Extracted

• CS2RED_Checker.zip

  .zip
• CS2RED' Programs/CS2REDСhecker.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 227KB - Virtual size: 226KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• CS2RED' Programs/Everything.exe

  .exe windows:4 windows x64 arch:x64

  d67c7cffdc58fd075aa466c7917d6010

  
  

  Code Sign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  21-12-2021 00:00

  Not After

  17-03-2025 23:59

  Subject

  CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  4b:dd:dc:90:28:fb:53:b2:c7:4b:ac:95:5f:6d:b0:5a:a2:a6:13:8a:51:6b:dd:75:0c:d0:7a:46:4d:3d:4c:12

  Signer

  Actual PE Digest

  4b:dd:dc:90:28:fb:53:b2:c7:4b:ac:95:5f:6d:b0:5a:a2:a6:13:8a:51:6b:dd:75:0c:d0:7a:46:4d:3d:4c:12

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  comctl32

  ImageList_GetIconSize

  ImageList_DrawEx

  _TrackMouseEvent

  InitCommonControlsEx

  ws2_32

  WSAGetLastError

  WSACleanup

  closesocket

  send

  recv

  connect

  WSAAsyncSelect

  setsockopt

  socket

  WSAStartup

  shutdown

  listen

  bind

  getpeername

  ntohs

  getsockname

  accept

  inet_addr

  htons

  gethostbyname

  shlwapi

  SHRegGetUSValueW

  PathIsRootW

  PathCombineW

  PathRemoveFileSpecW

  kernel32

  GetSystemTime

  FreeResource

  LockResource

  LoadResource

  SizeofResource

  FindResourceW

  GetSystemDefaultLangID

  LoadLibraryA

  CopyFileW

  TerminateProcess

  OpenProcess

  CreateMutexW

  SetLastError

  GetStartupInfoW

  HeapAlloc

  GetProcessHeap

  HeapFree

  VirtualAlloc

  VirtualFree

  QueryDosDeviceW

  SetErrorMode

  DeleteFileW

  RemoveDirectoryW

  MoveFileW

  MoveFileExW

  CreateDirectoryW

  GetFileAttributesW

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetComputerNameW

  GetVolumeInformationW

  GetDiskFreeSpaceW

  GetFullPathNameW

  GetFileSize

  FindFirstFileW

  FindNextFileW

  GetDriveTypeW

  GetThreadPriority

  CreateEventW

  GetProcAddress

  FreeLibrary

  GetModuleFileNameW

  FileTimeToSystemTime

  GetCurrentDirectoryW

  GetFileAttributesExW

  LocalFileTimeToFileTime

  SystemTimeToFileTime

  FileTimeToLocalFileTime

  SystemTimeToTzSpecificLocalTime

  __C_specific_handler

  WaitForMultipleObjects

  GetSystemDirectoryW

  LoadLibraryW

  ExpandEnvironmentStringsW

  GetSystemInfo

  GetVersionExA

  LocalFree

  LocalAlloc

  ConnectNamedPipe

  CreateNamedPipeW

  GetTimeZoneInformation

  MulDiv

  GetTimeFormatW

  GetNumberFormatW

  GetDateFormatW

  MultiByteToWideChar

  HeapCreate

  HeapSetInformation

  GetModuleFileNameA

  FlsAlloc

  TlsSetValue

  FlsFree

  TlsFree

  FlsSetValue

  FlsGetValue

  GetModuleHandleA

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  GetStartupInfoA

  GetCommandLineA

  CreateThread

  ExitThread

  SetFilePointer

  GetTempPathW

  CreateFileW

  FreeConsole

  AllocConsole

  SetStdHandle

  SetConsoleScreenBufferSize

  ExitProcess

  QueryPerformanceFrequency

  QueryPerformanceCounter

  WriteFile

  FlushFileBuffers

  GetStdHandle

  GetFileType

