filename | Procmon64.exe | |
---|---|---|
size | 1185168 (0x121590) | |
md5 | 5e85cbfb26150b6fad6deabeefd6a757 | |
type | PE32+ executable (GUI) x86-64, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | scan pending | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0x138 |
Rich Header
lib id | version | times used |
---|---|---|
241 | 40116 | 5 |
243 | 40116 | 145 |
242 | 40116 | 15 |
261 | 26706 | 55 |
260 | 26706 | 18 |
259 | 26706 | 8 |
135 | 30729 | 1 |
131 | 30729 | 3 |
123 | 40310 | 2 |
136 | 30729 | 1 |
147 | 30729 | 27 |
1 | 0 | 466 |
260 | 27044 | 2 |
261 | 27044 | 39 |
255 | 27044 | 1 |
151 | 0 | 1 |
258 | 27044 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x1400d25e0 | 0x1400d25e8 | 0x1400f5998 | 0x1400a5020 | 0 | 0x300000 |
id | lang | string |
---|---|---|
40005 | 1033 | Save (Ctrl+S) |
40006 | 1033 | High Resolution Date & Time |
40018 | 1033 | Capture (Ctrl+E) |
40019 | 1033 | Autoscroll (Ctrl+A) |
40020 | 1033 | Clear (Ctrl+X) |
40021 | 1033 | Show Process Tree |
40023 | 1033 | Filter (Ctrl+L) |
40024 | 1033 | Find (Ctrl+F) |
40036 | 1033 | Open |
40041 | 1033 | Show File System Activity |
40042 | 1033 | Show Registry Activity |
40043 | 1033 | Show Network Activity |
40044 | 1033 | Show Process and Thread Activity |
40045 | 1033 | Highlight (Ctrl+H) |
40046 | 1033 | Show Profiling Events |
40047 | 1033 | Include Process From Window |
40051 | 1033 | Jump to Object (Ctrl+J) |
40052 | 1033 | Date & Time |
40053 | 1033 | Process Name |
40054 | 1033 | PID |
40055 | 1033 | Operation |
40056 | 1033 | Result |
40057 | 1033 | Detail |
40058 | 1033 | Sequence |
40059 | 1033 | Object Reference |
40064 | 1033 | Company |
40065 | 1033 | Description |
40066 | 1033 | Command Line |
40067 | 1033 | User |
40068 | 1033 | Image Path |
40069 | 1033 | Session |
40070 | 1033 | Event Complete |
40071 | 1033 | Path |
40072 | 1033 | TID |
40073 | 1033 | Image Load |
40074 | 1033 | Frame |
40075 | 1033 | Address |
40076 | 1033 | Relative Time |
40077 | 1033 | Duration |
40078 | 1033 | Time of Day |
40079 | 1033 | Module |
40080 | 1033 | Location |
40081 | 1033 | Version |
40082 | 1033 | Event Class |
40083 | 1033 | Authentication ID |
40084 | 1033 | Virtualized |
40085 | 1033 | Integrity |
40086 | 1033 | Category |
40087 | 1033 | Parent PID |
40088 | 1033 | Architecture |
40164 | 1033 | Completion Time |
module_name | hint | ord | function_name |
---|---|---|---|
WS2_32.dll | 3 | ||
WS2_32.dll | 16 | ||
WS2_32.dll | 2 | ||
WS2_32.dll | 6 | ||
WS2_32.dll | 1 | ||
WS2_32.dll | 13 | ||
WS2_32.dll | 4 | ||
WS2_32.dll | 51 | ||
WS2_32.dll | 19 | ||
WS2_32.dll | 112 | ||
WS2_32.dll | 55 | ||
WS2_32.dll | 56 | ||
WS2_32.dll | 9 | ||
WS2_32.dll | 12 | ||
WS2_32.dll | 11 | ||
WS2_32.dll | 8 | ||
WS2_32.dll | 115 | ||
WS2_32.dll | 15 | ||
WS2_32.dll | 111 | ||
WS2_32.dll | 52 | ||
WS2_32.dll | 23 | ||
VERSION.dll | 14 | VerQueryValueW | |
VERSION.dll | 5 | GetFileVersionInfoSizeW | |
VERSION.dll | 6 | GetFileVersionInfoW | |
COMCTL32.dll | 17 | ||
COMCTL32.dll | 84 | ImageList_Create | |
COMCTL32.dll | 112 | ImageList_ReplaceIcon | |
COMCTL32.dll | 114 | ImageList_SetBkColor | |
COMCTL32.dll | 78 | ImageList_Add | |
COMCTL32.dll | 120 | ImageList_SetOverlayImage | |
COMCTL32.dll | 99 | ImageList_GetIcon | |
COMCTL32.dll | 100 | ImageList_GetIconSize | |
COMCTL32.dll | 12 | CreateStatusWindowW | |
