Manalyze report for 1bceb3184758bf29e500cfc76491cc4e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Feb-15 17:38:01
Detected languages	English - United States
Debug artifacts	G:\build\windows\lumiere-release\bin\Assist.pdb
FileDescription	RG Supervision Agent
InternalName	rgsupv
LegalCopyright	RG Supervision by RG System
OriginalFilename	RG_Supervision.exe
ProductName	RG Supervision

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig2(h)` `Microsoft Visual Basic v5.0 - v6.0` `MASM/TASM - sig1(h)`
Suspicious	PEiD Signature:	`HQR data file` `Crunch 4`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to security software: nUI.exe` `Looks for Qemu presence: QEmu` `May have dropper capabilities: CurrentControlSet\Services CurrentControlSet\services CurrentVersion\Run` `Accesses the WMI: root\cimv2` Contains domain names: .aichi.jp .akita.jp .aomori.jp .chiba.jp .ehime.jp .fukui.jp .fukuoka.jp .fukushima.jp .gifu.jp .gunma.jp .hiroshima.jp .hokkaido.jp .hyogo.jp .ibaraki.jp .ishikawa.jp .iwate.jp .kagawa.jp .kagoshima.jp .kanagawa.jp .kawasaki.jp .kitakyushu.jp .kobe.jp .kochi.jp .kumamoto.jp .kyoto.jp .miyagi.jp .miyazaki.jp .nagano.jp .nagasaki.jp .nagoya.jp .nara.jp .niigata.jp .oita.jp .okayama.jp .okinawa.jp .osaka.jp .saga.jp .saitama.jp .sapporo.jp .sendai.jp .shiga.jp .shimane.jp .shizuoka.jp .tochigi.jp .tokushima.jp .tokyo.jp .tottori.jp .toyama.jp .wakayama.jp .yamagata.jp .yamaguchi.jp .yamanashi.jp .yokohama.jp act.edu.au act.gov.au adige.it adygeya.ru aeroport.fr agrigento.it aichi.jp akita.jp alessandria.it altai.ru alto-adige.it altoadige.it amursk.ru ancona.it andria-barletta-trani.it andria-barletta.it andria-trani-barletta.it andria.it andriabarlettatrani.it andriatranibarletta.it aomori.jp aosta.it aoste.it api.rg-supervision.com appspot.com aquila.it arezzo.it arkhangelsk.ru ascoli-piceno.it ascolipiceno.it assedic.fr astrakhan.ru avellino.it avocat.fr avoues.fr baikal.ru balsan.it barletta-andria.it barletta-trani-andria.it barletta-trani.it barletta.it barlettatraniandria.it bashkiria.ru belgorod.ru belluno.it benevento.it bergamo.it biella.it bologna.it bolzano.it bozen.it brand.se brescia.it brianza.it brindisi.it british-library.uk bryansk.ru buryatia.ru cagliari.it calabria.it caltanissetta.it campidano-medio.it campidano.it campidanomedio.it campobasso.it carbonia-iglesias.it carbonia.it carboniaiglesias.it carrara-massa.it carrara.it carraramassa.it caserta.it catania.it catanzaro.it cc.ak.us cc.al.us cc.ar.us cc.as.us cc.az.us cc.ca.us cc.co.us cc.ct.us cc.dc.us cc.de.us cc.fl.us cc.ga.us cc.gu.us cc.hi.us cc.ia.us cc.id.us cc.il.us cc.in.us cc.ks.us cc.ky.us cc.la.us cc.ma.us cc.md.us cc.me.us cc.mi.us cc.mn.us cc.mo.us cc.ms.us cc.mt.us cc.nc.us cc.nd.us cc.ne.us cc.nh.us cc.nj.us cc.nm.us cc.nv.us cc.ny.us cc.oh.us cc.ok.us cc.or.us cc.pa.us cc.pr.us cc.ri.us cc.sc.us cc.sd.us cc.tn.us cc.tx.us cc.ut.us cc.va.us cc.vi.us cc.vt.us cc.wa.us cc.wi.us cc.wv.us cc.wy.us cesena-forli.it cesena.it cesenaforli.it chambagri.fr chelyabinsk.ru chiba.jp chieti.it chirurgiens-dentistes.fr chita.ru chtr.k12.ma.us chukotka.ru chuvashia.ru city.chiba.jp city.fukuoka.jp city.hiroshima.jp city.kawasaki.jp city.kitakyushu.jp city.kobe.jp city.kyoto.jp city.nagoya.jp city.niigata.jp city.okayama.jp city.osaka.jp city.saitama.jp city.sapporo.jp city.sendai.jp city.shizuoka.jp city.yokohama.jp comptables.fr cosenza.it cremona.it crotone.it cuneo.it dagestan.ru dashboard.rg-supervision.com dell-ogliastra.it della-brianza.it dellogliastra.it dentistes.fr dudinka.ru e-burg.ru e-della-brianza.it ehime.jp emilia.it expert.fr experts-comptables.fr fareast.ru fermo.it ferrara.it firenze.it florence.it foggia.it forli-cesena.it forli.it forlicesena.it frosinone.it fukui.jp fukuoka.jp fukushima.jp genoa.it genova.it geometre-expert.fr gorizia.it greta.fr grosseto.it grozny.ru gunma.jp hiroshima.jp hokkaido.jp http://qt.nokia.com http://qt.nokia.com/ http://qt.nokia.com/products/licensing