose@QListData@@QEAAXXZ

?detach@QListData@@QEAAPEAUData@1@H@Z

?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ

?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z

?qResourceFeatureZlib@@YAEXZ

?qUnregisterResourceData@@YA_NHPEBE00@Z

?qRegisterResourceData@@YA_NHPEBE00@Z

?shared_null@QMapDataBase@@2U1@B

?shared_null@QHashData@@2U1@B

??1QAbstractNativeEventFilter@@UEAA@XZ

??0QAbstractNativeEventFilter@@QEAA@XZ

?installNativeEventFilter@QCoreApplication@@QEAAXPEAVQAbstractNativeEventFilter@@@Z

?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z

?freeData@QMapDataBase@@SAXPEAU1@@Z

?createData@QMapDataBase@@SAPEAU1@XZ

?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z

?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z

?recalcMostLeftNode@QMapDataBase@@QEAAXXZ

?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z

?error@QSystemSemaphore@@QEBA?AW4SystemSemaphoreError@1@XZ

?release@QSystemSemaphore@@QEAA_NH@Z

?acquire@QSystemSemaphore@@QEAA_NXZ

??1QSystemSemaphore@@QEAA@XZ

??0QSystemSemaphore@@QEAA@AEBVQString@@HW4AccessMode@0@@Z

?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z

?free_helper@QHashData@@QEAAXP6AXPEAUNode@1@@Z@Z

?rehash@QHashData@@QEAAXH@Z

?detach_helper@QHashData@@QEAAPEAU1@P6AXPEAUNode@1@PEAX@ZP6AX0@ZHH@Z

?allocateNode@QHashData@@QEAAPEAXH@Z

?qHash@@YAIAEBVQString@@I@Z

?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z

?fromStdWString@QString@@SA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

??8@YA_NAEBVQString@@0@Z

??0QString@@QEAA@$$QEAV0@@Z

??1QString@@QEAA@XZ

??0QString@@QEAA@AEBV0@@Z

?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z

?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z

?customEvent@QObject@@MEAAXPEAVQEvent@@@Z

?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z

?metaObject@QTimer@@UEBAPEBUQMetaObject@@XZ

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

advapi32

OpenProcessToken

RegEnumKeyExA

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

CryptGetProvParam

CryptSetHashParam

CryptDestroyKey

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

ImpersonateLoggedOnUser

RevertToSelf

RegCloseKey

RegCreateKeyExW

RegOpenKeyExA

RegQueryValueExA

CryptReleaseContext

CryptAcquireContextW

RegDeleteValueW

RegOpenKeyExW

RegQueryValueExW

RegSetValueExW

RegGetValueW

CloseServiceHandle

ControlService

CreateServiceA

DeleteService

EnumDependentServicesA

OpenSCManagerA

OpenServiceA

QueryServiceStatusEx

StartServiceA

RegGetValueA

DeregisterEventSource

RegisterEventSourceW

ReportEventW

kernel32

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

HeapAlloc

HeapFree

ExitProcess

ReadConsoleW

DuplicateHandle

GetFileAttributesExW

GetConsoleMode

GetConsoleOutputCP

WriteFile

WriteConsoleW

GetStdHandle

SetFilePointerEx

SetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

PeekNamedPipe

GetFileType

GetFileInformationByHandle

ReadFile

GetModuleHandleExW

FreeLibraryAndExitThread

ExitThread

CreateThread

LoadLibraryExW

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwindEx

OutputDebugStringW

GetLocaleInfoEx

GetCPInfo

CompareStringEx

LCMapStringEx

EncodePointer

AreFileApisANSI

GetFileInformationByHandleEx

CloseThreadpoolWait

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolTimer

WaitForThreadpoolTimerCallbacks

SetThreadpoolTimer

CreateThreadpoolTimer

CloseThreadpoolWork

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

GetCurrentProcessorNumber

FlushProcessWriteBuffers

CreateSemaphoreExW

CreateEventExW

FlsFree

FlsSetValue

GetFullPathNameW

FlsAlloc

SetFileInformationByHandle

RtlPcToFileHeader

InitOnceExecuteOnce

SleepConditionVariableCS

WakeAllConditionVariable

InitOnceComplete

InitOnceBeginInitialize

QueryPerformanceFrequency

GetStringTypeW

FormatMessageA

TryEnterCriticalSection

GetNativeSystemInfo

GetExitCodeThread

SwitchToThread

InitializeSListHead

QueryPerformanceCounter

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

UnhandledExceptionFilter

RtlVirtualUnwind

RtlLookupFunctionEntry

InitializeCriticalSection

GetModuleHandleW

WaitForSingleObjectEx

InitializeCriticalSectionAndSpinCount

CreateEventA

EnterCriticalSection

VirtualUnlock

GetTimeZoneInformation

SetConsoleCtrlHandler

SetEndOfFile

ReleaseSRWLockShared

AcquireSRWLockShared

VirtualProtect

VirtualLock

SwitchToFiber

FindFirstFileExW

CreateFiberEx

GetSystemDirectoryA

LoadLibraryA

GetEnvironmentVariableW

ConvertFiberToThread

ConvertThreadToFiberEx

SetConsoleMode

ReadConsoleA

GetVersionExA

ExpandEnvironmentStringsA

GetFileSize

LockFileEx

UnlockFile

HeapDestroy

HeapCompact

HeapSize

IsValidCodePage

GetACP

GetOEMCP

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetProcessHeap

CreateFileA

GetTickCount

CreateIoCompletionPort

GetQueuedCompletionStatus

PostQueuedCompletionStatus

GetFileSizeEx

FlsGetValue

HeapReAlloc

GetEnvironmentVariableA

SetLastError

GetCurrentThreadId

VirtualFree

VirtualAlloc

SleepConditionVariableSRW

WakeConditionVariable

InitializeConditionVariable

AcquireSRWLockExclusive

ReleaseSRWLockExclusive

InitializeSRWLock

OpenEventW

CreateTimerQueueTimer

CreateTimerQueue

DeleteTimerQueue

DeleteTimerQueueTimer

GetUserDefaultUILanguage

SystemTimeToFileTime

GetSystemTime

LoadLibraryW

FreeLibrary

Process32NextW

Process32FirstW

K32GetProcessMemoryInfo

K32GetModuleFileNameExW

K32EnumProcessModules

QueryFullProcessImageNameW

GetProcAddress

GetModuleHandleA

ReadProcessMemory

GetSystemDirectoryW

GetSystemTimeAsFileTime

GetSystemInfo

GetProcessHandleCount

OpenProcess

CreateProcessW

GetExitCodeProcess

TerminateProcess

GetProcessTimes

Module32Next

Module32First

CreateToolhelp32Snapshot

GetThreadContext

ResumeThread

SuspendThread

OpenThread

GetCurrentThread

GetCurrentProcessId

WideCharToMultiByte

GetTickCount64

FlushFileBuffers

MultiByteToWideChar

MoveFileExW

CopyFileW

WritePrivateProfileStringW

GetPrivateProfileStringW

GetLogicalDriveStringsA

LocalFree

GlobalFree

GlobalAlloc

GetWindowsDirectoryA

GetCurrentProcess

DeleteCriticalSection

InitializeCriticalSectionEx

DeviceIoControl

RaiseException

DecodePointer

SetFileAttributesW

RemoveDirectoryW

GetFileAttributesW

GetDriveTypeA

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileW

FindClose

DeleteFileW

CreateFileW

CreateDirectoryW

GetCurrentDirectoryW

SetUnhandledExceptionFilter

CreateEventW

WaitForSingleObject

ResetEvent

SetEvent

CreateMutexA

ReleaseMutex

GetLastError

CloseHandle

GetModuleFileNameW

GetDriveTypeW

Sleep

MapViewOfFile

OpenFileMappingW

CreateFileMappingW

DeleteFiber

DeleteFileA

FlushViewOfFile

GetFileAttributesA

GetDiskFreeSpaceA

FormatMessageW

GetTempPathA

HeapValidate

SetEnvironmentVariableA

UnmapViewOfFile

CreateMutexW

GetTempPathW

UnlockFileEx

GetFullPathNameA

SetFilePointer

LockFile

OutputDebugStringA

GetDiskFreeSpaceW

LeaveCriticalSection

HeapCreate

RtlCaptureContext

CreateSymbolicLinkW

RtlUnwind

user32

GetProcessWindowStation

SetProcessDPIAware

GetUserObjectInformationW

MessageBoxW

UnregisterClassA

SetWindowPos

GetWindowTextLengthA

GetWindowTextA

wtsapi32

WTSQuerySessionInformationW

WTSEnumerateSessionsA

WTSEnumerateProcessesW

WTSFreeMemory

WTSQueryUserToken

shlwapi

PathCanonicalizeW

PathCanonicalizeA

PathQuoteSpacesW

mpr

WNetGetConnectionW

dbghelp

StackWalk64

SymCleanup

SymFunctionTableAccess64

SymGetModuleBase64

SymInitialize

SymSetOptions

SymFromAddr

netapi32

NetUserGetInfo

NetUserSetInfo

NetApiBufferFree

NetUserEnum

iphlpapi

GetUnicastIpAddressTable

FreeMibTable

crypt32

CertGetCertificateContextProperty

CertEnumCertificatesInStore

CertCloseStore

CertOpenStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertFindCertificateInStore

shell32

CommandLineToArgvW

ole32

StringFromGUID2

wsock32

bind

closesocket

socket

WSAGetLastError

getpeername

getsockname

listen

setsockopt

htons

htonl

ntohl

ntohs

WSASetLastError

recv

WSACleanup

ioctlsocket

inet_addr

gethostbyaddr

gethostbyname

getservbyport

getservbyname

inet_ntoa

getsockopt

select

accept

connect

shutdown

gethostname

__WSAFDIsSet

recvfrom

send

WSAStartup

ws2_32

WSASend

freeaddrinfo

WSARecvFrom

inet_ntop

inet_pton

WSAConnect

WSASocketA

WSARecv

getaddrinfo

WSAGetOverlappedResult

WSAIoctl

rpcrt4

UuidToStringA

UuidCreate

RpcStringFreeA

UuidFromStringA

bcrypt

.idata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

41:00:20:60:10:94:a3:30:f1:26:37:f1:26:fd:2b:96:30:ab:e9:d7:c7:ac:2c:20:6b:6d:91:ee:fd:83:9a:86:ea:e9:95:b7:48:ef:c3:9a:cc:d8:76:32:a4:fe:f2:79:7d:17:e1:06:eb:a7:4e:88:f0:66:80:dd:ad:65:9c:56
Signer

Actual PE Digest

41:00:20:60:10:94:a3:30:f1:26:37:f1:26:fd:2b:96:30:ab:e9:d7:c7:ac:2c:20:6b:6d:91:ee:fd:83:9a:86:ea:e9:95:b7:48:ef:c3:9a:cc:d8:76:32:a4:fe:f2:79:7d:17:e1:06:eb:a7:4e:88:f0:66:80:dd:ad:65:9c:56

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRDaemon.pdb

Imports

fltlib

FilterGetMessage

FilterReplyMessage

FilterConnectCommunicationPort

user32

UnregisterClassA

GetProcessWindowStation

MessageBoxW

GetUserObjectInformationW

wtsapi32

WTSEnumerateSessionsA

WTSEnumerateProcessesW

WTSFreeMemory

WTSQueryUserToken

WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

advapi32

CryptEnumProvidersW

RegOpenKeyExW

RegQueryValueExW

CryptSignHashW

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

CryptGetProvParam

CryptSetHashParam

CryptDestroyKey

CryptReleaseContext

CryptAcquireContextW

ReportEventW

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

ImpersonateLoggedOnUser

RevertToSelf

RegisterServiceCtrlHandlerExA

SetServiceStatus

StartServiceCtrlDispatcherA

CloseServiceHandle

ControlService

CreateServiceA

DeleteService

EnumDependentServicesA

OpenSCManagerA

OpenServiceA

QueryServiceStatusEx

StartServiceA

RegCloseKey

RegCreateKeyExW

RegSetValueExW

RegisterEventSourceW

DeregisterEventSource

RegGetValueW

RegDeleteValueW

kernel32

CloseHandle

RaiseException

DeviceIoControl

InitializeCriticalSectionEx

DeleteCriticalSection

Sleep

GetCurrentProcess

GetWindowsDirectoryA

GlobalAlloc

GlobalFree

LocalFree

GetLogicalDriveStringsA

GetPrivateProfileStringW

WritePrivateProfileStringW

CopyFileW

MoveFileExW

MultiByteToWideChar

SetEvent

ResetEvent

WaitForSingleObject

CreateEventW

GetProcessTimes

GetCurrentProcessId

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemInfo

GetSystemTimeAsFileTime

GetSystemDirectoryW

ReadProcessMemory

GetModuleHandleA

GetProcAddress

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

ReleaseMutex

CreateMutexA

SetUnhandledExceptionFilter

WideCharToMultiByte

FlushFileBuffers

GetTickCount64

FreeLibrary

LoadLibraryW

GetSystemTime

SystemTimeToFileTime

GetCurrentThread

OpenThread

SuspendThread

ResumeThread

GetThreadContext

Module32First

Module32Next

HeapAlloc

HeapFree

GetProcessHeap

GetTickCount

CreateIoCompletionPort

GetQueuedCompletionStatus

CancelIoEx

GetCurrentThreadId

SetThreadPriority

DecodePointer

SetDefaultDllDirectories

GetLastError

ReadConsoleA

SetConsoleMode

ConvertThreadToFiberEx

ConvertFiberToThread

CreateFiberEx

DeleteFiber

SwitchToFiber

GetEnvironmentVariableW

VirtualLock

VirtualFree

VirtualProtect

VirtualAlloc

LoadLibraryA

GetSystemDirectoryA

AcquireSRWLockShared

SetFileAttributesW

RemoveDirectoryW

GetFileAttributesW

GetDriveTypeA

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileW

FindClose

DeleteFileW

CreateFileW

CreateDirectoryW

GetCurrentDirectoryW

GetModuleFileNameW

WaitForSingleObjectEx

SwitchToThread

GetExitCodeThread

GetNativeSystemInfo

InitializeSRWLock

ReleaseSRWLockExclusive

AcquireSRWLockExclusive

EnterCriticalSection

LeaveCriticalSection

TryEnterCriticalSection

FormatMessageA

GetStringTypeW

InitializeConditionVariable

WakeConditionVariable

WakeAllConditionVariable

GetDriveTypeW

SleepConditionVariableSRW

InitOnceBeginInitialize

InitOnceComplete

QueryPerformanceCounter

QueryPerformanceFrequency

SetFileInformationByHandle

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

InitOnceExecuteOnce

CreateEventExW

CreateSemaphoreExW

FlushProcessWriteBuffers

GetCurrentProcessorNumber

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

CreateThreadpoolTimer

SetThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CloseThreadpoolTimer

CreateThreadpoolWait

SetThreadpoolWait

CloseThreadpoolWait

GetModuleHandleW

GetFileInformationByHandleEx

CreateSymbolicLinkW

EncodePointer

LCMapStringEx

CompareStringEx

GetCPInfo

GetLocaleInfoEx

InitializeCriticalSectionAndSpinCount

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

IsProcessorFeaturePresent

IsDebuggerPresent

GetStartupInfoW

InitializeSListHead

OutputDebugStringW

RtlPcToFileHeader

RtlUnwindEx

RtlUnwind

InterlockedPushEntrySList

InterlockedFlushSList

SetLastError

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

CreateThread

ExitThread

FreeLibraryAndExitThread

GetModuleHandleExW

ReadFile

GetFileInformationByHandle

GetFileType

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

SetEnvironmentVariableW

SetCurrentDirectoryW

SetStdHandle

SetFilePointerEx

ExitProcess

GetStdHandle

WriteFile

GetCommandLineA

GetCommandLineW

GetConsoleMode

ReadConsoleW

GetConsoleOutputCP

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

GetFileSizeEx

GetFullPathNameW

HeapSize

HeapReAlloc

SetConsoleCtrlHandler

GetFileAttributesExW

GetTimeZoneInformation

SetEndOfFile

FindFirstFileExW

IsValidCodePage

GetACP

GetOEMCP

GetEnvironmentStringsW

FreeEnvironmentStringsW

WriteConsoleW

CreateFileA

GetLogicalDriveStringsW

QueryDosDeviceW

lstrlenA

lstrlenW

QueryDosDeviceA

ReleaseSRWLockShared

SleepConditionVariableCS

shlwapi

PathCanonicalizeA

PathQuoteSpacesW

PathCanonicalizeW

mpr

WNetGetConnectionW

dbghelp

StackWalk64

SymCleanup

SymInitialize

SymFunctionTableAccess64

SymGetModuleBase64

netapi32

NetUserSetInfo

NetUserEnum

NetApiBufferFree

NetUserGetInfo

crypt32

CertDuplicateCertificateContext

CertGetCertificateContextProperty

CertEnumCertificatesInStore

CertCloseStore

CertOpenStore

CertFindCertificateInStore

CertFreeCertificateContext

ole32

StringFromGUID2

wsock32

htonl

htons

ioctlsocket

inet_addr

select

getservbyport

getservbyname

WSASetLastError

recv

ntohs

WSACleanup

bind

closesocket

send

listen

setsockopt

socket

shutdown

getsockopt

getsockname

inet_ntoa

WSAGetLastError

WSAStartup

accept

gethostbyname

gethostbyaddr

connect

rpcrt4

UuidToStringA

RpcStringFreeA

UuidCreate

UuidFromStringA

bcrypt

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

14:7e:bd:5a:44:f6:de:d2:1a:9b:61:72:35:91:af:aa:dc:7f:9e:ba:73:d9:b7:76:b8:98:5c:0f:69:30:cd:d9:3f:41:bd:79:48:90:9a:ac:c9:2c:7c:df:7c:1b:5a:85:09:41:4d:5f:07:1f:e5:3a:93:a8:3f:f2:bb:a1:ae:a0
Signer