COMCTL32.dll | 92 | ImageList_DrawEx | |
COMCTL32.dll | 124 | InitCommonControlsEx | |
COMCTL32.dll | 85 | ImageList_Destroy | |
FLTLIB.DLL | 20 | FilterSendMessage | |
FLTLIB.DLL | 11 | FilterGetMessage | |
FLTLIB.DLL | 19 | FilterReplyMessage | |
FLTLIB.DLL | 3 | FilterConnectCommunicationPort | |
KERNEL32.dll | 1244 | TryEnterCriticalSection | |
KERNEL32.dll | 503 | GetFileSize | |
KERNEL32.dll | 1121 | SetEndOfFile | |
KERNEL32.dll | 1140 | SetFilePointer | |
KERNEL32.dll | 857 | MapViewOfFile | |
KERNEL32.dll | 1253 | UnmapViewOfFile | |
KERNEL32.dll | 140 | CreateFileMappingW | |
KERNEL32.dll | 143 | CreateFileW | |
KERNEL32.dll | 682 | GetVersion | |
KERNEL32.dll | 1332 | WriteFile | |
KERNEL32.dll | 963 | ReadFile | |
KERNEL32.dll | 1227 | SystemTimeToFileTime | |
KERNEL32.dll | 298 | FileTimeToLocalFileTime | |
KERNEL32.dll | 840 | LocalFileTimeToFileTime | |
KERNEL32.dll | 299 | FileTimeToSystemTime | |
KERNEL32.dll | 356 | FormatMessageW | |
KERNEL32.dll | 670 | GetTimeFormatW | |
KERNEL32.dll | 463 | GetDateFormatW | |
KERNEL32.dll | 570 | GetNumberFormatW | |
KERNEL32.dll | 725 | HeapCreate | |
KERNEL32.dll | 726 | HeapDestroy | |
KERNEL32.dll | 723 | HeapAlloc | |
KERNEL32.dll | 727 | HeapFree | |
KERNEL32.dll | 732 | HeapSize | |
KERNEL32.dll | 287 | ExitProcess | |
KERNEL32.dll | 458 | GetCurrentThread | |
KERNEL32.dll | 1190 | SetThreadPriority | |
KERNEL32.dll | 1127 | SetEvent | |
KERNEL32.dll | 1042 | ResetEvent | |
KERNEL32.dll | 1025 | ReleaseSemaphore | |
KERNEL32.dll | 1286 | WaitForMultipleObjects | |
KERNEL32.dll | 133 | CreateEventW | |
KERNEL32.dll | 174 | CreateSemaphoreW | |
KERNEL32.dll | 100 | CompareStringW | |
KERNEL32.dll | 937 | QueryPerformanceCounter | |
KERNEL32.dll | 938 | QueryPerformanceFrequency | |
KERNEL32.dll | 1168 | SetProcessShutdownParameters | |
KERNEL32.dll | 494 | GetFileAttributesExW | |
KERNEL32.dll | 405 | GetComputerNameW | |
KERNEL32.dll | 1083 | SetConsoleCtrlHandler | |
KERNEL32.dll | 455 | GetCurrentProcessId | |
KERNEL32.dll | 903 | OpenThread | |
KERNEL32.dll | 653 | GetThreadContext | |
KERNEL32.dll | 830 | LoadLibraryA | |
KERNEL32.dll | 630 | GetSystemDirectoryA | |
KERNEL32.dll | 308 | FindClose | |
KERNEL32.dll | 319 | FindFirstFileW | |
KERNEL32.dll | 331 | FindNextFileW | |
KERNEL32.dll | 730 | HeapReAlloc | |
KERNEL32.dll | 593 | GetProcessHeap | |
KERNEL32.dll | 948 | RaiseException | |
KERNEL32.dll | 747 | InitializeCriticalSectionAndSpinCount | |
KERNEL32.dll | 483 | GetEnvironmentVariableW | |
KERNEL32.dll | 1125 | SetEnvironmentVariableW | |
KERNEL32.dll | 784 | IsWow64Process | |
KERNEL32.dll | 290 | ExpandEnvironmentStringsA | |
KERNEL32.dll | 238 | EncodePointer | |
KERNEL32.dll | 1061 | RtlUnwindEx | |
KERNEL32.dll | 1057 | RtlPcToFileHeader | |
KERNEL32.dll | 908 | OutputDebugStringW | |
KERNEL32.dll | 1312 | WideCharToMultiByte | |
KERNEL32.dll | 873 | MultiByteToWideChar | |
KERNEL32.dll | 751 | InitializeSListHead | |
KERNEL32.dll | 459 | GetCurrentThreadId | |
KERNEL32.dll | 618 | GetStartupInfoW | |
KERNEL32.dll | 770 | IsDebuggerPresent | |
KERNEL32.dll | 774 | IsProcessorFeaturePresent | |
KERNEL32.dll | 1230 | TerminateProcess | |
KERNEL32.dll | 1203 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 1250 | UnhandledExceptionFilter | |
KERNEL32.dll | 1062 | RtlVirtualUnwind | |
