5ff98fd3f993440fecc7fab2553f120d560568d385b9a005e591fbd2b5797842

Sharing

Copy URL

Twitter E-mail

General

Target

5ff98fd3f993440fecc7fab2553f120d560568d385b9a005e591fbd2b5797842
Size

3.2MB
MD5

83088f1fd0fa6b4a8cf82f0eecd21ab8
SHA1

b30d1d55bb070c9b920d1927cf866d43f757aa5e
SHA256

5ff98fd3f993440fecc7fab2553f120d560568d385b9a005e591fbd2b5797842
SHA512

4952c628d0b13c8c05d665c09c63d6a0d0bb501cef7327214404607b5bbd3ea0b9a87fcabedab3e7e30f5aa33f1b6d0e85be056b54e2d1b2bfda565c86de4416
SSDEEP

98304:rWtFMKXiSdadVSQ7Q+8CCY5vizmbIrJhLg:rWkDdVb7QPCD5vwrJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
5ff98fd3f993440fecc7fab2553f120d560568d385b9a005e591fbd2b5797842
unpack001/$PLUGINSDIR/ApplicationID.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/uninstall.exe
unpack001/vdd/devcon.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack003/$PLUGINSDIR/nsExec.dll

Files

5ff98fd3f993440fecc7fab2553f120d560568d385b9a005e591fbd2b5797842
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApplicationID.dll
.dll windows:6 windows x86 arch:x86

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\NSIS-ApplicationID\Release\ApplicationID.pdb

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcpynA
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
CreateFileW

shell32

SHCreateItemFromParsingName
SHGetPropertyStoreFromParsingName

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHStrDupW

Exports

Exports

Set
UninstallJumpLists
UninstallPinnedItem

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecd.exe
.exe windows:6 windows x64 arch:x64

3821a32389f3ecec86fb398997a8de74

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:e7:83:3a:17:df:07:ca:77:14:53:37:68:3e:e2:c5:dd:30:84:3c:d1:59:93:dd:68:e0:b0:e0:9d:15:72:30
Signer

Actual PE Digest

ca:e7:83:3a:17:df:07:ca:77:14:53:37:68:3e:e2:c5:dd:30:84:3c:d1:59:93:dd:68:e0:b0:e0:9d:15:72:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WriteFile
SetLastError
GetCommandLineA
GetFullPathNameW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
LoadLibraryW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetStartupInfoW
HeapReAlloc
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
HeapSize
GetProcessHeap
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
RaiseException
InitializeSListHead
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
FreeLibrary
SetUnhandledExceptionFilter
GetStdHandle
CopyFileW
FindNextFileW
FindFirstFileW
FindClose
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
GetLastError
FreeEnvironmentStringsW
GetSystemDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
CloseHandle
GetFileInformationByHandle
CreateFileW
DeviceIoControl
RtlCaptureContext
GetModuleFileNameW

shell32

SHGetKnownFolderPath
ord165

user32

MessageBoxW

bcrypt

BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptFinishHash

crypt32

CertFreeCertificateContext
CryptBinaryToStringW

msi

ord224

ole32

CoTaskMemFree

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pservice.exe
.exe windows:6 windows x64 arch:x64

0f9bb30e6a49440728ecf8a756960dd2

Code Sign

0f:f5:0e:15:d1:d2:93:3d:fe:2a:27:b8:df:b2:5e:5e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-05-2020 00:00

Not After

26-04-2023 12:00

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:5e:4f:7f:9b:a5:02:63:b4:11:06:1b:ef:28:28:a3:a6:b7:79:a0:ab:d3:76:55:2b:ae:0b:22:f1:bb:1d:9a
Signer

Actual PE Digest

6a:5e:4f:7f:9b:a5:02:63:b4:11:06:1b:ef:28:28:a3:a6:b7:79:a0:ab:d3:76:55:2b:ae:0b:22:f1:bb:1d:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
FindClose
FindNextFileW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetCurrentThreadId
QueryPerformanceCounter
SetWaitableTimerEx
CreateWaitableTimerW
SetLastError
GetFileType
ExitProcess
TerminateProcess
GetModuleHandleExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetFileAttributesExW
GetStartupInfoW
HeapReAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
HeapSize
GetCPInfo
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetStringTypeW
FlushFileBuffers
WriteConsoleW
RaiseException
InitializeSListHead
GetCommandLineA
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
GetConsoleMode
FreeLibrary
CreateProcessW
SetUnhandledExceptionFilter
GetStdHandle
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
FreeEnvironmentStringsW
CreateFileW
SetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
FindFirstFileExW
GetExitCodeProcess
ConnectNamedPipe
QueryFullProcessImageNameW
WTSGetActiveConsoleSessionId
CloseHandle
Process32FirstW
Process32NextW
GetLastError
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
DisconnectNamedPipe
GetNamedPipeClientProcessId
CreateNamedPipeW
WriteFile
CallNamedPipeW
ReadFile
IsDebuggerPresent
GetModuleFileNameW

shlwapi

PathFileExistsW

shell32

SHGetKnownFolderPath

advapi32

RegQueryValueExW
ReportEventW
RegisterEventSourceW
DuplicateTokenEx
StartServiceCtrlDispatcherW
CreateProcessAsUserW
RegOpenKeyExW
InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
SetServiceStatus
SetTokenInformation
RegCloseKey
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
DeregisterEventSource
RegDeleteValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

crypt32

CertFreeCertificateContext
CryptBinaryToStringW

msi

ord224

ole32

CoTaskMemFree

sas

SendSAS

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.json
skel/appdata.json
skel/parsecd-150-88a.dll
.dll windows:6 windows x64 arch:x64

e6581bd4e20f65a3d918e17d6986f932

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:26:4d:f5:ed:15:5a:3b:bb:67:7d:6e:df:70:7f:8f:a2:84:9d:68:94:63:75:fa:8d:e2:ec:12:57:0a:ff:ae
Signer

Actual PE Digest

9a:26:4d:f5:ed:15:5a:3b:bb:67:7d:6e:df:70:7f:8f:a2:84:9d:68:94:63:75:fa:8d:e2:ec:12:57:0a:ff:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockShared
GlobalSize
GlobalAlloc
WriteFile
GetOverlappedResult
WaitForSingleObjectEx
LoadLibraryExW
SetThreadErrorMode
SwitchToThread
GetFileAttributesW
GetModuleHandleExW
ResetEvent
GetSystemTimeAsFileTime
ResumeThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GlobalFree
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
GetFileType
WriteConsoleW
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
ReadFile
HeapFree
HeapAlloc
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
MoveFileExW
SetWaitableTimerEx
CompareStringW
LCMapStringW
OutputDebugStringW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
HeapSize
GetFileAttributesExW
ReadConsoleW
GetFullPathNameW
SetStdHandle
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetEndOfFile
InitializeSListHead
FindFirstFileExW
InitializeCriticalSectionEx
GetThreadTimes
InitializeCriticalSection
CopyFileW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetDateFormatW
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleWindow
SetConsoleTitleW
SetConsoleOutputCP
SetConsoleMode
GetConsoleMode
AttachConsole
AllocConsole
CreateProcessW
SetUnhandledExceptionFilter
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetSystemDirectoryW
SetProcessShutdownParameters
SetEnvironmentVariableW
GetCommandLineW
SetPriorityClass
CallNamedPipeW
GetFileInformationByHandle
CreateFileW
DeviceIoControl
GetComputerNameW
GetExitCodeProcess
SetEvent
GetCurrentProcess
GetModuleFileNameW
QueryFullProcessImageNameW
CreateThread
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrlenA
SetLastError
Sleep
GetCurrentThreadId
GetModuleHandleW
AcquireSRWLockExclusive
GetCurrentThread
ReleaseSRWLockExclusive
VerifyVersionInfoW
VerSetConditionMask
GlobalUnlock
GlobalLock
FreeLibrary
GetProcAddress
LoadLibraryW
SetThreadExecutionState
GetCommandLineA
GetCurrentProcessId
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
CreateEventW
LocalFree
GetProcessHeap
CloseHandle
CreateWaitableTimerW
GetLastError
OpenProcess
GetTimeFormatW
WaitForSingleObject

shlwapi

PathFileExistsW
StrStrIA
StrStrW
ord12
StrStrIW

shell32

ExtractIconExW
SetCurrentProcessExplicitAppUserModelID
Shell_NotifyIconGetRect
Shell_NotifyIconW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetKnownFolderPath

user32

ClipCursor
ScreenToClient
GetCursor
SetCursor
SetCursorPos
AdjustWindowRect
GetWindowRect
ReleaseDC
GetDC
SetForegroundWindow
GetMenuItemInfoW
InsertMenuItemW
EndMenu
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
MapVirtualKeyW
GetPointerPenInfo
GetPointerType
GetKeyNameTextW
EnumDisplayDevicesW
EmptyClipboard
WindowFromDC
PostThreadMessageW
SetWindowsHookExW
TranslateMessage
UnhookWindowsHookEx
DispatchMessageW
CallNextHookEx
MonitorFromWindow
GetWindowLongPtrW
GetKeyboardLayout
GetAsyncKeyState
GetMessageExtraInfo
GetMonitorInfoW
EnumDisplayMonitors
GetRawInputData
SetClipboardData
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
RegisterRawInputDevices
MessageBoxW
GetRawInputDeviceInfoW
GetKeyState
SetLayeredWindowAttributes
PeekMessageW
GetLayeredWindowAttributes
GetCursorPos
GetForegroundWindow
WindowFromPoint
GetWindowThreadProcessId
SetDisplayConfig
GetClientRect
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
SetWindowLongPtrW
GetClassLongPtrW
LoadCursorW
SendInput
DisplayConfigGetDeviceInfo
QueryDisplayConfig
GetWindowTextW
SetWindowPos
GetDoubleClickTime
PostQuitMessage
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageW
GetIconInfo
DestroyIcon
ChangeDisplaySettingsExW
PostMessageW
CreateIconIndirect
EnumDisplaySettingsW
OpenClipboard
CloseClipboard
GetClipboardData
GetClipboardSequenceNumber
IsClipboardFormatAvailable
SetThreadDesktop
CloseDesktop
MonitorFromPoint
OpenInputDesktop
GetSystemMetrics
GetCursorInfo
GetMessageW
LockWorkStation
AddClipboardFormatListener
wsprintfW
EnumWindows
AllowSetForegroundWindow
GetWindowLongW
GetAncestor
ShowWindow
SendMessageW
ClientToScreen

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

sendto
WSAPoll
htons
htonl
recvfrom
socket
getsockname
send
getnameinfo
connect
recv
inet_ntop
bind
getaddrinfo
select
WSAStartup
ntohs
ntohl
WSACleanup
WSAIoctl
WSAGetLastError
setsockopt
shutdown
ioctlsocket
WSASetLastError
freeaddrinfo
closesocket
inet_addr
WSASendMsg
inet_pton

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmReleaseContext
ImmDisableIME
ImmSetCompositionWindow
ImmGetContext

advapi32

CreateProcessAsUserW
RegQueryInfoKeyW
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegEnumKeyW
GetTokenInformation
QueryServiceStatusEx
OpenServiceW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
ControlService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
OpenThreadToken
DuplicateTokenEx
SetThreadToken
LogonUserW
IsWellKnownSid
SetTokenInformation
RegDeleteValueW
FreeSid
RegSetValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegOpenCurrentUser
GetEffectiveRightsFromAclW
RegEnumKeyExW

wtsapi32

WTSFreeMemory
WTSLogoffSession
WTSQuerySessionInformationW
WTSConnectSessionW
WTSQueryUserToken
WTSEnumerateSessionsW

dxgi

CreateDXGIFactory2
CreateDXGIFactory1

winmm

timeBeginPeriod
timeEndPeriod

dwmapi

DwmGetWindowAttribute

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateBitmap
GetBitmapBits

bcrypt

BCryptDestroyKey
BCryptDecrypt
BCryptFinishHash
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGenRandom
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptEncrypt

schannel

QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
FreeContextBuffer

secur32

EncryptMessage
SetContextAttributesW
DecryptMessage

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetScaleFactorForMonitor

crypt32

CryptBinaryToStringA
CertCreateSelfSignCertificate
CryptUnprotectData
CryptProtectData
CryptBinaryToStringW
CertStrToNameW
CertFreeCertificateContext

opengl32

glGetTexLevelParameteriv
wglMakeCurrent
wglDeleteContext
wglCreateContext
wglGetCurrentDC
wglShareLists
glDisable
glTexImage2D
glGetBooleanv
wglGetProcAddress
glEnable
wglGetCurrentContext
glGetIntegerv
glFlush
glDeleteTextures
glGenTextures
glBindTexture

xinput1_4

ord2
ord3

windowscodecs

WICConvertBitmapSource

d3d11

D3D11CreateDevice

d3d12

D3D12SerializeRootSignature
ord101

hid

HidP_GetUsages
HidP_GetUsageValue
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps

cfgmgr32

CM_Get_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Status

msi

ord224

iphlpapi

FreeMibTable
GetIfTable2Ex
GetBestInterfaceEx
GetIpAddrTable
GetBestRoute
GetAdaptersAddresses

ole32

GetHGlobalFromStream
CoTaskMemAlloc
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
PropVariantClear
CoUninitialize

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

winhttp

WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketClose
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketCompleteUpgrade
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback

Exports

Exports

console_main
wx_main

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
teams.exe
.exe windows:6 windows x64 arch:x64

ca031310eb12b349b9b999ebbe0436d0

Code Sign

0f:f5:0e:15:d1:d2:93:3d:fe:2a:27:b8:df:b2:5e:5e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-05-2020 00:00

Not After

26-04-2023 12:00

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca
Signer

Actual PE Digest

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
MultiByteToWideChar
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindNextFileW
CloseHandle
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
GetConsoleMode
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetWaitableTimer
CreateWaitableTimerW
RtlUnwindEx
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlPcToFileHeader
WriteFile
GetFileType
WriteConsoleW
OutputDebugStringW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
SetEndOfFile
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineW
GetCommandLineA
SetLastError
GetLastError
GetComputerNameW
LocalFree

crypt32

CryptProtectData

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 184KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/BITMAP/110.bmp
.rsrc/DIALOG/104
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/107
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/ICON/2.ico
.rsrc/ICON/3.ico
.rsrc/ICON/4
.png
.rsrc/ICON/5.ico
.rsrc/ICON/6.ico
.rsrc/ICON/7.ico
.rsrc/MANIFEST/1
.xml
.text
vdd/devcon.exe
.exe windows:10 windows x64 arch:x64

68d7a4b13b38a420769678c927abc196

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

devcon.pdb

Imports

advapi32

RegQueryValueExW
InitiateSystemShutdownExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenServiceW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
CloseServiceHandle

kernel32

GetCurrentProcess
FormatMessageW
GetLastError
CloseHandle
LocalFree
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetDateFormatW
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
GetFileAttributesW
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep

msvcrt

?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
memset
__iob_func
_initterm
_XcptFilter
free
_callnewh
malloc
wprintf
towupper
wcsrchr
_wcsnicmp
fputs
wcschr
iswalpha
fputws
_wcsicmp
towlower

ole32

CLSIDFromString

setupapi

SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiSetClassInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildClassInfoListExW
SetupDiCreateDeviceInfoW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
CM_Free_Log_Conf_Handle
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameExW
CM_Get_Device_ID_ExW
SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupScanFileQueueW
SetupDiGetClassDescriptionExW
SetupOpenFileQueue
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Status_Ex
SetupCloseInfFile
CM_Get_Res_Des_Data_Ex
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiGetDeviceInstallParamsW
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
CM_Get_First_Log_Conf_Ex
SetupDiGetDriverInfoDetailW
CM_Get_Res_Des_Data_Size_Ex
SetupDiBuildDriverInfoList
SetupGetStringFieldW
SetupDiCallClassInstaller

user32

CharPrevW
CharNextW
LoadStringW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdd/mm.cat
vdd/mm.dll
.dll windows:10 windows x64 arch:x64

961914856f133f1f3078d8395b47963c

Code Sign

33:00:00:00:57:ee:4d:65:9a:92:3e:7c:10:00:00:00:00:00:57
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-06-2022 18:08

Not After

01-06-2023 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:e6:36:d0:0b:71:86:0d:a5:b4:b6:15:f9:21:26:34:77:f0:3e:39:3c:d2:93:08:46:5c:bd:9c:9a:8e:76:65
Signer

Actual PE Digest

0e:e6:36:d0:0b:71:86:0d:a5:b4:b6:15:f9:21:26:34:77:f0:3e:39:3c:d2:93:08:46:5c:bd:9c:9a:8e:76:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\gitsrc\parsec-cloud\magic-mirror\driver\x64\Release\mm.pdb

Imports

ntdll

DbgPrintEx
RtlInitUnicodeString

kernel32

GetCurrentProcess
InitializeCriticalSectionEx
CreateThread
Sleep
CreateEventW
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
CloseHandle
SetUnhandledExceptionFilter
DeleteCriticalSection
RtlVirtualUnwind
SetEvent
WaitForMultipleObjects
GetCurrentThreadId
ResetEvent
WaitForSingleObjectEx
WaitForMultipleObjectsEx
DebugBreak
OutputDebugStringA
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
RtlCaptureContext
FlsFree
FlsSetValue
__C_specific_handler
IsProcessorFeaturePresent
GetCurrentProcessId
UnhandledExceptionFilter
FlsGetValue
FlsAlloc
SetLastError
InterlockedFlushSList
IsDebuggerPresent
InitializeSListHead
TerminateProcess

ole32

CoCreateGuid

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

advapi32

TraceMessage
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
EventWriteTransfer
EventRegister
RegisterTraceGuidsW
GetTraceEnableFlags

wpprecorderum

WppAutoLogStart
WppAutoLogTrace
WppAutoLogStop

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsW

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcmp
strncpy_s

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm_e
_initterm
_seh_filter_dll
_execute_onexit_table
_configure_narrow_argv
_cexit
terminate
abort
_initialize_onexit_table

Exports

Exports

FxDriverEntryUm

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vdd/mm.inf
vusb/parsec-vud.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:41:0d:38:d5:8a:b9:32:31:fa:21:f2:48:c6:7e:40:9e:28:f0:4a:25:42:0f:4b:cf:a5:0d:44:fe:91:88:b9
Signer

Actual PE Digest

8f:41:0d:38:d5:8a:b9:32:31:fa:21:f2:48:c6:7e:40:9e:28:f0:4a:25:42:0f:4b:cf:a5:0d:44:fe:91:88:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nefconc.exe
.exe windows:6 windows x64 arch:x64

dc815f97913fd406254f26cfd8b6c644

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:63:23:7b:ae:89:d8:d4:3f:bc:c6:9e:3b:e6:26:8d:02:5f:5f:16:60:62:1d:ea:94:88:b4:91:42:d0:31:4b
Signer

Actual PE Digest

ea:63:23:7b:ae:89:d8:d4:3f:bc:c6:9e:3b:e6:26:8d:02:5f:5f:16:60:62:1d:ea:94:88:b4:91:42:d0:31:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidFromStringA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

setupapi

SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupFindFirstLineW
SetupOpenInfFileW
InstallHinfSectionW
SetupDiGetActualSectionToInstallW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiEnumDriverInfoW
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyW
SetupCloseInfFile
SetupDiOpenClassRegKey

kernel32

GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetLastError
lstrlenW
LocalAlloc
GetLastError
GetCurrentThread
GetNativeSystemInfo
LoadLibraryW
GetProcAddress
LocalFree
FreeLibrary
GetEnvironmentVariableA
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetModuleFileNameA
GetCurrentProcess
CloseHandle
HeapAlloc
GetProcessHeap
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
MultiByteToWideChar
MoveFileExA
WideCharToMultiByte
FlsFree
ReadFile
CreateDirectoryW
ReadConsoleW
GetFileAttributesExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW
SetEndOfFile
GetFileAttributesA
FlsSetValue
FlsGetValue
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
RtlUnwind
GetModuleHandleW
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
WriteFile
GetCommandLineA
GetCommandLineW
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
FlsAlloc

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
CreateServiceA
AdjustTokenPrivileges
SetFileSecurityW
SetSecurityDescriptorOwner
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerA
CopySid
DeleteService
OpenProcessToken
FreeSid
GetFileSecurityW
CheckTokenMembership
InitializeSecurityDescriptor
GetLengthSid
OpenServiceA
GetTokenInformation
RegCloseKey
RegSetValueExW
RegQueryValueExW

shell32

ord730

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecudeaudio/parsecudeaudio.cat
parsecudeaudio/parsecudeaudio.inf
parsecudeaudio/parsecudeaudio.sys
.sys windows:10 windows x64 arch:x64

d0594eb75f6f68f522b582afb130369a

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-04-2023 19:16

Not After

03-04-2024 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:28:96:ce:1e:04:87:5f:6c:01:38:d4:21:b3:17:29:e6:23:11:68:6a:18:bd:57:7f:c8:7e:d3:08:8b:85:95
Signer

Actual PE Digest

32:28:96:ce:1e:04:87:5f:6c:01:38:d4:21:b3:17:29:e6:23:11:68:6a:18:bd:57:7f:c8:7e:d3:08:8b:85:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\gitsrc\parsec-cloud\usb-ip\parsecudeaudio\src\x64\Release\parsecudeaudio.pdb

Imports

ntoskrnl.exe

IoBuildSynchronousFsdRequest
KeInitializeSpinLock
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
IoAttachDeviceToDeviceStack
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoForwardIrpSynchronously
strcmp
RtlAssert
KeDelayExecutionThread
ZwClose
_vsnwprintf
strncpy_s
_vsnprintf
RtlCompareMemory
ZwOpenKey
ZwQueryValueKey
KeCapturePersistentThreadState
ZwWriteFile
NtBuildNumber
DbgPrintEx
RtlCaptureContext
SeTokenIsAdmin
KeInitializeTriageDumpDataArray
KeAddTriageDumpDataBlock
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
KeResetEvent
KeSetEvent
EtwUnregister
EtwRegister
IoWMIRegistrationControl
MmGetSystemRoutineAddress
RtlInitUnicodeString
EtwWriteTransfer
ExFreePoolWithTag
IofCallDriver
RtlCopyUnicodeString
ExAllocatePoolWithTag
KeWaitForSingleObject
sprintf_s
KeInitializeEvent

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile
WerLiveKernelCancelReport
WerLiveKernelCreateReport
WerLiveKernelSubmitReport

wpprecorder.sys

imp_WppRecorderLogGetDefault
imp_WppRecorderLogDelete
imp_WppRecorderLogCreate
imp_WppRecorderReplay
WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderIsDefaultLogAvailable

wdfldr.sys

WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGED
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcvudhc/parsecvusba.cat
pcvudhc/parsecvusba.inf
pcvudhc/parsecvusba.sys
.sys windows:10 windows x64 arch:x64

a045be2069c04d8ac7105b729900a930

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-04-2023 19:16

Not After

03-04-2024 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:b7:54:95:ee:af:25:87:31:c6:00:93:63:18:b2:56:b5:82:73:57:52:33:14:2f:4a:02:3c:f9:cf:1e:0b:2f
Signer

Actual PE Digest

47:b7:54:95:ee:af:25:87:31:c6:00:93:63:18:b2:56:b5:82:73:57:52:33:14:2f:4a:02:3c:f9:cf:1e:0b:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\gitsrc\parsec-cloud\usb-ip\pcvudhc\x64\Release\parsecvusba.pdb

Imports

ntoskrnl.exe

IoWMIRegistrationControl
strcmp
RtlAssert
SeTokenIsAdmin
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenEvent
ExEventObjectType
strncpy_s
_vsnprintf
MmGetSystemRoutineAddress
RtlAnsiCharToUnicodeChar
sprintf_s
ZwOpenKey
ZwQueryValueKey
KeCapturePersistentThreadState
ZwWriteFile
NtBuildNumber
DbgPrintEx
RtlCaptureContext
KeInitializeTriageDumpDataArray
KeAddTriageDumpDataBlock
KeDeregisterBugCheckReasonCallback
KeRegisterBugCheckReasonCallback
KeResetEvent
RtlInitUnicodeString
IoGetDeviceInterfaces
KeSetEvent
KeDelayExecutionThread
swprintf_s
KeWaitForSingleObject
KeInitializeEvent
KeClearEvent
RtlRandomEx
ExAllocatePoolWithTag
RtlCopyUnicodeString
ExFreePoolWithTag
RtlCompareMemory
RtlCompareUnicodeString

ext-ms-win-ntos-werkernel-l1-1-1

WerLiveKernelSubmitReport
WerLiveKernelCloseHandle
WerLiveKernelOpenDumpFile
WerLiveKernelCancelReport
WerLiveKernelCreateReport

hal

KeQueryPerformanceCounter

wpprecorder.sys

imp_WppRecorderLogGetDefault
imp_WppRecorderLogDelete
imp_WppRecorderLogCreate
imp_WppRecorderReplay
WppAutoLogStop
WppAutoLogStart
WppAutoLogTrace
imp_WppRecorderIsDefaultLogAvailable

wdfldr.sys

WdfVersionBind
WdfVersionUnbind
WdfVersionUnbindClass
WdfVersionBindClass

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGED
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vusbinstall.bat
vusbuninstall.bat
wscripts/firewall-add.vbs
.vbs
wscripts/firewall-remove.vbs
.vbs
wscripts/legacy-cleanup.vbs
.vbs
wscripts/service-install.vbs
.vbs
wscripts/service-kill-parsec.vbs
.vbs
wscripts/service-remove.vbs
.vbs
wscripts/vdd-install.vbs
.vbs
wscripts/vdd-remove.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 184KB

.rsrc Size: 113KB - Virtual size: 113KB

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 6KB

.gfids Size: 1024B - Virtual size: 536B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 638B

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 184KB

.rsrc
Size: 113KB - Virtual size: 113KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 1024B - Virtual size: 536B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ca:e7:83:3a:17:df:07:ca:77:14:53:37:68:3e:e2:c5:dd:30:84:3c:d1:59:93:dd:68:e0:b0:e0:9d:15:72:30
Signer

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 2KB - Virtual size: 1KB

0f:f5:0e:15:d1:d2:93:3d:fe:2a:27:b8:df:b2:5e:5e
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6a:5e:4f:7f:9b:a5:02:63:b4:11:06:1b:ef:28:28:a3:a6:b7:79:a0:ab:d3:76:55:2b:ae:0b:22:f1:bb:1d:9a
Signer