Actual PE Digest

14:7e:bd:5a:44:f6:de:d2:1a:9b:61:72:35:91:af:aa:dc:7f:9e:ba:73:d9:b7:76:b8:98:5c:0f:69:30:cd:d9:3f:41:bd:79:48:90:9a:ac:c9:2c:7c:df:7c:1b:5a:85:09:41:4d:5f:07:1f:e5:3a:93:a8:3f:f2:bb:a1:ae:a0

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRDriverInstaller.pdb

Imports

wtsapi32

WTSEnumerateSessionsA

WTSQuerySessionInformationW

WTSQueryUserToken

WTSFreeMemory

WTSEnumerateProcessesW

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

advapi32

CloseServiceHandle

RegOpenKeyExW

RegQueryValueExW

RegSetValueExW

RegGetValueW

ControlService

CreateServiceA

CryptEnumProvidersW

CryptSignHashW

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

ImpersonateLoggedOnUser

RevertToSelf

RegCloseKey

RegCreateKeyExW

RegDeleteValueW

CreateServiceW

OpenSCManagerA

DeleteService

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

CryptGetProvParam

CryptSetHashParam

CryptDestroyKey

CryptReleaseContext

CryptAcquireContextW

ReportEventW

RegisterEventSourceW

DeregisterEventSource

StartServiceA

QueryServiceStatusEx

OpenServiceA

EnumDependentServicesA

kernel32

FindClose

FindFirstFileW

FindNextFileW

GetDiskFreeSpaceExW

GetDriveTypeA

GetFileAttributesW

RemoveDirectoryW

SetFileAttributesW

DeviceIoControl

Sleep

GetCurrentProcess

GetWindowsDirectoryA

GlobalAlloc

GlobalFree

LocalFree

GetLogicalDriveStringsA

GetPrivateProfileStringW

WritePrivateProfileStringW

CopyFileW

MoveFileExW

GetTickCount64

GetCurrentProcessId

GetCurrentThread

OpenThread

DeleteFileW

ResumeThread

GetThreadContext

CreateToolhelp32Snapshot

Module32First

Module32Next

WaitForSingleObject

GetProcessTimes

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemInfo

GetSystemTimeAsFileTime

GetSystemDirectoryW

ReadProcessMemory

GetModuleHandleA

GetProcAddress

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

Process32FirstW

Process32NextW

FreeLibrary

LoadLibraryW

GetSystemTime

SystemTimeToFileTime

VirtualLock

VirtualFree

VirtualProtect

VirtualAlloc

LoadLibraryA

GetSystemDirectoryA

AcquireSRWLockShared

ReleaseSRWLockShared

GetTickCount

CreateFileA

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

GetACP

IsValidCodePage

FindFirstFileExW

SetEndOfFile

SetConsoleCtrlHandler

GetTimeZoneInformation

GetFileAttributesExW

CreateFileW

CreateDirectoryW

GetCurrentDirectoryW

WideCharToMultiByte

MultiByteToWideChar

SetUnhandledExceptionFilter

CreateMutexA

ReleaseMutex

CloseHandle

FlushFileBuffers

GetModuleFileNameW

GetDriveTypeW

lstrcmpiA

SetDefaultDllDirectories

DeleteCriticalSection

InitializeCriticalSectionEx

GetProcessHeap

HeapSize

HeapFree

HeapReAlloc

HeapAlloc

HeapDestroy

GetLastError

RaiseException

DecodePointer

GetEnvironmentVariableW

SwitchToFiber

DeleteFiber

CreateFiberEx

ConvertFiberToThread

ConvertThreadToFiberEx

SetConsoleMode

ReadConsoleA

SuspendThread

OutputDebugStringW

IsDebuggerPresent

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

WaitForSingleObjectEx

SwitchToThread

GetCurrentThreadId

GetExitCodeThread

GetNativeSystemInfo

InitializeSRWLock

ReleaseSRWLockExclusive

AcquireSRWLockExclusive

TryEnterCriticalSection

FormatMessageA

GetStringTypeW

QueryPerformanceCounter

QueryPerformanceFrequency

InitOnceBeginInitialize

InitOnceComplete

InitOnceExecuteOnce

InitializeConditionVariable

WakeConditionVariable

WakeAllConditionVariable

SleepConditionVariableCS

SleepConditionVariableSRW

SetFileInformationByHandle

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

CreateEventExW

CreateSemaphoreExW

FlushProcessWriteBuffers

GetCurrentProcessorNumber

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

CreateThreadpoolTimer

SetThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CloseThreadpoolTimer

CreateThreadpoolWait

SetThreadpoolWait

CloseThreadpoolWait

GetModuleHandleW

GetFileInformationByHandleEx

CreateSymbolicLinkW

EncodePointer

LCMapStringEx

CompareStringEx

GetCPInfo

GetLocaleInfoEx

InitializeCriticalSectionAndSpinCount

SetEvent

ResetEvent

CreateEventW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

IsProcessorFeaturePresent

GetStartupInfoW

InitializeSListHead

RtlPcToFileHeader

RtlUnwindEx

InterlockedPushEntrySList

InterlockedFlushSList

SetLastError

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

GetFileInformationByHandle

GetFileType

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

SetStdHandle

ReadFile

SetEnvironmentVariableW

SetCurrentDirectoryW

GetStdHandle

GetModuleHandleExW

WriteConsoleW

SetFilePointerEx

CreateThread

ExitThread

FreeLibraryAndExitThread

ExitProcess

WriteFile

GetCommandLineA

GetCommandLineW

GetConsoleMode

ReadConsoleW

GetConsoleOutputCP

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

GetFileSizeEx

GetFullPathNameW

user32

GetUserObjectInformationW

GetProcessWindowStation

UnregisterClassA

MessageBoxW

shlwapi

PathQuoteSpacesW

PathCanonicalizeW

PathCanonicalizeA

mpr

WNetGetConnectionW

dbghelp

SymFunctionTableAccess64

SymInitialize

SymGetModuleBase64

StackWalk64

SymCleanup

netapi32

NetUserEnum

NetUserSetInfo

NetApiBufferFree

NetUserGetInfo

crypt32

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertOpenStore

wsock32

shutdown

socket

setsockopt

bind

accept

send

recv

WSASetLastError

listen

connect

closesocket

inet_ntoa

getsockname

getsockopt

ntohs

select

gethostbyname

WSAStartup

WSACleanup

WSAGetLastError

htonl

htons

ioctlsocket

inet_addr

gethostbyaddr

getservbyport

getservbyname

bcrypt

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

96:f7:1b:d9:10:e6:70:36:80:bf:b7:b4:24:71:1b:96:98:a2:ac:9b:4a:5b:7a:64:17:66:cd:ef:13:6e:7c:ab:88:bc:32:b8:38:97:d6:38:79:cc:a0:f3:f7:ee:10:42:d5:a2:44:0c:4e:eb:ce:75:42:4c:3a:c3:f3:f1:5c:46
Signer

Actual PE Digest

96:f7:1b:d9:10:e6:70:36:80:bf:b7:b4:24:71:1b:96:98:a2:ac:9b:4a:5b:7a:64:17:66:cd:ef:13:6e:7c:ab:88:bc:32:b8:38:97:d6:38:79:cc:a0:f3:f7:ee:10:42:d5:a2:44:0c:4e:eb:ce:75:42:4c:3a:c3:f3:f1:5c:46

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRManager.pdb

Imports

iphlpapi

GetUnicastIpAddressTable

FreeMibTable

GetTcpTable

GetAdaptersInfo

advapi32

DeleteService

RegisterEventSourceW

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

RegCloseKey

RegCreateKeyExW

RegDeleteValueW

RegEnumKeyExW

RegEnumValueW

RegOpenKeyExW

RegQueryInfoKeyW

RegQueryValueExW

RegRestoreKeyW

RegSaveKeyW

RegSetValueExW

RegDeleteTreeW

RegGetValueW

ImpersonateLoggedOnUser

RevertToSelf

RegEnumValueA

RegQueryInfoKeyA

CloseServiceHandle

EnumServicesStatusA

OpenSCManagerA

OpenServiceA

QueryServiceConfigA

QueryServiceConfigW

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

RegisterServiceCtrlHandlerExA

SetServiceStatus

StartServiceCtrlDispatcherA

ControlService

CreateServiceA

ReportEventW

EnumDependentServicesA

QueryServiceStatusEx

StartServiceA

CryptAcquireContextA

CryptReleaseContext

CryptGetHashParam

CryptCreateHash

CryptHashData

CryptDestroyHash

CryptAcquireContextW

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptGetUserKey

CryptExportKey

CryptDecrypt

RegGetValueA

CryptSignHashW

CryptEnumProvidersW

RegEnumKeyExA

RegOpenKeyExA

RegQueryValueExA

DeregisterEventSource

crypt32

CertDuplicateCertificateContext

CertGetCertificateContextProperty

CertOpenSystemStoreA

CertFindCertificateInStore

CertGetEnhancedKeyUsage

CertFreeCertificateContext

CertEnumCertificatesInStore

CertCloseStore

CertGetIntendedKeyUsage

CryptUnprotectData

CryptProtectData

CertOpenStore

kernel32

GetPrivateProfileStringW

WritePrivateProfileStringW

CopyFileW

MoveFileExW

MultiByteToWideChar

SetEvent

ResetEvent

WaitForSingleObject

CreateEventW

ReleaseMutex

CreateMutexA

SetUnhandledExceptionFilter

GlobalMemoryStatusEx

GetSystemInfo

FreeLibrary

GetModuleHandleA

GetProcAddress

LoadLibraryW

WTSGetActiveConsoleSessionId

ExpandEnvironmentStringsW

SetProcessWorkingSetSize

WideCharToMultiByte

FlushFileBuffers

GetTickCount64

GetProcessTimes

GetCurrentProcessId

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemTimeAsFileTime

GetSystemDirectoryW

ReadProcessMemory

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

CreateFileA

ReadFile

GetCurrentThread

OpenThread

SuspendThread

ResumeThread

GetThreadContext

Module32First

Module32Next

GetSystemTime

SystemTimeToFileTime

GetFileSizeEx

HeapAlloc

HeapFree

GetProcessHeap

GetTickCount

CreateEventA

LocalFree

Thread32Next

GetThreadTimes

SetLastError

FormatMessageW

EnterCriticalSection

LeaveCriticalSection

SleepEx

QueryPerformanceFrequency

GetSystemDirectoryA

LoadLibraryA

QueryPerformanceCounter

MoveFileExA

WaitForSingleObjectEx

CompareFileTime

GetEnvironmentVariableA

GetStdHandle

GetFileType

PeekNamedPipe

WaitForMultipleObjects

VerSetConditionMask

VerifyVersionInfoA

LCMapStringEx

EncodePointer

CreateSymbolicLinkW

GlobalFree

GlobalAlloc

GetWindowsDirectoryA

GetCurrentProcess

GetFileInformationByHandleEx

CloseThreadpoolWait

SetThreadpoolWait

QueryDosDeviceA

lstrlenW

lstrlenA

QueryDosDeviceW

GetLogicalDriveStringsW

GetSystemTimes

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

IsValidCodePage

FindFirstFileExW

SetEndOfFile

HeapReAlloc

HeapSize

GetFullPathNameW

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

GetCommandLineW

GetCommandLineA

ExitProcess

SetConsoleCtrlHandler

GetTimeZoneInformation

GetConsoleOutputCP

DuplicateHandle

GetFileAttributesExW

WriteConsoleW

SetFilePointerEx

SetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

GetFileInformationByHandle

CreateThreadpoolWait

CloseThreadpoolTimer

WaitForThreadpoolTimerCallbacks

SetThreadpoolTimer

CreateThreadpoolTimer

CloseThreadpoolWork

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

FlushProcessWriteBuffers

CreateSemaphoreExW

CreateEventExW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

FreeLibraryAndExitThread

SetFileInformationByHandle

GetLocaleInfoEx

RtlPcToFileHeader

InitOnceExecuteOnce

InitOnceComplete

InitOnceBeginInitialize

GetStringTypeW

SleepConditionVariableCS

WakeAllConditionVariable

TryEnterCriticalSection

GetNativeSystemInfo

ExitThread

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwind

RtlUnwindEx

OutputDebugStringW

InitializeSListHead

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

UnhandledExceptionFilter

RtlLookupFunctionEntry

RtlCaptureContext

GetExitCodeThread

SwitchToThread

SetThreadPriority

CancelIoEx

SleepConditionVariableSRW

WakeConditionVariable

InitializeConditionVariable

ExpandEnvironmentStringsA

GetVersionExA

ConvertThreadToFiberEx

InitializeCriticalSectionAndSpinCount

GetCPInfo

DeleteCriticalSection

InitializeCriticalSectionEx

DeviceIoControl

GetLastError

RaiseException

DecodePointer

SetFileAttributesW

RemoveDirectoryW

GetFileAttributesW

GetDriveTypeA

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileW

FindClose

DeleteFileW

CreateFileW

CreateDirectoryW

GetCurrentDirectoryW

GetModuleFileNameW

GetDriveTypeW

SetDefaultDllDirectories

Sleep

CloseHandle

GetLogicalDriveStringsA

Thread32First

CreateIoCompletionPort

GetQueuedCompletionStatus

PostQueuedCompletionStatus

GetCurrentThreadId

SetEnvironmentVariableA

GetCurrentProcessorNumber

CreateThread

FormatMessageA

GetEnvironmentVariableW

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

GetModuleHandleExW

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

VirtualAlloc

VirtualProtect

VirtualFree

VirtualLock

SwitchToFiber

DeleteFiber

CreateFiberEx

WriteFile

GetModuleHandleW

RtlVirtualUnwind

GetACP

ConvertFiberToThread

CompareStringEx

user32

UnregisterClassA

GetProcessWindowStation

GetUserObjectInformationW

MessageBoxW

ole32

StringFromGUID2

wsock32

bind

recv

WSAGetLastError

ntohl

shutdown

gethostbyname

getservbyport

getservbyname

closesocket

send

select

inet_addr

ioctlsocket

connect

gethostname

inet_ntoa

sendto

recvfrom

listen

htonl

accept

getpeername

__WSAFDIsSet

WSACleanup

WSAStartup

WSASetLastError

socket

setsockopt

ntohs

htons

getsockopt

getsockname

gethostbyaddr

ws2_32

WSACreateEvent

WSAEventSelect

WSAResetEvent

FreeAddrInfoW

GetAddrInfoW

WSARecvFrom

WSAConnect

inet_ntop

WSASend

WSARecv

WSAGetOverlappedResult

WSASocketA

WSASetEvent

WSAWaitForMultipleEvents

WSAIoctl

WSAEnumNetworkEvents

WSACloseEvent

inet_pton

getaddrinfo

freeaddrinfo

wtsapi32

WTSQueryUserToken

WTSEnumerateProcessesW

WTSFreeMemory

WTSEnumerateSessionsA

WTSQuerySessionInformationW

wldap32

ord32

ord26

ord22

ord35

ord50

ord60

ord211

ord46

ord143

ord79

ord30

ord41

ord301

ord27

ord33

ord200

userenv

CreateEnvironmentBlock

UnloadUserProfile

LoadUserProfileA

DestroyEnvironmentBlock

shlwapi

PathCanonicalizeA

PathQuoteSpacesW

PathCanonicalizeW

mpr

WNetGetConnectionW

dbghelp

SymCleanup

SymFunctionTableAccess64

SymGetModuleBase64

SymInitialize

SymSetOptions

SymGetSymFromAddr64

SymFromAddr

StackWalk64

wevtapi

EvtExportLog

EvtQuery

EvtClose

EvtNext

rpcrt4

UuidCreate

UuidToStringA

UuidFromStringA

RpcStringFreeA

netapi32

NetUserSetInfo

NetUserEnum

NetApiBufferFree

NetUserGetInfo

bcrypt

BCryptGenRandom

fltlib

FilterReplyMessage

FilterGetMessage

FilterConnectCommunicationPort

pdh

PdhCollectQueryData

PdhAddCounterW

PdhOpenQueryW

PdhCloseQuery

PdhGetFormattedCounterValue

Sections

.text
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e1:13:d2:73:6e:d9:b3:f9:2f:33:34:ac:f9:fe:a8:71:bc:4c:53:6c:d7:03:ae:96:00:3b:2a:d8:bf:d9:e0:64:43:c2:79:03:0e:85:13:cc:c0:89:67:26:8d:2d:c8:2f:62:e7:01:dc:69:db:04:9b:cd:3d:56:22:57:4b:8f:d2
Signer

Actual PE Digest

e1:13:d2:73:6e:d9:b3:f9:2f:33:34:ac:f9:fe:a8:71:bc:4c:53:6c:d7:03:ae:96:00:3b:2a:d8:bf:d9:e0:64:43:c2:79:03:0e:85:13:cc:c0:89:67:26:8d:2d:c8:2f:62:e7:01:dc:69:db:04:9b:cd:3d:56:22:57:4b:8f:d2