KERNEL32.dll | 1055 | RtlLookupFunctionEntry | |
KERNEL32.dll | 1048 | RtlCaptureContext | |
KERNEL32.dll | 1289 | WaitForSingleObjectEx | |
KERNEL32.dll | 952 | ReadConsoleInputA | |
KERNEL32.dll | 1099 | SetConsoleMode | |
KERNEL32.dll | 288 | ExitThread | |
KERNEL32.dll | 361 | FreeLibraryAndExitThread | |
KERNEL32.dll | 717 | GlobalUnlock | |
KERNEL32.dll | 710 | GlobalLock | |
KERNEL32.dll | 699 | GlobalAlloc | |
KERNEL32.dll | 1115 | SetCurrentDirectoryW | |
KERNEL32.dll | 168 | CreateProcessW | |
KERNEL32.dll | 898 | OpenProcess | |
KERNEL32.dll | 263 | EnumResourceNamesW | |
KERNEL32.dll | 497 | GetFileAttributesW | |
KERNEL32.dll | 514 | GetFullPathNameW | |
KERNEL32.dll | 634 | GetSystemInfo | |
KERNEL32.dll | 1275 | VirtualFree | |
KERNEL32.dll | 712 | GlobalMemoryStatusEx | |
KERNEL32.dll | 215 | DeleteFileW | |
KERNEL32.dll | 1135 | SetFileAttributesW | |
KERNEL32.dll | 453 | GetCurrentDirectoryW | |
KERNEL32.dll | 631 | GetSystemDirectoryW | |
KERNEL32.dll | 340 | FindResourceW | |
KERNEL32.dll | 291 | ExpandEnvironmentStringsW | |
KERNEL32.dll | 1215 | SizeofResource | |
KERNEL32.dll | 835 | LoadResource | |
KERNEL32.dll | 454 | GetCurrentProcess | |
KERNEL32.dll | 854 | LockResource | |
KERNEL32.dll | 1272 | VirtualAlloc | |
KERNEL32.dll | 210 | DeleteCriticalSection | |
KERNEL32.dll | 746 | InitializeCriticalSection | |
KERNEL32.dll | 640 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 82 | CloseHandle | |
KERNEL32.dll | 1216 | Sleep | |
KERNEL32.dll | 1288 | WaitForSingleObject | |
KERNEL32.dll | 827 | LeaveCriticalSection | |
KERNEL32.dll | 242 | EnterCriticalSection | |
KERNEL32.dll | 180 | CreateThread | |
KERNEL32.dll | 538 | GetModuleFileNameW | |
KERNEL32.dll | 397 | GetCommandLineW | |
KERNEL32.dll | 619 | GetStdHandle | |
KERNEL32.dll | 506 | GetFileType | |
KERNEL32.dll | 524 | GetLocaleInfoW | |
KERNEL32.dll | 842 | LocalFree | |
KERNEL32.dll | 838 | LocalAlloc | |
KERNEL32.dll | 698 | GlobalAddAtomW | |
KERNEL32.dll | 434 | GetConsoleMode | |
KERNEL32.dll | 542 | GetModuleHandleW | |
KERNEL32.dll | 833 | LoadLibraryW | |
KERNEL32.dll | 666 | GetTickCount | |
KERNEL32.dll | 872 | MulDiv | |
KERNEL32.dll | 520 | GetLastError | |
KERNEL32.dll | 588 | GetProcAddress | |
KERNEL32.dll | 360 | FreeLibrary | |
KERNEL32.dll | 684 | GetVersionExW | |
KERNEL32.dll | 832 | LoadLibraryExW | |
KERNEL32.dll | 1152 | SetLastError | |
KERNEL32.dll | 1235 | TlsAlloc | |
KERNEL32.dll | 1237 | TlsGetValue | |
KERNEL32.dll | 815 | LCMapStringW | |
KERNEL32.dll | 416 | GetConsoleCP | |
KERNEL32.dll | 624 | GetStringTypeW | |
KERNEL32.dll | 314 | FindFirstFileExW | |
KERNEL32.dll | 780 | IsValidCodePage | |
KERNEL32.dll | 574 | GetOEMCP | |
KERNEL32.dll | 376 | GetCPInfo | |
KERNEL32.dll | 396 | GetCommandLineA | |
KERNEL32.dll | 481 | GetEnvironmentStringsW | |
KERNEL32.dll | 359 | FreeEnvironmentStringsW | |
KERNEL32.dll | 1172 | SetStdHandle | |
KERNEL32.dll | 349 | FlushFileBuffers | |
KERNEL32.dll | 1331 | WriteConsoleW | |
KERNEL32.dll | 1141 | SetFilePointerEx | |
KERNEL32.dll | 961 | ReadConsoleW | |
KERNEL32.dll | 1238 | TlsSetValue | |
KERNEL32.dll | 1236 | TlsFree | |
KERNEL32.dll | 541 | GetModuleHandleExW | |
KERNEL32.dll | 402 | GetComputerNameA | |
KERNEL32.dll | 1060 | RtlUnwind | |
KERNEL32.dll | 366 | GetACP | |
USER32.dll | 404 | GetWindowDC | |
USER32.dll | 820 | WindowFromPoint | |
USER32.dll | 99 | CreateDialogParamW | |
USER32.dll | 486 | IsZoomed | |
USER32.dll | 484 | IsWindowVisible | |
USER32.dll | 217 | EndDeferWindowPos | |
USER32.dll | 157 | DeferWindowPos | |
USER32.dll | 13 | BeginDeferWindowPos | |
USER32.dll | 717 | SetWindowPlacement | |
USER32.dll | 415 | GetWindowPlacement | |
USER32.dll | 252 | FlashWindowEx | |
USER32.dll | 594 | RegisterClassW | |
USER32.dll | 571 | PostQuitMessage | |
USER32.dll | 175 | DispatchMessageW | |
USER32.dll | 772 | TranslateMessage | |
USER32.dll | 351 | GetMessageW | |
USER32.dll | 198 | DrawFrameControl | |
USER32.dll | 615 | RegisterWindowMessageW | |
USER32.dll | 400 | GetWindow | |
USER32.dll | 256 | GetActiveWindow | |
USER32.dll | 499 | LoadImageW | |
USER32.dll | 71 | ClientToScreen | |
USER32.dll | 213 | EmptyClipboard | |
USER32.dll | 652 | SetClipboardData | |
USER32.dll | 73 | CloseClipboard | |
USER32.dll | 554 | OpenClipboard | |
USER32.dll | 424 | GetWindowThreadProcessId | |
USER32.dll | 249 | FindWindowExW | |
USER32.dll | 250 | FindWindowW | |
USER32.dll | 665 | SetForegroundWindow | |
USER32.dll | 469 | IsIconic | |
USER32.dll | 814 | WaitForInputIdle | |
USER32.dll | 102 | CreateIconFromResourceEx | |
USER32.dll | 580 | PtInRect | |
USER32.dll | 353 | GetMonitorInfoW | |
USER32.dll | 540 | MonitorFromPoint | |
USER32.dll | 309 | GetIconInfo | |
USER32.dll | 200 | DrawIconEx | |
USER32.dll | 163 | DestroyIcon | |
USER32.dll | 497 | LoadIconW | |
USER32.dll | 649 | SetClassLongPtrW | |
USER32.dll | 287 | GetCursor | |
USER32.dll | 466 | IsDlgButtonChecked | |
USER32.dll | 62 | CheckDlgButton | |
USER32.dll | 166 | DestroyWindow | |
USER32.dll | 570 | PostMessageW | |
USER32.dll | 510 | LoadStringW | |
USER32.dll | 260 | GetAncestor | |
USER32.dll | 293 | GetDesktopWindow | |
USER32.dll | 716 | SetWindowLongW | |
USER32.dll | 216 | EnableWindow | |
USER32.dll | 172 | DialogBoxParamW | |
USER32.dll | 677 | SetMenuInfo | |
USER32.dll | 423 | GetWindowTextW | |
USER32.dll | 662 | SetDlgItemTextW | |
USER32.dll | 543 | MoveWindow | |
USER32.dll | 723 | SetWindowTextW | |
USER32.dll | 297 | GetDlgItem | |
USER32.dll | 218 | EndDialog | |
USER32.dll | 170 | DialogBoxIndirectParamW | |
USER32.dll | 375 | GetScrollInfo | |
USER32.dll | 676 | SetMenuDefaultItem | |
USER32.dll | 495 | LoadCursorW | |
USER32.dll | 358 | GetParent | |
USER32.dll | 273 | GetClassLongPtrW | |
USER32.dll | 715 | SetWindowLongPtrW | |
USER32.dll | 409 | GetWindowLongPtrW | |
USER32.dll | 553 | OffsetRect | |
USER32.dll | 449 | IntersectRect | |
USER32.dll | 441 | InflateRect | |
USER32.dll | 246 | FillRect | |
USER32.dll | 382 | GetSysColorBrush | |
USER32.dll | 381 | GetSysColor | |
USER32.dll | 525 | MapWindowPoints | |
USER32.dll | 290 | GetCursorPos | |
USER32.dll | 654 | SetCursor | |
USER32.dll | 537 | MessageBoxW | |
USER32.dll | 416 | GetWindowRect | |
USER32.dll | 278 | GetClientRect | |
USER32.dll | 365 | GetPropW | |
USER32.dll | 465 | IsDialogMessageW | |
USER32.dll | 84 | CopyImage | |
USER32.dll | 491 | LoadBitmapW | |
USER32.dll | 276 | GetClassNameW | |
USER32.dll | 223 | EnumChildWindows | |
USER32.dll | 243 | EqualRect | |
USER32.dll | 777 | UnionRect | |
USER32.dll | 625 | ScreenToClient | |
USER32.dll | 529 | MessageBeep | |
USER32.dll | 722 | SetWindowTextA | |
USER32.dll | 691 | SetPropW | |
USER32.dll | 629 | ScrollWindowEx | |
USER32.dll | 804 | ValidateRect | |
USER32.dll | 450 | InvalidateRect | |
USER32.dll | 394 | GetUpdateRgn | |
USER32.dll | 393 | GetUpdateRect | |
USER32.dll | 220 | EndPaint | |
USER32.dll | 14 | BeginPaint | |
USER32.dll | 766 | TrackPopupMenu | |
USER32.dll | 158 | DeleteMenu | |
USER32.dll | 446 | InsertMenuW | |
USER32.dll | 339 | GetMenuItemCount | |
USER32.dll | 380 | GetSubMenu | |
USER32.dll | 214 | EnableMenuItem | |
USER32.dll | 63 | CheckMenuItem | |
USER32.dll | 164 | DestroyMenu | |
USER32.dll | 107 | CreatePopupMenu | |
USER32.dll | 333 | GetMenu | |
USER32.dll | 507 | LoadMenuW | |
USER32.dll | 770 | TranslateAcceleratorW | |
USER32.dll | 489 | LoadAcceleratorsW | |
USER32.dll | 480 | IsWindowEnabled | |
USER32.dll | 487 | KillTimer | |
USER32.dll | 263 | GetAsyncKeyState | |
USER32.dll | 65 | CheckRadioButton | |
USER32.dll | 342 | GetMenuItemInfoW | |
USER32.dll | 410 | GetWindowLongW | |
USER32.dll | 643 | SetActiveWindow | |
USER32.dll | 617 | ReleaseDC | |
USER32.dll | 291 | GetDC | |
USER32.dll | 793 | UpdateWindow | |
USER32.dll | 208 | DrawTextW | |
USER32.dll | 384 | GetSystemMetrics | |
USER32.dll | 705 | SetTimer | |
USER32.dll | 616 | ReleaseCapture | |
USER32.dll | 644 | SetCapture | |
USER32.dll | 264 | GetCapture | |
USER32.dll | 319 | GetKeyState | |
USER32.dll | 302 | GetFocus | |
USER32.dll | 664 | SetFocus | |
USER32.dll | 718 | SetWindowPos | |
USER32.dll | 743 | ShowWindow | |
USER32.dll | 110 | CreateWindowExW | |
USER32.dll | 593 | RegisterClassExW | |
USER32.dll | 30 | CallWindowProcW | |
USER32.dll | 156 | DefWindowProcW | |
USER32.dll | 640 | SendMessageW | |
USER32.dll | 300 | GetDlgItemTextW | |
USER32.dll | 694 | SetScrollInfo | |
USER32.dll | 445 | InsertMenuItemW | |
USER32.dll | 298 | GetDlgItemInt | |
USER32.dll | 67 | ChildWindowFromPoint | |
USER32.dll | 660 | SetDlgItemInt | |
USER32.dll | 253 | FrameRect | |
GDI32.dll | 607 | Rectangle | |
GDI32.dll | 516 | GetPixel | |
GDI32.dll | 624 | SaveDC | |
GDI32.dll | 671 | SetROP2 | |
GDI32.dll | 423 | GetBitmapBits | |
GDI32.dll | 373 | GdiFlush | |
GDI32.dll | 667 | SetPixel | |
GDI32.dll | 65 | CreateFontW | |
GDI32.dll | 41 | CreateBitmap | |
GDI32.dll | 598 | Polygon | |
GDI32.dll | 617 | RestoreDC | |
GDI32.dll | 570 | MoveToEx | |
GDI32.dll | 509 | GetObjectW | |
GDI32.dll | 64 | CreateFontIndirectW | |
GDI32.dll | 242 | EndPage | |
GDI32.dll | 690 | StartPage | |
GDI32.dll | 239 | EndDoc | |
GDI32.dll | 688 | StartDocW | |
GDI32.dll | 660 | SetMapMode | |
GDI32.dll | 599 | Polyline | |
GDI32.dll | 550 | GetTextMetricsW | |
GDI32.dll | 678 | SetTextColor | |
GDI32.dll | 639 | SetBkMode | |
GDI32.dll | 638 | SetBkColor | |
GDI32.dll | 631 | SelectObject | |
GDI32.dll | 629 | SelectClipRgn | |
GDI32.dll | 605 | RectInRegion | |
GDI32.dll | 525 | GetStockObject | |
GDI32.dll | 459 | GetDeviceCaps | |
GDI32.dll | 426 | GetBkMode | |
GDI32.dll | 425 | GetBkColor | |
GDI32.dll | 230 | DeleteObject | |
GDI32.dll | 227 | DeleteDC | |
GDI32.dll | 84 | CreateSolidBrush | |
GDI32.dll | 80 | CreateRectRgnIndirect | |
GDI32.dll | 79 | CreateRectRgn | |
GDI32.dll | 75 | CreatePen | |
GDI32.dll | 48 | CreateCompatibleDC | |
GDI32.dll | 566 | LineTo | |
GDI32.dll | 19 | BitBlt | |
GDI32.dll | 47 | CreateCompatibleBitmap | |