  GetConsoleScreenBufferInfo

  SetConsoleTextAttribute

  WriteConsoleW

  GetLocaleInfoW

  GetCalendarInfoW

  DeviceIoControl

  GetOverlappedResult

  ResetEvent

  Sleep

  FindNextChangeNotification

  FindFirstChangeNotificationW

  GetFileInformationByHandle

  GetLocalTime

  FindCloseChangeNotification

  FindClose

  GetSystemTimeAsFileTime

  GetCurrentThread

  SetThreadPriority

  InitializeCriticalSection

  WaitForSingleObject

  DeleteCriticalSection

  EnterCriticalSection

  GetTickCount

  LeaveCriticalSection

  SetEvent

  GetCommandLineW

  GetCurrentThreadId

  GetModuleHandleW

  ReadFile

  GetLastError

  CloseHandle

  WideCharToMultiByte

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  SetHandleCount

  GetCurrentProcessId

  HeapReAlloc

  LCMapStringA

  LCMapStringW

  GetStringTypeA

  GetStringTypeW

  GetLocaleInfoA

  HeapSize

  GetWindowsDirectoryW

  user32

  IsWindowVisible

  SetCursor

  SetCapture

  ChangeClipboardChain

  DrawEdge

  DrawFrameControl

  EqualRect

  GetSubMenu

  GetMenu

  SetClipboardViewer

  EnumWindows

  ActivateKeyboardLayout

  LoadIconW

  IsDlgButtonChecked

  SetScrollInfo

  UpdateWindow

  ScrollWindowEx

  SetDlgItemInt

  GetMenuState

  RemoveMenu

  GetMenuItemID

  GetMenuDefaultItem

  EnableMenuItem

  AdjustWindowRect

  GetSysColorBrush

  OffsetRect

  InvalidateRgn

  MessageBeep

  SetCursorPos

  GetDlgItemInt

  GetDlgCtrlID

  SendDlgItemMessageW

  GetDesktopWindow

  ValidateRect

  CharLowerW

  CharUpperW

  CreateIconIndirect

  UnregisterHotKey

  PostQuitMessage

  IsClipboardFormatAvailable

  OpenIcon

  GetForegroundWindow

  AttachThreadInput

  SetActiveWindow

  BringWindowToTop

  EnumChildWindows

  CheckDlgButton

  GetMenuItemInfoW

  GetKeyboardLayoutList

  LoadCursorW

  GetScrollInfo

  InvalidateRect

  ClientToScreen

  ScreenToClient

  ShowWindow

  IsIconic

  GetWindowPlacement

  IsZoomed

  GetWindowTextLengthW

  GetWindowTextW

  GetParent

  CopyRect

  EmptyClipboard

  SetClipboardData

  GetWindowLongPtrW

  SetWindowLongPtrW

  SetFocus

  PtInRect

  FindWindowW

  InsertMenuW

  SetDlgItemTextW

  SetForegroundWindow

  BeginPaint

  EndPaint

  OpenClipboard

  GetClipboardData

  CloseClipboard

  FillRect

  CreateWindowExW

  GetClassInfoExW

  RegisterClassExW

  GetAsyncKeyState

  GetClientRect

  GetCapture

  GetLastActivePopup

  ReleaseCapture

  IsWindowEnabled

  GetFocus

  GetNextDlgTabItem

  EnableWindow

  SetWindowPos

  SetWindowTextW

  SetWindowLongW

  MessageBoxW

  DialogBoxIndirectParamW

  DrawTextW

  GetMenuItemCount

  CreatePopupMenu

  AppendMenuW

  DeleteMenu

  SetMenuItemInfoW

  GetWindowLongW

  AdjustWindowRectEx

  CallWindowProcW

  GetDlgItem

  GetWindowRect

  MapWindowPoints

  IntersectRect

  GetMonitorInfoW

  SystemParametersInfoW

  GetDC

  ReleaseDC

  SetWindowsHookExW

  PeekMessageW

  WaitMessage

  SetMenu

  RegisterClipboardFormatW

  RedrawWindow

  GetMessagePos

  RegisterWindowMessageA

  ReplyMessage

  GetCursorPos

  CreateMenu

  SetMenuDefaultItem

  TrackPopupMenu

  DestroyMenu

  KillTimer

  GetDoubleClickTime

  GetKeyState

  RegisterHotKey

  PostThreadMessageW

  GetSysColor

  EndDialog

  PostMessageW

  DestroyIcon

  SetTimer

  DestroyWindow

  DefWindowProcW

  SendMessageTimeoutW

  GetWindowThreadProcessId

  IsWindow

  GetKeyNameTextW

  MapVirtualKeyExW

  GetKeyboardLayout

  UnhookWindowsHookEx

  CallNextHookEx

  GetClassNameW

  SendMessageW

  GetMessageW

  TranslateMessage

  DispatchMessageW

  GetSystemMetrics

  LoadImageW

  CreateDialogIndirectParamW

  gdi32

  GetDeviceCaps

  GetDIBits

  SelectClipRgn

  TextOutW

  SetStretchBltMode

  SetTextAlign

  CreateCompatibleBitmap

  OffsetClipRgn

  OffsetRgn

  CombineRgn

  GetDCOrgEx

  GetRandomRgn

  EnumFontFamiliesExW

  GetTextAlign

  CreateCompatibleDC

  BitBlt

  StretchDIBits

  GetRegionData

  ExtCreateRegion

  GetObjectW

  CreateFontIndirectW

  GetStockObject

  GetNearestColor

  CreateSolidBrush

  CreateRectRgn

  CreateDIBSection

  GetCurrentObject

  ExcludeClipRect

  RectVisible

  GetTextExtentExPointW

  GetTextExtentPoint32W

  DeleteDC

  SetBkMode

  CreateBitmapIndirect

  CreatePatternBrush

  SetBrushOrgEx

  SetBkColor

  SetTextColor

  PatBlt

  SelectObject

  GetTextMetricsW

  StretchBlt

  DeleteObject

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  ChooseColorW

  CommDlgExtendedError

  advapi32

  RegisterServiceCtrlHandlerW

  StartServiceCtrlDispatcherW

  DeleteService

  CloseServiceHandle

  RegOpenKeyA

  RegQueryValueW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  QueryServiceConfigW

  RegDeleteValueW

  RegSetValueExW

  RegQueryValueExW

  RegCreateKeyExW

  RegOpenKeyExW

  RegEnumKeyW

  RegCloseKey

  RegDeleteKeyW

  GetUserNameW

  QueryServiceStatusEx

  RegisterEventSourceW

  ReportEventW

  DeregisterEventSource

  CreateServiceW

  StartServiceW

  OpenSCManagerW

  OpenServiceW

  ControlService

  SetServiceStatus

  shell32

  DragFinish

  DragAcceptFiles

  Shell_NotifyIconW

  SHBrowseForFolderW

  SHGetFileInfoW

  DragQueryFileW

  SHGetSpecialFolderLocation

  ord16

  SHFileOperationW

  ShellExecuteExW

  SHGetDesktopFolder

  SHGetPathFromIDListW

  SHChangeNotify

  DragQueryPoint

  ole32

  CoTaskMemFree

  OleUninitialize

  OleInitialize

  CoCreateInstance

  CoInitializeEx

  CoUninitialize

  CLSIDFromString

  CreateStreamOnHGlobal

  CoTaskMemAlloc

  RevokeDragDrop

  DoDragDrop

  RegisterDragDrop

  ReleaseStgMedium

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 302KB - Virtual size: 302KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 71KB - Virtual size: 77KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 51KB - Virtual size: 50KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 40KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• CS2RED' Programs/Everything.lng
• CS2RED' Programs/LastActivityView.exe

  .exe windows:4 windows x86 arch:x86

  3fbcb180ebbfb0ad62cf50d337af18c5

  
  

  Code Sign

  f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-09-2019 00:00

  Not After

  09-09-2023 23:59

  Subject

  CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  11-05-2022 00:00

  Not After

  10-08-2033 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05

  Signer

  Actual PE Digest

  86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

  Imports

  msvcrt

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __wgetmainargs

  __p__fmode

  exit

  _cexit

  _XcptFilter

  _exit

  _c_exit

  _onexit

  __dllonexit

  _msize

  __set_app_type

  _controlfp

  _except_handler3

  _wcmdln

  calloc

  realloc

  _purecall

  _wcslwr

  strlen

  _itow

  _wcsnicmp

  qsort

  free

  modf

  _memicmp

  _wtoi

  memcmp

  wcstoul

  wcsrchr

  swscanf

  malloc

  _ultow

  wcscmp

  ??3@YAXPAX@Z

  ??2@YAPAXI@Z

  memcpy

  wcslen

  wcscpy

  memset

  _wcsicmp

  wcschr

  _snwprintf

  wcscat

  wcsncat

  comctl32

  CreateToolbarEx

  CreateStatusWindowW

  ImageList_SetImageCount

  ImageList_Create

  ord17

  ImageList_Add

  ImageList_AddMasked

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  kernel32

  GetCurrentProcessId

  ExitProcess

  GetLogicalDrives

  GetLongPathNameW

  QueryDosDeviceW

  GetVolumeInformationW

  OpenProcess

  EnumResourceTypesW

  GetModuleHandleA

  GetStartupInfoW

  GetModuleHandleW

  ReadProcessMemory

  SetErrorMode

  DeleteFileW

  CloseHandle

  GetFileSize

  SystemTimeToFileTime

  FileTimeToSystemTime

  GetSystemTimeAsFileTime

  GetDriveTypeW

  CompareFileTime

  LoadLibraryW

  GetProcAddress

  FreeLibrary

  GetTickCount

  GetWindowsDirectoryW

  ExpandEnvironmentStringsW

  GetLastError

  GetDateFormatW

  FindNextFileW

  SizeofResource

  GetTempFileNameW

  GlobalLock

  FormatMessageW

  FindFirstFileW

  GetVersionExW

  FindClose

  GetTimeFormatW

  GetFileAttributesW

  FileTimeToLocalFileTime

  ReadFile

  FindResourceW

  WriteFile

  GetModuleFileNameW

  LocalFree

  LoadResource

  CreateFileW

  TzSpecificLocalTimeToSystemTime

  LockResource

  SystemTimeToTzSpecificLocalTime

  lstrcpyW

  MultiByteToWideChar

  lstrlenW

  LocalFileTimeToFileTime

  LoadLibraryExW

  GlobalAlloc

  GetSystemDirectoryW

  GlobalUnlock

  WideCharToMultiByte

  GetTempPathW

  GetCurrentProcess

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileIntW

  EnumResourceNamesW

  GetStdHandle

  user32

  ChildWindowFromPoint

  LoadCursorW

  SetCursor

  GetSysColorBrush

  ShowWindow

  GetDlgItemInt

  SetDlgItemInt

  DeferWindowPos

  CreateWindowExW

  BeginPaint

  EndPaint

  GetWindow

  GetClientRect

  SendDlgItemMessageW

  DrawFrameControl

  EndDialog

  SetWindowLongW

  GetDlgItem

  SetWindowTextW

  UpdateWindow

  SendMessageW

  SetDlgItemTextW

  InvalidateRect

  GetDlgItemTextW

  GetWindowRect

  GetSystemMetrics

  RegisterClassW

  PostMessageW

  MessageBoxW

  TranslateAcceleratorW

  SetMenu

  SetWindowPos

  GetWindowPlacement

  LoadAcceleratorsW

  DefWindowProcW

  LoadImageW

  GetSysColor

  GetWindowLongW

  EndDeferWindowPos

  BeginDeferWindowPos

  SetFocus

  KillTimer

  SetTimer

  GetParent

  OpenClipboard

  CheckMenuItem

  GetMenuStringW

  GetMenuItemCount

  CloseClipboard

  CheckMenuRadioItem

  SetClipboardData

  EnableWindow

  GetCursorPos

  MapWindowPoints

  GetMenu

  GetSubMenu

  GetDC

  EmptyClipboard

  EnableMenuItem

  ReleaseDC

  GetClassNameW

  MoveWindow

  DialogBoxParamW

  CreateDialogParamW

  EnumChildWindows

  DestroyWindow

  LoadStringW

  GetDesktopWindow

  GetWindowTextW

  LoadMenuW

  ModifyMenuW

  GetMenuItemInfoW

  GetDlgCtrlID

  DestroyMenu

  DestroyIcon

  LoadIconW

  GetKeyState

  RegisterWindowMessageW

  TrackPopupMenu

  PostQuitMessage

  GetMessageW

  DispatchMessageW

  IsDialogMessageW

  TranslateMessage

  DrawTextExW

  CreatePopupMenu

  CallWindowProcW

  gdi32

  CreateFontIndirectW

  SetTextColor

  DeleteObject

  DeleteDC

  GetObjectW

  SetBkMode

  GetStockObject

  GetTextExtentPoint32W

  SetBkColor

  GetDeviceCaps

  GetPixel

  SetPixel

  SelectObject

  CreateCompatibleDC

  comdlg32

  FindTextW

  GetSaveFileNameW

  advapi32

  RegOpenKeyExW

  RegConnectRegistryW

  RegEnumKeyExW

  RegQueryValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  OpenSCManagerW

  ControlService

  StartServiceW

  QueryServiceStatus

  CloseServiceHandle

  OpenServiceW

  RegCloseKey

  shell32

  SHGetFileInfoW

  ShellExecuteW

  SHGetMalloc

  SHBindToParent

  SHGetDesktopFolder

  SHGetPathFromIDListW

  ole32

  CoInitialize

  CoUninitialize

  CoCreateInstance

  oleaut32

  VariantTimeToSystemTime

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 72KB - Virtual size: 71KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 62KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 22KB - Virtual size: 21KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• CS2RED' Programs/SC INSTALLER.exe

  .exe windows:6 windows x86 arch:x86

  4d363d3b473a6c355539abd95921390d

  
  

  Code Sign

  cd:ce:da:a4:68:18:70

  Certificate

  Issuer

  CN=HarpyGuard

  Not Before

  26-07-2023 21:00

  Not After

  26-07-2024 21:00

  Subject

  CN=HarpyGuard

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  44:2a:f0:fd:dd:29:4e:cc:c2:9e:36:ff:d7:bc:24:61:9d:7a:d1:32:58:e3:41:b0:69:c0:d4:84:bc:92:21:d1

  Signer

  Actual PE Digest

  44:2a:f0:fd:dd:29:4e:cc:c2:9e:36:ff:d7:bc:24:61:9d:7a:d1:32:58:e3:41:b0:69:c0:d4:84:bc:92:21:d1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb

  Imports

  kernel32

  CreateFileW

  CloseHandle

  WriteFile

  DeleteFileW

  HeapDestroy

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  GetProcessHeap

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  CreateEventExW

  WaitForSingleObject

  CreateProcessW

  GetLastError

  GetExitCodeProcess

  SetEvent

  RemoveDirectoryW

  GetProcAddress

  GetModuleHandleW

  GetWindowsDirectoryW

  CreateDirectoryW

  GetTempPathW

  GetTempFileNameW

  MoveFileW

  EnterCriticalSection

  LeaveCriticalSection

  GetModuleFileNameW

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  GetCurrentThreadId

  RaiseException

  SetLastError

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  MulDiv

  lstrcmpW

  CreateEventW

  FindClose

  FindFirstFileW

  GetFullPathNameW

  InitializeCriticalSection

  lstrcpynW

  CreateThread

  LoadLibraryExW

  GetCurrentProcess

  Sleep

  WideCharToMultiByte

  GetDiskFreeSpaceExW

  DecodePointer

  GetExitCodeThread

  GetCurrentProcessId

  FreeLibrary

  GetSystemDirectoryW

  lstrlenW

  VerifyVersionInfoW

  VerSetConditionMask

  lstrcmpiW

  LoadLibraryW

  GetDriveTypeW

  CompareStringW

  FindNextFileW

  GetLogicalDriveStringsW

  GetFileSize

  GetFileAttributesW

  GetShortPathNameW

  SetFileAttributesW

  GetFileTime

  CopyFileW

  ReadFile

  SetFilePointer

  SetFileTime

  SystemTimeToFileTime

  MultiByteToWideChar

  GetSystemInfo

  WaitForMultipleObjects

  GetVersionExW

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  GetStringTypeW

  LocalFree

  LocalAlloc

  SetUnhandledExceptionFilter

  FileTimeToSystemTime

  GetEnvironmentVariableW

  GetSystemTime

  GetDateFormatW

  GetTimeFormatW

  GetLocaleInfoW

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  FormatMessageW

  GetEnvironmentStringsW

  InitializeCriticalSectionEx

  LoadLibraryA

  GetModuleFileNameA

  GetCurrentThread

  GetConsoleOutputCP

  FlushFileBuffers

  Wow64DisableWow64FsRedirection

  Wow64RevertWow64FsRedirection

  IsWow64Process

  SetConsoleTextAttribute

  GetStdHandle

  GetConsoleScreenBufferInfo

  OutputDebugStringW

  GetTickCount

  GetCommandLineW

  SetCurrentDirectoryW

  SetEndOfFile

  EnumResourceLanguagesW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetLocalTime

  ResetEvent

  GlobalFree

  GetPrivateProfileStringW

  GetPrivateProfileSectionNamesW

  WritePrivateProfileStringW

  CreateNamedPipeW

  ConnectNamedPipe

  TerminateThread

  CompareFileTime

  CopyFileExW

  OpenEventW

  PeekNamedPipe

  WaitForSingleObjectEx

  QueryPerformanceCounter

  QueryPerformanceFrequency

  EncodePointer

  LCMapStringEx

  CompareStringEx

  GetCPInfo

  GetSystemTimeAsFileTime

  IsDebuggerPresent

  InitializeSListHead

  InterlockedPopEntrySList

  InterlockedPushEntrySList

  FlushInstructionCache

  IsProcessorFeaturePresent

  VirtualAlloc

  VirtualFree

  UnhandledExceptionFilter

  TerminateProcess

  GetStartupInfoW

  RtlUnwind

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  ExitThread

  FreeLibraryAndExitThread

  GetModuleHandleExW

  ExitProcess

  GetFileType

  LCMapStringW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  GetTimeZoneInformation

  GetConsoleMode

  GetFileSizeEx

  SetFilePointerEx

  FindFirstFileExW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCommandLineA

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  SetStdHandle

  ReadConsoleW

  WriteConsoleW

  GetProcessAffinityMask

  GetModuleHandleA

  GlobalMemoryStatus

  ReleaseSemaphore

  CreateSemaphoreW

  Sections

  .text

  Size: 2.4MB - Virtual size: 2.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 563KB - Virtual size: 562KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 14KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 198KB - Virtual size: 198KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 160KB - Virtual size: 159KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• CS2RED' Programs/shellbag_analyzer_cleaner.exe

  .exe windows:4 windows x86 arch:x86

  
  

  Code Sign

  a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-11-2020 00:00

  Not After

  18-11-2023 23:59

  Subject

  CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19

  Certificate

  Issuer

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  18-11-2020 00:00

  Not After

  18-11-2023 23:59

  Subject

  CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  12-03-2019 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-11-2018 00:00

  Not After

  31-12-2030 23:59

  Subject

  CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b

  Certificate

  Issuer

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  23-10-2020 00:00

  Not After

  22-01-2032 23:59

  Subject

  CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  02-05-2019 00:00

  Not After

  18-01-2038 23:59

  Subject

  CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

  Signer

  Actual PE Digest

  fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

  Signer

  Actual PE Digest

  da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 970KB - Virtual size: 970KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 6KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 36B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 62KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 397KB - Virtual size: 397KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• CS2RED' Programs/tsc.txt