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRMaster.pdb

Imports

ws2_32

WSARecv

getaddrinfo

WSAGetOverlappedResult

WSAEnumNameSpaceProvidersA

socket

WSASocketA

htons

WSACleanup

closesocket

inet_pton

WSAIoctl

ntohl

inet_ntop

FreeAddrInfoW

GetAddrInfoW

ntohs

WSAStartup

WSCInstallNameSpace

WSCUnInstallNameSpace

WSASend

WSAConnect

WSARecvFrom

WSACloseEvent

inet_ntoa

WSACreateEvent

WSAEnumNetworkEvents

WSAEventSelect

WSAResetEvent

WSASetEvent

WSAWaitForMultipleEvents

freeaddrinfo

sendto

wtsapi32

WTSQuerySessionInformationW

WTSEnumerateSessionsA

WTSQueryUserToken

WTSEnumerateProcessesW

WTSFreeMemory

userenv

DestroyEnvironmentBlock

LoadUserProfileA

UnloadUserProfile

CreateEnvironmentBlock

iphlpapi

FreeMibTable

GetUnicastIpAddressTable

GetTcpTable

GetAdaptersInfo

advapi32

InitializeSecurityDescriptor

SetSecurityDescriptorDacl

CryptSetHashParam

CryptDestroyKey

CryptReleaseContext

CryptAcquireContextW

ReportEventW

RegisterEventSourceW

DeregisterEventSource

CreateServiceW

RegOpenKeyExA

RegNotifyChangeKeyValue

ConvertSidToStringSidA

CloseTrace

ProcessTrace

OpenTraceW

EnableTraceEx2

ControlTraceW

StopTraceW

StartTraceW

CryptHashData

CryptGetHashParam

CryptAcquireContextA

RegQueryValueExA

RegEnumKeyExA

RegGetValueA

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CloseEventLog

OpenEventLogA

ReadEventLogA

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

RegCloseKey

RegCreateKeyExW

RegDeleteValueW

RegEnumKeyExW

RegEnumValueW

RegOpenKeyExW

RegQueryInfoKeyW

RegQueryValueExW

RegRestoreKeyW

RegSaveKeyW

RegSetValueExW

RegDeleteTreeW

RegGetValueW

ImpersonateLoggedOnUser

RevertToSelf

RegEnumValueA

RegQueryInfoKeyA

CloseServiceHandle

EnumServicesStatusA

OpenSCManagerA

OpenServiceA

QueryServiceConfigA

QueryServiceConfigW

RegisterServiceCtrlHandlerExA

SetServiceStatus

StartServiceCtrlDispatcherA

ControlService

CreateServiceA

DeleteService

EnumDependentServicesA

QueryServiceStatusEx

StartServiceA

GetNumberOfEventLogRecords

GetOldestEventLogRecord

RegSetKeyValueW

CryptGetProvParam

crypt32

CryptUnprotectData

CertOpenStore

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CryptProtectData

CertGetEnhancedKeyUsage

CertGetIntendedKeyUsage

CertOpenSystemStoreA

CertGetCertificateContextProperty

kernel32

GetFileSize

LockFileEx

UnlockFile

HeapCompact

FlushViewOfFile

GetFileAttributesA

GetDiskFreeSpaceA

GetTempPathA

HeapValidate

CreateMutexW

GetTempPathW

UnlockFileEx

GetFullPathNameA

SetFilePointer

LockFile

OutputDebugStringA

GetDiskFreeSpaceW

HeapCreate

AreFileApisANSI

VirtualUnlock

SleepConditionVariableCS

WakeAllConditionVariable

VerSetConditionMask

DecodePointer

RaiseException

GetLastError

HeapDestroy

HeapAlloc

HeapReAlloc

HeapFree

HeapSize

GetProcessHeap

InitializeCriticalSectionEx

DeleteCriticalSection

Sleep

DeleteTimerQueueTimer

SetDefaultDllDirectories

DeleteTimerQueue

VerifyVersionInfoW

CloseHandle

GetTickCount64

FreeLibrary

GetProcAddress

LoadLibraryA

SetUnhandledExceptionFilter

GetCurrentDirectoryW

CreateDirectoryW

CreateFileW

DeleteFileW

FindClose

FindFirstFileW

FindNextFileW

GetDiskFreeSpaceExW

GetDriveTypeA

GetFileAttributesW

RemoveDirectoryW

SetFileAttributesW

DeviceIoControl

GetCurrentProcess

GetWindowsDirectoryA

GlobalAlloc

GlobalFree

LocalFree

GetLogicalDriveStringsA

GetPrivateProfileStringW

WritePrivateProfileStringW

CopyFileW

MoveFileExW

MultiByteToWideChar

GetDriveTypeW

GetModuleFileNameW

SetEvent

ResetEvent

WaitForSingleObject

CreateEventW

TryEnterCriticalSection

CreateMutexA

CreateFileA

ReadFile

GetProcessTimes

GetCurrentProcessId

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemInfo

GetSystemTimeAsFileTime

GetSystemDirectoryW

ReadProcessMemory

GetModuleHandleA

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GlobalMemoryStatusEx

LoadLibraryW

WTSGetActiveConsoleSessionId

ExpandEnvironmentStringsW

SetProcessWorkingSetSize

GetSystemTime

SystemTimeToFileTime

WideCharToMultiByte

GetSystemTimes

GetCurrentThread

OpenThread

SuspendThread

ResumeThread

GetThreadContext

Module32First

Module32Next

FlushFileBuffers

GetFileSizeEx

GetTickCount

VirtualAlloc

VirtualFree

LocalAlloc

lstrcmpA

GetLogicalDriveStringsW

QueryDosDeviceW

lstrlenA

lstrlenW

QueryDosDeviceA

FindResourceExW

LoadResource

LockResource

SizeofResource

FindResourceW

GetSystemDirectoryA

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

GetCurrentThreadId

CreateEventA

DeleteFileA

CopyFileA

MoveFileExA

CreateThread

GetModuleHandleW

MapViewOfFile

UnmapViewOfFile

CreateIoCompletionPort

GetQueuedCompletionStatus

CancelIoEx

SetThreadPriority

CreateTimerQueue

CreateTimerQueueTimer

GetSystemWindowsDirectoryW

ChangeTimerQueueTimer

FindCloseChangeNotification

FindFirstChangeNotificationA

FindNextChangeNotification

WaitForMultipleObjects

ReadDirectoryChangesW

SetLastError

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

FormatMessageA

GetStdHandle

GetStringTypeW

WriteFile

RtlVirtualUnwind

GetModuleHandleExW

QueryPerformanceCounter

VirtualProtect

VirtualLock

GetEnvironmentVariableW

GetACP

SwitchToFiber

DeleteFiber

CreateFiberEx

ConvertFiberToThread

ConvertThreadToFiberEx

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

PostQueuedCompletionStatus

GetCurrentProcessorNumber

QueryPerformanceFrequency

GetEnvironmentVariableA

SetEnvironmentVariableA

GetVersionExA

ExpandEnvironmentStringsA

InitializeConditionVariable

WakeConditionVariable

SleepConditionVariableSRW

FormatMessageW

SleepEx

WaitForSingleObjectEx

CompareFileTime

PeekNamedPipe

VerifyVersionInfoA

InitOnceBeginInitialize

CreateFileMappingW

WaitForMultipleObjectsEx

GetOverlappedResult

CreateNamedPipeW

DisconnectNamedPipe

ConnectNamedPipe

WriteFileEx

ReadFileEx

GetUserDefaultUILanguage

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

IsValidCodePage

FindFirstFileExW

SetEndOfFile

GetFullPathNameW

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

GetCommandLineW

GetCommandLineA

DuplicateHandle

GetFileAttributesExW

GetConsoleOutputCP

GetTimeZoneInformation

SetFilePointerEx

WriteConsoleW

SetConsoleCtrlHandler

ExitProcess

SetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

GetFileInformationByHandle

FreeLibraryAndExitThread

ExitThread

LoadLibraryExW

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwind

RtlUnwindEx

InitializeSListHead

GetStartupInfoW

UnhandledExceptionFilter

RtlLookupFunctionEntry

RtlCaptureContext

InitializeCriticalSectionAndSpinCount

GetNativeSystemInfo

GetExitCodeThread

SwitchToThread

ReleaseMutex

OutputDebugStringW

IsDebuggerPresent

GetCPInfo

CompareStringEx

LCMapStringEx

EncodePointer

CreateSymbolicLinkW

GetFileInformationByHandleEx

CloseThreadpoolWait

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolTimer

InitOnceComplete

RtlPcToFileHeader

WaitForThreadpoolTimerCallbacks

SetThreadpoolTimer

CreateThreadpoolTimer

FlushProcessWriteBuffers

CreateSemaphoreExW

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

RtlCaptureStackBackTrace

CreateEventExW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

SetFileInformationByHandle

GetLocaleInfoEx

InitOnceExecuteOnce

IsProcessorFeaturePresent

GetFileType

user32

MessageBoxW

GetProcessWindowStation

GetUserObjectInformationW

UnregisterClassA

shell32

CommandLineToArgvW

SHGetFolderPathA

ole32

CoInitializeEx

CoInitializeSecurity

StringFromGUID2

CoInitialize

CoCreateInstance

CoUninitialize

wsock32

gethostbyaddr

ioctlsocket

htonl

WSAGetLastError

gethostbyname

select

getsockopt

getsockname

inet_ntoa

recvfrom

getservbyport

setsockopt

__WSAFDIsSet

getservbyname

WSASetLastError

recv

send

accept

bind

connect

listen

shutdown

getpeername

gethostname

wldap32

ord143

ord46

ord211

ord60

ord50

ord41

ord22

ord26

ord27

ord33

ord35

ord79

ord30

ord200

ord301

ord32

fltlib

FilterGetMessage

FilterReplyMessage

FilterConnectCommunicationPort

shlwapi

PathQuoteSpacesW

PathCanonicalizeW

PathGetArgsW

PathCanonicalizeA

dbghelp

SymFromAddr

StackWalk64

SymSetOptions

SymFunctionTableAccess64

SymGetModuleBase64

SymInitialize

SymCleanup

mpr

WNetGetConnectionW

wevtapi

EvtExportLog

EvtClose

EvtNext

EvtQuery

netapi32

NetUserEnum

NetUserGetInfo

NetUserSetInfo

NetApiBufferFree

pdh

PdhGetFormattedCounterValue

PdhCloseQuery

PdhOpenQueryW

PdhAddCounterW

PdhCollectQueryData

bcrypt

BCryptGenRandom

version

GetFileVersionInfoW

VerQueryValueW

GetFileVersionInfoSizeW

oleaut32

SysFreeString

VariantInit

VariantClear

GetErrorInfo

VariantChangeType

SetErrorInfo

CreateErrorInfo

SysAllocString

rpcrt4

UuidToStringA

UuidFromStringA

RpcStringFreeA

UuidCreate

Sections

.text
Size: 24.8MB - Virtual size: 24.8MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 515KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

2d:36:b1:94:e3:d8:57:c6:0c:0e:2f:99:a2:8e:02:0a:1b:0a:0c:c3:2a:1a:21:50:ee:39:43:d3:64:20:a8:21:54:cc:d7:4d:e1:55:04:c9:b4:1a:55:7e:76:b3:a7:e7:7f:a0:34:6f:27:f7:55:9d:40:45:b4:f2:b1:9e:0c:30
Signer

Actual PE Digest

2d:36:b1:94:e3:d8:57:c6:0c:0e:2f:99:a2:8e:02:0a:1b:0a:0c:c3:2a:1a:21:50:ee:39:43:d3:64:20:a8:21:54:cc:d7:4d:e1:55:04:c9:b4:1a:55:7e:76:b3:a7:e7:7f:a0:34:6f:27:f7:55:9d:40:45:b4:f2:b1:9e:0c:30

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRScanner.pdb

Imports

wtsapi32

WTSFreeMemory

WTSQueryUserToken

WTSEnumerateSessionsA

WTSQuerySessionInformationW

WTSEnumerateProcessesW

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

LoadUserProfileA

UnloadUserProfile

iphlpapi

FreeMibTable

GetAdaptersInfo

GetTcpTable

GetUnicastIpAddressTable

advapi32

RegQueryInfoKeyW

RegEnumValueW

RegEnumKeyExW

RegQueryInfoKeyA

RegRestoreKeyW

CloseServiceHandle

EnumServicesStatusA

OpenSCManagerA

OpenServiceA

QueryServiceConfigA

QueryServiceConfigW

RegDeleteTreeW

RegSaveKeyW

RegCloseKey

RegCreateKeyExW

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

ImpersonateLoggedOnUser

RevertToSelf

RegDeleteValueW

RegOpenKeyExW

RegQueryValueExW

RegSetValueExW

RegGetValueW

DeregisterEventSource

RegisterEventSourceW

ReportEventW

CryptAcquireContextW

CryptReleaseContext

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptGetUserKey

CryptExportKey

CryptDecrypt

CryptCreateHash

CryptDestroyHash

CryptSignHashW

CryptEnumProvidersW

RegGetValueA

RegEnumKeyExA

RegOpenKeyExA

RegQueryValueExA

CryptAcquireContextA

CryptGetHashParam

CryptHashData

RegEnumValueA

crypt32

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertGetEnhancedKeyUsage

CertGetIntendedKeyUsage

CertOpenSystemStoreA

CertOpenStore

kernel32

ResetEvent

WaitForSingleObject

CreateEventW

GetCurrentDirectoryW

CreateDirectoryW

CreateFileW

DeleteFileW

FindClose

FindFirstFileW

FindNextFileW

GetDriveTypeA

GetFileAttributesW

RemoveDirectoryW

SetFileAttributesW

DecodePointer

RaiseException

DeviceIoControl

InitializeCriticalSectionEx

DeleteCriticalSection

GetCurrentProcess

GetWindowsDirectoryA

GlobalAlloc

GlobalFree

LocalFree

GetLogicalDriveStringsA

CopyFileW

MoveFileExW

MultiByteToWideChar

GetProcessTimes

GetCurrentProcessId

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemInfo

GetSystemTimeAsFileTime

GetSystemDirectoryW

ReadProcessMemory

GetModuleHandleA

GetProcAddress

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GetTickCount64

FlushFileBuffers

ReleaseMutex

CreateMutexA

SetProcessWorkingSetSize

WideCharToMultiByte

CreateFileA

ReadFile

GetCurrentThread

OpenThread

SuspendThread

ResumeThread

GetThreadContext

Module32First

Module32Next

FreeLibrary

LoadLibraryW

GetSystemTime

SystemTimeToFileTime

GetFileSizeEx

DeleteTimerQueueTimer

DeleteTimerQueue

GetCurrentThreadId

SetThreadPriority

CreateTimerQueue

CreateTimerQueueTimer

CreateIoCompletionPort

GetQueuedCompletionStatus

CancelIoEx

SetLastError

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

GetStdHandle

GetFileType

WriteFile

CloseHandle

RtlVirtualUnwind

GetModuleHandleExW

QueryPerformanceCounter

VirtualAlloc

VirtualProtect

VirtualFree

VirtualLock

GetEnvironmentVariableW

GetACP

SwitchToFiber

DeleteFiber

CreateFiberEx

ConvertFiberToThread

ConvertThreadToFiberEx

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

PostQueuedCompletionStatus

GetEnvironmentVariableA

SetEnvironmentVariableA

QueryPerformanceFrequency

GetCurrentProcessorNumber

CreateEventA

CreateThread

GetVersionExA

ExpandEnvironmentStringsA

GetTickCount

GetModuleFileNameW

WakeConditionVariable

SleepConditionVariableSRW

FormatMessageW

EnterCriticalSection

LeaveCriticalSection

SleepEx

MoveFileExA

WaitForSingleObjectEx

CompareFileTime

PeekNamedPipe

WaitForMultipleObjects

VerSetConditionMask

VerifyVersionInfoA

MapViewOfFile

CreateFileMappingW

GetProcessHeap

GetFileSize

LockFileEx

UnlockFile

HeapDestroy

HeapCompact

HeapAlloc

HeapReAlloc

DeleteFileA

FlushViewOfFile

OutputDebugStringW

GetFileAttributesExW

GetFileAttributesA

GetDiskFreeSpaceA

SetEvent

HeapSize

HeapValidate

UnmapViewOfFile

CreateMutexW

GetTempPathW

UnlockFileEx

SetEndOfFile

GetFullPathNameA

SetFilePointer

LockFile

OutputDebugStringA

GetDiskFreeSpaceW

GetFullPathNameW

HeapFree

HeapCreate

AreFileApisANSI

InitializeCriticalSection

TryEnterCriticalSection

VirtualUnlock

SetUnhandledExceptionFilter

GetLogicalDriveStringsW

WTSGetActiveConsoleSessionId

GlobalMemoryStatusEx

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

IsValidCodePage

FindFirstFileExW

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

GetCommandLineW

GetCommandLineA

DuplicateHandle

GetConsoleOutputCP

GetTimeZoneInformation

SetFilePointerEx

WriteConsoleW

SetConsoleCtrlHandler

ExitProcess

SetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

GetFileInformationByHandle

FreeLibraryAndExitThread

ExitThread

LoadLibraryExW

RtlUnwind

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwindEx

InitializeSListHead

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

UnhandledExceptionFilter

RtlLookupFunctionEntry

RtlCaptureContext

InitializeCriticalSectionAndSpinCount

GetCPInfo

CompareStringEx

LCMapStringEx

EncodePointer

CreateSymbolicLinkW

GetFileInformationByHandleEx

CloseThreadpoolWait

SetThreadpoolWait

CreateThreadpoolWait

CloseThreadpoolTimer

WaitForThreadpoolTimerCallbacks

SetThreadpoolTimer

CreateThreadpoolTimer

CloseThreadpoolWork

SubmitThreadpoolWork

CreateThreadpoolWork

FreeLibraryWhenCallbackReturns

FlushProcessWriteBuffers

CreateSemaphoreExW

CreateEventExW

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

SetFileInformationByHandle

GetLocaleInfoEx

RtlPcToFileHeader

InitOnceExecuteOnce

GetStringTypeW

InitOnceComplete

InitOnceBeginInitialize

WritePrivateProfileStringW

GetPrivateProfileStringW

GetLastError

GetDriveTypeW

GetNativeSystemInfo

GetExitCodeThread

SwitchToThread

SleepConditionVariableCS

WakeAllConditionVariable

GetDiskFreeSpaceExW

Sleep

QueryDosDeviceW

lstrlenA

lstrlenW

QueryDosDeviceA

InitializeConditionVariable

GetModuleHandleW

GetTempPathA

user32

GetUserObjectInformationW

MessageBoxW

UnregisterClassA

GetProcessWindowStation

wsock32

inet_addr

ntohs

WSAStartup

sendto

recvfrom

__WSAFDIsSet

gethostname

ntohl

getpeername

shutdown

socket

setsockopt

listen

connect

closesocket

bind

accept

send

recv

WSASetLastError

getservbyname

getservbyport

gethostbyaddr

ioctlsocket

htons

htonl

WSAGetLastError

gethostbyname

select

getsockopt

getsockname

inet_ntoa

WSACleanup

ws2_32

GetAddrInfoW

FreeAddrInfoW

inet_ntop

WSAWaitForMultipleEvents

WSASetEvent

WSAResetEvent

WSAEventSelect

WSAEnumNetworkEvents

WSACreateEvent

WSACloseEvent

WSARecvFrom

WSAConnect

inet_pton

WSASend

WSARecv

freeaddrinfo

getaddrinfo

WSAGetOverlappedResult

WSASocketA

WSAIoctl

wldap32

ord46

ord211

ord143

ord301

ord200

ord30

ord79

ord35

ord33

ord32

ord27

ord26

ord22

ord41

ord50

ord60

fltlib

FilterConnectCommunicationPort

FilterGetMessage

FilterReplyMessage

dbghelp

SymInitialize

SymCleanup

SymFromAddr

SymSetOptions

StackWalk64

SymGetModuleBase64

SymFunctionTableAccess64

shlwapi

PathCanonicalizeW

PathQuoteSpacesW

PathCanonicalizeA

mpr

WNetGetConnectionW

netapi32

NetUserGetInfo

NetApiBufferFree

NetUserSetInfo

NetUserEnum

bcrypt

BCryptGenRandom

ole32

StringFromGUID2

rpcrt4

UuidCreate

UuidToStringA

UuidFromStringA

RpcStringFreeA

Sections

.text
Size: 15.3MB - Virtual size: 15.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 235KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

