ae821ce4e28c03ba1c493f893d089bee

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Dec-24 07:36:57
Detected languages English - United States
FileVersion 1.0.0.0
OriginalFilename falcon.exe
ProductName falcon
ProductVersion 1.0.0.0

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • HARDWARE\DESCRIPTION\System
Looks for Qemu presence:
  • qemu
Contains domain names:
  • adobe.com
  • akamaized.net
  • bigfile-kr-mihayo.akamaized.net
  • client-report.bh3.com
  • http://bigfile-kr-mihayo.akamaized.net
  • http://bigfile-kr-mihayo.akamaized.net/com.miHoYo.bh3korea/pc/VersionInfo.txt?t
  • http://client-report.bh3.com
  • http://client-report.bh3.com?%1
  • http://ns.adobe.com
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/sType/ResourceRef#
  • http://www.nhncorp.comhttp
  • http://www.sandoll.co.krCopyright
  • http://www.sandoll.co.krNanumGothicExtraBol
  • http://www.w3.org
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • kr-mihayo.akamaized.net
  • miHoYo.com
  • mihayo.akamaized.net
  • ns.adobe.com
  • report.bh3.com
  • www.w3.org
Info The PE is digitally signed. Signer: miHoYo Co.
Issuer: DigiCert Assured ID Code Signing CA-1
Safe VirusTotal score: 0/71 (Scanned on 2020-03-12 07:16:56) All the AVs think this file is safe.

Hashes

MD5 ae821ce4e28c03ba1c493f893d089bee
SHA1 8f9e7dd1c2b7b128fa2eff495d8bdf8c3cb423b6
SHA256 43779dce9de21d06bbea73d7104452a700f6630db2bf7733da964b0655f39212
SHA3 2ed26fb9f68b961e6bc04e2ab5387f55a700205128093107d167eb58c5f7b0db
SSDeep 98304:5Z26OCfiY0+/ToDbsFzdyMgkiS6UzMbLEldNx73b:bDfiYCDIzdyXhYzvrb
Imports Hash cefd4b7fa3b794be4417f6e4985e62e3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2019-Dec-24 07:36:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x18400
SizeOfInitializedData 0x741600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000015FDC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 1.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x75e000
SizeOfHeaders 0x400
Checksum 0x76350f
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0eaf58b6bf3270b7c081aa80e3ed1cfb
SHA1 cf44ec7e48fe48b488f1a0f734399141b2dd0fc9
SHA256 19d800cdb9d84eef0c5bd227c1931aef0702f608502ddc4e0610d72cbb59aa66
SHA3 f1dcd5d7e18b371ebbcaf4f19e0b8dec3a91cbeb04eb9d5515871c9f33794f02
VirtualSize 0x1836e
VirtualAddress 0x1000
SizeOfRawData 0x18400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.11909

.rdata

MD5 4006648ec480034dfb71107658025699
SHA1 aabbcdd8006e92343e1e8d98e10c094cfd507dff
SHA256 060777a65329ef1eafedcf47ee2b8ff27e643bc0ee359255cd154f83267f1f52
SHA3 ad115a34d73145478162b6f5eb450c2fdd3f5848d1188a86a8e7f241dd9f59ab
VirtualSize 0x704b92
VirtualAddress 0x1a000
SizeOfRawData 0x704c00
PointerToRawData 0x18800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.08428

.data

MD5 d40b870dec1753ef4140a0b4a849c916
SHA1 11153b2186bf9efbfe89b8c8da3f8830c3624b50
SHA256 2ffda8d75fd8a7dc5de709a4e060821f552a9b48ea8b7552134e93195113ca50
SHA3 ba4fe1f91e41549a4fbc308be3068ec0aeb9c5c5245ac1653fb9133c471dd77d
VirtualSize 0x1600
VirtualAddress 0x71f000
SizeOfRawData 0xe00
PointerToRawData 0x71d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.34716

.pdata

MD5 91ac39c8ac254d7b95478b6753ac783d
SHA1 555863569ce28179e67e5666beeb6f2a9d425480
SHA256 b126b95e87bdf62e8cfd8ff3fd3c1031968e6aa10e8b41f91549133e02ea2d0d
SHA3 4294ab2d3732ffd73db136d2b6cbbba9cfd6a0c4d0e0cd7cf5de57e313ca1370
VirtualSize 0x159c
VirtualAddress 0x721000
SizeOfRawData 0x1600
PointerToRawData 0x71e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.05973