COMDLG32.dll | 1 | ChooseColorW | |
COMDLG32.dll | 12 | GetOpenFileNameW | |
COMDLG32.dll | 14 | GetSaveFileNameW | |
COMDLG32.dll | 21 | PrintDlgW | |
COMDLG32.dll | 8 | FindTextW | |
COMDLG32.dll | 3 | ChooseFontW | |
ADVAPI32.dll | 621 | RegQueryValueExA | |
ADVAPI32.dll | 608 | RegOpenKeyExA | |
ADVAPI32.dll | 594 | RegEnumValueW | |
ADVAPI32.dll | 116 | ConvertStringSidToSidW | |
ADVAPI32.dll | 108 | ConvertSidToStringSidW | |
ADVAPI32.dll | 639 | RegSetValueW | |
ADVAPI32.dll | 592 | RegEnumKeyW | |
ADVAPI32.dll | 569 | RegCreateKeyExW | |
ADVAPI32.dll | 401 | LookupAccountSidW | |
ADVAPI32.dll | 483 | MapGenericMask | |
ADVAPI32.dll | 310 | GetLengthSid | |
ADVAPI32.dll | 288 | FreeSid | |
ADVAPI32.dll | 32 | AllocateAndInitializeSid | |
ADVAPI32.dll | 263 | EqualSid | |
ADVAPI32.dll | 346 | GetTokenInformation | |
ADVAPI32.dll | 584 | RegDeleteValueW | |
ADVAPI32.dll | 580 | RegDeleteKeyW | |
ADVAPI32.dll | 407 | LookupPrivilegeValueW | |
ADVAPI32.dll | 31 | AdjustTokenPrivileges | |
ADVAPI32.dll | 503 | OpenProcessToken | |
ADVAPI32.dll | 609 | RegOpenKeyExW | |
ADVAPI32.dll | 612 | RegOpenKeyW | |
ADVAPI32.dll | 572 | RegCreateKeyW | |
ADVAPI32.dll | 560 | RegCloseKey | |
ADVAPI32.dll | 638 | RegSetValueExW | |
ADVAPI32.dll | 622 | RegQueryValueExW | |
SHELL32.dll | 127 | SHChangeNotify | |
SHELL32.dll | 189 | SHGetFileInfoW | |
SHELL32.dll | 215 | SHGetPathFromIDListW | |
SHELL32.dll | 6 | CommandLineToArgvW | |
SHELL32.dll | 31 | DragQueryFileW | |
SHELL32.dll | 289 | ShellExecuteExW | |
SHELL32.dll | 123 | SHBrowseForFolderW | |
SHELL32.dll | 223 | SHGetSpecialFolderLocation | |
SHELL32.dll | 207 | SHGetMalloc | |
ole32.dll | 66 | CoInitialize | |
ole32.dll | 103 | CoSetProxyBlanket | |
ole32.dll | 20 | CoCreateInstance | |
ole32.dll | 125 | CreateBindCtx | |
ole32.dll | 358 | OleInitialize | |
ole32.dll | 395 | RegisterDragDrop | |
ole32.dll | 396 | ReleaseStgMedium | |
OLEAUT32.dll | 4 | ||
OLEAUT32.dll | 185 | ||
OLEAUT32.dll | 150 | ||
OLEAUT32.dll | 12 | ||
OLEAUT32.dll | 10 | ||
OLEAUT32.dll | 9 | ||
OLEAUT32.dll | 8 | ||
OLEAUT32.dll | 25 | ||
OLEAUT32.dll | 24 | ||
OLEAUT32.dll | 23 | ||
OLEAUT32.dll | 20 | ||
OLEAUT32.dll | 19 | ||
OLEAUT32.dll | 16 | ||
OLEAUT32.dll | 7 | ||
OLEAUT32.dll | 6 | ||
OLEAUT32.dll | 2 | ||
SHLWAPI.dll | 164 | SHAutoComplete |
StringTable 040904b0
CompanyName | Sysinternals - www.sysinternals.com |
FileDescription | Process Monitor |
FileVersion | 3.61 |
InternalName | Process Monitor |
LegalCopyright | Copyright © 1996-2021 Mark Russinovich |
OriginalFilename | Process Monitor |
ProductName | Sysinternals Procmon |
ProductVersion | 3.61 |
VS_FIXEDFILEINFO
FileVersion | 3.61.0.0 |
ProductVersion | 3.61.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2011
serial: 3300000188AF52D6B9926DE8F9000000000188
Certificates (2)
Certificate: Data: Version: 3 (0x2) Serial Number: 33:00:00:01:88:af:52:d6:b9:92:6d:e8:f9:00:00:00:00:01:88 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 Validity Not Before: Mar 4 18:39:48 2020 GMT Not After : Mar 3 18:39:48 2021 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:92:08:da:f2:13:e0:9e:c3:2d:a6:e2:df:da:ef: 8c:19:ec:2f:58:4f:0b:f5:3f:20:b8:06:f3:3f:91: 25:8f:36:cf:27:d1:14:de:f8:5b:d8:7d:4f:84:f6: e7:f4:b7:b9:d8:94:0c:c7:8c:af:a9:96:27:f6:06: 10:fe:36:07:61:21:44:3c:b1:5c:16:3b:7f:6d:8e: f4:11:1e:33:f6:ff:fb:d2:bc:87:e6:9a:44:68:30: bd:48:86:78:ec:f6:44:22:65:0c:d8:44:36:18:46: 9f:71:49:06:26:47:04:23:93:98:65:f3:f5:3b:46: 03:a2:40:38:ad:54:76:94:ec:14:f5:30:8f:76:95: f6:51:b8:82:03:0d:80:5d:bd:7b:5b:72:56:09:31: 53:b0:a9:9b:6f:d0:ef:73:40:2a:de:b7:a4:7e:7d: 14:86:68:33:5f:10:4a:5c:20:b2:fe:0f:b4:55:dc: ce:2e:68:91:38:4d:ae:8a:00:e7:6f:57:e3:15:68: 9a:75:61:71:53:64:f2:ad:a6:31:ce:e9:df:69:1d: 03:d9:88:6e:cd:74:2e:90:6e:74:46:9a:c6:b8:f2: e3:50:ad:be:80:7e:62:ca:0c:8d:4b:a7:7d:56:32: 88:13:69:7e:6d:65:ff:82:65:3f:4f:4a:eb:e3:38: 22:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: 1.3.6.1.4.1.311.76.8.1, Code Signing X509v3 Subject Key Identifier: 8F:D4:49:2F:DC:CD:AC:F7:0B:D7:44:59:74:C4:08:5D:93:7B:30:6F X509v3 Subject Alternative Name: DirName:/OU=Microsoft Ireland Operations Limited/serialNumber=230012+458386 X509v3 Authority Key Identifier: keyid:48:6E:64:E5:50:05:D3:82:AA:17:37:37:22:B5:6D:A8:CA:75:02:95 X509v3 CRL Distribution Points: Full Name: URI:http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption 29:d7:a3:c8:63:a7:b1:5e:4f:e1:fa:89:09:55:dc:27:06:9e: 44:9b:16:f2:29:29:86:9f:83:36:02:16:8d:d4:1d:8d:55:1d: 82:55:6f:98:c7:10:ef:28:1b:6e:90:a8:11:0b:99:a9:3a:31: 32:3e:ad:ad:d6:28:c4:c6:84:4d:6c:10:89:68:c1:37:29:e0: 80:2c:f1:ae:70:a4:28:7a:55:fe:19:fd:b0:2d:22:9a:4f:de: 9d:e0:5e:4d:97:f1:45:d3:73:e5:b1:8d:06:2c:0e:41:62:4b: 3a:3f:38:16:b9:86:47:56:d6:0e:04:a4:ee:37:97:d9:a3:4e: 80:5d:a8:43:ed:21:7b:19:ec:78:b5:ff:ac:b8:80:ad:0f:98: c8:b0:1b:c2:cc:a5:29:f4:9f:fa:12:1c:68:eb:50:d0:60:1c: 93:f1:82:ce:b7:4a:57:f9:f1:01:81:ce:7b:97:89:16:97:99: f4:d4:0d:da:ef:85:1a:1c:77:12:0c:8b:c9:d7:43:05:80:08: c8:90:cc:94:91:cc:13:f9:4b:6c:14:ab:b9:cc:02:a8:da:4d: b7:97:84:9a:83:d9:21:55:1d:d5:18:94:aa:ee:be:d3:d2:c1: b9:ea:49:15:93:18:8f:2c:e0:51:17:b7:e4:cb:df:0e:49:9f: 05:59:99:99:14:16:88:a8:40:33:0c:8c:5c:9a:2a:ea:dd:27: aa:67:cd:ba:f5:87:a4:16:d1:1f:7b:7d:67:3c:c4:42:33:2c: 83:a2:53:6a:e3:c1:60:2d:95:0a:85:3b:c2:8d:8b:29:23:60: 6c:84:7f:92:f2:00:92:80:3b:ea:c9:77:d7:ec:61:1f:95:05: ab:88:11:0a:18:9a:39:d4:6d:35:cc:49:8d:8b:7f:92:8c:96: e5:a5:0c:e1:95:87:ca:ba:5e:39:81:71:ca:5a:4f:ef:2d:09: fc:69:69:56:0f:8b:59:dc:9f:04:f0:68:f4:2f:56:af:11:8d: 60:d1:07:b3:da:f2:bb:87:82:3d:87:24:58:ba:f7:e8:5c:ab: b9:96:c7:99:d3:52:dc:f3:15:ae:d1:49:97:c4:e5:ad:5a:e4: 0b:81:98:63:51:af:b7:fc:70:d7:da:d3:5f:ad:89:68:d5:2a: 4d:5a:fa:02:54:05:23:f4:b0:8c:5e:70:56:d5:49:74:d9:ed: ba:9e:6a:5e:39:5d:20:c8:8a:c6:41:91:66:fe:f3:74:db:5d: d4:c6:30:34:94:14:a4:c0:76:d0:be:af:7e:46:7e:c3:7c:41: 5c:b9:f4:76:f9:65:8c:c0:5d:cc:e1:81:19:a4:ec:dc:84:ea: 30:f4:62:6e:53:2a:25:b9
Certificate: Data: Version: 3 (0x2) Serial Number: 61:0e:90:d2:00:00:00:00:00:03 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 Validity Not Before: Jul 8 20:59:09 2011 GMT Not After : Jul 8 21:09:09 2026 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (4096 bit) Modulus: 00:ab:f0:fa:72:10:1c:2e:ad:d8:6e:aa:82:10:4d: 34:ba:f2:b6:58:21:9f:42:1b:2a:6b:e9:5a:50:aa: b8:06:38:1a:04:49:ba:7f:c3:0c:1e:dd:37:6b:c6: 12:d8:0b:f0:38:c2:99:06:b0:c8:39:d5:01:14:31: 42:d3:89:0d:79:64:87:7e:94:60:24:6c:af:9e:49: 9c:e9:68:5e:d2:df:9b:53:b2:0a:2c:c3:af:d9:a9: 2b:ae:7a:09:af:d7:96:59:ca:60:1a:05:e9:66:76: e8:32:52:26:12:2f:e7:ab:08:50:cf:b3:44:b7:5d: d8:c4:2e:03:75:ab:68:f3:cb:6d:f3:3a:5c:a1:16: f4:46:ba:e0:38:64:ac:6e:64:35:78:a6:a0:63:0f: 2d:d3:40:93:f8:e3:de:07:0d:d5:5c:79:a5:49:29: e7:0d:be:a0:13:77:be:94:3d:ef:fb:e3:2b:5a:10: 1f:4d:56:28:a2:7a:72:e0:12:3a:b7:49:5e:d8:ed: ed:43:91:83:d9:7b:b2:7b:86:1b:d9:3e:b1:8c:5d: e8:89:4f:84:1a:f2:a1:2f:59:e4:90:3b:2d:ae:33: 58:c5:b7:3e:fe:32:d3:b3:03:3d:b1:b2:af:92:38: 7e:d2:9d:80:2c:f5:4e:56:91:21:35:25:c3:39:6e: 64:7f:53:ba:9c:0f:ad:19:23:84:cb:f4:ba:03:86: 8d:f7:5f:f0:d0:52:bf:8c:94:87:bc:c0:21:74:25: 5f:18:28:b6:cc:27:28:38:25:98:39:4a:36:cf:7c: b1:92:ae:1c:23:a7:a9:66:ec:61:1f:6a:e1:28:49: 9d:5f:88:e2:25:5d:d3:21:4b:3e:52:c4:b5:57:3f: 24:03:f0:d1:7a:5b:2f:d5:23:e3:70:5d:0f:51:46: 77:b3:f8:00:e1:bc:ac:02:82:5f:db:c0:15:b3:bd: 1b:d4:55:4b:e7:39:a1:0f:e9:23:49:bc:18:b8:44: 7c:45:e4:c1:c3:72:7a:e0:72:e7:24:df:bf:46:99: c5:ef:c2:1c:57:db:83:8d:ec:4d:49:30:a7:ab:8e: df:ec:5b:9f:af:fc:dd:b0:66:e2:c1:97:81:7b:ed: d6:ed:4b:e7:49:29:a7:13:28:a6:a7:7d:67:80:e6: 8a:62:78:5f:b2:2f:84:d7:57:9c:5c:bf:77:28:28: f1:ed:6d:c3:28:8f:2c:8f:40:37:4f:c1:e1:85:44: 89:c4:09:4c:c5:d4:a5:43:2f:74:95:f7:6e:f8:78: 20:58:2c:13:5d:60:95:9a:3e:4f:33:84:da:b0:88: 17:de:9e:4e:f4:96:b0:bc:46:a0:6c:98:d2:e0:d6: 88:8c:0b Exponent: 65537 (0x10001) X509v3 extensions: 1.3.6.1.4.1.311.21.1: ... X509v3 Subject Key Identifier: 48:6E:64:E5:50:05:D3:82:AA:17:37:37:22:B5:6D:A8:CA:75:02:95 1.3.6.1.4.1.311.20.2: . .S.u.b.C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: keyid:72:2D:3A:02:31:90:43:B9:14:05:4E:E1:EA:A7:C7:31:D1:23:89:34 X509v3 CRL Distribution Points: Full Name: URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.311.46.3 CPS: http://www.microsoft.com/pkiops/docs/primarycps.htm User Notice: Explicit Text: Signature Algorithm: sha256WithRSAEncryption 67:f2:86:a5:98:e0:54:79:1a:2e:d3:d8:74:67:22:9b:0b:96: 11:e1:63:92:99:42:96:7d:d2:79:0c:90:c1:65:5f:2e:2c:3e: f8:c3:72:d1:6d:83:fe:be:3f:e8:0a:ca:3b:bf:47:a9:a3:f3: 69:db:63:bf:22:35:a5:97:5d:65:84:90:7d:8b:46:50:55:d8: 0c:92:7c:d2:1a:4b:1c:f3:3c:42:8b:52:d0:b0:fd:6b:e3:3e: 07:2e:29:9b:e6:3d:1b:a5:d4:b5:1d:77:94:39:e2:e9:64:c9: 44:3d:78:7a:23:f3:13:7d:a6:90:74:83:8d:f4:cb:26:02:46: 2a:c2:8a:10:bb:a4:a9:05:0c:9b:ed:68:fa:68:2e:95:a0:2a: 3f:2a:6b:58:49:63:1f:09:69:6e:5a:98:96:e4:83:f4:c0:8f: f3:46:2b:de:fc:3b:d0:bd:35:ef:6e:25:ae:e5:af:27:ed:d0: dd:f3:0e:af:99:28:97:98:4d:0e:3d:0b:f2:08:89:d6:1f:c3: 32:18:e2:f0:c5:2d:ce:5b:9e:b4:49:39:0a:c6:0a:c2:c6:ad: ae:e5:b2:d9:db:15:88:51:45:58:38:32:71:27:1a:7f:b1:f4: 27:f8:de:2c:3a:20:69:98:b2:59:89:68:6e:6f:a7:b7:74:c3: 40:05:06:a6:01:2a:28:3e:82:3f:13:4d:66:0b:c0:b3:4d:f5: e1:8f:7f:1c:6f:15:7d:45:a7:76:e5:40:2a:65:a3:c3:5d:52: 62:86:c3:1d:63:36:97:86:df:da:f3:f8:f2:16:a1:9a:27:e1: cd:a5:97:d0:ee:5d:63:41:e3:5b:07:9c:87:3e:06:77:06:d1: 06:b1:75:1f:14:be:61:61:b5:f0:dc:c6:1b:04:be:df:41:c7: 0e:28:ee:de:65:2f:ec:97:f6:a1:5c:96:d8:00:d6:a1:46:bd: 59:f3:97:a5:09:4b:48:10:99:80:1f:d0:00:29:c5:b1:9b:a5: 3f:45:77:1e:35:c6:d2:a2:a2:9f:7a:7a:22:fa:48:95:1f:ab: fb:47:23:80:f5:9e:f8:bf:6b:b7:4b:97:e2:eb:75:78:1a:ec: ea:37:99:79:18:4b:ff:d6:b3:23:68:75:e6:af:fa:fc:8b:eb: 0b:80:ea:69:3b:af:fc:30:ed:04:4c:8e:df:df:75:6d:63:91: 3d:d1:9d:56:4e:4f:bf:80:57:22:a1:78:11:32:21:7a:ef:41: 0a:b1:3f:fb:a8:cc:a4:5d:c1:a1:88:9b:57:71:56:4e:48:45: c0:42:c9:9b:76:5b:0a:80:48:6b:fd:79:9f:c1:bd:6d:6d:6a: c9:52:73:13:0d:7a:50:cd
undefined method `first' for #
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0xf5998