http://schemas.xmlsoap.org http://schemas.xmlsoap.org/soap/encoding/ http://schemas.xmlsoap.org/soap/envelope/ http://www.openssl.org http://www.openssl.org/support/faq.html http://www.rgsystem.com http://www.w3.org http://www.w3.org/1999/XMLSchema http://www.w3.org/1999/XMLSchema-instance http://www.w3.org/1999/XSL/Transform http://www.w3.org/1999/xhtml/' http://www.w3.org/1999/xlink http://www.w3.org/2000/xmlns/ http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2003/05/soap-encoding http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2005/08/addressing http://www.w3.org/2005/08/addressing/anonymous http://www.w3.org/2005/08/addressing/none http://www.w3.org/2005/08/addressing/reply http://www.w3.org/2005/08/addressing/unspecified http://www.w3.org/2005/xpath-functions http://www.w3.org/2005/xpath-functions/collation/codepoint http://www.w3.org/2005/xqt-errors http://www.w3.org/2005/xquery-local-functions http://www.w3.org/TR/REC-html40/strict.dtd http://www.w3.org/XML/1998/namespace https://api.rg-supervision.com https://api.rg-supervision.com/api https://assist.rg.gg https://dashboard.rg-supervision.com https://dashboard.rg-supervision.com/support/%1/%2?localUser https://dashboard.rg-supervision.com/supv1-reports.dtd' huissier-justice.fr hyogo.jp ibaraki.jp icnet.uk iglesias-carbonia.it iglesias.it iglesiascarbonia.it imperia.it inkscape.org irkutsk.ru isernia.it ishikawa.jp ivanovo.ru iwate.jp izhevsk.ru jamal.ru joshkar-ola.ru justice.fr k-uralsk.ru k12.ak.us k12.al.us k12.ar.us k12.as.us k12.az.us k12.ca.us k12.co.us k12.ct.us k12.dc.us k12.de.us k12.fl.us k12.ga.us k12.gu.us k12.hi.us k12.ia.us k12.id.us k12.il.us k12.in.us k12.ks.us k12.ky.us k12.la.us k12.ma.us k12.md.us k12.me.us k12.mi.us k12.mn.us k12.mo.us k12.ms.us k12.mt.us k12.nc.us k12.nd.us k12.ne.us k12.nh.us k12.nj.us k12.nm.us k12.nv.us k12.ny.us k12.oh.us k12.ok.us k12.or.us k12.pa.us k12.pr.us k12.ri.us k12.sc.us k12.sd.us k12.tn.us k12.tx.us k12.ut.us k12.va.us k12.vi.us k12.vt.us k12.wa.us k12.wi.us k12.wv.us k12.wy.us kagawa.jp kagoshima.jp kalmykia.ru kaluga.ru kamchatka.ru kanagawa.jp karelia.ru kawasaki.jp kazan.ru kemerovo.ru khabarovsk.ru khakassia.ru kirov.ru kitakyushu.jp kochi.jp koenig.ru komforb.se kommunalforbund.se komvux.se kostroma.ru krasnoyarsk.ru kuban.ru kumamoto.jp kurgan.ru kursk.ru kustanai.ru kuzbass.ru kyoto.jp la-spezia.it lanbib.se laquila.it laspezia.it latina.it lecce.it lecco.it lib.ak.us lib.al.us lib.ar.us lib.as.us lib.az.us lib.ca.us lib.co.us lib.ct.us lib.dc.us lib.de.us lib.fl.us lib.ga.us lib.gu.us lib.hi.us lib.ia.us lib.id.us lib.il.us lib.in.us lib.ks.us lib.ky.us lib.la.us lib.ma.us lib.md.us lib.me.us lib.mi.us lib.mn.us lib.mo.us lib.ms.us lib.mt.us lib.nc.us lib.nd.us lib.ne.us lib.nh.us lib.nj.us lib.nm.us lib.nv.us lib.ny.us lib.oh.us lib.ok.us lib.or.us lib.pa.us lib.pr.us lib.ri.us lib.sc.us lib.sd.us lib.tn.us lib.tx.us lib.ut.us lib.va.us lib.vi.us lib.vt.us lib.wa.us lib.wi.us lib.wv.us lib.wy.us library-scotland.uk library.uk lipetsk.ru lisa.rg-supervision.com livorno.it lucca.it macerata.it magadan.ru magnitka.ru mantova.it mari-el.ru marine.ru massa-carrara.it massa.it massacarrara.it matera.it medecin.fr medio-campidano.it medio.it mediocampidano.it messina.it metro.tokyo.jp milan.it milano.it miyagi.jp miyazaki.jp modena.it monza-brianza.it monza-e-della-brianza.it monza.it monzabrianza.it monzaebrianza.it monzaedellabrianza.it mordovia.ru mosreg.ru murmansk.ru mytis.ru nagano.jp nagasaki.jp nagoya.jp nakhodka.ru nalchik.ru naples.it napoli.it national-library-scotland.uk naturbruksgymn.se niigata.jp nokia.com norilsk.ru notaires.fr novara.it novosibirsk.ru nsw.edu.au nt.edu.au nt.gov.au nuoro.it ogliastra.it okayama.jp okinawa.jp olbia-tempio.it olbia.it olbiatempio.it openssl.org operaunite.com orenburg.ru oristano.it oryol.ru osaka.jp oskol.ru padova.it padua.it palana.ru palermo.it parliament.uk parma.it paroch.k12.ma.us parti.se pavia.it penza.ru perugia.it pesaro-urbino.it pesaro.it pesarourbino.it pescara.it pharmacien.fr piacenza.it piceno.it pistoia.it pordenone.it potenza.it prato.it pref.aichi.jp pref.akita.jp pref.aomori.jp pref.chiba.jp pref.ehime.jp pref.fukui.jp pref.fukuoka.jp pref.fukushima.jp pref.gifu.jp pref.gunma.jp pref.hiroshima.jp pref.hokkaido.jp pref.hyogo.jp pref.ibaraki.jp pref.ishikawa.jp pref.iwate.jp pref.kagawa.jp pref.kagoshima.jp pref.kanagawa.jp pref.kochi.jp pref.kumamoto.jp pref.kyoto.jp pref.mie.jp pref.miyagi.jp pref.miyazaki.jp pref.nagano.jp pref.nagasaki.jp pref.nara.jp pref.niigata.jp pref.oita.jp pref.okayama.jp pref.okinawa.jp pref.osaka.jp pref.saga.jp pref.saitama.jp pref.shiga.jp pref.shimane.jp pref.shizuoka.jp pref.tochigi.jp pref.tokushima.jp pref.tottori.jp pref.toyama.jp pref.wakayama.jp pref.yamagata.jp pref.yamaguchi.jp pref.yamanashi.jp press.se presse.fr pskov.ru pvt.k12.ma.us pyatigorsk.ru qld.edu.au qld.gov.au qt.nokia.com ragusa.it ravenna.it reggio-calabria.it reggio-emilia.it reggiocalabria.it reggioemilia.it rg-supervision.com rgsystem.com rieti.it rimini.it rovigo.it rubtsovsk.ru ryazan.ru sa.edu.au sa.gov.au saitama.jp sakhalin.ru sakhalinsk.ru salerno.it samara.ru sapporo.jp saratov.ru sassari.it savona.it schemas.xmlsoap.org scotland.uk sendai.jp shiga.jp shimane.jp shizuoka.jp siena.it simbirsk.ru siracusa.it smolensk.ru sondrio.it spezia.it starostwo.gov stavropol.ru suedtirol.it supervision.com surgut.ru syzran.ru tambov.ru taranto.it tas.edu.au tas.gov.au tatarstan.ru tempio-olbia.it tempio.it tempioolbia.it teramo.it terni.it tochigi.jp tokushima.jp tokyo.jp tomsk.ru torino.it tottori.jp toyama.jp trani-andria-barletta.it trani-andria.it trani-barletta-andria.it trani-barletta.it trani.it traniandriabarletta.it tranibarlettaandria.it trapani.it trentino.it trento.it treviso.it trieste.it trolltech.com tsaritsyn.ru turin.it tyumen.ru udine.it udmurtia.ru ulan-ude.ru uralsk.ru urbino-pesaro.it urbino.it urbinopesaro.it valentia.it varese.it vdonsk.ru venezia.it venice.it verbania.it vercelli.it verona.it veterinaire.fr vibo-valentia.it vibovalentia.it vic.edu.au vic.gov.au vicenza.it viterbo.it vladikavkaz.ru vladimir.ru vladivostok.ru volgograd.ru vologda.ru voronezh.ru vyatka.ru wa.edu.au wa.gov.au wakayama.jp www.inkscape.org www.openssl.org www.rgsystem.com www.w3.org xmlsoap.org yakutia.ru yamagata.jp yamaguchi.jp yamal.ru yamanashi.jp yaroslavl.ru yekaterinburg.ru yokohama.jp yuzhno-sakhalinsk.ru zgrad.ru
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Uses constants related to Blowfish` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryW LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExW RegCreateKeyExW RegFlushKey RegEnumKeyExW RegEnumValueW RegQueryValueExA RegQueryInfoKeyW RegDeleteKeyW RegOpenKeyExW RegDeleteValueW RegSetValueExW RegGetValueW` `Possibly launches other programs: CreateProcessWithTokenW CreateProcessAsUserW ShellExecuteW CreateProcessW` `Uses Windows's Native API: ntohl ntohs` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptDecrypt CryptCreateHash CryptSetHashParam CryptSignHashA CryptDestroyHash CryptDestroyKey` `Can create temporary files: CreateFileA CreateFileW GetTempPathA GetTempPathW` `Uses functions commonly found in keyloggers: CallNextHookEx GetAsyncKeyState MapVirtualKeyW` `Leverages the raw socket API to access the Internet: WSARecvFrom WSAIoctl WSASend WSASendTo WSAConnect WSANtohs WSASocketW WSAAccept WSANtohl WSARecv WSAHtonl WSAHtons` `Functions related to the privilege level: DuplicateTokenEx OpenProcessToken` `Enumerates local disk drives: GetVolumeInformationW` `Manipulates other processes: OpenProcess Process32NextW Process32FirstW` `Can take screenshots: GetDC CreateCompatibleDC BitBlt` `Can shut the system down or lock the screen: LockWorkStation`
Info	The PE is digitally signed.	`Signer: RG Syst\xC3\xA8mes SAS` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/49 (Scanned on 2023-05-13 05:04:33)	`All the AVs think this file is safe.`

Hashes

MD5	`1bceb3184758bf29e500cfc76491cc4e`
SHA1	`71039e8011506a80e347f10b962b46af3d135d4d`
SHA256	`ff59210e93e3c06faa8f00674a19b61b406d6b5badc12d1e48eb1301f593bcbc`
SHA3	`b921edaef8e224257ef74044dccb7d35a7f6ca177f977d2d8407c780c7e1b295`
SSDeep	`196608:cDk1J56qVF1ive1YVdytZCAx1gtJsv6tWKFdu9CRofr:cIAqbwvwZ/EtJsv6tWKFdu9CRoD`
Imports Hash	`7a6af32f2441ad77068a1112057d8629`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2023-Feb-15 17:38:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x9bb000`
SizeOfInitializedData	`0x403a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0090DF66 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9bc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xdeb000`
SizeOfHeaders	`0x400`
Checksum	`0xdca260`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e6f2a22d9cdc93b9597315f7bd40300d`
SHA1	`3c778d586a17116ec90b834ce196d319a9b3d2fe`
SHA256	`fdf80c7072713f821cff92fa64368776bd2115e9a5a8b5b55b974847c26e0fa2`
SHA3	`28958e49f021a6c96704bc41de56cf322b859d217298e63b02b09ef6a8be0bba`
VirtualSize	`0x9bafbc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9bb000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52437`

.rdata

MD5	`d3973eb1c7863a74dd58cbd91a754725`
SHA1	`abd0fe58193226887f8cf67968e7e79dde354f2e`
SHA256	`9fd0a3b0155097e20a9af131501def38e4c39bd3ced3769a4e9517dd67a05e14`
SHA3	`89acb0a023f06fdb4040fb2507b1503873b7da870587d37cd67a7bafd648d98d`
VirtualSize	`0x3831f8`
VirtualAddress	`0x9bc000`
SizeOfRawData	`0x383200`
PointerToRawData	`0x9bb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.48617`

.data

MD5	`a137c97e327cab46d87b9d7547dca4cb`
SHA1	`4f430fd83727c2d0fe33d73834b07cb650bf1f42`
SHA256	`619d655067b779af929ff69806fb7b38b1b4ff0329970e6ba645746e6ded91e4`
SHA3	`99069cde9153e8c203a0d2e03bc39ed9f5573ef79b10f42732f5551e0c09a62d`
VirtualSize	`0x4dee4`
VirtualAddress	`0xd40000`
SizeOfRawData	`0x25400`
PointerToRawData	`0xd3e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.4885`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x11`
VirtualAddress	`0xd8e000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd63a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`e5d567f420c18bbef565cfa927d6d8e2`
SHA1	`3af4d21f5d7305f5748ea2b83ce6d05ff0684c3f`
SHA256	`10eabcae7f3f52e1c3298a8c7978d1c0af310d2ffef636625ffc785cabbeeb90`
SHA3	`c50895d4b0beada51666f4034ab30905659cfc1418bd123b0373093762af5a03`
VirtualSize	`0x5b070`
VirtualAddress	`0xd8f000`
SizeOfRawData	`0x5b200`
PointerToRawData	`0xd63c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.98379`

Imports

WSOCK32.dll	`WSAAsyncSelect` `__WSAFDIsSet` `getpeername` `shutdown` `recv` `getsockopt` `inet_ntoa` `WSASetLastError` `send` `accept` `ntohl` `ioctlsocket` `closesocket` `getsockname` `connect` `htons` `socket` `gethostbyname` `gethostname` `WSAStartup` `WSACleanup` `gethostbyaddr` `setsockopt` `select` `listen` `bind` `ntohs` `htonl` `recvfrom` `sendto` `WSAGetLastError` `inet_addr`
USER32.dll	`EnumWindows` `GetProcessWindowStation` `MessageBoxA` `GetKeyState` `SendMessageW` `GetClientRect` `FindWindowExW` `PostThreadMessageW` `GetUserObjectInformationW` `GetThreadDesktop` `CloseDesktop` `OpenInputDesktop` `LockWorkStation` `SendInput` `LoadImageW` `SetCursorPos` `GetCursorPos` `GetCursorInfo` `SetWindowLongW` `GetWindowLongW` `BlockInput` `GetDC` `GetMonitorInfoW` `EnumDisplayMonitors` `IsChild` `SetFocus` `GetFocus` `GetActiveWindow` `ReleaseDC` `CallNextHookEx` `DestroyIcon` `UnhookWindowsHookEx` `ReleaseCapture` `SetForegroundWindow` `SetWindowPos` `UpdateWindow` `ScrollWindowEx` `AdjustWindowRectEx` `SetCapture` `SetWindowsHookExW` `SetCursor` `DestroyWindow` `ClientToScreen` `ScreenToClient` `SetWindowTextW` `GetSystemMetrics` `ShowWindow` `InvalidateRect` `MoveWindow` `SetWindowRgn` `IsZoomed` `IsIconic` `IsWindowVisible` `GetWindowRect` `SetWindowPlacement` `GetWindowPlacement` `ValidateRgn` `SetParent` `EnableMenuItem` `GetSystemMenu` `CreateWindowExW` `GetDesktopWindow` `SystemParametersInfoW` `DestroyCursor` `CreateIconIndirect` `CreateCursor` `ChangeClipboardChain` `SetClipboardViewer` `DrawIconEx` `GetIconInfo` `MessageBeep` `FlashWindowEx` `GetCaretBlinkTime` `PostMessageW` `PeekMessageW` `SetCaretBlinkTime` `SetDoubleClickTime` `GetDoubleClickTime` `GetParent` `WindowFromPoint` `GetSysColor` `MsgWaitForMultipleObjectsEx` `BeginPaint` `InvalidateRgn` `GetUpdateRect` `ClipCursor` `UnregisterClassW` `GetWindowRgn` `DefWindowProcW` `RegisterClassW` `GetSysColorBrush` `GetClassInfoW` `RegisterClipboardFormatW` `GetAsyncKeyState` `RegisterWindowMessageW` `GetKeyboardLayoutList` `TranslateMessage` `HideCaret` `CreateCaret` `SetCaretPos` `DestroyCaret` `GetWindowThreadProcessId` `GetClipboardFormatNameW` `GetKeyboardLayout` `ToUnicode` `ToAscii` `MapVirtualKeyW` `TrackPopupMenuEx` `SetMenuItemInfoW` `GetKeyboardState` `GetMenu` `LoadIconW` `CharNextExA` `SetTimer` `KillTimer` `GetQueueStatus` `DispatchMessageW` `EndPaint`
ADVAPI32.dll	`RegCloseKey` `CryptReleaseContext` `RegOpenKeyExA` `RegQueryValueExW` `RegCreateKeyExW` `RegFlushKey` `RegEnumKeyExW` `RegEnumValueW` `OpenEventLogA` `ReportEventA` `RegQueryValueExA` `ReadEventLogW` `RegQueryInfoKeyW` `RegDeleteKeyW` `DeregisterEventSource` `OpenEventLogW` `CloseEventLog` `CreateProcessWithTokenW` `DuplicateTokenEx` `CreateProcessAsUserW` `RegOpenKeyExW` `CryptDecrypt` `CryptCreateHash` `CryptSetHashParam` `CryptSignHashA` `CryptDestroyHash` `CryptDestroyKey` `GetTokenInformation` `OpenProcessToken` `RegDeleteValueW` `RegSetValueExW` `RegGetValueW` `RegisterEventSourceA`
OLEAUT32.dll	`SafeArrayDestroy` `OleTranslateColor` `SystemTimeToVariantTime` `VariantTimeToSystemTime` `OleCreatePictureIndirect` `OleCreateFontIndirect` `VariantClear` `VariantInit` `SysFreeString` `SafeArrayUnaccessData` `SafeArrayAccessData` `SafeArrayCreateVector` `SafeArrayPutElement` `SafeArrayCreate` `SafeArrayGetDim` `SysAllocStringByteLen` `SysStringLen` `SysAllocString` `LoadTypeLib` `GetActiveObject` `SafeArrayGetLBound` `SafeArrayGetUBound` `SafeArrayGetElement` `SafeArrayGetVartype` `SysAllocStringLen`
ole32.dll	`ReleaseStgMedium` `DoDragDrop` `CoGetMalloc` `CoInitialize` `CoCreateGuid` `OleUninitialize` `OleInitialize` `StringFromGUID2` `CoFreeUnusedLibraries` `CLSIDFromProgID` `CreateILockBytesOnHGlobal` `StgCreateDocfileOnILockBytes` `OleCreateFromFile` `CoTaskMemFree` `OleIsCurrentClipboard` `OleFlushClipboard` `OleSetClipboard` `OleGetClipboard` `RevokeDragDrop` `CoLockObjectExternal` `RegisterDragDrop` `CoInitializeSecurity` `CoCreateInstance` `CoSetProxyBlanket` `CoInitializeEx` `CoGetClassObject` `CoUninitialize`
SHELL32.dll	`Shell_NotifyIconW` `ShellExecuteW` `SHGetKnownFolderPath`
USERENV.dll	`CreateEnvironmentBlock` `DestroyEnvironmentBlock`
WTSAPI32.dll	`WTSEnumerateSessionsW` `WTSFreeMemory` `WTSQuerySessionInformationW` `WTSQueryUserToken`
CRYPT32.dll	`CertFreeCertificateContext` `CertFreeCertificateChain` `CertGetCertificateChain` `CertCreateCertificateContext`
IPHLPAPI.DLL	`GetIpNetTable` `IcmpCloseHandle` `IcmpCreateFile` `IcmpSendEcho2` `IcmpParseReplies`
WS2_32.dll	`WSARecvFrom` `WSAIoctl` `WSASend` `WSASendTo` `WSAConnect` `WSANtohs` `WSASocketW` `WSAAccept` `WSANtohl` `WSARecv` `WSAHtonl` `WSAHtons`
pdh.dll	`PdhRemoveCounter` `PdhGetCounterInfoW` `PdhExpandWildCardPathW` `PdhEnumObjectsW` `PdhCloseQuery` `PdhOpenQueryW` `PdhGetFormattedCounterValue` `PdhGetRawCounterValue` `PdhAddCounterW` `PdhParseCounterPathW` `PdhCollectQueryData`
SAS.dll	`SendSAS`
dbghelp.dll	`MiniDumpWriteDump`
ODBC32.dll	`#108` `#145` `#44` `#136` `#127` `#30` `#13` `#138` `#20` `#31` `#9` `#72` `#12` `#140` `#165` `#152` `#75` `#141` `#154` `#26` `#61` `#119` `#24` `#176` `#111` `#18` `#29` `#139` `#43`
GDI32.dll	`CombineRgn` `OffsetRgn` `GetDeviceCaps` `CreateCompatibleDC` `DeleteDC` `SelectObject` `BitBlt` `GetDIBits` `CreateCompatibleBitmap` `GetTextExtentPoint32W` `SelectClipRgn` `GdiFlush` `GetCharABCWidthsW` `GetCharABCWidthsI` `GetCharABCWidthsFloatW` `GetRegionData` `SetGraphicsMode` `SetWorldTransform` `GetGlyphOutlineW` `SetTextColor` `SetBkMode` `SetTextAlign` `ExtTextOutW` `GetOutlineTextMetricsW` `EnumFontFamiliesExW` `GetTextMetricsW` `GetTextFaceW` `CreateFontIndirectW` `GetFontData` `PtInRegion` `GetStockObject` `CreatePalette` `SelectPalette` `RealizePalette` `GetPaletteEntries` `CreateBitmap` `GetObjectW` `CreateDIBSection` `CreateEllipticRgn` `CreateRectRgn` `DeleteObject`
IMM32.dll	`ImmGetDefaultIMEWnd` `ImmGetContext` `ImmNotifyIME` `ImmGetCompositionStringW` `ImmAssociateContext` `ImmSetCandidateWindow` `ImmSetCompositionWindow` `ImmSetCompositionFontW` `ImmReleaseContext`
WINMM.dll	`timeEndPeriod` `timeBeginPeriod` `PlaySoundW`
KERNEL32.dll	`FileTimeToSystemTime` `GetFileInformationByHandle` `FindFirstFileW` `GetFileAttributesExW` `SetFilePointerEx` `GetCurrentDirectoryW` `CopyFileW` `MoveFileW` `CreateDirectoryW` `RemoveDirectoryW` `DeviceIoControl` `GetFileTime` `GetLogicalDrives` `CreatePipe` `GetStdHandle` `PeekNamedPipe` `GetOverlappedResult` `FindNextFileW` `SystemTimeToTzSpecificLocalTime` `TlsFree` `CreateSemaphoreW` `ReleaseSemaphore` `FreeLibrary` `GetCommandLineW` `GetLocalTime` `GetUserDefaultLCID` `CompareStringW` `LoadLibraryW` `UnmapViewOfFile` `CreateFileMappingW` `MapViewOfFile` `lstrcmpW` `GlobalSize` `GetUserDefaultLangID` `SetCurrentDirectoryW` `GetFileType` `OutputDebugStringW` `GetTimeFormatW` `IsValidLanguageGroup` `IsValidLocale` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `GetLocaleInfoW` `SetErrorMode` `ExpandEnvironmentStringsW` `GetStartupInfoW` `SetLastError` `SystemTimeToFileTime` `GetVersion` `GlobalMemoryStatus` `LoadLibraryA` `FlushConsoleInputBuffer` `InterlockedExchange` `GetStartupInfoA` `GetModuleHandleW` `UnhandledExceptionFilter` `IsDebuggerPresent` `CreateFileA` `GetDiskFreeSpaceW` `GetDiskFreeSpaceA` `GetFullPathNameW` `GetDateFormatW` `GetSystemDirectoryW` `TlsGetValue` `DuplicateHandle` `SetEvent` `GetThreadPriority` `ResumeThread` `TlsSetValue` `SetThreadPriority` `TerminateThread` `TlsAlloc` `GetTimeZoneInformation` `GetCurrentProcess` `CloseHandle` `CreateProcessW` `SetFileAttributesW` `GetFileAttributesW` `Sleep` `TerminateProcess` `OpenProcess` `GetLastError` `LocalFree` `FormatMessageW` `ResetEvent` `WaitForMultipleObjects` `CreateEventW` `GetProcAddress` `GetCurrentProcessId` `GlobalFree` `WTSGetActiveConsoleSessionId` `Process32NextW` `ProcessIdToSessionId` `Process32FirstW` `CreateToolhelp32Snapshot` `GetVersionExW` `LoadLibraryExW` `GetCurrentThreadId` `GetExitCodeProcess` `WaitForSingleObject` `InterlockedIncrement` `InterlockedDecrement` `CreateFileW` `SetUnhandledExceptionFilter` `GetModuleFileNameW` `GetTickCount` `CreateDirectoryA` `GetModuleHandleA` `FindClose` `FindNextFileA` `FindFirstFileA` `SetHandleInformation` `QueryPerformanceFrequency` `GetTickCount64` `QueryPerformanceCounter` `GetVolumeInformationW` `VirtualAlloc` `VirtualFree` `GetThreadTimes` `GetCurrentThread` `GetSystemInfo` `InitializeCriticalSection` `InterlockedCompareExchange` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `AreFileApisANSI` `ReadFile` `SetFilePointer` `WriteFile` `SetEndOfFile` `FlushFileBuffers` `GetFileSize` `UnlockFile` `LockFile` `GetFileAttributesA` `DeleteFileA` `DeleteFileW` `GetSystemTime` `GetSystemTimeAsFileTime` `LockFileEx` `GetTempPathA` `GetTempPathW` `FormatMessageA` `GetFullPathNameA`
MSVCP90.dll	`?quiet_NaN@?$numeric_limits@N@std@@SANXZ` `??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ` `?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z` `??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z` `?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ` `??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `_Nan` `_Inf` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z` `?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z` `??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z` `?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?uncaught_exception@std@@YA_NXZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?_Unlock@_Mutex@std@@QAEXXZ` `?_Lock@_Mutex@std@@QAEXXZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z` `??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z` `??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z`
MSVCR90.dll	`memchr` `_ftelli64` `_lseeki64` `_endthreadex` `_beginthreadex` `_beginthread` `_getpid` `_get_tzname` `_control87` `_clearfp` `_fileno` `_read` `_fseeki64` `feof` `_write` `_get_osfhandle` `_filelengthi64` `_wgetdcwd` `_getdrive` `_open_osfhandle` `_waccess` `_wchmod` `wcsstr` `_exit` `raise` `strcmp` `_wfopen` `ferror` `_setmode` `ftell` `fseek` `signal` `_getch` `_unlock` `__dllonexit` `_encode_pointer` `_lock` `_onexit` `_decode_pointer` `_except_handler4_common` `?terminate@@YAXXZ` `_amsg_exit` `__getmainargs` `_cexit` `_XcptFilter` `_ismbblead` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z` `_vsnprintf_s` `_crt_debugger_hook` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_invoke_watson` `_controlfp_s` `_putenv` `_strdup` `__iob_func` `??3@YAXPAX@Z` `??2@YAPAXI@Z` `__CxxFrameHandler3` `memcpy` `_purecall` `_CxxThrowException` `fprintf` `??1exception@std@@UAE@XZ` `??0exception@std@@QAE@XZ` `?what@exception@std@@UBEPBDXZ` `??0exception@std@@QAE@ABV01@@Z` `free` `malloc` `memset` `printf` `_stat64i32` `sprintf` `tolower` `getenv` `toupper` `atoi` `_localtime64` `_time64` `setvbuf` `strrchr` `fflush` `fopen` `strerror` `_errno` `fclose` `fputs` `calloc` `isspace` `_snprintf` `rand` `srand` `memmove` `setlocale` `sscanf` `strncmp` `strtoul` `strtol` `realloc` `isdigit` `islower` `isupper` `strtok` `strchr` `isalpha` `fgets` `_ftime64` `isalnum` `getc` `ungetc` `isxdigit` `strncat` `isprint` `strstr` `abort` `_CIlog` `_CIpow` `__RTDynamicCast` `__RTtypeid` `_finite` `_isnan` `??0exception@std@@QAE@ABQBD@Z` `_invalid_parameter_noinfo` `memmove_s` `_strtoi64` `_strtoui64` `??_V@YAXPAX@Z` `exit` `_CIsqrt` `_copysign` `_CIfmod` `floor` `_aligned_free` `_aligned_malloc` `_setjmp3` `_vsnprintf` `qsort` `ceil` `_localtime64_s` `_mktime64` `_strnicmp` `_CIatan2` `_CIacos` `_CIasin` `_CIatan` `_CIcos` `_CIexp` `_CIsin` `_CItan` `strncpy` `strftime` `_CIlog10` `rand_s` `_flushall` `bsearch` `sscanf_s` `??0exception@std@@QAE@ABQBDH@Z` `wcsrchr` `longjmp` `__CxxLongjmpUnwind` `strcpy_s` `_close` `_wassert` `fread` `_gmtime64` `fwrite` `vfprintf` `strtod` `sprintf_s` `strncpy_s` `_gmtime64_s` `_tzset` `getenv_s`
d3d9.dll	`Direct3DCreate9`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.75673`