.rsrc

MD5 be4f906700e1bc3f0f6a8cd1643ca713
SHA1 ffb6bca6e5c3d671921f2a04244e735f43470f25
SHA256 d3aef3a2ffeb8f1821c5ce34df6a484333a205563e497084d2d51dbd31f408b6
SHA3 502d4ef8be2e382968370522b7e1f5727beb9623959fb9c9e4740ab8f70f1474
VirtualSize 0x398c8
VirtualAddress 0x723000
SizeOfRawData 0x39a00
PointerToRawData 0x71f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.24049

.reloc

MD5 3de132c4d4c12b1103f505d38c034fd1
SHA1 3ebeea3f2fb231a2989d1828e449316b53983542
SHA256 1d92b45c186386874b7507c234f1d3f220445919e02004283e6648fe8b4d232b
SHA3 4450c4783ed9911afe6c0425ad85f82e43dbf16b22dfd927e79e2b1f670967ce
VirtualSize 0x3d4
VirtualAddress 0x75d000
SizeOfRawData 0x400
PointerToRawData 0x759200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.18965

Imports

OLEAUT32.dll #2
#9
USER32.dll CharUpperW
Qt5Quick.dll ?setSceneGraphBackend@QQuickWindow@@SAXW4GraphicsApi@QSGRendererInterface@@@Z
Qt5Widgets.dll ?qt_metacast@QApplication@@UEAAPEAXPEBD@Z
?qt_metacall@QApplication@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?notify@QApplication@@UEAA_NPEAVQObject@@PEAVQEvent@@@Z
?event@QApplication@@MEAA_NPEAVQEvent@@@Z
?compressEvent@QApplication@@MEAA_NPEAVQEvent@@PEAVQObject@@PEAVQPostEventList@@@Z
?setWindowState@QWidget@@QEAAXV?$QFlags@W4WindowState@Qt@@@@@Z
?windowState@QWidget@@QEBA?AV?$QFlags@W4WindowState@Qt@@@@XZ
?raise@QWidget@@QEAAXXZ
?activateWindow@QWidget@@QEAAXXZ
??1QApplication@@UEAA@XZ
??0QApplication@@QEAA@AEAHPEAPEADH@Z
?staticMetaObject@QApplication@@2UQMetaObject@@B
?exec@QApplication@@SAHXZ
Qt5Gui.dll ??1QOffscreenSurface@@UEAA@XZ
?create@QOffscreenSurface@@QEAAXXZ
?functions@QOpenGLContext@@QEBAPEAVQOpenGLFunctions@@XZ
?makeCurrent@QOpenGLContext@@QEAA_NPEAVQSurface@@@Z
?create@QOpenGLContext@@QEAA_NXZ
??0QOffscreenSurface@@QEAA@PEAVQScreen@@@Z
?initializeOpenGLFunctions@QOpenGLFunctions@@QEAAXXZ
??1QOpenGLContext@@UEAA@XZ
??0QOpenGLContext@@QEAA@PEAVQObject@@@Z
?openUrl@QDesktopServices@@SA_NAEBVQUrl@@@Z
?glGetString@QOpenGLFunctions@@QEAAPEBEI@Z
Qt5Qml.dll ??1QQmlApplicationEngine@@UEAA@XZ
?rootObjects@QQmlApplicationEngine@@QEAA?AV?$QList@PEAVQObject@@@@XZ
?load@QQmlApplicationEngine@@QEAAXAEBVQUrl@@@Z
?setContextProperty@QQmlContext@@QEAAXAEBVQString@@PEAVQObject@@@Z
??0QQmlApplicationEngine@@QEAA@PEAVQObject@@@Z
?rootContext@QQmlEngine@@QEBAPEAVQQmlContext@@XZ
Qt5Network.dll ?get@QNetworkAccessManager@@QEAAPEAVQNetworkReply@@AEBVQNetworkRequest@@@Z
??1QNetworkAccessManager@@UEAA@XZ
??0QNetworkAccessManager@@QEAA@PEAVQObject@@@Z
?setRawHeader@QNetworkRequest@@QEAAXAEBVQByteArray@@0@Z
?setUrl@QNetworkRequest@@QEAAXAEBVQUrl@@@Z
??1QNetworkRequest@@QEAA@XZ
??0QNetworkRequest@@QEAA@AEBVQUrl@@@Z
?staticMetaObject@QNetworkReply@@2UQMetaObject@@B
?qt_metacast@QLocalServer@@UEAAPEAXPEBD@Z
?qt_metacall@QLocalServer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?nextPendingConnection@QLocalServer@@UEAAPEAVQLocalSocket@@XZ
?metaObject@QLocalServer@@UEBAPEBUQMetaObject@@XZ
?error@QNetworkReply@@QEBA?AW4NetworkError@1@XZ
?hasPendingConnections@QLocalServer@@UEBA_NXZ
?waitForReadyRead@QLocalSocket@@UEAA_NH@Z
?waitForDisconnected@QLocalSocket@@QEAA_NH@Z
?waitForConnected@QLocalSocket@@QEAA_NH@Z
?waitForBytesWritten@QLocalSocket@@UEAA_NH@Z
?state@QLocalSocket@@QEBA?AW4LocalSocketState@1@XZ
?connectToServer@QLocalSocket@@QEAAXAEBVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QLocalSocket@@UEAA@XZ
??0QLocalSocket@@QEAA@PEAVQObject@@@Z
?listen@QLocalServer@@QEAA_NAEBVQString@@@Z
?errorString@QLocalServer@@QEBA?AVQString@@XZ
??1QLocalServer@@UEAA@XZ
??0QLocalServer@@QEAA@PEAVQObject@@@Z
?downloadProgress@QNetworkReply@@QEAAX_J0@Z
?attribute@QNetworkReply@@QEBA?AVQVariant@@W4Attribute@QNetworkRequest@@@Z
?head@QNetworkAccessManager@@QEAAPEAVQNetworkReply@@AEBVQNetworkRequest@@@Z
?header@QNetworkReply@@QEBA?AVQVariant@@W4KnownHeaders@QNetworkRequest@@@Z
??1QNetworkInterface@@QEAA@XZ
?flags@QNetworkInterface@@QEBA?AV?$QFlags@W4InterfaceFlag@QNetworkInterface@@@@XZ
?hardwareAddress@QNetworkInterface@@QEBA?AVQString@@XZ
?allInterfaces@QNetworkInterface@@SA?AV?$QList@VQNetworkInterface@@@@XZ
??0QNetworkInterface@@QEAA@AEBV0@@Z
?incomingConnection@QLocalServer@@MEAAX_K@Z
?finished@QNetworkReply@@QEAAXXZ
Qt5Core.dll ?setupChildProcess@QProcess@@MEAAXXZ
?qt_metacall@QThread@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QThread@@UEAAPEAXPEBD@Z
?staticMetaObject@QThread@@2UQMetaObject@@B
?append@QByteArray@@QEAAAEAV1@PEBD@Z
?append@QByteArray@@QEAAAEAV1@D@Z
?reserve@QByteArray@@QEAAXH@Z
?qRegisterResourceData@@YA_NHPEBE00@Z
?qUnregisterResourceData@@YA_NHPEBE00@Z
??0QString@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
??1Connection@QMetaObject@@QEAA@XZ
?connect@QObject@@SA?AVConnection@QMetaObject@@PEBV1@PEBD01W4ConnectionType@Qt@@@Z
?disconnect@QObject@@SA_NPEBV1@PEBD01@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?qBadAlloc@@YAXXZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?warning@QMessageLogger@@QEBAXPEBDZZ
?qErrnoWarning@@YAXPEBDZZ
??0QChar@@QEAA@UQLatin1Char@@@Z
?allocate@QArrayData@@SAPEAU1@_K00V?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPEAU1@_K1@Z
?sharedNull@QArrayData@@SAPEAU1@XZ
?qstrcmp@@YAHAEBVQByteArray@@PEBD@Z
?qChecksum@@YAGPEBDI@Z
??0QByteArray@@QEAA@XZ
??1QByteArray@@QEAA@XZ
?resize@QByteArray@@QEAAXH@Z
?data@QByteArray@@QEAAPEADXZ
?constData@QByteArray@@QEBAPEBDXZ
??0QString@@QEAA@VQChar@@@Z
??0QString@@QEAA@VQLatin1String@@@Z
??4QString@@QEAAAEAV0@AEBV0@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?truncate@QString@@QEAAXH@Z
?section@QString@@QEBA?AV1@VQChar@@HHV?$QFlags@W4SectionFlag@QString@@@@@Z
?toLower@QString@@QEGBA?AV1@XZ
?toLower@QString@@QEHAA?AV1@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
?remove@QString@@QEAAAEAV1@AEBVQRegExp@@@Z
?utf16@QString@@QEBAPEBGXZ
?toLatin1@QString@@QEHAA?AVQByteArray@@XZ
?toUtf8@QString@@QEGBA?AVQByteArray@@XZ
?toLocal8Bit@QString@@QEHAA?AVQByteArray@@XZ
?fromLatin1@QString@@SA?AV1@PEBDH@Z
?fromUtf8@QString@@SA?AV1@AEBVQByteArray@@@Z
?number@QString@@SA?AV1@HH@Z
?number@QString@@SA?AV1@KH@Z
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
??0QRegExp@@QEAA@AEBVQString@@W4CaseSensitivity@Qt@@W4PatternSyntax@0@@Z
??1QRegExp@@QEAA@XZ
??0QObject@@QEAA@PEAV0@@Z
??1QObject@@UEAA@XZ
?isOpen@QIODevice@@QEBA_NXZ
?read@QIODevice@@QEAA?AVQByteArray@@_J@Z
?write@QIODevice@@QEAA_JPEBD_J@Z
?errorString@QIODevice@@QEBA?AVQString@@XZ
??0QFile@@QEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
??1QFile@@UEAA@XZ
?setFileName@QFile@@QEAAXAEBVQString@@@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QFileInfo@@QEAA@AEBVQFile@@@Z
??1QFileInfo@@QEAA@XZ
?absoluteFilePath@QFileInfo@@QEBA?AVQString@@XZ
??0QDir@@QEAA@AEBVQString@@@Z
??1QDir@@QEAA@XZ
?absolutePath@QDir@@QEBA?AVQString@@XZ
?tempPath@QDir@@SA?AVQString@@XZ
?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ
??0QDataStream@@QEAA@PEAVQIODevice@@@Z
??1QDataStream@@QEAA@XZ
??5QDataStream@@QEAAAEAV0@AEAH@Z
?readRawData@QDataStream@@QEAAHPEADH@Z
?writeBytes@QDataStream@@QEAAAEAV1@PEBDI@Z
??0QLibrary@@QEAA@AEBVQString@@PEAVQObject@@@Z
??1QLibrary@@UEAA@XZ
?resolve@QLibrary@@QEAAP6AXXZPEBD@Z
?atEnd@QFileDevice@@UEBA_NXZ
?bytesAvailable@QIODevice@@UEBA_JXZ
?bytesToWrite@QIODevice@@UEBA_JXZ
?canReadLine@QIODevice@@UEBA_NXZ
?close@QFileDevice@@UEAAXXZ
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?fileName@QFile@@UEBA?AVQString@@XZ
?isSequential@QFileDevice@@UEBA_NXZ
?metaObject@QFile@@UEBAPEBUQMetaObject@@XZ
?permissions@QFile@@UEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ
?pos@QFileDevice@@UEBA_JXZ
?qt_metacall@QFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QFile@@UEAAPEAXPEBD@Z
?readData@QFileDevice@@MEAA_JPEAD_J@Z
?readLineData@QFileDevice@@MEAA_JPEAD_J@Z
?reset@QIODevice@@UEAA_NXZ
?resize@QFile@@UEAA_N_J@Z
?seek@QFileDevice@@UEAA_N_J@Z
?setPermissions@QFile@@UEAA_NV?$QFlags@W4Permission@QFileDevice@@@@@Z
?size@QFile@@UEBA_JXZ
?waitForBytesWritten@QIODevice@@UEAA_NH@Z
?waitForReadyRead@QIODevice@@UEAA_NH@Z
?writeData@QFileDevice@@MEAA_JPEBD_J@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
?detach@QListData@@QEAAPEAUData@1@H@Z
?dispose@QListData@@QEAAXXZ
?dispose@QListData@@SAXPEAUData@1@@Z
?isEmpty@QListData@@QEBA_NXZ
?at@QListData@@QEBAPEAPEAXH@Z
?begin@QListData@@QEBAPEAPEAXXZ
?end@QListData@@QEBAPEAPEAXXZ
?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z
?setOrganizationDomain@QCoreApplication@@SAXAEBVQString@@@Z
?setOrganizationName@QCoreApplication@@SAXAEBVQString@@@Z
?setApplicationName@QCoreApplication@@SAXAEBVQString@@@Z
?installTranslator@QCoreApplication@@SA_NPEAVQTranslator@@@Z
??0QUrl@@QEAA@AEBVQString@@W4ParsingMode@0@@Z
??1QUrl@@QEAA@XZ
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@PEBD@Z
??0QTranslator@@QEAA@PEAVQObject@@@Z
??1QTranslator@@UEAA@XZ
?load@QTranslator@@QEAA_NAEBVQString@@000@Z
?tr@QMetaObject@@QEBA?AVQString@@PEBD0H@Z
?indexOfEnumerator@QMetaObject@@QEBAHPEBD@Z
?enumerator@QMetaObject@@QEBA?AVQMetaEnum@@H@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PEBD@Z
?invokeMethod@QMetaObject@@SA_NPEAVQObject@@PEBDW4ConnectionType@Qt@@VQGenericReturnArgument@@VQGenericArgument@@444444444@Z
??0QChar@@QEAA@H@Z
??0QByteArray@@QEAA@PEBDH@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
?arg@QString@@QEBA?AV1@_JHHVQChar@@@Z
?arg@QString@@QEBA?AV1@HHHVQChar@@@Z
?arg@QString@@QEBA?AV1@NHDHVQChar@@@Z
?arg@QString@@QEBA?AV1@AEBV1@HVQChar@@@Z
?arg@QString@@QEBA?AV1@AEBV1@0@Z
?indexOf@QString@@QEBAHVQChar@@HW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QEBAHAEBV1@HW4CaseSensitivity@Qt@@@Z
?mid@QString@@QEBA?AV1@HH@Z
?startsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?endsWith@QString@@QEBA_NAEBV1@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QEAAAEAV1@HH@Z
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?fromLocal8Bit@QString@@SA?AV1@AEBVQByteArray@@@Z
?number@QString@@SA?AV1@NDH@Z
??8@YA_NAEBVQString@@0@Z
??M@YA_NAEBVQString@@0@Z
??4QString@@QEAAAEAV0@PEBD@Z
??8QString@@QEBA_NPEBD@Z
?isNull@QString@@QEBA_NXZ
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?append@QListData@@QEAAPEAPEAXXZ
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAX1PEBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z
?registerNormalizedTypedef@QMetaType@@SAHAEBVQByteArray@@H@Z
?qt_qFindChild_helper@@YAPEAVQObject@@PEBV1@AEBVQString@@AEBUQMetaObject@@V?$QFlags@W4FindChildOption@Qt@@@@@Z
?setProperty@QObject@@QEAA_NPEBDAEBVQVariant@@@Z
?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PEBV1@PEAPEAX01PEAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PEBHPEBU3@@Z
??0QProcess@@QEAA@PEAVQObject@@@Z
??1QProcess@@UEAA@XZ
?start@QProcess@@QEAAXAEBVQString@@AEBVQStringList@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?waitForFinished@QProcess@@QEAA_NH@Z
?readAllStandardOutput@QProcess@@QEAA?AVQByteArray@@XZ
?close@QProcess@@UEAAXXZ
?execute@QProcess@@SAHAEBVQString@@@Z
?startDetached@QProcess@@SA_NAEBVQString@@@Z
?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
??0QDateTime@@QEAA@XZ
??1QDateTime@@QEAA@XZ
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z
?toMSecsSinceEpoch@QDateTime@@QEBA_JXZ
?toSecsSinceEpoch@QDateTime@@QEBA_JXZ
?currentDateTime@QDateTime@@SA?AV1@XZ
?exists@QFile@@SA_NAEBVQString@@@Z
??0QFileInfo@@QEAA@AEBVQString@@@Z
?exists@QFileInfo@@QEBA_NXZ
?filePath@QFileInfo@@QEBA?AVQString@@XZ
?setPath@QDir@@QEAAXAEBVQString@@@Z
?toNativeSeparators@QDir@@SA?AVQString@@AEBV2@@Z
?isEmpty@QDir@@QEBA_NV?$QFlags@W4Filter@QDir@@@@@Z
?mkpath@QDir@@QEBA_NAEBVQString@@@Z
?exists@QDir@@QEBA_NXZ
?remove@QDir@@QEAA_NAEBVQString@@@Z
?separator@QDir@@SA?AVQChar@@XZ
??0QStorageInfo@@QEAA@AEBVQString@@@Z
??1QStorageInfo@@QEAA@XZ
?className@QMetaObject@@QEBAPEBDXZ
?bytesAvailable@QStorageInfo@@QEBA_JXZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
??1QVariant@@QEAA@XZ
??0QVariant@@QEAA@H@Z
??0QVariant@@QEAA@_N@Z
??0QVariant@@QEAA@PEBD@Z
??0QVariant@@QEAA@AEBVQString@@@Z
?key@QMetaEnum@@QEBAPEBDH@Z
?valueToKey@QMetaEnum@@QEBAPEBDH@Z
?fileName@QUrl@@QEBA?AVQString@@V?$QFlags@W4ComponentFormattingOption@QUrl@@@@@Z
??6QDebug@@QEAAAEAV0@_J@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??6QDebug@@QEAAAEAV0@AEBVQByteArray@@@Z
??0QMutex@@QEAA@W4RecursionMode@0@@Z
??1QMutex@@QEAA@XZ
?lock@QMutex@@QEAAXXZ
?unlock@QMutex@@QEAAXXZ
??1QException@@UEAA@XZ
?exit@QThread@@QEAAXH@Z
?start@QThread@@QEAAXW4Priority@1@@Z
?atEnd@QProcess@@UEBA_NXZ
?bytesAvailable@QProcess@@UEBA_JXZ
?bytesToWrite@QProcess@@UEBA_JXZ
?canReadLine@QProcess@@UEBA_NXZ
?isSequential@QProcess@@UEBA_NXZ
?metaObject@QProcess@@UEBAPEBUQMetaObject@@XZ
?open@QProcess@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?pos@QIODevice@@UEBA_JXZ
?qt_metacall@QProcess@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QProcess@@UEAAPEAXPEBD@Z
?readData@QProcess@@MEAA_JPEAD_J@Z
?readLineData@QIODevice@@MEAA_JPEAD_J@Z
?seek@QIODevice@@UEAA_N_J@Z
?rootPath@QStorageInfo@@QEBA?AVQString@@XZ
?size@QIODevice@@UEBA_JXZ
?waitForBytesWritten@QProcess@@UEAA_NH@Z
?waitForReadyRead@QProcess@@UEAA_NH@Z
?writeData@QProcess@@MEAA_JPEBD_J@Z
?shared_null@QListData@@2UData@1@B
?staticMetaObject@QObject@@2UQMetaObject@@B
?shared_null@QMapDataBase@@2U1@B
??0QByteArray@@QEAA@AEBV0@@Z
?deleteLater@QObject@@QEAAXXZ
??0QUrl@@QEAA@XZ
?toInt@QVariant@@QEBAHPEA_N@Z
?readAll@QIODevice@@QEAA?AVQByteArray@@XZ
??6QDebug@@QEAAAEAV0@H@Z
??0QVariant@@QEAA@XZ
?toString@QVariant@@QEBA?AVQString@@XZ
??0QSettings@@QEAA@AEBVQString@@W4Format@0@PEAVQObject@@@Z
??1QSettings@@UEAA@XZ
?setValue@QSettings@@QEAAXAEBVQString@@AEBVQVariant@@@Z
?value@QSettings@@QEBA?AVQVariant@@AEBVQString@@AEBV2@@Z
?contains@QSettings@@QEBA_NAEBVQString@@@Z
?event@QSettings@@MEAA_NPEAVQEvent@@@Z
?metaObject@QSettings@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@QSettings@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QSettings@@UEAAPEAXPEBD@Z
??0QChar@@QEAA@D@Z
?trimmed@QString@@QEHAA?AV1@XZ
?fromWCharArray@QString@@SA?AV1@PEB_WH@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
?toStdWString@QString@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
??0QThread@@QEAA@PEAVQObject@@@Z
??1QThread@@UEAA@XZ
?readLine@QIODevice@@QEAA?AVQByteArray@@_J@Z
?remove@QFile@@SA_NAEBVQString@@@Z
?suffix@QFileInfo@@QEBA?AVQString@@XZ
?event@QThread@@UEAA_NPEAVQEvent@@@Z
?realloc@QListData@@QEAAXH@Z
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
??0QVariant@@QEAA@AEBV0@@Z
??4QVariant@@QEAAAEAV0@AEBV0@@Z
?toLongLong@QVariant@@QEBA_JPEA_N@Z
?toMap@QVariant@@QEBA?AV?$QMap@VQString@@VQVariant@@@@XZ
?errorString@QJsonParseError@@QEBA?AVQString@@XZ
??1QJsonDocument@@QEAA@XZ
?toVariant@QJsonDocument@@QEBA?AVQVariant@@XZ
?fromJson@QJsonDocument@@SA?AV1@AEBVQByteArray@@PEAUQJsonParseError@@@Z
?setUrl@QUrl@@QEAAXAEBVQString@@W4ParsingMode@1@@Z
?toHex@QByteArray@@QEBA?AV1@XZ
??4QUrl@@QEAAAEAV0@AEBV0@@Z
??4QUrl@@QEAAAEAV0@AEBVQString@@@Z
?matches@QUrl@@QEBA_NAEBV1@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z
??0QVariant@@QEAA@_J@Z
?read@QIODevice@@QEAA_JPEAD_J@Z
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
??0QCryptographicHash@@QEAA@W4Algorithm@0@@Z
??1QCryptographicHash@@QEAA@XZ
?addData@QCryptographicHash@@QEAAXPEBDH@Z
?result@QCryptographicHash@@QEBA?AVQByteArray@@XZ
??0QEventLoop@@QEAA@PEAVQObject@@@Z
??1QEventLoop@@UEAA@XZ
?exec@QEventLoop@@QEAAHV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
?flush@QFileDevice@@QEAA_NXZ
?rename@QFile@@QEAA_NAEBVQString@@@Z
??0QSettings@@QEAA@PEAVQObject@@@Z
?beginGroup@QSettings@@QEAAXAEBVQString@@@Z
?endGroup@QSettings@@QEAAXXZ
?remove@QSettings@@QEAAXAEBVQString@@@Z
?toLatin1@QString@@QEGBA?AVQByteArray@@XZ
?isNull@QVariant@@QEBA_NXZ
?readyRead@QIODevice@@QEAAXXZ
?staticMetaObject@QIODevice@@2UQMetaObject@@B
?machineUniqueId@QSysInfo@@SA?AVQByteArray@@XZ
??4QByteArray@@QEAAAEAV0@$$QEAV0@@Z
?isNull@QByteArray@@QEBA_NXZ
??4QString@@QEAAAEAV0@AEBVQByteArray@@@Z
?toByteArray@QUuid@@QEBA?AVQByteArray@@XZ
?createUuid@QUuid@@SA?AV1@XZ
?buildCpuArchitecture@QSysInfo@@SA?AVQString@@XZ
?prettyProductName@QSysInfo@@SA?AVQString@@XZ
?asprintf@QString@@SA?AV1@PEBDZZ
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
MSVCP140.dll ?_Xbad_function_call@std@@YAXXZ
KERNEL32.dll LocalFree
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
GetCommandLineW
CreateMutexW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalMemoryStatusEx
SetFilePointer
SetEndOfFile
GetFileSize
GetModuleHandleA
GetFileAttributesW
FindFirstFileW
FindClose
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
SetLastError
SetFileTime
SetFileAttributesW
DeleteFileW
CreateFileW
CreateDirectoryW
WideCharToMultiByte
WriteFile
ReadFile
GetFileInformationByHandle
GetCurrentProcessId
WaitForMultipleObjects
Sleep
OpenMutexW
VCRUNTIME140.dll memset
_purecall
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
memcpy
__CxxFrameHandler3
__std_terminate
api-ms-win-crt-runtime-l1-1-0.dll _set_app_type
_seh_filter_exe
_get_narrow_winmain_command_line
_initterm
_initterm_e
_cexit
_exit
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_configure_narrow_argv
exit
api-ms-win-crt-heap-l1-1-0.dll free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll __p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
SHELL32.dll CommandLineToArgvW

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.60897
MD5 aa457ad249fb59605f592708016c6335
SHA1 5058ed8605b992a12d2f5bf086579a7fea135184
SHA256 531132916734fb01933aee3fbab9f91e897f88fd2e83e4f52e322b1c4f794172
SHA3 8e8217f19ac4fe5d9ad479bf7d1b8cd7cc7b7a41d07aa51f0a9f7e738e4abdb7

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.48351
MD5 ac98766076b5b9c06f6cb55661b5ccb5
SHA1 95af36ff442562dbc8c568881ddf4cae236257c5
SHA256 5bd1fa34114c83f2a57dd1d8d5a34004f055ac89b5364b498646658abf2e62c8
SHA3 ffe3cff09c52da1dacbbb9918860ab43353d89871aa269d3cb9c4877b2ef9158

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.44049
MD5 b85e1dc9d646c7eb341b7ef66eee134d
SHA1 0cbd98ad29abc1f97cab9e496a832f792eab5b4e
SHA256 7bdcf7d59f6e01f338b90b3b4a041b77ee5f362efcee97cc928290d3c4248682
SHA3 c1f9cfddd58bedb8f6bcad9c7897d967d984c7a9e6be5d528005ccd400a00e76

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.34817
MD5 5f8a2b9ec1ccef89f88a3e9489bb4bdb
SHA1 a129f85860674e6c0d25903b3e8f93c818c35e5a
SHA256 3fe65ef8675b83ee8f6a4816025716586084cc077f4071ed4f697922880f9919
SHA3 564e236ded8b8539d1f97ffd202f8a6b36970fb4e3006ddaf09d0af0f595e451

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.28289
MD5 e9992ceab465aea597bd4bf787c7a4b7
SHA1 8c3c5c520f7f50d074bab1a23e38d4e811ba365c
SHA256 9b53269b3c54bb493488ede6aaa3e76a20f083229af769ace8735d5856424cf7
SHA3 55b232c73f8bae6598933ab2bddf84ce650c59346efd8be1d3cb95c0fd87acbe

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x17c2f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.98951
Detected Filetype PNG graphic file
MD5 48ab5caa9c61a62fadcf3587e0f1e093
SHA1 b49bf12c63ec01248086baf989cb28a26f805f2f
SHA256 9319a030a91c6b899687a10e7296d8d64934ec083c4af8fb45d0921afdddbe7a
SHA3 dd897c0974207a9a04043eae1c8d2e3cda51e01b26ac5a8ffa9e791d167f2726

IDI_ICON1

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.84676
Detected Filetype Icon file
MD5 11368609953d3b68d6a910afd4587bfa
SHA1 64d40990bb065768b038df5b5033a50f0ab01d63
SHA256 5c7b8acc0fba9b90e2d2f2051765f1de36a69cfa7d27793be4f515e2f0df9983
SHA3 fae013d13d8d63cb2450fb26bcea3e0c311a34ad26b7ec501b5856645f03bbfc

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x21c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.17773
MD5 496fa2fca4c15d880f93df95eeca8f24
SHA1 22eded244ff82673bc5925c7681f389db16d629c
SHA256 0bc1840846cd3cb508bf8c9a676f68994573c21101e4ca979bc8eb5227f31f9c
SHA3 90156f62f4b06c751656574691338ed086d7b6d2ff6025fca3658c1a94e3030d

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x289
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05508
MD5 4c85c61f2dd57d1b1172496450c9b9b2
SHA1 1c71076e55984e713015397930da1a1a3ecb2be0
SHA256 5866ac6ac5139fe3e905f3c06999e1772bb615c72e338cc7fa262ef2932648a0
SHA3 fd09b482570f8fe9c5227e2ecfd7e08b8dfb16a16a9e5d7a24c06c2d43cd22f8

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
FileVersion (#2) 1.0.0.0
OriginalFilename falcon.exe
ProductName falcon
ProductVersion (#2) 1.0.0.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Dec-24 07:36:57
Version 0.0
SizeofData 868
AddressOfRawData 0x7135a4
PointerToRawData 0x711da4

TLS Callbacks

StartAddressOfRawData 0x140713928
EndAddressOfRawData 0x140713930
AddressOfIndex 0x140720050
AddressOfCallbacks 0x14001b040
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x14071f208

RICH Header

XOR Key 0x6a9d1638
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
C objects (26213) 1
Imports (VS 2015/2017 runtime 26706) 4
C++ objects (VS 2015/2017 runtime 26706) 29
C objects (VS 2015/2017 runtime 26706) 10
ASM objects (VS 2015/2017 runtime 26706) 3
C++ objects (VS2017 v15.4.* compiler 25547) 1
Imports (VS2017 v15.4.* compiler 25547) 12
Imports (26213) 9
Total imports 528
C++ objects (VS2017 v15.9.7-10 compiler 27027) 35
Resource objects (VS2017 v15.9.7-10 compiler 27027) 1
151 1
Linker (VS2017 v15.9.7-10 compiler 27027) 1

Errors

<-- -->