5b:5e:3e:8c:7a:be:36:13:ae:f7:b8:bc:db:34:75:9d:35:33:08:fc:60:45:d3:29:06:88:9c:72:27:88:7b:87:eb:0c:9d:30:2f:fe:45:bc:21:e1:a3:84:01:e4:c7:1a:78:1c:68:59:62:e1:0b:16:33:d1:0a:9e:63:27:b9:e4
Signer

Actual PE Digest

5b:5e:3e:8c:7a:be:36:13:ae:f7:b8:bc:db:34:75:9d:35:33:08:fc:60:45:d3:29:06:88:9c:72:27:88:7b:87:eb:0c:9d:30:2f:fe:45:bc:21:e1:a3:84:01:e4:c7:1a:78:1c:68:59:62:e1:0b:16:33:d1:0a:9e:63:27:b9:e4

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\x64\EDRUpdater.pdb

Imports

advapi32

OpenProcessToken

AdjustTokenPrivileges

AllocateAndInitializeSid

FreeSid

LookupAccountSidA

LookupAccountNameA

LookupPrivilegeValueW

ConvertSidToStringSidW

SetEntriesInAclA

GetSecurityInfo

SetNamedSecurityInfoW

SetSecurityInfo

CreateProcessAsUserW

GetTokenInformation

LookupAccountSidW

ImpersonateLoggedOnUser

RevertToSelf

CloseServiceHandle

ControlService

CreateServiceA

DeleteService

EnumDependentServicesA

OpenSCManagerA

OpenServiceA

QueryServiceStatusEx

StartServiceA

RegisterServiceCtrlHandlerExA

SetServiceStatus

StartServiceCtrlDispatcherA

RegCloseKey

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegOpenKeyExW

RegDeleteValueW

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

CryptCreateHash

CryptDecrypt

CryptExportKey

CryptGetUserKey

CryptGetProvParam

CryptSetHashParam

CryptDestroyKey

CryptReleaseContext

CryptAcquireContextW

ReportEventW

RegisterEventSourceW

DeregisterEventSource

RegGetValueW

kernel32

GetDriveTypeW

GetModuleFileNameW

WideCharToMultiByte

GetSystemDirectoryW

FreeLibrary

GetProcAddress

LoadLibraryW

CreateFileA

ReadFile

ReleaseMutex

CreateMutexA

SetEvent

ResetEvent

WaitForSingleObject

CreateEventW

FlushFileBuffers

SetUnhandledExceptionFilter

GetProcessTimes

GetCurrentProcessId

TerminateProcess

GetExitCodeProcess

CreateProcessW

OpenProcess

GetProcessHandleCount

GetSystemInfo

GetSystemTimeAsFileTime

ReadProcessMemory

GetModuleHandleA

QueryFullProcessImageNameW

K32EnumProcessModules

K32GetModuleFileNameExW

K32GetProcessMemoryInfo

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

GetSystemTime

SystemTimeToFileTime

GetTickCount64

GetFileSizeEx

HeapAlloc

HeapFree

DeviceIoControl

GetTickCount

GetCurrentThread

OpenThread

SuspendThread

ResumeThread

GetThreadContext

Module32First

Module32Next

CreateIoCompletionPort

GetQueuedCompletionStatus

CancelIoEx

GetCurrentThreadId

SetThreadPriority

OutputDebugStringW

InitializeSListHead

GetStartupInfoW

IsDebuggerPresent

IsProcessorFeaturePresent

QueryDosDeviceA

lstrlenW

lstrlenA

QueryDosDeviceW

MoveFileExW

CopyFileW

WritePrivateProfileStringW

MultiByteToWideChar

GetLogicalDriveStringsW

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetOEMCP

IsValidCodePage

FindFirstFileExW

SetEndOfFile

UnhandledExceptionFilter

RtlLookupFunctionEntry

GetTimeZoneInformation

GetFileAttributesExW

HeapReAlloc

HeapSize

GetFullPathNameW

EnumSystemLocalesW

RtlCaptureContext

InitializeCriticalSectionAndSpinCount

RtlPcToFileHeader

GetLocaleInfoEx

GetCPInfo

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

GetConsoleOutputCP

GetCommandLineW

GetCommandLineA

SetConsoleCtrlHandler

ExitProcess

WriteConsoleW

SetFilePointerEx

SetStdHandle

SetCurrentDirectoryW

SetEnvironmentVariableW

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

PeekNamedPipe

GetFileInformationByHandle

FreeLibraryAndExitThread

ExitThread

CreateThread

LoadLibraryExW

CompareStringEx

InterlockedFlushSList

InterlockedPushEntrySList

RtlUnwind

RtlUnwindEx

GetPrivateProfileStringW

GetLogicalDriveStringsA

LocalFree

GlobalFree

GlobalAlloc

GetWindowsDirectoryA

GetCurrentProcess

DeleteCriticalSection

GetLastError

RaiseException

CloseHandle

DecodePointer

SetFileAttributesW

RemoveDirectoryW

GetFileAttributesW

GetDriveTypeA

GetDiskFreeSpaceExW

FindNextFileW

FindFirstFileW

FindClose

DeleteFileW

CreateFileW

CreateDirectoryW

GetCurrentDirectoryW

SetDefaultDllDirectories

Sleep

InitializeCriticalSectionEx

GetProcessHeap

SetLastError

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

GetStdHandle

GetFileType

WriteFile

GetModuleHandleW

RtlVirtualUnwind

GetModuleHandleExW

QueryPerformanceCounter

VirtualAlloc

VirtualProtect

VirtualFree

VirtualLock

GetEnvironmentVariableW

GetACP

SwitchToFiber

DeleteFiber

CreateFiberEx

ConvertFiberToThread

ConvertThreadToFiberEx

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

WaitForSingleObjectEx

SwitchToThread

GetExitCodeThread

GetNativeSystemInfo

EnterCriticalSection

LeaveCriticalSection

TryEnterCriticalSection

GetStringTypeW

InitOnceBeginInitialize

InitOnceComplete

InitializeConditionVariable

WakeConditionVariable

WakeAllConditionVariable

SleepConditionVariableCS

SleepConditionVariableSRW

QueryPerformanceFrequency

InitOnceExecuteOnce

EncodePointer

LCMapStringEx

SetFileInformationByHandle

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

CreateEventExW

CreateSemaphoreExW

FlushProcessWriteBuffers

GetCurrentProcessorNumber

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

CreateThreadpoolTimer

SetThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CloseThreadpoolTimer

CreateThreadpoolWait

SetThreadpoolWait

CloseThreadpoolWait

GetFileInformationByHandleEx

CreateSymbolicLinkW

user32

MessageBoxW

GetProcessWindowStation

GetUserObjectInformationW

UnregisterClassA

wtsapi32

WTSEnumerateProcessesW

WTSQueryUserToken

WTSQuerySessionInformationW

WTSEnumerateSessionsA

WTSFreeMemory

fltlib

FilterReplyMessage

FilterGetMessage

FilterConnectCommunicationPort

userenv

DestroyEnvironmentBlock

CreateEnvironmentBlock

shlwapi

PathQuoteSpacesW

PathCanonicalizeA

PathCanonicalizeW

mpr

WNetGetConnectionW

dbghelp

SymInitialize

SymCleanup

SymFunctionTableAccess64

SymGetModuleBase64

StackWalk64

netapi32

NetUserEnum

NetUserGetInfo

NetApiBufferFree

NetUserSetInfo

bcrypt

BCryptGenRandom

ws2_32

getservbyport

gethostbyaddr

inet_ntoa

inet_addr

htons

htonl

WSAGetLastError

getservbyname

WSAStartup

gethostbyname

select

ntohs

getsockopt

getsockname

ioctlsocket

WSASetLastError

recv

send

accept

bind

closesocket

connect

setsockopt

socket

shutdown

WSACleanup

listen

crypt32

CertCloseStore

CertGetCertificateContextProperty

CertFreeCertificateContext

CertDuplicateCertificateContext

CertFindCertificateInStore

CertEnumCertificatesInStore

CertOpenStore

ole32

StringFromGUID2

rpcrt4

UuidToStringA

UuidFromStringA

UuidCreate

RpcStringFreeA

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/LICENSE.txt

$_134_/clean.exe

.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b8:b7:d7:32:24:70:9b:b8:f4:ea:54:b0:5a:38:d9:95:60:87:e3:48:33:cf:ca:76:8d:37:62:e1:6f:0b:c6:bd:0c:c7:44:6e:69:7a:0b:b8:ab:d2:c2:ca:77:3c:7f:ba:34:cf:eb:90:3c:3a:78:d4:0d:51:09:72:c6:c0:ac:16
Signer

Actual PE Digest

b8:b7:d7:32:24:70:9b:b8:f4:ea:54:b0:5a:38:d9:95:60:87:e3:48:33:cf:ca:76:8d:37:62:e1:6f:0b:c6:bd:0c:c7:44:6e:69:7a:0b:b8:ab:d2:c2:ca:77:3c:7f:ba:34:cf:eb:90:3c:3a:78:d4:0d:51:09:72:c6:c0:ac:16

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW

RegEnumKeyW

RegQueryValueExW

RegSetValueExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

AdjustTokenPrivileges

LookupPrivilegeValueW

OpenProcessToken

SetFileSecurityW

RegOpenKeyExW

RegEnumValueW

shell32

SHGetSpecialFolderLocation

SHFileOperationW

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteExW

SHGetFileInfoW

ole32

OleInitialize

OleUninitialize

CoCreateInstance

IIDFromString

CoTaskMemFree

comctl32

ord17

ImageList_Create

ImageList_Destroy

ImageList_AddMasked

user32

GetClientRect

EndPaint

DrawTextW

IsWindowEnabled

DispatchMessageW

wsprintfA

CharNextA

CharPrevW

MessageBoxIndirectW

GetDlgItemTextW

SetDlgItemTextW

GetSystemMetrics

FillRect

AppendMenuW

TrackPopupMenu

OpenClipboard

SetClipboardData

CloseClipboard

IsWindowVisible

CallWindowProcW

GetMessagePos

CheckDlgButton

LoadCursorW

SetCursor

GetSysColor

SetWindowPos

GetWindowLongW

PeekMessageW

SetClassLongW

GetSystemMenu

EnableMenuItem

GetWindowRect

ScreenToClient

EndDialog

RegisterClassW

SystemParametersInfoW

CreateWindowExW

GetClassInfoW

DialogBoxParamW

CharNextW

ExitWindowsEx

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

FindWindowExW

IsWindow

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

ReleaseDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

EmptyClipboard

CreatePopupMenu

gdi32

SetBkMode

SetBkColor

GetDeviceCaps

CreateFontIndirectW

CreateBrushIndirect

DeleteObject

SetTextColor

SelectObject

kernel32

GetExitCodeProcess

WaitForSingleObject

GetModuleHandleA

GetProcAddress

GetSystemDirectoryW

lstrcatW

Sleep

lstrcpyA

WriteFile

GetTempFileNameW

CreateFileW

lstrcmpiA

RemoveDirectoryW

CreateProcessW

CreateDirectoryW

GetLastError

CreateThread

GlobalLock

GlobalUnlock

GetDiskFreeSpaceW

WideCharToMultiByte

lstrcpynW

lstrlenW

SetErrorMode

GetVersionExW

GetCommandLineW

GetTempPathW

GetWindowsDirectoryW

SetEnvironmentVariableW

CopyFileW

ExitProcess

GetCurrentProcess

GetModuleFileNameW

GetFileSize

GetTickCount

MulDiv

SetFileAttributesW

GetFileAttributesW

SetCurrentDirectoryW

MoveFileW

GetFullPathNameW

GetShortPathNameW

SearchPathW

CompareFileTime

SetFileTime

CloseHandle

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalFree

GlobalAlloc

GetModuleHandleW

LoadLibraryExW

MoveFileExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

lstrlenA

MultiByteToWideChar

ReadFile

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/BgWorker.dll

.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA

GetModuleHandleA

CloseHandle

SetThreadPriority

CreateThread

user32

IsWindowUnicode

PostMessageA

DispatchMessageA

TranslateMessage

PeekMessageA

MsgWaitForMultipleObjects

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW

GlobalFree

GlobalSize

lstrcpynW

lstrcpyW

GetProcAddress

WideCharToMultiByte

VirtualFree

FreeLibrary

lstrlenW

LoadLibraryW

GlobalAlloc

MultiByteToWideChar

VirtualAlloc

VirtualProtect

GetLastError

user32

wsprintfW

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/bg1.bmp

$PLUGINSDIR/bg2.bmp

$PLUGINSDIR/installconfig.ini

$PLUGINSDIR/nsDialogs.dll

.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW

lstrcpyW

MulDiv

lstrlenW

HeapFree

GetCurrentDirectoryW

lstrcmpiW

GetProcessHeap

HeapReAlloc

GlobalFree

lstrcpynW

GlobalAlloc

SetCurrentDirectoryW

HeapAlloc

user32

DestroyWindow

CallWindowProcW

SetCursor

LoadCursorW

GetPropW

CharPrevW

DrawFocusRect

GetWindowLongW

DrawTextW

GetClientRect

SetWindowLongW

GetDlgItem

GetSysColor

SetWindowPos

CreateDialogParamW

MapDialogRect

GetWindowRect

SetPropW

CreateWindowExW

IsWindow

SetTimer

KillTimer

DispatchMessageW

TranslateMessage

GetMessageW

IsDialogMessageW

ShowWindow

wsprintfW

CharNextW

SendMessageW

MapWindowPoints

RemovePropW

GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

comdlg32

GetSaveFileNameW

GetOpenFileNameW

CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Create

CreateControl

CreateItem

CreateTimer

GetUserData

KillTimer

OnBack

OnChange

OnClick

OnNotify

SelectFileDialog

SelectFolderDialog

SetRTL

SetUserData

Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/nsExec.dll

.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

IsTextUnicode

user32

wsprintfW

CharNextExA

SendMessageW

FindWindowExW

CharNextW

CharPrevW

kernel32

CreatePipe

DeleteFileW

lstrcmpiW

GetCommandLineW

ExitProcess

Sleep

TerminateProcess

GlobalReAlloc

MultiByteToWideChar

IsDBCSLeadByteEx

ReadFile

PeekNamedPipe

GetExitCodeProcess

WaitForSingleObject

GetTickCount

lstrcpyW

CreateProcessW

GetStartupInfoW

CreateFileMappingW

GetVersion

GetCurrentProcess

lstrcpynW

lstrlenW

lstrcatW

CloseHandle

UnmapViewOfFile

MapViewOfFile

GlobalFree

CreateFileW

CopyFileW

GetTempFileNameW

GlobalAlloc

GetModuleFileNameW

GetProcAddress

GetModuleHandleA

Exports

Exec

ExecToLog

ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/decoy_config/decoy/1Dotb0qKqi.xlsx

.xlsx office2007

$_134_/decoy_config/decoy/4ZTUcYOFOi.pptx

.pptx office2007

$_134_/decoy_config/decoy/CEevXDI8Hv.pdf

.pdf

$_134_/decoy_config/decoy/gvV5dXBQIs.txt

$_134_/decoy_config/decoy/hh34oruZpb.jpg

.jpg

$_134_/decoy_config/decoy/oKsybnAmpE.docx

.docx office2007

$_134_/decoy_config/decoy/uaCRsvHbiZ.tex

$_134_/decoy_config/decoy/yXuOzfwTSu.PNG

.png

$_134_/decoy_config/setup.bat

.bat .vbs

$_134_/decoy_config/uninstall.bat

.bat .vbs

$_134_/etc/ai_ransom_detector_config.json

$_134_/etc/ca.cer

$_134_/etc/ca.crl

$_134_/etc/compatible.json

$_134_/etc/config.ini

$_134_/etc/driver_config.json

$_134_/etc/engineConfig/cde_rsa_public_key.pem

$_134_/etc/engineConfig/config

$_134_/etc/global_sign.cer

$_134_/etc/global_sign.crl

$_134_/etc/huawei_ca.cer

$_134_/etc/huawei_ca.crl

$_134_/etc/installconfig.ini

$_134_/etc/whitelist_kernel.xml

$_134_/nsp/edrDnsNsp2.dll

.dll windows:6 windows x64 arch:x64

d54be9d360ef7230a655fccdaa5ff9a6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

1d:b8:91:86:95:cb:9e:52:bf:6e:69:42:57:58:3e:fc:36:2f:69:15:33:af:5d:07:2c:f0:fe:f3:cc:cc:d9:c1:88:cd:58:b2:52:8e:6a:64:ca:ae:66:0c:32:a6:9a:15:69:bd:38:40:d5:c5:09:75:8e:6c:55:10:7a:af:55:1d
Signer

Actual PE Digest

1d:b8:91:86:95:cb:9e:52:bf:6e:69:42:57:58:3e:fc:36:2f:69:15:33:af:5d:07:2c:f0:fe:f3:cc:cc:d9:c1:88:cd:58:b2:52:8e:6a:64:ca:ae:66:0c:32:a6:9a:15:69:bd:38:40:d5:c5:09:75:8e:6c:55:10:7a:af:55:1d

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

Imports

ws2_32

WSASetLastError

advapi32

EventWriteTransfer

EventRegister

EventUnregister

EventSetInformation

kernel32

WriteConsoleW

GetModuleHandleExW

OutputDebugStringA

SetLastError

GetCurrentProcessId

GetCurrentThreadId

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LocalAlloc

LocalFree

CreateFileW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

QueryPerformanceCounter

GetSystemTimeAsFileTime

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

RtlUnwindEx

InterlockedFlushSList

GetLastError

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

FreeLibrary

GetProcAddress

LoadLibraryExW

RaiseException

ExitProcess

GetModuleFileNameW

HeapFree

HeapAlloc

GetStdHandle

GetFileType

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

MultiByteToWideChar

WideCharToMultiByte

GetEnvironmentStringsW

FreeEnvironmentStringsW

LCMapStringW

GetProcessHeap

SetFilePointerEx

GetStringTypeW

SetStdHandle

HeapSize

HeapReAlloc

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

CloseHandle

Exports

DllMain

EDR_W32NSP_NSPStartup

EventDataDescCreate

HRESULT_FROM_WIN32

NSPStartup

TraceLoggingProviderId

TraceLoggingRegisterEx_EventRegister_EventSetInformation

TraceLoggingRegister_EventRegister_EventSetInformation

TraceLoggingSetInformation_EventSetInformation

TraceLoggingUnregister_EventUnregister

__local_stdio_printf_options

_tlgCreate1Sz_wchar_t

_tlgDefineProvider_annotation__Tlgg_EdrNspProviderProv

_tlgEnableCallback

_tlgKeywordOn

_tlgWriteCommon

_tlgWriteTransfer_EventWriteTransfer

_vsprintf_s_l

vsprintf_s

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

b9:17:03:61:a4:93:8c:f5:88:34:db:8b:dc:f9:f3:64:0e:ed:b9:b0:2d:8c:a8:19:c9:c9:ac:4a:48:cc:db:32:ae:70:a5:da:c6:54:85:00:66:b2:46:cc:db:aa:26:1d:47:91:3d:6b:9c:f6:c1:bd:3e:9e:d2:9d:a1:24:99:63
Signer

Actual PE Digest

b9:17:03:61:a4:93:8c:f5:88:34:db:8b:dc:f9:f3:64:0e:ed:b9:b0:2d:8c:a8:19:c9:c9:ac:4a:48:cc:db:32:ae:70:a5:da:c6:54:85:00:66:b2:46:cc:db:aa:26:1d:47:91:3d:6b:9c:f6:c1:bd:3e:9e:d2:9d:a1:24:99:63

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_engine.pdb

Imports

libxml2

xmlCleanupParser

xmlInitParser

kernel32

VerifyVersionInfoW

GetCurrentThreadId

GetCurrentProcessId

VirtualFree

IsProcessorFeaturePresent

SetLastError

InitializeSRWLock

ReleaseSRWLockExclusive

ReleaseSRWLockShared

AcquireSRWLockExclusive

AcquireSRWLockShared

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemDirectoryA

LoadLibraryA

FormatMessageA

GetStdHandle

GetFileType

WriteFile

GetModuleHandleW

GetEnvironmentVariableW

GetACP

QueryPerformanceCounter

GetSystemTimeAsFileTime

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

FindClose

FindFirstFileW

FindNextFileW

GetTempPathW

GetFileInformationByHandle

GetFullPathNameW

ReadFile

PeekNamedPipe

WideCharToMultiByte

IsValidCodePage

GetOEMCP

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

FindNextFileA

FreeLibrary

GetProcessHeap

VerSetConditionMask

DeleteCriticalSection

LocalFree

GetProcAddress

HeapAlloc

LoadLibraryW

RaiseException

CloseHandle

HeapReAlloc

GetLastError

MultiByteToWideChar

HeapSize

GetFileAttributesW

FindFirstFileExA

SetEndOfFile

FlushFileBuffers

GetStringTypeW

GetTimeZoneInformation

SetEnvironmentVariableA

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

GetLocaleInfoW

LCMapStringW

CompareStringW

GetTimeFormatW

GetDateFormatW

GetCurrentDirectoryW

GetConsoleCP

GetModuleFileNameA

SetFilePointerEx

GetCPInfo

SetConsoleCtrlHandler

GetModuleHandleExW

ExitProcess

SetStdHandle

FileTimeToSystemTime

SystemTimeToTzSpecificLocalTime

GetDriveTypeW

LoadLibraryExW

EncodePointer

InterlockedFlushSList

RtlPcToFileHeader

RtlUnwindEx

OutputDebugStringW

InitializeSListHead

GetStartupInfoW

IsDebuggerPresent

WaitForSingleObjectEx

ResetEvent

CreateFileW

InitializeCriticalSectionEx

HeapFree

GetLocalTime

WriteConsoleW

QueryPerformanceFrequency

InitializeCriticalSectionAndSpinCount

CreateEventW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

EnterCriticalSection

LeaveCriticalSection

SetEvent

user32

GetProcessWindowStation

GetUserObjectInformationW

MessageBoxW

advapi32

CryptCreateHash

RegisterEventSourceW

ReportEventW

CryptAcquireContextW

CryptReleaseContext

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptGenRandom

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

DeregisterEventSource

CryptDecrypt

CryptExportKey

CryptGetUserKey

shlwapi

PathCanonicalizeW

bcrypt

BCryptGetProperty

BCryptOpenAlgorithmProvider

BCryptGenRandom

BCryptCloseAlgorithmProvider

BCryptGenerateSymmetricKey

BCryptEncrypt

BCryptDestroyKey

BCryptDeriveKeyPBKDF2

BCryptCreateHash

BCryptHashData

BCryptFinishHash

BCryptSetProperty

ws2_32

send

recv

WSASetLastError

getservbyname

getservbyport

gethostbyaddr

inet_ntoa

inet_addr

htonl

WSAGetLastError

WSACleanup

WSAStartup

gethostbyname

select

closesocket

getsockopt

ioctlsocket

connect

setsockopt

socket

shutdown

htons

ntohs

crypt32

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertOpenStore

Exports

archive_clear_error

archive_compression

archive_compression_name

archive_copy_error

archive_entry_acl

archive_entry_acl_add_entry

archive_entry_acl_add_entry_w

archive_entry_acl_clear

archive_entry_acl_count

archive_entry_acl_from_text

archive_entry_acl_from_text_w

archive_entry_acl_next

archive_entry_acl_reset

archive_entry_acl_text

archive_entry_acl_text_w

archive_entry_acl_to_text

archive_entry_acl_to_text_w

archive_entry_acl_types

archive_entry_atime

archive_entry_atime_is_set

archive_entry_atime_nsec

archive_entry_birthtime

archive_entry_birthtime_is_set

archive_entry_birthtime_nsec

archive_entry_clear

archive_entry_clone

archive_entry_copy_fflags_text

archive_entry_copy_fflags_text_w

archive_entry_copy_gname

archive_entry_copy_gname_w

archive_entry_copy_hardlink

archive_entry_copy_hardlink_w

archive_entry_copy_link

archive_entry_copy_link_w

archive_entry_copy_mac_metadata

archive_entry_copy_pathname

archive_entry_copy_pathname_w

archive_entry_copy_sourcepath

archive_entry_copy_sourcepath_w

archive_entry_copy_symlink

archive_entry_copy_symlink_w

archive_entry_copy_uname

archive_entry_copy_uname_w

archive_entry_ctime

archive_entry_ctime_is_set

archive_entry_ctime_nsec

archive_entry_dev

archive_entry_dev_is_set

archive_entry_devmajor

archive_entry_devminor

archive_entry_digest

archive_entry_fflags

archive_entry_fflags_text

archive_entry_filetype

archive_entry_free

archive_entry_gid

archive_entry_gname

archive_entry_gname_utf8

archive_entry_gname_w

archive_entry_hardlink

archive_entry_hardlink_utf8

archive_entry_hardlink_w

archive_entry_ino

archive_entry_ino64

archive_entry_ino_is_set

archive_entry_is_data_encrypted

archive_entry_is_encrypted

archive_entry_is_metadata_encrypted

archive_entry_mac_metadata

archive_entry_mode

archive_entry_mtime

archive_entry_mtime_is_set

archive_entry_mtime_nsec

archive_entry_new

archive_entry_new2

archive_entry_nlink

archive_entry_pathname

archive_entry_pathname_utf8

archive_entry_pathname_w

archive_entry_perm

archive_entry_rdev

archive_entry_rdevmajor

archive_entry_rdevminor

archive_entry_set_atime

archive_entry_set_birthtime

archive_entry_set_ctime

archive_entry_set_dev

archive_entry_set_devmajor

archive_entry_set_devminor

archive_entry_set_fflags

archive_entry_set_filetype

archive_entry_set_gid

archive_entry_set_gname

archive_entry_set_gname_utf8

archive_entry_set_hardlink

archive_entry_set_hardlink_utf8

archive_entry_set_ino

archive_entry_set_ino64

archive_entry_set_is_data_encrypted

archive_entry_set_is_metadata_encrypted

archive_entry_set_link

archive_entry_set_link_utf8

archive_entry_set_mode

archive_entry_set_mtime

archive_entry_set_nlink

archive_entry_set_pathname

archive_entry_set_pathname_utf8

archive_entry_set_perm

archive_entry_set_rdev

archive_entry_set_rdevmajor

archive_entry_set_rdevminor

archive_entry_set_size

archive_entry_set_symlink

archive_entry_set_symlink_type

archive_entry_set_symlink_utf8

archive_entry_set_uid

archive_entry_set_uname

archive_entry_set_uname_utf8

archive_entry_size

archive_entry_size_is_set

archive_entry_sourcepath

archive_entry_sourcepath_w

archive_entry_sparse_add_entry

archive_entry_sparse_clear

archive_entry_sparse_count

archive_entry_sparse_next

archive_entry_sparse_reset

archive_entry_symlink

archive_entry_symlink_type

archive_entry_symlink_utf8

archive_entry_symlink_w

archive_entry_uid

archive_entry_uname

archive_entry_uname_utf8

archive_entry_uname_w

archive_entry_unset_atime

archive_entry_unset_birthtime

archive_entry_unset_ctime

archive_entry_unset_mtime

archive_entry_unset_size

archive_entry_update_gname_utf8

archive_entry_update_hardlink_utf8

archive_entry_update_link_utf8

archive_entry_update_pathname_utf8

archive_entry_update_symlink_utf8

archive_entry_update_uname_utf8

archive_entry_xattr_add_entry

archive_entry_xattr_clear

archive_entry_xattr_count

archive_entry_xattr_next

archive_entry_xattr_reset

archive_errno

archive_error_string

archive_file_count

archive_filter_bytes

archive_filter_code

archive_filter_count

archive_filter_name

archive_format

archive_format_name

archive_free

archive_position_compressed

archive_position_uncompressed

archive_read_close

archive_read_data_block

archive_read_finish

archive_read_free

archive_read_next_header

archive_read_next_header2

archive_set_error

archive_utility_string_sort

archive_version_number

archive_version_string

archive_write_close

archive_write_data

archive_write_data_block

archive_write_fail

archive_write_finish

archive_write_finish_entry

archive_write_free

archive_write_get_bytes_in_last_block

archive_write_get_bytes_per_block

archive_write_header

archive_write_new

archive_write_open

archive_write_open2

archive_write_set_bytes_in_last_block

archive_write_set_bytes_per_block

archive_write_set_filter_option

archive_write_set_format

archive_write_set_format_7zip

archive_write_set_format_cpio

archive_write_set_format_cpio_bin

archive_write_set_format_cpio_newc

archive_write_set_format_cpio_odc

archive_write_set_format_cpio_pwb

archive_write_set_format_gnutar

archive_write_set_format_iso9660

archive_write_set_format_mtree

archive_write_set_format_mtree_classic

archive_write_set_format_option

archive_write_set_format_pax

archive_write_set_format_pax_restricted

archive_write_set_format_raw

archive_write_set_format_shar

archive_write_set_format_shar_dump

archive_write_set_format_ustar

archive_write_set_format_warc

archive_write_set_format_xar

archive_write_set_format_zip

archive_write_set_option

archive_write_set_options

archive_write_set_passphrase

archive_write_set_passphrase_callback

archive_write_set_skip_file

archive_write_zip_set_compression_deflate

archive_write_zip_set_compression_store

get_func

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_ole.dll

.dll windows:6 windows x64 arch:x64

98e3b672a84df5fcd75a8329a102ed6a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

9f:3b:14:c7:a8:e1:5c:6b:f8:72:8a:92:15:01:6f:87:71:10:7d:9e:fa:d4:81:14:f4:ef:d6:31:c7:69:b8:a4:38:a6:c7:24:65:79:5d:8e:8f:a3:95:45:24:93:d3:f1:a0:58:d9:3b:e9:d4:1b:a2:38:86:62:c0:62:fc:e8:ce
Signer

Actual PE Digest

9f:3b:14:c7:a8:e1:5c:6b:f8:72:8a:92:15:01:6f:87:71:10:7d:9e:fa:d4:81:14:f4:ef:d6:31:c7:69:b8:a4:38:a6:c7:24:65:79:5d:8e:8f:a3:95:45:24:93:d3:f1:a0:58:d9:3b:e9:d4:1b:a2:38:86:62:c0:62:fc:e8:ce

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_ole.pdb

Imports

kernel32

HeapFree

InitializeCriticalSectionEx

CreateFileW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

HeapAlloc

GetProcAddress

DeleteCriticalSection

GetProcessHeap

FreeLibrary

WideCharToMultiByte

WriteConsoleW

SetFilePointerEx

QueryPerformanceCounter

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

GetACP

GetStdHandle

LCMapStringW

WriteFile

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetStringTypeW

FlushFileBuffers

GetConsoleCP

GetConsoleMode

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_pak.dll

.dll windows:6 windows x64 arch:x64

aeed4967c20de9d334c12edbfe900b9e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

50:c7:38:57:7d:e2:95:f8:8d:17:ab:77:f4:a8:96:db:0d:66:38:d9:54:77:92:5d:7e:f5:04:9f:4b:e2:cb:5e:f2:0b:d1:18:f7:ea:4d:49:00:f2:3e:e4:7f:ee:13:a9:29:19:52:f4:22:75:04:be:ef:78:c9:94:3e:43:42:d4
Signer

Actual PE Digest

50:c7:38:57:7d:e2:95:f8:8d:17:ab:77:f4:a8:96:db:0d:66:38:d9:54:77:92:5d:7e:f5:04:9f:4b:e2:cb:5e:f2:0b:d1:18:f7:ea:4d:49:00:f2:3e:e4:7f:ee:13:a9:29:19:52:f4:22:75:04:be:ef:78:c9:94:3e:43:42:d4

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_pak.pdb

Imports

kernel32

HeapFree

InitializeCriticalSectionEx

CreateFileW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

HeapAlloc

GetProcAddress

DeleteCriticalSection

GetProcessHeap

FreeLibrary

WideCharToMultiByte

IsProcessorFeaturePresent

WriteConsoleW

SetFilePointerEx

QueryPerformanceCounter

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

GetACP

GetStdHandle

LCMapStringW

WriteFile

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetStringTypeW

FlushFileBuffers

GetConsoleCP

GetConsoleMode

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_scanh.dll

.dll windows:6 windows x64 arch:x64

4f6be47829b8131938370bd1a1b0582f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

8a:75:5c:0e:09:ea:24:20:8a:78:68:80:e2:ef:96:b9:8a:d1:34:72:35:64:43:53:5d:fa:8f:a1:05:73:b4:c8:4e:6c:ee:d5:77:e7:b0:13:68:7c:5a:30:e2:31:ff:f0:fd:b0:1e:dd:4e:d2:e7:36:0e:25:8c:b4:5a:37:bc:0c
Signer

Actual PE Digest

8a:75:5c:0e:09:ea:24:20:8a:78:68:80:e2:ef:96:b9:8a:d1:34:72:35:64:43:53:5d:fa:8f:a1:05:73:b4:c8:4e:6c:ee:d5:77:e7:b0:13:68:7c:5a:30:e2:31:ff:f0:fd:b0:1e:dd:4e:d2:e7:36:0e:25:8c:b4:5a:37:bc:0c

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_scanh.pdb

Imports

kernel32

HeapFree

InitializeCriticalSectionEx

CreateFileW

GetFileAttributesW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

LoadLibraryW

HeapAlloc

DecodePointer

GetProcAddress

LocalFree

DeleteCriticalSection

VerSetConditionMask

GetProcessHeap

FreeLibrary

WideCharToMultiByte

VerifyVersionInfoW

GetTickCount

VirtualFree

VirtualAlloc

IsProcessorFeaturePresent

SetEndOfFile

WriteConsoleW

FlushFileBuffers

QueryPerformanceCounter

EnterCriticalSection

LeaveCriticalSection

TryEnterCriticalSection

GetCurrentThreadId

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

SwitchToThread

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

InitializeSListHead

OutputDebugStringW

CreateTimerQueue

Sleep

SignalObjectAndWait

CreateThread

SetThreadPriority

GetThreadPriority

GetLogicalProcessorInformation

CreateTimerQueueTimer

ChangeTimerQueueTimer

DeleteTimerQueueTimer

GetNumaHighestNodeNumber

GetProcessAffinityMask

SetThreadAffinityMask

RegisterWaitForSingleObject

UnregisterWait

EncodePointer

GetCurrentThread

GetThreadTimes

FreeLibraryAndExitThread

GetModuleFileNameW

GetModuleHandleA

LoadLibraryExW

GetVersionExW

VirtualProtect

DuplicateHandle

ReleaseSemaphore

InterlockedPopEntrySList

InterlockedPushEntrySList

InterlockedFlushSList

QueryDepthSList

UnregisterWaitEx

RtlUnwindEx

RtlPcToFileHeader

ReadFile

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

SetFilePointerEx

GetConsoleMode

ReadConsoleW

GetStdHandle

WriteFile

GetConsoleCP

GetACP

LCMapStringW

GetStringTypeW

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

shlwapi

PathCanonicalizeW

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_scanm.dll

.dll windows:6 windows x64 arch:x64

6eda5651e10a51a0da09a20c8e56c95e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

24:7a:39:14:fd:c4:80:16:65:f3:71:70:e0:bd:8c:c5:6c:c6:2a:9e:29:67:8b:a0:0f:4b:2b:53:74:ee:de:0d:50:b7:36:8b:b9:14:c7:33:5b:59:19:22:02:68:15:6d:d4:a4:87:9a:e7:c7:f1:e0:d9:0c:26:28:77:a0:85:d4
Signer

Actual PE Digest

24:7a:39:14:fd:c4:80:16:65:f3:71:70:e0:bd:8c:c5:6c:c6:2a:9e:29:67:8b:a0:0f:4b:2b:53:74:ee:de:0d:50:b7:36:8b:b9:14:c7:33:5b:59:19:22:02:68:15:6d:d4:a4:87:9a:e7:c7:f1:e0:d9:0c:26:28:77:a0:85:d4

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_scanm.pdb

Imports

kernel32

GetLocalTime

HeapFree

InitializeCriticalSectionEx

CreateFileW

GetFileAttributesW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

LoadLibraryW

HeapAlloc

GetProcAddress

LocalFree

DeleteCriticalSection

VerSetConditionMask

GetProcessHeap

FreeLibrary

WideCharToMultiByte

VerifyVersionInfoW

IsProcessorFeaturePresent

SetEndOfFile

WriteConsoleW

FlushFileBuffers

QueryPerformanceCounter

QueryPerformanceFrequency

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

ReadFile

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

SetFilePointerEx

GetConsoleMode

ReadConsoleW

GetStdHandle

WriteFile

GetConsoleCP

GetACP

LCMapStringW

GetStringTypeW

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

shlwapi

PathCanonicalizeW

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_scanx.dll

.dll windows:6 windows x64 arch:x64

ea71da62e90a75143ff7a8caba87fe3b

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0d:eb:3e:6f:5f:79:b9:f2:cd:66:78:23:4e:27:c0:9a:00:c7:cd:99:71:c0:9d:df:64:4e:d4:2d:77:14:47:7c:45:6e:da:37:fb:d7:99:ba:ae:e3:11:d9:96:be:31:d1:3f:0a:2b:ae:b0:4e:01:0f:a6:56:6b:ba:51:e9:0d:c3
Signer

Actual PE Digest

0d:eb:3e:6f:5f:79:b9:f2:cd:66:78:23:4e:27:c0:9a:00:c7:cd:99:71:c0:9d:df:64:4e:d4:2d:77:14:47:7c:45:6e:da:37:fb:d7:99:ba:ae:e3:11:d9:96:be:31:d1:3f:0a:2b:ae:b0:4e:01:0f:a6:56:6b:ba:51:e9:0d:c3

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_scanx.pdb

Imports

libxml2

htmlReadMemory

xmlFreeDoc

xmlDocGetRootElement

kernel32

GetCurrentProcess

SetEndOfFile

WriteConsoleW

HeapFree

InitializeCriticalSectionEx

CreateFileW

GetFileAttributesW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

LoadLibraryW

HeapAlloc

GetProcAddress

LocalFree

DeleteCriticalSection

VerSetConditionMask

GetProcessHeap

FreeLibrary

WideCharToMultiByte

VerifyVersionInfoW

IsProcessorFeaturePresent

FlushFileBuffers

FreeEnvironmentStringsW

QueryPerformanceCounter

QueryPerformanceFrequency

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

ReadFile

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

SetFilePointerEx

GetConsoleMode

ReadConsoleW

GetStdHandle

WriteFile

GetConsoleCP

GetACP

LCMapStringW

GetStringTypeW

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

shlwapi

PathCanonicalizeW

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_snl.dll

.dll windows:6 windows x64 arch:x64

9375b3a78f9ff10c17147d954eb8b75f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

e0:a5:f0:e7:d5:54:06:ad:35:59:60:a8:63:50:68:ce:cd:17:7b:82:b2:8f:dd:a6:e8:70:5f:82:f2:da:e6:96:d0:77:bb:a8:a9:13:7f:c4:8d:9e:32:ae:0f:97:0e:5d:66:7f:2c:f7:03:9b:f9:2b:a4:cf:2d:5b:25:94:f2:e8
Signer

Actual PE Digest

e0:a5:f0:e7:d5:54:06:ad:35:59:60:a8:63:50:68:ce:cd:17:7b:82:b2:8f:dd:a6:e8:70:5f:82:f2:da:e6:96:d0:77:bb:a8:a9:13:7f:c4:8d:9e:32:ae:0f:97:0e:5d:66:7f:2c:f7:03:9b:f9:2b:a4:cf:2d:5b:25:94:f2:e8

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_snl.pdb

Imports

libxml2

htmlReadMemory

xmlFreeDoc

xmlDocGetRootElement

kernel32

IsProcessorFeaturePresent

WriteConsoleW

HeapFree

InitializeCriticalSectionEx

CreateFileW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

HeapAlloc

GetProcAddress

DeleteCriticalSection

GetProcessHeap

FreeLibrary

WideCharToMultiByte

SetFilePointerEx

GetConsoleMode

GetConsoleCP

QueryPerformanceCounter

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

SetStdHandle

GetFileType

ExitProcess

GetModuleHandleExW

GetModuleFileNameA

GetACP

GetStdHandle

LCMapStringW

WriteFile

GetStringTypeW

FindClose

FindFirstFileExA

FindNextFileA

IsValidCodePage

GetOEMCP

GetCPInfo

GetCommandLineA

GetCommandLineW

GetEnvironmentStringsW

FreeEnvironmentStringsW

FlushFileBuffers

Exports

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_update.dll

.dll windows:6 windows x64 arch:x64

310cfcd1b841840cce677bebd8e2b68e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

f2:5a:54:85:fe:c3:ea:8d:50:4f:17:6a:a9:dd:07:f3:88:2d:c4:4c:8f:72:9e:d5:67:e6:cf:42:16:91:fa:ad:6f:28:be:96:d6:ea:ff:94:79:8f:9f:32:21:d8:6e:f5:79:95:df:09:b8:01:51:91:d3:9c:67:42:46:27:7f:14
Signer

Actual PE Digest

f2:5a:54:85:fe:c3:ea:8d:50:4f:17:6a:a9:dd:07:f3:88:2d:c4:4c:8f:72:9e:d5:67:e6:cf:42:16:91:fa:ad:6f:28:be:96:d6:ea:ff:94:79:8f:9f:32:21:d8:6e:f5:79:95:df:09:b8:01:51:91:d3:9c:67:42:46:27:7f:14

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_update.pdb

Imports

ws2_32

closesocket

send

recv

WSASetLastError

getservbyname

getservbyport

gethostbyaddr

inet_ntoa

htons

WSAGetLastError

WSACleanup

WSAStartup

gethostbyname

select

ntohs

getsockopt

ioctlsocket

connect

setsockopt

socket

inet_addr

shutdown

htonl

ntohl

kernel32

GetModuleHandleW

GetProcAddress

VirtualFree

GetEnvironmentVariableW

GetACP

GetSystemDirectoryA

FreeLibrary

LoadLibraryA

FormatMessageA

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

GetConsoleMode

SetConsoleMode

ReadConsoleA

ReadConsoleW

FindFirstFileW

FindNextFileW

GetProcessHeap

WriteFile

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetFileType

GetStdHandle

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

GetCurrentThreadId

AcquireSRWLockShared

AcquireSRWLockExclusive

ReleaseSRWLockShared

ReleaseSRWLockExclusive

InitializeSRWLock

SetLastError

GetLastError

WideCharToMultiByte

GetFileAttributesA

GetCommandLineW

GetCommandLineA

GetOEMCP

IsValidCodePage

FindFirstFileExA

GetTimeZoneInformation

HeapReAlloc

CreateDirectoryW

SetStdHandle

GetFullPathNameW

GetCurrentDirectoryW

SetFilePointerEx

EnumSystemLocalesW

GetUserDefaultLCID

IsValidLocale

WriteConsoleW

HeapAlloc

HeapFree

GetConsoleCP

FlushFileBuffers

MultiByteToWideChar

FindClose

FindNextFileA

SetEndOfFile

HeapSize

SetEnvironmentVariableA

RtlUnwind

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

InitializeCriticalSectionAndSpinCount

SwitchToThread

EncodePointer

DecodePointer

CompareStringW

LCMapStringW

GetLocaleInfoW

GetStringTypeW

GetCPInfo

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

InitializeSListHead

IsDebuggerPresent

GetStartupInfoW

RtlUnwindEx

RtlPcToFileHeader

RaiseException

InterlockedFlushSList

LoadLibraryExW

CreateFileW

GetDriveTypeW

GetFileInformationByHandle

CloseHandle

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

ExitProcess

GetModuleHandleExW

SetConsoleCtrlHandler

ReadFile

GetModuleFileNameA

user32

GetUserObjectInformationW

MessageBoxW

GetProcessWindowStation

advapi32

CryptCreateHash

RegisterEventSourceW

ReportEventW

CryptAcquireContextW

CryptReleaseContext

CryptDestroyKey

CryptSetHashParam

CryptGetProvParam

CryptEnumProvidersW

CryptSignHashW

CryptDestroyHash

DeregisterEventSource

CryptDecrypt

CryptExportKey

CryptGetUserKey

bcrypt

BCryptGenRandom

crypt32

CertCloseStore

CertEnumCertificatesInStore

CertFindCertificateInStore

CertDuplicateCertificateContext

CertFreeCertificateContext

CertGetCertificateContextProperty

CertOpenStore

Exports

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/cde_zip.dll

.dll windows:6 windows x64 arch:x64

2bab5256a2af62554b18ffe08f24bf9b

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

fd:51:c3:cd:cb:00:42:4b:b9:02:ea:5c:71:1d:7b:3b:25:89:e7:2e:32:3d:e5:98:ba:f0:b0:03:ad:63:c6:35:a2:32:0e:ee:33:2f:b8:3c:c5:06:b3:8a:a0:61:87:ad:18:e0:40:6d:f5:e2:bb:6c:b2:38:38:0d:1b:e1:bd:cf
Signer

Actual PE Digest

fd:51:c3:cd:cb:00:42:4b:b9:02:ea:5c:71:1d:7b:3b:25:89:e7:2e:32:3d:e5:98:ba:f0:b0:03:ad:63:c6:35:a2:32:0e:ee:33:2f:b8:3c:c5:06:b3:8a:a0:61:87:ad:18:e0:40:6d:f5:e2:bb:6c:b2:38:38:0d:1b:e1:bd:cf

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\x64Release\cde_zip.pdb

Imports

kernel32

GetFileAttributesW

HeapSize

MultiByteToWideChar

GetLastError

HeapReAlloc

CloseHandle

RaiseException

HeapAlloc

GetProcAddress

DeleteCriticalSection

GetProcessHeap

FreeLibrary

WideCharToMultiByte

IsProcessorFeaturePresent

GetTempPathW

CreateFileW

GetFileAttributesA

GetFileInformationByHandle

GetFileType

GetFullPathNameW

ReadFile

WriteFile

PeekNamedPipe

GetExitCodeProcess

IsValidCodePage

GetACP

GetOEMCP

Sleep

GetStdHandle

SearchPathA

DuplicateHandle

SetHandleInformation

CreatePipe

GetCurrentProcess

CreateProcessA

OpenProcess

WriteConsoleW

FlushFileBuffers

SetEnvironmentVariableW

InitializeCriticalSectionEx

HeapFree

CreateFileA

GetLocalTime

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

FindNextFileW

FindFirstFileExW

FindClose

GetStringTypeW

ReadConsoleW

SetEndOfFile

GetConsoleMode

GetConsoleCP

QueryPerformanceCounter

QueryPerformanceFrequency

SetLastError

InitializeCriticalSectionAndSpinCount

CreateEventW

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

GetSystemTimeAsFileTime

GetModuleHandleW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

TerminateProcess

EnterCriticalSection

LeaveCriticalSection

SetEvent

ResetEvent

WaitForSingleObjectEx

IsDebuggerPresent

GetStartupInfoW

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwindEx

RtlPcToFileHeader

InterlockedFlushSList

EncodePointer

LoadLibraryExW

SetStdHandle

ExitProcess

GetModuleHandleExW

GetCPInfo

SetFilePointerEx

GetModuleFileNameW

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

GetTimeZoneInformation

user32

WaitForInputIdle

advapi32

CryptReleaseContext

CryptAcquireContextW

CryptGenRandom

bcrypt

BCryptGenerateSymmetricKey

BCryptCloseAlgorithmProvider

BCryptDestroyKey

BCryptGetProperty

BCryptOpenAlgorithmProvider

BCryptDeriveKeyPBKDF2

BCryptCreateHash

BCryptEncrypt

BCryptHashData

BCryptSetProperty

BCryptFinishHash

Exports

archive_clear_error

archive_compression

archive_compression_name

archive_copy_error

archive_entry_acl

archive_entry_acl_add_entry

archive_entry_acl_add_entry_w

archive_entry_acl_clear

archive_entry_acl_count

archive_entry_acl_from_text

archive_entry_acl_from_text_w

archive_entry_acl_next

archive_entry_acl_reset

archive_entry_acl_text

archive_entry_acl_text_w

archive_entry_acl_to_text

archive_entry_acl_to_text_w

archive_entry_acl_types

archive_entry_atime

archive_entry_atime_is_set

archive_entry_atime_nsec

archive_entry_birthtime

archive_entry_birthtime_is_set

archive_entry_birthtime_nsec

archive_entry_clear

archive_entry_clone

archive_entry_copy_fflags_text

archive_entry_copy_fflags_text_w

archive_entry_copy_gname

archive_entry_copy_gname_w

archive_entry_copy_hardlink

archive_entry_copy_hardlink_w

archive_entry_copy_link

archive_entry_copy_link_w

archive_entry_copy_mac_metadata

archive_entry_copy_pathname

archive_entry_copy_pathname_w

archive_entry_copy_sourcepath

archive_entry_copy_sourcepath_w

archive_entry_copy_symlink

archive_entry_copy_symlink_w

archive_entry_copy_uname

archive_entry_copy_uname_w

archive_entry_ctime

archive_entry_ctime_is_set

archive_entry_ctime_nsec

archive_entry_dev

archive_entry_dev_is_set

archive_entry_devmajor

archive_entry_devminor

archive_entry_digest

archive_entry_fflags

archive_entry_fflags_text

archive_entry_filetype

archive_entry_free

archive_entry_gid

archive_entry_gname

archive_entry_gname_utf8

archive_entry_gname_w

archive_entry_hardlink

archive_entry_hardlink_utf8

archive_entry_hardlink_w

archive_entry_ino

archive_entry_ino64

archive_entry_ino_is_set

archive_entry_is_data_encrypted

archive_entry_is_encrypted

archive_entry_is_metadata_encrypted

archive_entry_linkify

archive_entry_linkresolver_free

archive_entry_linkresolver_new

archive_entry_linkresolver_set_strategy

archive_entry_mac_metadata

archive_entry_mode

archive_entry_mtime

archive_entry_mtime_is_set

archive_entry_mtime_nsec

archive_entry_new

archive_entry_new2

archive_entry_nlink

archive_entry_partial_links

archive_entry_pathname

archive_entry_pathname_utf8

archive_entry_pathname_w

archive_entry_perm

archive_entry_rdev

archive_entry_rdevmajor

archive_entry_rdevminor

archive_entry_set_atime

archive_entry_set_birthtime

archive_entry_set_ctime

archive_entry_set_dev

archive_entry_set_devmajor

archive_entry_set_devminor

archive_entry_set_fflags

archive_entry_set_filetype

archive_entry_set_gid

archive_entry_set_gname

archive_entry_set_gname_utf8

archive_entry_set_hardlink

archive_entry_set_hardlink_utf8

archive_entry_set_ino

archive_entry_set_ino64

archive_entry_set_is_data_encrypted

archive_entry_set_is_metadata_encrypted

archive_entry_set_link

archive_entry_set_link_utf8

archive_entry_set_mode

archive_entry_set_mtime

archive_entry_set_nlink

archive_entry_set_pathname

archive_entry_set_pathname_utf8

archive_entry_set_perm

archive_entry_set_rdev

archive_entry_set_rdevmajor

archive_entry_set_rdevminor

archive_entry_set_size

archive_entry_set_symlink

archive_entry_set_symlink_type

archive_entry_set_symlink_utf8

archive_entry_set_uid

archive_entry_set_uname

archive_entry_set_uname_utf8

archive_entry_size

archive_entry_size_is_set

archive_entry_sourcepath

archive_entry_sourcepath_w

archive_entry_sparse_add_entry

archive_entry_sparse_clear

archive_entry_sparse_count

archive_entry_sparse_next

archive_entry_sparse_reset

archive_entry_symlink

archive_entry_symlink_type

archive_entry_symlink_utf8

archive_entry_symlink_w

archive_entry_uid

archive_entry_uname

archive_entry_uname_utf8

archive_entry_uname_w

archive_entry_unset_atime

archive_entry_unset_birthtime

archive_entry_unset_ctime

archive_entry_unset_mtime

archive_entry_unset_size

archive_entry_update_gname_utf8

archive_entry_update_hardlink_utf8

archive_entry_update_link_utf8

archive_entry_update_pathname_utf8

archive_entry_update_symlink_utf8

archive_entry_update_uname_utf8

archive_entry_xattr_add_entry

archive_entry_xattr_clear

archive_entry_xattr_count

archive_entry_xattr_next

archive_entry_xattr_reset

archive_errno

archive_error_string

archive_file_count

archive_filter_bytes

archive_filter_code

archive_filter_count

archive_filter_name

archive_format

archive_format_name

archive_free

archive_position_compressed

archive_position_uncompressed

archive_read_add_callback_data

archive_read_add_passphrase

archive_read_append_callback_data

archive_read_close

archive_read_data

archive_read_data_block

archive_read_data_skip

archive_read_extract_set_skip_file

archive_read_finish

archive_read_format_capabilities

archive_read_free

archive_read_has_encrypted_entries

archive_read_header_position

archive_read_new

archive_read_next_header

archive_read_next_header2

archive_read_open

archive_read_open1

archive_read_open2

archive_read_prepend_callback_data

archive_read_set_callback_data

archive_read_set_callback_data2

archive_read_set_close_callback

archive_read_set_open_callback

archive_read_set_passphrase_callback

archive_read_set_read_callback

archive_read_set_seek_callback

archive_read_set_skip_callback

archive_read_set_switch_callback

archive_read_support_compression_bzip2

archive_read_support_compression_compress

archive_read_support_compression_gzip

archive_read_support_compression_lzip

archive_read_support_compression_lzma

archive_read_support_compression_program

archive_read_support_compression_program_signature

archive_read_support_compression_rpm

archive_read_support_compression_uu

archive_read_support_compression_xz

archive_read_support_filter_bzip2

archive_read_support_filter_compress

archive_read_support_filter_grzip

archive_read_support_filter_gzip

archive_read_support_filter_lrzip

archive_read_support_filter_lz4

archive_read_support_filter_lzip

archive_read_support_filter_lzma

archive_read_support_filter_lzop

archive_read_support_filter_program

archive_read_support_filter_program_signature

archive_read_support_filter_rpm

archive_read_support_filter_uu

archive_read_support_filter_xz

archive_read_support_filter_zstd

archive_read_support_format_7zip

archive_read_support_format_all

archive_read_support_format_ar

archive_read_support_format_cab

archive_read_support_format_cpio

archive_read_support_format_empty

archive_read_support_format_gnutar

archive_read_support_format_iso9660

archive_read_support_format_lha

archive_read_support_format_mtree

archive_read_support_format_rar

archive_read_support_format_rar5

archive_read_support_format_raw

archive_read_support_format_tar

archive_read_support_format_warc

archive_read_support_format_xar

archive_read_support_format_zip

archive_read_support_format_zip_seekable

archive_read_support_format_zip_streamable

archive_seek_data

archive_set_error

archive_utility_string_sort

archive_version_number

archive_version_string

archive_write_close

archive_write_data

archive_write_data_block

archive_write_fail

archive_write_finish

archive_write_finish_entry

archive_write_free

archive_write_get_bytes_in_last_block

archive_write_get_bytes_per_block

archive_write_header

archive_write_new

archive_write_open

archive_write_open2

archive_write_set_bytes_in_last_block

archive_write_set_bytes_per_block

archive_write_set_filter_option

archive_write_set_format

archive_write_set_format_7zip

archive_write_set_format_cpio

archive_write_set_format_cpio_bin

archive_write_set_format_cpio_newc

archive_write_set_format_cpio_odc

archive_write_set_format_cpio_pwb

archive_write_set_format_gnutar

archive_write_set_format_iso9660

archive_write_set_format_mtree

archive_write_set_format_mtree_classic

archive_write_set_format_option

archive_write_set_format_pax

archive_write_set_format_pax_restricted

archive_write_set_format_raw

archive_write_set_format_shar

archive_write_set_format_shar_dump

archive_write_set_format_ustar

archive_write_set_format_warc

archive_write_set_format_xar

archive_write_set_format_zip

archive_write_set_option

archive_write_set_options

archive_write_set_passphrase

archive_write_set_passphrase_callback

archive_write_set_skip_file

archive_write_zip_set_compression_deflate

archive_write_zip_set_compression_store

get_func

lzx_cleanup_bitstream

lzx_decode

lzx_decode_free

lzx_decode_init

Sections

.text
Size: 825KB - Virtual size: 825KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/cde/db/c000.dat

$_134_/plugin/cde/db/h10000.dat

$_134_/plugin/cde/db/h10001.dat

$_134_/plugin/cde/db/h10100.dat

$_134_/plugin/cde/db/h10101.dat

$_134_/plugin/cde/db/h30000.dat

$_134_/plugin/cde/db/h30001.dat

$_134_/plugin/cde/db/h40000.dat

$_134_/plugin/cde/db/h40001.dat

$_134_/plugin/cde/db/h50000.dat

$_134_/plugin/cde/db/h50001.dat

$_134_/plugin/cde/db/h60000.dat

$_134_/plugin/cde/db/h60001.dat

$_134_/plugin/cde/db/h70000.dat

$_134_/plugin/cde/db/h70001.dat

$_134_/plugin/cde/db/hf0001.dat

$_134_/plugin/cde/db/hf0101.dat

$_134_/plugin/cde/db/hf0200.dat

$_134_/plugin/cde/db/m001.dat

$_134_/plugin/cde/db/m002.dat

$_134_/plugin/cde/db/m003.dat

$_134_/plugin/cde/db/m004.dat

$_134_/plugin/cde/db/m005.dat

$_134_/plugin/cde/db/m006.dat

$_134_/plugin/cde/db/m00x.dat

$_134_/plugin/cde/db/n000.dat

$_134_/plugin/cde/db/n001.dat

$_134_/plugin/cde/libxml2.dll

.dll windows:6 windows x64 arch:x64

c60cda969a37de9a1f8d740b41489e97

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

f3:bc:52:2e:2c:b3:2f:31:85:cd:7c:91:68:ec:99:fa:b8:85:17:e5:d5:59:de:1a:a3:d3:05:ad:7e:a2:ce:05:14:ea:d1:f7:0b:34:c6:cd:98:cd:06:30:47:87:4c:49:ff:57:c1:ea:be:2c:44:30:e1:d5:8e:00:d2:a5:51:8b
Signer

Actual PE Digest

f3:bc:52:2e:2c:b3:2f:31:85:cd:7c:91:68:ec:99:fa:b8:85:17:e5:d5:59:de:1a:a3:d3:05:ad:7e:a2:ce:05:14:ea:d1:f7:0b:34:c6:cd:98:cd:06:30:47:87:4c:49:ff:57:c1:ea:be:2c:44:30:e1:d5:8e:00:d2:a5:51:8b

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_HGRM9BJW\cde\output\lib\x64Release\libxml2.pdb

Imports

ws2_32

closesocket

WSAGetLastError

WSASetLastError

getservbyname

getservbyport

gethostbyaddr

ntohs

inet_ntoa

inet_addr

htonl

getsockopt

ioctlsocket

__WSAFDIsSet

WSACleanup

WSAStartup

gethostbyname

socket

send

select

recv

listen

htons

getsockname

connect

bind

kernel32

SetLastError

OutputDebugStringW

OutputDebugStringA

WriteConsoleW

HeapSize

GetTimeZoneInformation

SetFilePointerEx

SetEndOfFile

SetConsoleCtrlHandler

GetProcessHeap

SetEnvironmentVariableW

SetEnvironmentVariableA

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

GetCPInfo

GetOEMCP

IsValidCodePage

FindNextFileW

FindNextFileA

FindFirstFileExW

FindFirstFileExA

FindClose

FlushFileBuffers

HeapReAlloc

GetModuleHandleA

GetModuleFileNameA

GetSystemDirectoryA

FreeLibrary

GetProcAddress

LoadLibraryA

CloseHandle

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

DeleteCriticalSection

ReleaseMutex

WaitForSingleObject

CreateMutexW

Sleep

GetCurrentThreadId

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

MultiByteToWideChar

GetStringTypeW

RtlCaptureContext

RtlLookupFunctionEntry

RtlVirtualUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

IsProcessorFeaturePresent

IsDebuggerPresent

GetStartupInfoW

GetModuleHandleW

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

InitializeSListHead

RtlUnwindEx

InterlockedPushEntrySList

InterlockedFlushSList

GetLastError

RtlUnwind

InitializeCriticalSectionAndSpinCount

LoadLibraryExW

EncodePointer

RaiseException

RtlPcToFileHeader

CreateFileW

GetDriveTypeW

GetFileInformationByHandle

GetFileType

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

ExitProcess

GetModuleHandleExW

GetModuleFileNameW

WideCharToMultiByte

ReadFile

GetConsoleMode

ReadConsoleW

WriteFile

GetConsoleCP

GetFullPathNameW

GetFullPathNameA

HeapAlloc

HeapFree

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

GetStdHandle

GetCurrentThread

GetACP

SetCurrentDirectoryW

GetCurrentDirectoryW

SetStdHandle

Exports

UTF8ToHtml

UTF8Toisolat1

__docbDefaultSAXHandler

__htmlDefaultSAXHandler

__oldXMLWDcompatibility

__xmlBufferAllocScheme

__xmlDefaultBufferSize

__xmlDefaultSAXHandler

__xmlDefaultSAXLocator

__xmlDeregisterNodeDefaultValue

__xmlDoValidityCheckingDefaultValue

__xmlErrEncoding

__xmlGenericError

__xmlGenericErrorContext

__xmlGetWarningsDefaultValue

__xmlIndentTreeOutput

__xmlKeepBlanksDefaultValue

__xmlLastError

__xmlLineNumbersDefaultValue

__xmlLoadExtDtdDefaultValue

__xmlOutputBufferCreateFilenameValue

__xmlParserDebugEntities

__xmlParserInputBufferCreateFilenameValue

__xmlParserVersion

__xmlPedanticParserDefaultValue

__xmlRaiseError

__xmlRegisterNodeDefaultValue

__xmlSaveNoEmptyTags

__xmlSimpleError

__xmlStructuredError

__xmlStructuredErrorContext

__xmlSubstituteEntitiesDefaultValue

__xmlTreeIndentString

attribute

attributeDecl

cdataBlock

characters

checkNamespace

comment

docbCreateFileParserCtxt

docbCreatePushParserCtxt

docbDefaultSAXHandlerInit

docbEncodeEntities

docbFreeParserCtxt

docbParseChunk

docbParseDoc

docbParseDocument

docbParseFile

docbSAXParseDoc

docbSAXParseFile

elementDecl

endDocument

endElement

entityDecl

externalSubset

getColumnNumber

getEntity

getLineNumber

getNamespace

getParameterEntity

getPublicId

getSystemId

globalNamespace

hasExternalSubset

hasInternalSubset

htmlAttrAllowed

htmlAutoCloseTag

htmlCreateFileParserCtxt

htmlCreateMemoryParserCtxt

htmlCreatePushParserCtxt

htmlCtxtReadDoc

htmlCtxtReadFd

htmlCtxtReadFile

htmlCtxtReadIO

htmlCtxtReadMemory

htmlCtxtReset

htmlCtxtUseOptions

htmlDefaultSAXHandlerInit

htmlDocContentDumpFormatOutput

htmlDocContentDumpOutput

htmlDocDump

htmlDocDumpMemory

htmlDocDumpMemoryFormat

htmlElementAllowedHere

htmlElementStatusHere

htmlEncodeEntities

htmlEntityLookup

htmlEntityValueLookup

htmlFreeParserCtxt

htmlGetMetaEncoding

htmlHandleOmittedElem

htmlInitAutoClose

htmlIsAutoClosed

htmlIsBooleanAttr

htmlIsScriptAttribute

htmlNewDoc

htmlNewDocNoDtD

htmlNewParserCtxt

htmlNodeDump

htmlNodeDumpFile

htmlNodeDumpFileFormat

htmlNodeDumpFormatOutput

htmlNodeDumpOutput

htmlNodeStatus

htmlParseCharRef

htmlParseChunk

htmlParseDoc

htmlParseDocument

htmlParseElement

htmlParseEntityRef

htmlParseFile

htmlReadDoc

htmlReadFd

htmlReadFile

htmlReadIO

htmlReadMemory

htmlSAXParseDoc

htmlSAXParseFile

htmlSaveFile

htmlSaveFileEnc

htmlSaveFileFormat

htmlSetMetaEncoding

htmlTagLookup

ignorableWhitespace

initGenericErrorDefaultFunc

initdocbDefaultSAXHandler

inithtmlDefaultSAXHandler

initxmlDefaultSAXHandler

inputPop

inputPush

internalSubset

isStandalone

isolat1ToUTF8

namePop

namePush

namespaceDecl

nodePop

nodePush

notationDecl

processingInstruction

reference

resolveEntity

setDocumentLocator

setNamespace

startDocument

startElement

unparsedEntityDecl

valuePop

valuePush

xlinkGetDefaultDetect

xlinkGetDefaultHandler

xlinkIsLink

xlinkSetDefaultDetect

xlinkSetDefaultHandler

xmlACatalogAdd

xmlACatalogDump

xmlACatalogRemove

xmlACatalogResolve

xmlACatalogResolvePublic

xmlACatalogResolveSystem

xmlACatalogResolveURI

xmlAddAttributeDecl

xmlAddChild

xmlAddChildList

xmlAddDocEntity

xmlAddDtdEntity

xmlAddElementDecl

xmlAddEncodingAlias

xmlAddID

xmlAddNextSibling

xmlAddNotationDecl

xmlAddPrevSibling

xmlAddRef

xmlAddSibling

xmlAllocOutputBuffer

xmlAllocParserInputBuffer

xmlAttrSerializeTxtContent

xmlAutomataCompile

xmlAutomataGetInitState

xmlAutomataIsDeterminist

xmlAutomataNewAllTrans

xmlAutomataNewCountTrans

xmlAutomataNewCountTrans2

xmlAutomataNewCountedTrans

xmlAutomataNewCounter

xmlAutomataNewCounterTrans

xmlAutomataNewEpsilon

xmlAutomataNewNegTrans

xmlAutomataNewOnceTrans

xmlAutomataNewOnceTrans2

xmlAutomataNewState

xmlAutomataNewTransition

xmlAutomataNewTransition2

xmlAutomataSetFinalState

xmlBoolToText

xmlBufContent

xmlBufEnd

xmlBufGetNodeContent

xmlBufNodeDump

xmlBufShrink

xmlBufUse

xmlBufferAdd

xmlBufferAddHead

xmlBufferCCat

xmlBufferCat

xmlBufferContent

xmlBufferCreate

xmlBufferCreateSize

xmlBufferCreateStatic

xmlBufferDetach

xmlBufferDump

xmlBufferEmpty

xmlBufferFree

xmlBufferGrow

xmlBufferLength

xmlBufferResize

xmlBufferSetAllocationScheme

xmlBufferShrink

xmlBufferWriteCHAR

xmlBufferWriteChar

xmlBufferWriteQuotedString

xmlBuildQName

xmlBuildRelativeURI

xmlBuildURI

xmlByteConsumed

xmlC14NDocDumpMemory

xmlC14NDocSave

xmlC14NDocSaveTo

xmlC14NExecute

xmlCanonicPath

xmlCatalogAdd

xmlCatalogAddLocal

xmlCatalogCleanup

xmlCatalogConvert

xmlCatalogDump

xmlCatalogFreeLocal

xmlCatalogGetDefaults

xmlCatalogGetPublic

xmlCatalogGetSystem

xmlCatalogIsEmpty

xmlCatalogLocalResolve

xmlCatalogLocalResolveURI

xmlCatalogRemove

xmlCatalogResolve

xmlCatalogResolvePublic

xmlCatalogResolveSystem

xmlCatalogResolveURI

xmlCatalogSetDebug

xmlCatalogSetDefaultPrefer

xmlCatalogSetDefaults

xmlCharEncCloseFunc

xmlCharEncFirstLine

xmlCharEncInFunc

xmlCharEncOutFunc

xmlCharInRange

xmlCharStrdup

xmlCharStrndup

xmlCheckFilename

xmlCheckHTTPInput

xmlCheckLanguageID

xmlCheckUTF8

xmlCheckVersion

xmlChildElementCount

xmlCleanupCharEncodingHandlers

xmlCleanupEncodingAliases

xmlCleanupGlobals

xmlCleanupInputCallbacks

xmlCleanupMemory

xmlCleanupOutputCallbacks

xmlCleanupParser

xmlCleanupPredefinedEntities

xmlCleanupThreads

xmlClearNodeInfoSeq

xmlClearParserCtxt

xmlConvertSGMLCatalog

xmlCopyAttributeTable

xmlCopyChar

xmlCopyCharMultiByte

xmlCopyDoc

xmlCopyDocElementContent

xmlCopyDtd

xmlCopyElementContent

xmlCopyElementTable

xmlCopyEntitiesTable

xmlCopyEnumeration

xmlCopyError

xmlCopyNamespace

xmlCopyNamespaceList

xmlCopyNode

xmlCopyNodeList

xmlCopyNotationTable

xmlCopyProp

xmlCopyPropList

xmlCreateDocParserCtxt

xmlCreateEntitiesTable

xmlCreateEntityParserCtxt

xmlCreateEnumeration

xmlCreateFileParserCtxt

xmlCreateIOParserCtxt

xmlCreateIntSubset

xmlCreateMemoryParserCtxt

xmlCreatePushParserCtxt

xmlCreateURI

xmlCreateURLParserCtxt

xmlCtxtGetLastError

xmlCtxtReadDoc

xmlCtxtReadFd

xmlCtxtReadFile

xmlCtxtReadIO

xmlCtxtReadMemory

xmlCtxtReset

xmlCtxtResetLastError

xmlCtxtResetPush

xmlCtxtUseOptions

xmlCurrentChar

xmlDOMWrapAdoptNode

xmlDOMWrapCloneNode

xmlDOMWrapFreeCtxt

xmlDOMWrapNewCtxt

xmlDOMWrapReconcileNamespaces

xmlDOMWrapRemoveNode

xmlDebugCheckDocument

xmlDebugDumpAttr

xmlDebugDumpAttrList

xmlDebugDumpDTD

xmlDebugDumpDocument

xmlDebugDumpDocumentHead

xmlDebugDumpEntities

xmlDebugDumpNode

xmlDebugDumpNodeList

xmlDebugDumpOneNode

xmlDebugDumpString

xmlDecodeEntities

xmlDefaultSAXHandlerInit

xmlDelEncodingAlias

xmlDeregisterNodeDefault

xmlDetectCharEncoding

xmlDictCleanup

xmlDictCreate

xmlDictCreateSub

xmlDictExists

xmlDictFree

xmlDictGetUsage

xmlDictLookup

xmlDictOwns

xmlDictQLookup

xmlDictReference

xmlDictSetLimit

xmlDictSize

xmlDocCopyNode

xmlDocCopyNodeList

xmlDocDump

xmlDocDumpFormatMemory

xmlDocDumpFormatMemoryEnc

xmlDocDumpMemory

xmlDocDumpMemoryEnc

xmlDocFormatDump

xmlDocGetRootElement

xmlDocSetRootElement

xmlDumpAttributeDecl

xmlDumpAttributeTable

xmlDumpElementDecl

xmlDumpElementTable

xmlDumpEntitiesTable

xmlDumpEntityDecl

xmlDumpNotationDecl

xmlDumpNotationTable

xmlElemDump

xmlEncodeEntities

xmlEncodeEntitiesReentrant

xmlEncodeSpecialChars

xmlErrMemory

xmlEscapeFormatString

xmlFileClose

xmlFileMatch

xmlFileOpen

xmlFileRead

xmlFindCharEncodingHandler

xmlFirstElementChild

xmlFree

xmlFreeAttributeTable

xmlFreeAutomata

xmlFreeCatalog

xmlFreeDoc

xmlFreeDocElementContent

xmlFreeDtd

xmlFreeElementContent

xmlFreeElementTable

xmlFreeEntitiesTable

xmlFreeEnumeration

xmlFreeIDTable

xmlFreeInputStream

xmlFreeMutex

xmlFreeNode

xmlFreeNodeList

xmlFreeNotationTable

xmlFreeNs

xmlFreeNsList

xmlFreeParserCtxt

xmlFreeParserInputBuffer

xmlFreePattern

xmlFreePatternList

xmlFreeProp

xmlFreePropList

xmlFreeRMutex

xmlFreeRefTable

xmlFreeStreamCtxt

xmlFreeTextReader

xmlFreeTextWriter

xmlFreeURI

xmlFreeValidCtxt

xmlGcMemGet

xmlGcMemSetup

xmlGetBufferAllocationScheme

xmlGetCharEncodingHandler

xmlGetCharEncodingName

xmlGetCompressMode

xmlGetDocCompressMode

xmlGetDocEntity

xmlGetDtdAttrDesc

xmlGetDtdElementDesc

xmlGetDtdEntity

xmlGetDtdNotationDesc

xmlGetDtdQAttrDesc

xmlGetDtdQElementDesc

xmlGetEncodingAlias

xmlGetExternalEntityLoader

xmlGetFeature

xmlGetFeaturesList

xmlGetGlobalState

xmlGetID

xmlGetIntSubset

xmlGetLastChild

xmlGetLastError

xmlGetLineNo

xmlGetNoNsProp

xmlGetNodePath

xmlGetNsList

xmlGetNsProp

xmlGetParameterEntity

xmlGetPredefinedEntity

xmlGetProp

xmlGetRefs

xmlGetThreadId

xmlGetUTF8Char

xmlHandleEntity

xmlHasFeature

xmlHasNsProp

xmlHasProp

xmlHashAddEntry

xmlHashAddEntry2

xmlHashAddEntry3

xmlHashCopy

xmlHashCreate

xmlHashCreateDict

xmlHashDefaultDeallocator

xmlHashFree

xmlHashLookup

xmlHashLookup2

xmlHashLookup3

xmlHashQLookup

xmlHashQLookup2

xmlHashQLookup3

xmlHashRemoveEntry

xmlHashRemoveEntry2

xmlHashRemoveEntry3

xmlHashScan

xmlHashScan3

xmlHashScanFull

xmlHashScanFull3

xmlHashSize

xmlHashUpdateEntry

xmlHashUpdateEntry2

xmlHashUpdateEntry3

xmlIOFTPClose

xmlIOFTPMatch

xmlIOFTPOpen

xmlIOFTPRead

xmlIOHTTPClose

xmlIOHTTPMatch

xmlIOHTTPOpen

xmlIOHTTPOpenW

xmlIOHTTPRead

xmlIOParseDTD

xmlInitCharEncodingHandlers

xmlInitGlobals

xmlInitMemory

xmlInitNodeInfoSeq

xmlInitParser

xmlInitParserCtxt

xmlInitThreads

xmlInitializeCatalog

xmlInitializeDict

xmlInitializeGlobalState

xmlInitializePredefinedEntities

xmlIsBaseChar

xmlIsBaseCharGroup

xmlIsBlank

xmlIsBlankNode

xmlIsChar

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_134_/plugin/hips/GSP.sdb

$_134_/plugin/hips/hips_db.dat

$_134_/plugin/hips/sdb_config

$_134_/resource/BgImages/bg.bmp

$_134_/resource/BgImages/bgrepair.bmp

$_134_/resource/BgImages/unbg1.bmp

$_134_/resource/BgImages/unbg2.bmp

$_134_/resource/tray_icons/init.ico

$_134_/resource/tray_icons/normal_status.ico

$_134_/resource/tray_icons/offline.ico

$_134_/resource/tray_icons/online.ico

$_134_/resource/tray_icons/register_fail.ico

$_134_/resource/tray_icons/scan_offline.ico

$_134_/resource/tray_icons/scan_online.ico

$_134_/settings/signer_whitelist.json

$_134_/update/current/core/updater.exe

.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

d6:56:f0:eb:77:69:6b:1c:a5:f1:8d:1e:fc:61:17:0d:c8:28:5e:b2:a0:88:0f:60:f6:e1:7a:f1:d3:0f:f3:af:98:67:f6:75:ef:4b:d3:cf:e7:20:e9:ed:09:32:25:af:d6:8e:fd:42:cc:dd:98:5c:44:cd:2d:5d:4f:94:22:52
Signer

Actual PE Digest

d6:56:f0:eb:77:69:6b:1c:a5:f1:8d:1e:fc:61:17:0d:c8:28:5e:b2:a0:88:0f:60:f6:e1:7a:f1:d3:0f:f3:af:98:67:f6:75:ef:4b:d3:cf:e7:20:e9:ed:09:32:25:af:d6:8e:fd:42:cc:dd:98:5c:44:cd:2d:5d:4f:94:22:52

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW

RegEnumKeyW

RegQueryValueExW

RegSetValueExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

AdjustTokenPrivileges

LookupPrivilegeValueW

OpenProcessToken

SetFileSecurityW

RegOpenKeyExW

RegEnumValueW

shell32

SHGetSpecialFolderLocation

SHFileOperationW

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteExW

SHGetFileInfoW

ole32

OleInitialize

OleUninitialize

CoCreateInstance

IIDFromString

CoTaskMemFree

comctl32

ord17

ImageList_Create

ImageList_Destroy

ImageList_AddMasked

user32

GetClientRect

EndPaint

DrawTextW

IsWindowEnabled

DispatchMessageW

wsprintfA

CharNextA

CharPrevW

MessageBoxIndirectW

GetDlgItemTextW

SetDlgItemTextW

GetSystemMetrics

FillRect

AppendMenuW

TrackPopupMenu

OpenClipboard

SetClipboardData

CloseClipboard

IsWindowVisible

CallWindowProcW

GetMessagePos

CheckDlgButton

LoadCursorW

SetCursor

GetSysColor

SetWindowPos

GetWindowLongW

PeekMessageW

SetClassLongW

GetSystemMenu

EnableMenuItem

GetWindowRect

ScreenToClient

EndDialog

RegisterClassW

SystemParametersInfoW

CreateWindowExW

GetClassInfoW

DialogBoxParamW

CharNextW

ExitWindowsEx

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

FindWindowExW

IsWindow

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

ReleaseDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

EmptyClipboard

CreatePopupMenu

gdi32

SetBkMode

SetBkColor

GetDeviceCaps

CreateFontIndirectW

CreateBrushIndirect

DeleteObject

SetTextColor

SelectObject

kernel32

GetExitCodeProcess

WaitForSingleObject

GetModuleHandleA

GetProcAddress

GetSystemDirectoryW

lstrcatW

Sleep

lstrcpyA

WriteFile

GetTempFileNameW

CreateFileW

lstrcmpiA

RemoveDirectoryW

CreateProcessW

CreateDirectoryW

GetLastError

CreateThread

GlobalLock

GlobalUnlock

GetDiskFreeSpaceW

WideCharToMultiByte

lstrcpynW

lstrlenW

SetErrorMode

GetVersionExW

GetCommandLineW

GetTempPathW

GetWindowsDirectoryW

SetEnvironmentVariableW

CopyFileW

ExitProcess

GetCurrentProcess

GetModuleFileNameW

GetFileSize

GetTickCount

MulDiv

SetFileAttributesW

GetFileAttributesW

SetCurrentDirectoryW

MoveFileW

GetFullPathNameW

GetShortPathNameW

SearchPathW

CompareFileTime

SetFileTime

CloseHandle

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalFree

GlobalAlloc

GetModuleHandleW

LoadLibraryExW

MoveFileExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

lstrlenA

MultiByteToWideChar

ReadFile

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/NsisCompChecker.dll

.dll windows:6 windows x86 arch:x86

e8ae300ff0169803ae353083e7d9bf0e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

KeyUsageCertSign

KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

bb:0b:df:a6:b7:e9:c3:80:f0:fb:1e:ea:ce:4b:1c:21:18:3e:28:4c:f7:16:7a:1b:89:67:1b:e0:19:16:06:7f:9c:b3:78:33:dc:40:cb:d2:4f:be:98:8f:05:c8:e2:80:59:b8:d8:8a:fd:ec:f3:57:fb:da:df:59:8d:3e:36:d7
Signer

Actual PE Digest

bb:0b:df:a6:b7:e9:c3:80:f0:fb:1e:ea:ce:4b:1c:21:18:3e:28:4c:f7:16:7a:1b:89:67:1b:e0:19:16:06:7f:9c:b3:78:33:dc:40:cb:d2:4f:be:98:8f:05:c8:e2:80:59:b8:d8:8a:fd:ec:f3:57:fb:da:df:59:8d:3e:36:d7

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

D:\ws\workspace\j_PWY9FNTO\edr_agent\output\nsis_compchecker\NsisCompChecker.pdb

Imports

wtsapi32

WTSEnumerateProcessesW

kernel32

VerSetConditionMask

OpenProcess

FreeLibrary

GetProcAddress

LoadLibraryW

VerifyVersionInfoW

K32GetModuleFileNameExA

CreateFileW

GetDriveTypeA

DecodePointer

CloseHandle

RaiseException

GetLastError

HeapDestroy

MultiByteToWideChar

HeapReAlloc

HeapFree

HeapSize

GetProcessHeap

DeviceIoControl

InitializeCriticalSectionEx

DeleteCriticalSection

GetLogicalDriveStringsA

Sleep

GlobalMemoryStatusEx

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetCommandLineW

GetCommandLineA

WideCharToMultiByte

GlobalAlloc

lstrcpynW

lstrcpyW

GlobalFree

SetEnvironmentVariableW

HeapAlloc

CloseThreadpoolWait

QueryPerformanceCounter

QueryPerformanceFrequency

FormatMessageA

InitOnceBeginInitialize

InitOnceComplete

InitOnceExecuteOnce

EnterCriticalSection

LeaveCriticalSection

SetFileInformationByHandle

FlsAlloc

FlsGetValue

FlsSetValue

FlsFree

InitializeSRWLock

ReleaseSRWLockExclusive

AcquireSRWLockExclusive

InitializeConditionVariable

WakeConditionVariable

WakeAllConditionVariable

SleepConditionVariableCS

SleepConditionVariableSRW

CreateEventExW

CreateSemaphoreExW

FlushProcessWriteBuffers

GetCurrentProcessorNumber

GetSystemTimeAsFileTime

GetTickCount64

FreeLibraryWhenCallbackReturns

CreateThreadpoolWork

SubmitThreadpoolWork

CloseThreadpoolWork

CreateThreadpoolTimer

SetThreadpoolTimer

WaitForThreadpoolTimerCallbacks

CloseThreadpoolTimer

CreateThreadpoolWait

SetThreadpoolWait

SetEndOfFile

GetModuleHandleW

GetFileInformationByHandleEx

CreateSymbolicLinkW

LocalFree

EncodePointer

CompareStringEx

GetCPInfo

LCMapStringEx

GetLocaleInfoEx

GetStringTypeW

InitializeCriticalSectionAndSpinCount

SetEvent

ResetEvent

WaitForSingleObjectEx

CreateEventW

IsProcessorFeaturePresent

IsDebuggerPresent

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetStartupInfoW

GetCurrentProcess

TerminateProcess

GetCurrentProcessId

GetCurrentThreadId

InitializeSListHead

OutputDebugStringW

RtlUnwind

InterlockedPushEntrySList

InterlockedFlushSList

SetLastError

TlsAlloc

TlsGetValue

TlsSetValue

TlsFree

LoadLibraryExW

GetDriveTypeW

GetFileInformationByHandle

GetFileType

PeekNamedPipe

SystemTimeToTzSpecificLocalTime

FileTimeToSystemTime

GetStdHandle

GetModuleFileNameW

GetModuleHandleExW

WriteConsoleW

ExitProcess

GetCurrentThread

GetDateFormatW

GetTimeFormatW

CompareStringW

LCMapStringW

GetLocaleInfoW

IsValidLocale

GetUserDefaultLCID

EnumSystemLocalesW

SetConsoleCtrlHandler

FlushFileBuffers

WriteFile

GetConsoleOutputCP

GetConsoleMode

ReadFile

GetFileSizeEx

SetFilePointerEx

ReadConsoleW

SetCurrentDirectoryW

GetCurrentDirectoryW

GetFullPathNameW

SetStdHandle

GetTimeZoneInformation

GetFileAttributesExW

FindClose

FindFirstFileExW

FindNextFileW

IsValidCodePage

GetACP

GetOEMCP

user32

wsprintfW

UnregisterClassA

advapi32

RegDeleteTreeW

RegSetValueExW

RegCreateKeyExW

RegQueryValueExW

RegOpenKeyExW

RegCloseKey

RegGetValueW

Exports

CheckIfPackageValid

CheckMemorySpaceSufficient

CheckSelectPathIsAvailable

DetectOS

GetIncompatibleAppName

GetIncompatibleAppNum

GetInstallTimeStamp

GetLocalDiskDrive

GetRegSysCrashControl

InitJsonPath

UpdateQuarantineConfigFile

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW

GlobalFree

GlobalSize

lstrcpynW

lstrcpyW

GetProcAddress

WideCharToMultiByte

VirtualFree

FreeLibrary

lstrlenW

LoadLibraryW

GlobalAlloc

MultiByteToWideChar

VirtualAlloc

VirtualProtect

GetLastError

user32

wsprintfW

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/installconfig.ini

$PLUGINSDIR/nsExec.dll

.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_LARGE_ADDRESS_AWARE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

IsTextUnicode

user32

wsprintfW

CharNextExA

SendMessageW

FindWindowExW

CharNextW

CharPrevW

kernel32

CreatePipe

DeleteFileW

lstrcmpiW

GetCommandLineW

ExitProcess

Sleep

TerminateProcess

GlobalReAlloc

MultiByteToWideChar

IsDBCSLeadByteEx

ReadFile

PeekNamedPipe

GetExitCodeProcess

WaitForSingleObject

GetTickCount

lstrcpyW

CreateProcessW

GetStartupInfoW

CreateFileMappingW

GetVersion

GetCurrentProcess

lstrcpynW

lstrlenW

lstrcatW

CloseHandle

UnmapViewOfFile

MapViewOfFile

GlobalFree

CreateFileW

CopyFileW

GetTempFileNameW

GlobalAlloc

GetModuleFileNameW

GetProcAddress

GetModuleHandleA

Exports

Exec

ExecToLog

ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$_43_/EDRClient.exe