GH InJector[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

GH InJector.rar
Size

9.3MB
MD5

225885af1c67f34875ca0776c2e153c9
SHA1

4ee97b3bf67f518d2f90ba60a6497824d9f45a5d
SHA256

4ba2032956ccb3470063d363d5fdfd0bb9e969532ca14d6b5e8b680f3cc4090c
SHA512

d405f44bbd9a7ed32fde18603f86099b7be8b53387468d3fdc60c12eb8fed6d752da3435750aaa233ef76e147b0c570955ac12a6641740a92b79c75616645050
SSDEEP

196608:nwB367xAobAruCjtLEFN9PdxUpOMiaUtMDGle40iQixfdCViF8u:eyxAoErzAN5dwiaoZeJNydCVU

Score

1^/10

Malware Config

Signatures

Files

GH InJector.rar
.rar
GH InJector/GH Injector - x64.dll
.dll windows:6 windows x64 arch:x64

65873a8dc0205ce43f0d0a0208df960c

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:ce:6c:3f:4f:ec:be:17:f9:27:e2:d0:0f:13:98:df:ec:b4:40:1f
Signer

Actual PE Digest

5d:ce:6c:3f:4f:ec:be:17:f9:27:e2:d0:0f:13:98:df:ec:b4:40:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
OpenProcess
ReadProcessMemory
CreateEventExW
CreateProcessW
SetEvent
GetModuleHandleW
WriteProcessMemory
GetProcAddress
lstrlenW
LoadLibraryExW
CreateToolhelp32Snapshot
Sleep
Module32FirstW
Module32NextW
VirtualAllocEx
VirtualFreeEx
GetTempPathW
CopyFileW
QueryPerformanceCounter
GetHandleInformation
QueryFullProcessImageNameW
DeleteFileW
GetTickCount64
GetProcessId
GetExitCodeProcess
GetTickCount
GetThreadId
Wow64GetThreadContext
Wow64SetThreadContext
ResumeThread
GetThreadContext
SetThreadContext
LoadLibraryW
FreeLibrary
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
CreateEventW
VirtualAlloc
VirtualFree
CreateDirectoryW
GetFileAttributesExW
CreateFileW
SuspendThread
GetFileAttributesW
GetModuleFileNameW
InitOnceBeginInitialize
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
TerminateProcess
CloseHandle
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceComplete

user32

PostThreadMessageW

advapi32

CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

ole32

StringFromGUID2

msvcp140

??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Cnd_wait
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
_Thrd_sleep
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
_Xtime_get_ticks
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

dbghelp

SymCleanup
SymUnloadModule64
SymSetOptions
SymLoadModuleExW
SymInitializeW
SymFromName

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
wcsrchr
strchr
_purecall
__C_specific_handler
__std_terminate
memset
_CxxThrowException
__std_type_info_destroy_list
memcpy
__std_exception_copy
memcmp
memmove

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
abort
terminate
_initterm_e
_errno
_set_thread_local_invalid_parameter_handler
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-convert-l1-1-0

mbstowcs_s
_ultow_s
atoi

api-ms-win-crt-stdio-l1-1-0

fflush
__acrt_iob_func
__stdio_common_vfprintf
fputc
setvbuf
puts
__stdio_common_vsprintf_s
fclose
_get_stream_buffer_pointers
fwrite
fputwc
__stdio_common_vswprintf
ungetwc
fsetpos
_fseeki64
fgetpos
ungetc
fgetc
fgetwc
fread

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wrename
_lock_file

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
wcsftime

Exports

Exports

GetDownloadProgress
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
InterruptDownload
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector - x64.exe
.exe windows:6 windows x64 arch:x64

99b6e8eadab5f42ceaf29c8f6883c97f

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1
Signer

Actual PE Digest

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeColor
GetThemePartSize
GetThemeEnumValue
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeBool
OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion
GetCurrentThemeName
IsThemeActive
GetThemeInt
ord47
GetThemeMargins

dwmapi

DwmGetWindowAttribute
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmIsCompositionEnabled

oleaut32

SafeArrayPutElement
SysAllocString
SysFreeString
SafeArrayCreateVector

imm32

ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME

gdi32

GetDIBits
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetOutlineTextMetricsW
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
SetPixelFormat
GetPixelFormat
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

advapi32

DuplicateToken
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
AllocateAndInitializeSid
OpenProcessToken
BuildTrusteeWithSidW
CopySid
GetLengthSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

FileTimeToSystemTime
MoveFileExW
CopyFileW
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
GetCurrentDirectoryW
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
GetLogicalDrives
SetErrorMode
SetFileTime
FlushFileBuffers
SetFilePointerEx
GetFileType
SetEndOfFile
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWaitEx
CompareStringW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
MultiByteToWideChar
GetModuleHandleExW
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetSystemTimeAsFileTime
InitializeSListHead
CreateThread
lstrlenA
CloseHandle
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetLastError
Sleep
GetFileAttributesW
GetCurrentProcessId
OpenProcess
IsWow64Process
GetModuleHandleA
GetProcAddress
lstrcpyW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
DeleteFileW
SetEvent
CreateEventW
CreateProcessW
MoveFileW
lstrcmpiW
AllocConsole
GetTickCount64
lstrlenW
GetExitCodeProcess
FreeLibrary
LoadLibraryA
lstrcmpW
GetCurrentThreadId
FormatMessageW
LocalFree
WTSGetActiveConsoleSessionId
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
GlobalSize
GetUserDefaultLangID
ReadFile
WriteFile
CreateFileW
UnmapViewOfFile
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CompareStringEx
GetLocalTime
GetSystemTime
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThread
GetFileInformationByHandleEx
WaitForMultipleObjects
GetSystemInfo
GetThreadPriority
SetThreadPriority
ResumeThread
TerminateThread
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
ResetEvent
GetFileAttributesExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FindFirstFileW
FindClose
GetFullPathNameW
GetFileInformationByHandle

ole32

DoDragDrop
ReleaseStgMedium
CoLockObjectExternal
RevokeDragDrop
OleIsCurrentClipboard
OleUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance
CoUninitialize
OleSetClipboard
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
OleInitialize
OleFlushClipboard
RegisterDragDrop
OleGetClipboard

shell32

SHGetStockIconInfo
SHGetFileInfoW
SHCreateItemFromParsingName
ShellExecuteW
DragQueryFileW
ord6
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHCreateItemFromIDList
Shell_NotifyIconW
SHGetMalloc
Shell_NotifyIconGetRect
ord727

user32

RegisterClipboardFormatW
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
CreateCursor
CreateIconIndirect
GetCursorInfo
GetCursor
GetIconInfo
TrackMouseEvent
GetAsyncKeyState
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
GetMenuItemInfoW
ModifyMenuW
CreatePopupMenu
TrackPopupMenu
SetMenu
DestroyMenu
DrawMenuBar
InsertMenuW
SetWindowPos
AppendMenuW
CreateMenu
GetKeyState
MapVirtualKeyW
GetKeyboardState
SetMenuItemInfoW
PeekMessageW
ToUnicode
TrackPopupMenuEx
IsZoomed
ToAscii
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
HideCaret
SetCaretPos
CreateCaret
GetKeyboardLayout
IsWindowEnabled
DestroyCaret
ShowCaret
RegisterWindowMessageW
FindWindowA
SetClipboardViewer
IsHungAppWindow
ChangeClipboardChain
GetFocus
ChildWindowFromPointEx
WindowFromPoint
GetClassInfoW
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSysColorBrush
GetCursorPos
GetWindowLongW
GetWindowThreadProcessId
GetSystemMenu
AdjustWindowRectEx
IsTouchWindow
PostMessageW
MonitorFromPoint
GetWindow
GetWindowRect
GetMenu
IsWindowVisible
SetWindowRgn
ScreenToClient
SendMessageW
SetWindowTextW
GetWindowPlacement
DestroyCursor
ShowWindow
GetCapture
RegisterTouchWindow
ClientToScreen
IsChild
SetWindowPlacement
AttachThreadInput
GetForegroundWindow
MoveWindow
UnregisterTouchWindow
SetLayeredWindowAttributes
SetFocus
GetUpdateRect
SetParent
SetCapture
SetCursor
FlashWindowEx
SetWindowLongW
GetClientRect
UpdateLayeredWindow
EnableMenuItem
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
IsIconic
BeginPaint
EndPaint
MessageBeep
IsWindow
GetDoubleClickTime
GetCaretBlinkTime
UpdateLayeredWindowIndirect
GetSysColor
GetDesktopWindow
GetSystemMetrics
SystemParametersInfoW
ChangeWindowMessageFilterEx
DrawIconEx
LoadImageW
LoadIconW
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
ReleaseDC
GetDC
CloseWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
DestroyIcon
RemoveMenu

winmm

timeKillEvent
timeSetEvent
PlaySoundW

msvcp140

_Cnd_timedwait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
?_Syserror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
_Xtime_get_ticks
?_Xlength_error@std@@YAXPEBD@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?classic@locale@std@@SAAEBV12@XZ
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?setf@ios_base@std@@QEAAHHH@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ

msvcp140_1

_Aligned_get_default_resource

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCheckConnectionW
DeleteUrlCacheEntryW

vcruntime140

__current_exception
__current_exception_context
__C_specific_handler
memchr
strrchr
strchr
longjmp
strstr
memcmp
wcsrchr
_purecall
__RTDynamicCast
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_endthreadex
_errno
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
__p___wargv
_set_app_type
_seh_filter_exe
_cexit
abort
exit
_set_thread_local_invalid_parameter_handler
_crt_atexit
__p___argv
_wsystem
_register_onexit_function
__p___argc
terminate
_beginthreadex
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
strerror
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fputc
fgetpos
fgetc
fwrite
fflush
setvbuf
fclose
ungetc
_get_stream_buffer_pointers
fgetwc
fputwc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__p__commode
ungetwc
__stdio_common_vswprintf_s
_open_osfhandle
_set_fmode
_lseeki64
_fileno
fsetpos
_get_osfhandle
_write
fgets
__acrt_iob_func
freopen_s
__stdio_common_vsscanf
__stdio_common_vsprintf
fread
_ftelli64
_read
feof
__stdio_common_vsnprintf_s
_close

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
realloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_waccess
_wchmod

api-ms-win-crt-string-l1-1-0

wcscmp
toupper
strcpy
strlen
strcmp
wcsncmp
strcpy_s
wcscpy_s
isdigit
tolower
strncpy
strncmp
isspace

api-ms-win-crt-convert-l1-1-0

atoi
wcstol

api-ms-win-crt-math-l1-1-0

acosf
_dtest
acos
trunc
__setusermatherr
sinf
ceilf
floorf
round
log10
exp
atan2
log
floor
asin
atan
sin
cos
fabs
tan
ceil
lround
pow
sqrt

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv
_wgetenv_s

api-ms-win-crt-utility-l1-1-0

abs
_byteswap_ulong
bsearch
qsort
_byteswap_uint64
_byteswap_ushort
rand_s
_rotl
rand
_rotl64

api-ms-win-crt-time-l1-1-0

_mktime64
_get_timezone
_tzset
_get_tzname
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

Sections

.text
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector - x86.dll
.dll windows:6 windows x86 arch:x86

5b2b402e242b6fdf197f5fa7e4191824

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:98:e8:23:e6:5c:ef:8a:a2:c3:8d:82:3d:cf:ae:81:85:de:01:6c
Signer

Actual PE Digest

ad:98:e8:23:e6:5c:ef:8a:a2:c3:8d:82:3d:cf:ae:81:85:de:01:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetExitCodeThread
GetLastError
GetCurrentProcessId
OpenProcess
GetModuleHandleW
WriteProcessMemory
GetProcAddress
ReadProcessMemory
lstrlenW
LoadLibraryExW
VirtualAllocEx
VirtualFreeEx
GetTempPathW
CopyFileW
QueryPerformanceCounter
GetHandleInformation
QueryFullProcessImageNameW
Sleep
DeleteFileW
CreateProcessW
GetTickCount64
TerminateProcess
GetExitCodeProcess
GetProcessId
GetThreadId
GetThreadContext
SetThreadContext
ResumeThread
LoadLibraryW
FreeLibrary
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
CreateEventW
VirtualAlloc
VirtualFree
CreateDirectoryW
GetFileAttributesExW
CreateFileW
SetEvent
SuspendThread
GetFileAttributesW
GetModuleFileNameW
InitOnceBeginInitialize
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcess
DuplicateHandle
WaitForSingleObject
GetTickCount
CloseHandle
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
InitOnceComplete

user32

PostThreadMessageW

advapi32

CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

ole32

StringFromGUID2

msvcp140

_Xtime_get_ticks
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
_Cnd_wait
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Incref@facet@locale@std@@UAEXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
_Thrd_sleep
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Syserror_map@std@@YAPBDH@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_current_owns
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

dbghelp

SymFromName
SymCleanup
SymInitializeW
SymSetOptions
SymUnloadModule64
SymLoadModuleExW

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken

vcruntime140

__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
wcsrchr
memmove
memset
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
_purecall
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
abort
terminate
_crt_atexit
_set_thread_local_invalid_parameter_handler
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_seh_filter_dll
_errno

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputc
fread
ungetc
__stdio_common_vsprintf_s
ungetwc
fputwc
fwrite
fgetc
fgetwc
fclose
_get_stream_buffer_pointers
__stdio_common_vfprintf
__stdio_common_vswprintf
fgetpos
fflush
_fseeki64
fsetpos
setvbuf
puts

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wrename
_lock_file

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64_s
_time64

Exports

Exports

GetDownloadProgress
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
InterruptDownload
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector - x86.exe
.exe windows:6 windows x86 arch:x86

46b43ce172f87c1a5b9100cb8888b9bc

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:cd:f4:98:c6:bd:55:d6:9f:b9:ec:86:f8:9c:39:e5:c3:bd:8f:2f
Signer

Actual PE Digest

7f:cd:f4:98:c6:bd:55:d6:9f:b9:ec:86:f8:9c:39:e5:c3:bd:8f:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeColor
GetThemePartSize
GetThemeEnumValue
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeBool
OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion
GetCurrentThemeName
IsThemeActive
GetThemeInt
ord47
GetThemeMargins

dwmapi

DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow

oleaut32

SysAllocString
SysFreeString
SafeArrayCreateVector
SafeArrayPutElement

imm32

ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME

gdi32

GetDIBits
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetOutlineTextMetricsW
CombineRgn
DeleteObject
SelectClipRgn
GetRegionData
DeleteDC
CreateRectRgn
GdiFlush
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
OffsetRgn
SetLayout
GetDeviceCaps
SetPixelFormat
GetPixelFormat
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetObjectW
GetBitmapBits
CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
AddFontResourceExW
RemoveFontResourceExW
GetStockObject
GetTextFaceW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect

advapi32

DuplicateToken
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
AllocateAndInitializeSid
OpenProcessToken
BuildTrusteeWithSidW
CopySid
GetLengthSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

FileTimeToSystemTime
MoveFileExW
CopyFileW
InitOnceBeginInitialize
GetCurrentDirectoryW
GetTempPathW
RemoveDirectoryW
CreateDirectoryW
GetLogicalDrives
SetErrorMode
SetFileTime
GetFileInformationByHandleEx
GetFileInformationByHandle
GetFullPathNameW
FlushFileBuffers
SetFilePointerEx
GetFileType
SetEndOfFile
InitOnceComplete
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RegisterWaitForSingleObject
UnregisterWaitEx
CompareStringW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
MultiByteToWideChar
GetModuleHandleExW
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetSystemTimeAsFileTime
InitializeSListHead
TlsAlloc
lstrlenA
CloseHandle
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetLastError
Sleep
GetFileAttributesW
GetCurrentProcessId
OpenProcess
IsWow64Process
GetModuleHandleA
GetProcAddress
lstrcpyW
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
DeleteFileW
SetEvent
CreateEventW
CreateProcessW
MoveFileW
lstrcmpiW
AllocConsole
GetTickCount64
lstrlenW
GetExitCodeProcess
FreeLibrary
LoadLibraryA
lstrcmpW
GetCurrentThreadId
FormatMessageW
LocalFree
WTSGetActiveConsoleSessionId
CheckRemoteDebuggerPresent
GetLocaleInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
ExpandEnvironmentStringsW
GlobalSize
GetUserDefaultLangID
ReadFile
WriteFile
CreateFileW
UnmapViewOfFile
WideCharToMultiByte
CreateFileMappingW
MapViewOfFile
GetVolumeInformationW
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CompareStringEx
GetLocalTime
GetSystemTime
OutputDebugStringW
IsProcessorFeaturePresent
TerminateProcess
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
FindClose
TlsFree
TlsSetValue
TlsGetValue
GetCurrentThread
CreateThread
WaitForMultipleObjects
GetSystemInfo
GetThreadPriority
SetThreadPriority
ResumeThread
TerminateThread
GetUserDefaultLCID
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetUserPreferredUILanguages
ResetEvent
GetFileAttributesExW
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FindFirstFileW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
RegisterDragDrop
CoTaskMemFree
OleGetClipboard
RevokeDragDrop
CoGetMalloc
OleUninitialize
OleInitialize
OleSetClipboard
DoDragDrop
CoCreateGuid
OleIsCurrentClipboard
StringFromGUID2
CoInitializeEx
CoLockObjectExternal
ReleaseStgMedium
OleFlushClipboard

shell32

SHGetFileInfoW
ord727
SHGetMalloc
DragQueryFileW
ord6
SHCreateItemFromParsingName
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetStockIconInfo
SHCreateItemFromIDList
Shell_NotifyIconW
Shell_NotifyIconGetRect
ShellExecuteW

user32

InsertMenuW
DrawMenuBar
DestroyMenu
SetMenu
TrackPopupMenu
CreatePopupMenu
ModifyMenuW
GetMenuItemInfoW
RegisterClipboardFormatW
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
CreateCursor
CreateIconIndirect
GetCursorInfo
GetCursor
GetIconInfo
TrackMouseEvent
GetAsyncKeyState
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
MessageBoxW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
RemoveMenu
AppendMenuW
CreateMenu
GetKeyState
MapVirtualKeyW
GetKeyboardState
SetMenuItemInfoW
PeekMessageW
ToUnicode
SetWindowPos
IsZoomed
ToAscii
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
HideCaret
SetCaretPos
CreateCaret
GetKeyboardLayout
IsWindowEnabled
DestroyCaret
ShowCaret
RegisterWindowMessageW
FindWindowA
SetClipboardViewer
IsHungAppWindow
ChangeClipboardChain
GetFocus
ChildWindowFromPointEx
WindowFromPoint
GetClassInfoW
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSysColorBrush
GetCursorPos
GetWindowThreadProcessId
GetSystemMenu
AdjustWindowRectEx
IsTouchWindow
PostMessageW
MonitorFromPoint
GetWindow
GetWindowRect
GetMenu
IsWindowVisible
SetWindowRgn
ScreenToClient
SendMessageW
SetWindowTextW
GetWindowPlacement
DestroyCursor
ShowWindow
GetCapture
RegisterTouchWindow
ClientToScreen
IsChild
SetWindowPlacement
AttachThreadInput
GetForegroundWindow
MoveWindow
UnregisterTouchWindow
SetLayeredWindowAttributes
SetFocus
GetUpdateRect
SetParent
SetCapture
SetCursor
FlashWindowEx
GetClientRect
UpdateLayeredWindow
EnableMenuItem
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
IsIconic
BeginPaint
EndPaint
MessageBeep
IsWindow
GetDoubleClickTime
GetCaretBlinkTime
UpdateLayeredWindowIndirect
GetSysColor
GetDesktopWindow
GetSystemMetrics
SystemParametersInfoW
ChangeWindowMessageFilterEx
DrawIconEx
LoadImageW
LoadIconW
LoadCursorW
SetWindowLongW
GetWindowLongW
ReleaseDC
GetDC
CloseWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
DestroyIcon
TrackPopupMenuEx

winmm

timeSetEvent
timeKillEvent
PlaySoundW

msvcp140

_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
?_Xout_of_range@std@@YAXPBD@Z
_Thrd_sleep
_Query_perf_frequency
_Cnd_wait
_Cnd_timedwait
_Cnd_broadcast
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
_Query_perf_counter
_Xtime_get_ticks
?_Xlength_error@std@@YAXPBD@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
??0task_continuation_context@Concurrency@@AAE@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QBEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setf@ios_base@std@@QAEHHH@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?classic@locale@std@@SAABV12@XZ

msvcp140_1

_Aligned_get_default_resource

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

wininet

InternetCheckConnectionW
DeleteUrlCacheEntryW

vcruntime140

__current_exception
memchr
__current_exception_context
strrchr
strchr
longjmp
strstr
memcmp
wcsrchr
_purecall
__RTDynamicCast
memset
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
_except_handler4_common
_setjmp3

api-ms-win-crt-runtime-l1-1-0

abort
exit
_initialize_wide_environment
_set_app_type
_endthreadex
_seh_filter_exe
_wsystem
_controlfp_s
_cexit
_register_thread_local_exe_atexit_callback
_c_exit
_get_initial_wide_environment
__p___argv
__p___argc
__p___wargv
_crt_atexit
_exit
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initterm
_invalid_parameter_noinfo_noreturn
_errno
_set_thread_local_invalid_parameter_handler
strerror
terminate
_beginthreadex
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

fflush
fgetc
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
fgetpos
fputc
fread
fsetpos
_open_osfhandle
_fseeki64
fwrite
setvbuf
_get_stream_buffer_pointers
ungetc
_fileno
__stdio_common_vsscanf
__stdio_common_vsprintf
fgetwc
_ftelli64
_lseeki64
_get_osfhandle
fputwc
_write
fgets
_read
__p__commode
ungetwc
_set_fmode
__stdio_common_vswprintf_s
freopen_s
feof
_close
__stdio_common_vsnprintf_s
fclose

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
free
_callnewh
malloc
calloc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wchmod
_waccess
_lock_file

api-ms-win-crt-string-l1-1-0

wcscpy_s
strcmp
strlen
toupper
wcscmp
wcsncmp
strncmp
strncpy
strcpy
isspace
isdigit
tolower
strcpy_s

api-ms-win-crt-convert-l1-1-0

wcstol
atoi

api-ms-win-crt-math-l1-1-0

log10
exp
atan2
log
trunc
acos
_dtest
ceil
sqrt
pow
lround
tan
floor
fabs
cos
sin
atan
asin
__setusermatherr
round

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
getenv_s
getenv

api-ms-win-crt-utility-l1-1-0

qsort
bsearch
rand
_byteswap_ulong
abs
rand_s
_rotl
_byteswap_ushort
_byteswap_uint64

api-ms-win-crt-time-l1-1-0

_mktime64
_tzset
_localtime64_s
_get_timezone
_get_tzname

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector SM - x64.exe
.exe windows:6 windows x64 arch:x64

dc42f0f6db93a84ca2606c0c4dd7a6f2

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:6e:b8:eb:c0:4f:91:91:a6:1a:f7:39:0c:66:68:67:b4:7c:0e:77
Signer

Actual PE Digest

0e:6e:b8:eb:c0:4f:91:91:a6:1a:f7:39:0c:66:68:67:b4:7c:0e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
DeleteFileW
LoadLibraryW
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageA
GetClassNameW
SetWindowsHookExA
SetForegroundWindow
SendMessageW
UnhookWindowsHookEx

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_terminate
memmove
memset
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-convert-l1-1-0

strtol
strtoll

api-ms-win-crt-stdio-l1-1-0

fputc
ungetc
fclose
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__p__commode
_set_fmode
_get_stream_buffer_pointers

api-ms-win-crt-runtime-l1-1-0

_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_cexit
__p___wargv
_seh_filter_exe
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_get_initial_wide_environment
_initialize_wide_environment
__p___argc
_configure_wide_argv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector SM - x86.exe
.exe windows:6 windows x86 arch:x86