MD5	`b33db3b122d467a1495239185e4f5753`
SHA1	`6e6207ebcaef65d1ac32137af48d13b759a14af0`
SHA256	`e2a3aedca7f6ca29afd81c10a8e7ac6cec9714bc50500c4a481fa76cdd699d69`
SHA3	`e8e0140aeeb425f0217cc608d368377e503a640b0c7d8b48a7a71f8db97a505f`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0584`
MD5	`625e19f89f1c0bb9aa94c465bff844ae`
SHA1	`4def461b5e594f57f67af9b80280861a54d96466`
SHA256	`1f6e9006d6f99501846f01c388b40a2a1af64dfc17f88e65803408d82ccc7ea3`
SHA3	`92c378d42af2195141e635712d2d4f59a1713f3a8c13d025bd0fdc2b58b4dad2`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53907`
MD5	`42195bae2156054e30d1fe532bc71f6d`
SHA1	`5f63883a5c16c121b701506eccef04102010dffb`
SHA256	`7ed43c2d15f5adb92eed8453c4c6603f29939110289cab1e4f0083582c786a82`
SHA3	`a269befc0b12eb2183a37ed9aae571e3fdac6144df6b7a5a48d28680e400f2ea`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75593`
MD5	`c7b93d74afcf8be13993c5af627c41aa`
SHA1	`e2509cb9ae2be880242a28344b440f7bfe5d711e`
SHA256	`6f654441ac06fe14acecbaf40812d7b9a8de0316b639abbc00456b0f779d23a5`
SHA3	`0a63c2020f6721c9c0f91dd3d1dcb8b681e0d7f3b28d4ad3cf5fe5733ff937eb`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17795`
MD5	`ffc7e1eba69dace5a8d65c0bfbb4f095`
SHA1	`f15e590a70177f8f42aa19e56e8c14dca066f1b6`
SHA256	`3f93fba6932bd733c04a3b400ff190ad5f75c0a5cfbcaf25c85ccc64526392d5`
SHA3	`ccb4cecf62ac5dbebb3473bd21668a6c324d5024081b7cc18f59d11ed3f95a29`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90331`
MD5	`0c77ef249d11e02589b87f0eb273e9c2`
SHA1	`2b22e8830281036b03e2dc663816babdb5359389`
SHA256	`4fc13f060f6648ec8e4b6065df19c560eb267730d3c8e12c0fb5bcfa814fa53b`
SHA3	`615fc00af7ff2ecde5ebb42bbf091761189a4190a0a0eb6544cc47896be0c35d`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`0b18f8da8dfbb1ed079c0d323ec53a3c`
SHA1	`f58d98419639fc7fd878bdef276c05a76b436990`
SHA256	`48b99bd54b2fd532ef2a2319f0c72506381d8bdb8eb782ced9d668aba31a9817`
SHA3	`29e4285ade16934564970a6a7cdd586e2894535077d64bd59b9fe10aca2129a7`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x250`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35004`
MD5	`d17f781a95f5bd5ff888b3ff4cb9cdb8`
SHA1	`e56c7608bcfa1a0947a03fed93496191cc26cf64`
SHA256	`c0db99be17600e3230c614518baf2637bc46a54b5bfb1385878e7a46b322ccc7`
SHA3	`b66f67424b37f4dfbdd68fc782b0904a6969ae061d641de2a4742bdd283f9a9c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x674`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25731`
MD5	`029ee59e0e48e697ed578b12a600613e`
SHA1	`b1ce491aac8126886003119164adf80183adff4b`
SHA256	`355b326e208a286da06fc6d85d74f61b8ce41a4874555809da0b8c48618f2dfe`
SHA3	`f0d72609420027a930500ca5f04de4d43812f66daf07706c0f33c9347bdf3cb2`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.3.5087.0
ProductVersion	2.3.0.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_UNKNOWN`
Language	English - United States
FileDescription	RG Supervision Agent
InternalName	rgsupv
LegalCopyright	RG Supervision by RG System
OriginalFilename	RG_Supervision.exe
ProductName	RG Supervision

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-Feb-15 17:38:01
Version	`0.0`
SizeofData	`72`
AddressOfRawData	`0xc71ee0`
PointerToRawData	`0xc712e0`
Referenced File	G:\build\windows\lumiere-release\bin\Assist.pdb

TLS Callbacks

StartAddressOfRawData	`0x118e000`
EndAddressOfRawData	`0x118e010`
AddressOfIndex	`0x1170f20`
AddressOfCallbacks	`0xdbd05c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x11652ac`
SEHandlerTable	`0x109af70`
SEHandlerCount	`7322`

RICH Header

XOR Key	`0xc0bf1408`
Unmarked objects	`0`
150 (20413)	`10`
ASM objects (VS2008 SP1 build 30729)	`16`
Imports (VS2008 SP1 build 30729)	`49`
Total imports	`806`
C objects (VS2008 SP1 build 30729)	`721`
C++ objects (VS2008 SP1 build 30729)	`1384`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

1bceb3184758bf29e500cfc76491cc4e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.tls

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

100

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors