Extracted

• Delta cracked (1337).zip

  .zip

  Password: 1337

• Delta cracked.exe

  .exe windows:4 windows x86 arch:x86

  Password: 1337

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 68KB - Virtual size: 68KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• VC_redist.x64.exe

  .exe windows:6 windows x86 arch:x86

  Password: 1337

  e277f1464e7729ad9df5ec047611738a

  
  

  Code Sign

  33:00:00:04:04:6c:74:06:ff:57:2b:27:72:00:00:00:00:04:04

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12/09/2024, 20:11

  Not After

  11/09/2025, 20:11

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  dd:27:61:e6:af:df:29:81:65:a4:46:dd:67:1e:ea:5f:5e:32:17:84:55:26:d0:bd:57:51:d7:96:ab:50:5a:be

  Signer

  Actual PE Digest

  dd:27:61:e6:af:df:29:81:65:a4:46:dd:67:1e:ea:5f:5e:32:17:84:55:26:d0:bd:57:51:d7:96:ab:50:5a:be

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  C:\agent\_work\36\s\wix\build\ship\x86\burn.pdb

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExW

  RegCreateKeyExW

  RegDeleteKeyW

  RegDeleteValueW

  RegEnumKeyExW

  RegEnumValueW

  RegQueryInfoKeyW

  RegQueryValueExW

  RegSetValueExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  InitiateSystemShutdownExW

  GetUserNameW

  CloseEventLog

  OpenEventLogW

  ReportEventW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  CreateWellKnownSid

  InitializeAcl

  DecryptFileW

  SetEntriesInAclW

  ChangeServiceConfigW

  CloseServiceHandle

  ControlService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  SetNamedSecurityInfoW

  CheckTokenMembership

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  GetTokenInformation

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextW

  QueryServiceConfigW

  user32

  PeekMessageW

  PostMessageW

  IsWindow

  WaitForInputIdle

  PostQuitMessage

  GetMessageW

  TranslateMessage

  MsgWaitForMultipleObjects

  PostThreadMessageW

  GetMonitorInfoW

  MonitorFromPoint

  IsDialogMessageW

  LoadCursorW

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  GetCursorPos

  MessageBoxW

  CreateWindowExW

  UnregisterClassW

  RegisterClassW

  DefWindowProcW

  DispatchMessageW

  oleaut32

  VariantInit

  SysAllocString

  VariantClear

  SysFreeString

  gdi32

  DeleteDC

  DeleteObject

  SelectObject

  StretchBlt

  GetObjectW

  CreateCompatibleDC

  shell32

  CommandLineToArgvW

  SHGetFolderPathW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  CoInitialize

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetFileType

  GetStdHandle

  EncodePointer

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RtlUnwind

  CreateFileW

  CloseHandle

  ExitProcess

  CreateFileA

  SetFilePointer

  WriteFile

  GetLastError

  GetCurrentProcessId

  GetSystemDirectoryW

  LoadLibraryW

  lstrlenA

  HeapSetInformation

  GetModuleHandleW

  GetProcAddress

  LocalFree

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  CreateDirectoryW

  DeleteFileW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetFileAttributesW

  GetTempFileNameW

  RemoveDirectoryW

  SetFileAttributesW

  GetTempPathW

  MoveFileExW

  FormatMessageW

  lstrlenW

  MultiByteToWideChar

  IsValidCodePage

  LCMapStringW

  ExpandEnvironmentStringsW

  GetFileSizeEx

  GetFullPathNameW

  ReadFile

  SetFilePointerEx

  SetFileTime

  Sleep

  GlobalAlloc

  GlobalFree

  CopyFileW

  GetLocalTime

  GetModuleFileNameW

  CompareStringW

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  FreeLibrary

  InitializeCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  GetCurrentProcess

  FindFirstFileExW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateProcessW

  GetVersionExW

  VerSetConditionMask

  GetVolumePathNameW

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTime

  GetWindowsDirectoryW

  GetNativeSystemInfo

  GetSystemWow64DirectoryW

  GetModuleHandleExW

  GetComputerNameW

  VerifyVersionInfoW

  GetDateFormatW

  GetUserDefaultUILanguage

  GetUserDefaultLangID

  GetSystemDefaultLangID

  GetStringTypeW

  DuplicateHandle

  LoadLibraryExW

  CreateEventW

  ProcessIdToSessionId

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  WaitForSingleObject

  GetProcessId

  OpenProcess

  CreateThread

  GetExitCodeThread

  SetEvent

  WaitForMultipleObjects

  LocalFileTimeToFileTime

  SetEndOfFile

  ResetEvent

  DosDateTimeToFileTime

  CompareStringA

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  CreateMutexW

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  GetThreadLocale

  GetStartupInfoW

  IsDebuggerPresent

  GetACP

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetStdHandle

  FlushFileBuffers

  GetConsoleOutputCP

  GetConsoleMode

  DecodePointer

  WriteConsoleW

  GetModuleHandleA

  VirtualAlloc

  VirtualFree

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GetCurrentThreadId

  WideCharToMultiByte

  InitializeSListHead

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  LoadLibraryExA

  VirtualQuery

  VirtualProtect

  GetSystemInfo

  RaiseException

  GetTimeZoneInformation

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 307KB - Virtual size: 306KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 126KB - Virtual size: 125KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist_x64 (1).exe

  .exe windows:5 windows x86 arch:x86

  Password: 1337

  092eb6daba2f17cbda102fd1a32acd00

  
  

  Code Sign

  33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15/12/2020, 21:31

  Not After

  02/12/2021, 21:31

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  30:dc:be:7b:e2:84:29:d9:ba:f9:43:4a:6c:d2:6d:6b:aa:fa:a4:2b:f6:04:32:6f:31:bb:86:1f:f0:bf:b2:32

  Signer

  Actual PE Digest

  30:dc:be:7b:e2:84:29:d9:ba:f9:43:4a:6c:d2:6d:6b:aa:fa:a4:2b:f6:04:32:6f:31:bb:86:1f:f0:bf:b2:32

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  kernel32

  GetDriveTypeA

  HeapFree

  FormatMessageA

  LeaveCriticalSection

  DeleteFileA

  EnterCriticalSection

  TerminateProcess

  WaitForMultipleObjects

  CreateEventW

  SetEvent

  Sleep

  SetEnvironmentVariableA

  GetEnvironmentVariableA

  WideCharToMultiByte

  HeapAlloc

  SetLastError

  WriteFile

  MoveFileA

  ExitProcess

  DeleteCriticalSection

  FlushFileBuffers

  GetVersionExA

  WaitForSingleObject

  OpenEventA

  GetCurrentProcess

  GetFileAttributesA

  GetCommandLineA

  GetModuleFileNameA

  CreateFileA

  FindNextFileA

  FindFirstFileA

  CopyFileA

  SetFileAttributesA

  SystemTimeToFileTime

  GetSystemTime

  GetDiskFreeSpaceA

  QueryDosDeviceA

  GetCurrentDirectoryA

  SetEndOfFile

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  GetExitCodeProcess

  CreateProcessA

  ExpandEnvironmentStringsA

  GetFileSize

  CreateThread

  CreateEventA

  GetProcessHeap

  InitializeCriticalSectionAndSpinCount

  GetModuleHandleA

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  SetUnhandledExceptionFilter

  CloseHandle

  DeviceIoControl

  GetSystemDirectoryA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  SetErrorMode

  GetTickCount

  CreateDirectoryA

  GetLastError

  RemoveDirectoryA

  MoveFileExA

  SetFilePointer

  FindClose

  ReadFile

  msvcrt

  strchr

  _strnicmp

  _stricmp

  strrchr

  _strlwr

  strncpy

  strstr

  _snprintf

  sprintf

  advapi32

  AllocateAndInitializeSid

  GetTokenInformation

  GetLengthSid

  InitiateSystemShutdownA

  CryptReleaseContext

  CryptGenRandom

  CryptAcquireContextA

  SetSecurityDescriptorDacl

  AddAccessAllowedAce

  InitializeAcl

  InitializeSecurityDescriptor

  OpenProcessToken

  user32

  ShowWindow

  SendDlgItemMessageA

  SendMessageA

  DialogBoxParamA

  LoadStringA

  EndDialog

  SetParent

  MessageBoxA

  ntdll

  NtShutdownSystem

  NtAdjustPrivilegesToken

  NtClose

  NtOpenProcessToken

  comctl32

  ord17

  shell32

  SHBrowseForFolderA

  SHGetPathFromIDListA

  Sections

  .text

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4.9MB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist_x64.exe

  .exe windows:5 windows x86 arch:x86

  Password: 1337

  8e2588a9cf43886de3449dfff03137b6

  
  

  Code Sign

  33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07/09/2016, 17:58

  Not After

  07/09/2018, 17:58

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  18/08/2016, 20:17

  Not After

  02/11/2017, 20:17

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31/08/2010, 22:19

  Not After

  31/08/2020, 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03/04/2007, 12:53

  Not After

  03/04/2021, 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  17/11/2016, 22:09

  Not After

  17/02/2018, 22:09

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7

  Signer

  Actual PE Digest

  d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21

  Signer

  Actual PE Digest

  44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

  Imports

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipDeleteGraphics

  GdipFree

  GdipCloneImage

  GdipDisposeImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromResource

  GdipCreateFromHDC

  GdipSetInterpolationMode

  GdipDrawImageRectI

  GdipAlloc

  advapi32

  QueryServiceConfigW

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegCloseKey

  RegDeleteValueW

  RegQueryValueExW

  GetUserNameW

  InitiateSystemShutdownExW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  DecryptFileW

  ChangeServiceConfigW

  ControlService

  CloseServiceHandle

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  RegQueryInfoKeyW

  RegSetValueExW

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  RegOpenKeyExW

  GetTokenInformation

  CheckTokenMembership

  AllocateAndInitializeSid

  FreeSid

  LookupAccountNameW

  SetNamedSecurityInfoW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  user32

  GetMessageW

  PeekMessageW

  PostMessageW

  IsWindow

  PostQuitMessage

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  MsgWaitForMultipleObjects

  WaitForInputIdle

  LoadCursorW

  BeginPaint

  EndPaint

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  ReleaseDC

  MessageBoxW

  PostThreadMessageW

  RegisterClassW

  CreateWindowExW

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  gdi32

  GetDeviceCaps

  CreateDCW

  shell32

  ShellExecuteExW

  SHGetFolderPathW

  CommandLineToArgvW

  ole32

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CoInitializeEx

  StringFromGUID2

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCurrentProcess

  InitializeCriticalSection

  TlsFree

  DeleteCriticalSection

  CloseHandle

  TlsGetValue

  Sleep

  GetLastError

  ReleaseMutex

  TlsSetValue

  TlsAlloc

  GetCurrentThreadId

  GetVersionExW

  GetModuleHandleW

  ReadFile

  SetFilePointerEx

  CreateFileW

  GetCurrentProcessId

  GetProcessId

  WriteFile

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  CompareStringW

  LocalFree

  CreateNamedPipeW

  WaitForSingleObject

  OpenProcess

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  LeaveCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetProcAddress

  VerifyVersionInfoW

  VerSetConditionMask

  GetComputerNameW

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  HeapAlloc

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  InterlockedExchange

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  InterlockedIncrement

  InterlockedDecrement

  GetStringTypeW

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  HeapSetInformation

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetEndOfFile

  ResetEvent

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CreateFileA

  GetSystemTimeAsFileTime

  VirtualFree

  VirtualAlloc

  DeleteFileW

  GetThreadLocale

  GetTimeZoneInformation

  TerminateProcess

  UnhandledExceptionFilter

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GlobalAlloc

  IsProcessorFeaturePresent

  GetTickCount

  QueryPerformanceCounter

  HeapCreate

  SetLastError

  EncodePointer

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetEnvironmentStringsW

  GlobalFree

  MoveFileExW

  CopyFileW

  GetFileSizeEx

  GetModuleHandleA

  RaiseException

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  RtlUnwind

  SetFilePointer

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  HeapSize

  HeapReAlloc

  LCMapStringW

  MultiByteToWideChar

  SetStdHandle

  WriteConsoleW

  FlushFileBuffers

  GetLocalTime

  UnmapViewOfFile

  IsDebuggerPresent

  DuplicateHandle

  HeapFree

  FormatMessageW

  GetTempFileNameW

  GetWindowsDirectoryW

  CompareStringA

  FreeEnvironmentStringsW

  GetModuleFileNameW

  GetStdHandle

  DecodePointer

  ExitProcess

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCommandLineW

  GetFullPathNameW

  CreateDirectoryW

  GetProcessHeap

  cabinet

  ord22

  ord20

  ord23

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  msi

  ord88

  ord17

  ord125

  ord116

  ord115

  ord118

  ord8

  ord171

  ord205

  ord45

  ord137

  ord141

  ord238

  ord190

  ord169

  ord90

  ord173

  ord111

  ord70

  rpcrt4

  UuidCreate

  wininet

  InternetCloseHandle

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  InternetSetOptionW

  InternetOpenW

  HttpQueryInfoW

  InternetCrackUrlW

  InternetConnectW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 229KB - Virtual size: 228KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