3068f21a406724250ff695fe3a841dee

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89
Signer

Actual PE Digest

61:cf:3c:95:c6:bd:72:7b:8e:fe:c6:59:94:82:3e:f2:78:bd:91:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
DeleteFileW
LoadLibraryW
SignalObjectAndWait
CloseHandle
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

user32

SendMessageW
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageA
GetClassNameW
SetWindowsHookExA
SetForegroundWindow
UnhookWindowsHookEx

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

vcruntime140

memcpy
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler3
memmove

api-ms-win-crt-convert-l1-1-0

strtol
wcstol

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
ungetc
_set_fmode
fgetc
fread
_get_stream_buffer_pointers
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fclose
fwrite

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e
_initialize_wide_environment
_exit
_configure_wide_argv
_register_onexit_function
_crt_atexit
_initterm
_controlfp_s
terminate
_set_app_type
exit
_get_initial_wide_environment
_seh_filter_exe
_initialize_onexit_table

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH Injector.exe
.exe windows:6 windows x86 arch:x86

997ce6ae5582ea849dc41a7149b33857

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

Issuer

CN=Guided Hacking

Not Before

13/05/2021, 14:05

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:c9:23:14:46:1d:12:4e:59:8f:d2:7f:9c:d5:97:58:bc:6c:b2:c3
Signer

Actual PE Digest

fc:c9:23:14:46:1d:12:4e:59:8f:d2:7f:9c:d5:97:58:bc:6c:b2:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
GetCurrentProcess
GetFileAttributesW
Sleep
GetLastError
DeleteFileW
CloseHandle
CreateProcessW
IsWow64Process
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memcpy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
memset
__current_exception
__std_exception_copy
__current_exception_context
_CxxThrowException
memmove

api-ms-win-crt-convert-l1-1-0

_ultoa_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argv
terminate
_cexit
_invalid_parameter_noinfo_noreturn
_c_exit
__p___argc
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
exit
_set_app_type
_seh_filter_exe
_controlfp_s
_exit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH InJector/GH_Inj_Log.txt
GH InJector/x64/ntdll.pdb
GH InJector/x86/wntdll.pdb

Sharing

General

Malware Config

Signatures

Files

65873a8dc0205ce43f0d0a0208df960c

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

5d:ce:6c:3f:4f:ec:be:17:f9:27:e2:d0:0f:13:98:df:ec:b4:40:1fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcp140

dbghelp

urlmon

wininet

wtsapi32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 161KB

.inj_sec Size: 2KB - Virtual size: 1KB

.mmap_se Size: 9KB - Virtual size: 9KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 16KB - Virtual size: 17KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 692B

99b6e8eadab5f42ceaf29c8f6883c97f

Code Sign

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2cCertificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

oleaut32

imm32

gdi32

userenv

version

netapi32

ws2_32

advapi32

kernel32

ole32

shell32

user32

winmm

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5d:ce:6c:3f:4f:ec:be:17:f9:27:e2:d0:0f:13:98:df:ec:b4:40:1f
Signer

.text
Size: 162KB - Virtual size: 161KB

.inj_sec
Size: 2KB - Virtual size: 1KB

.mmap_se
Size: 9KB - Virtual size: 9KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 17KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 692B

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

19:8b:fa:bd:ba:1a:89:68:83:a4:28:08:0d:7a:6e:8f:17:68:43:f1
Signer

.text
Size: 7.3MB - Virtual size: 7.3MB

.rdata
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 71KB - Virtual size: 136KB

.pdata
Size: 224KB - Virtual size: 223KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 46KB - Virtual size: 46KB

1f:e7:e3:c7:eb:6a:04:84:4e:7f:77:77:14:97:d2:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ad:98:e8:23:e6:5c:ef:8a:a2:c3:8d:82:3d:cf:ae:81:85:de:01:6c
Signer

.text
Size: 101KB - Virtual size: 101KB

.inj_sec
Size: 1KB - Virtual size: 1KB

.mmap_se
Size: 9KB - Virtual size: 8KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB