Edit tour

Windows Analysis Report
Windows Driver Foundation (WDF).exe

Overview

General Information

Sample name:	Windows Driver Foundation (WDF).exe
Analysis ID:	1655788
MD5:	52b3a4bf653a25997a846521531f8eb3
SHA1:	b3a0aa35b1efed9274b243c470bb3183871b3c29
SHA256:	6660ea3b13b995c05bef8f9ee748573f7b8438f6bfeaca14840129e674e46b9f

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Program does not show much activity (idle)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

×

Process Tree

System is w10x64

Windows Driver Foundation (WDF).exe (PID: 7312 cmdline: "C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe" MD5: 52B3A4BF653A25997A846521531F8EB3)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• System Summary
• Malware Analysis System Evasion
• Anti Debugging

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Windows Driver Foundation (WDF).exe

Virustotal: Detection: 9%

Source: Windows Driver Foundation (WDF).exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Windows Driver Foundation (WDF).exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://api.packetshare.io
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://api.packetshare.io0is_first_install1dealInitInfo:agreementuserregion
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/EVCodeSigning-g1.crl03
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigning-g1.crl0K
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://lx.v2.321174.com
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://lx.v2.321174.com91.0.9getCurrentPath:ConfigLocationDownloadLocationAppDataLocation
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://myip.top
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://ocsp.digicert.com0A
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://ocsp.digicert.com0H
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://ocsp.digicert.com0I
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://ocsp.digicert.com0X
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://tomapi.hklingyun.com
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://tomapi.hklingyun.com/api/account/login/api/account/register/api/down/check_for_update/api/ini
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?response_type=code&scope=email
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://t.me/joinchat/IGRkeEcLassYNXMF
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://tomvpn.com/fblogin
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://tomvpn.com/googlelogin
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://tomvpn.com/googleloginhttps://tomvpn.com/fbloginhttps://t.me/joinchat/IGRkeEcLassYNXMFsystem
Source: Windows Driver Foundation (WDF).exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: Windows Driver Foundation (WDF).exe, 00000000.00000000.1300340189.00000000009BD000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWUDFHost.exe`@ vs Windows Driver Foundation (WDF).exe
Source: Windows Driver Foundation (WDF).exe	Binary or memory string: OriginalFilenameWUDFHost.exe`@ vs Windows Driver Foundation (WDF).exe

Source: Windows Driver Foundation (WDF).exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: Windows Driver Foundation (WDF).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Windows Driver Foundation (WDF).exe

Virustotal: Detection: 9%

Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5quick.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5widgets.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5gui.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5qml.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5network.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: qt5core.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: msvcp140.dll			Jump to behavior
Source: C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe	Section loaded: vcruntime140.dll			Jump to behavior

Source: Windows Driver Foundation (WDF).exe

Static file information: File size 1533928 > 1048576

Source: Windows Driver Foundation (WDF).exe

Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x129c00

Source: Windows Driver Foundation (WDF).exe

Static PE information: More than 200 imports for Qt5Core.dll

Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Windows Driver Foundation (WDF).exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Windows Driver Foundation (WDF).exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Windows Driver Foundation (WDF).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Windows Driver Foundation (WDF).exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Windows Driver Foundation (WDF).exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Windows Driver Foundation (WDF).exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Windows Driver Foundation (WDF).exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Windows Driver Foundation (WDF).exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Windows Driver Foundation (WDF).exe	9%	ReversingLabs	Win32.Trojan.Generic
Windows Driver Foundation (WDF).exe	10%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://tomvpn.com/googlelogin	0%	Avira URL Cloud	safe
https://tomvpn.com/googleloginhttps://tomvpn.com/fbloginhttps://t.me/joinchat/IGRkeEcLassYNXMFsystem	0%	Avira URL Cloud	safe
http://lx.v2.321174.com	0%	Avira URL Cloud	safe
http://tomapi.hklingyun.com/api/account/login/api/account/register/api/down/check_for_update/api/ini	0%	Avira URL Cloud	safe
http://lx.v2.321174.com91.0.9getCurrentPath:ConfigLocationDownloadLocationAppDataLocation	0%	Avira URL Cloud	safe
http://api.packetshare.io0is_first_install1dealInitInfo:agreementuserregion	0%	Avira URL Cloud	safe
http://tomapi.hklingyun.com	0%	Avira URL Cloud	safe
https://tomvpn.com/fblogin	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://tomapi.hklingyun.com/api/account/login/api/account/register/api/down/check_for_update/api/ini	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
https://tomvpn.com/googleloginhttps://tomvpn.com/fbloginhttps://t.me/joinchat/IGRkeEcLassYNXMFsystem	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
http://lx.v2.321174.com	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
http://api.packetshare.io	Windows Driver Foundation (WDF).exe	false		high
https://t.me/joinchat/IGRkeEcLassYNXMF	Windows Driver Foundation (WDF).exe	false		high
https://tomvpn.com/googlelogin	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
http://myip.top	Windows Driver Foundation (WDF).exe	false		high
http://lx.v2.321174.com91.0.9getCurrentPath:ConfigLocationDownloadLocationAppDataLocation	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
https://tomvpn.com/fblogin	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
http://api.packetshare.io0is_first_install1dealInitInfo:agreementuserregion	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown
http://tomapi.hklingyun.com	Windows Driver Foundation (WDF).exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1655788
Start date and time:	2025-04-03 17:29:02 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Windows Driver Foundation (WDF).exe
Detection:	MAL
Classification:	mal48.winEXE@1/0@0/0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 184.31.69.3, 23.203.176.221, 20.109.210.53
Excluded domains from analysis (whitelisted): cac-ocsp.digicert.com.edgekey.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e3913.cd.akamaiedge.net, ocsp.edge.digicert.com, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.729950217428696
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Windows Driver Foundation (WDF).exe
File size:	1'533'928 bytes
MD5:	52b3a4bf653a25997a846521531f8eb3
SHA1:	b3a0aa35b1efed9274b243c470bb3183871b3c29
SHA256:	6660ea3b13b995c05bef8f9ee748573f7b8438f6bfeaca14840129e674e46b9f
SHA512:	35f9790b2497482618888a5652c359a7735bacf323b45e64e070864a3ce43b7deebaecde7b9ce6048c864b7087655c3dd4f545f3e5be2d47b104a167d65b5a6b
SSDEEP:	24576:LXZpiLZLBk3aDcmi2V9bjJTIz64hvcwIqOdgQEre0pqoa5a9UamMdqR:l6LBk3icg9qS7Ereb5azdqR
TLSH:	1265E13377A58932D6A12276C982C7F7903BD8005F5156C3B1DC722EA7786CA1D7CA3A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ..tN..tN..tN......tN.,-M..tN.,-K..tN.,-J..tN.,-O..tN.^O..tN...O..tN..tO.0vN.^K..tN.;-K..tN.;-...tN..t...tN.;-L..tN.Rich.tN

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x439b62
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x64C38CDA [Fri Jul 28 09:39:38 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	0dfe8bc471b2433da2715e9c516f3397

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
call 00007FDD852D66EFh
jmp 00007FDD852D5F05h
push ebp
mov ebp, esp
push ecx
push esi
push dword ptr [ebp+08h]
mov esi, ecx
mov dword ptr [ebp-04h], esi
call 00007FDD852D60E5h
mov dword ptr [esi], 0055AAF8h
mov eax, esi
pop esi
mov esp, ebp
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0055AB00h
mov dword ptr [ecx], 0055AAF8h
ret
push ebp
mov ebp, esp
push ecx
push esi
push dword ptr [ebp+08h]
mov esi, ecx
mov dword ptr [ebp-04h], esi
call 00007FDD852D60ACh
mov dword ptr [esi], 0055AB14h
mov eax, esi
pop esi
mov esp, ebp
pop ebp
retn 0004h
and dword ptr [ecx+04h], 00000000h
mov eax, ecx
and dword ptr [ecx+08h], 00000000h
mov dword ptr [ecx+04h], 0055AB1Ch
mov dword ptr [ecx], 0055AB14h
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0055AAD8h
and dword ptr [eax], 00000000h
and dword ptr [eax+04h], 00000000h
push eax
mov eax, dword ptr [ebp+08h]
add eax, 04h
push eax
call 00007FDD852D67F2h
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
lea eax, dword ptr [ecx+04h]
mov dword ptr [ecx], 0055AAD8h
push eax
call 00007FDD852D67E0h
pop ecx
ret
push ebp
mov ebp, esp
push esi
mov esi, ecx
lea eax, dword ptr [esi+04h]
mov dword ptr [esi], 0055AAD8h

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2015 UPD3.1 build 24215
[C++] VS2015 UPD3.1 build 24215
[C++] VS2015 build 23026
[RES] VS2015 build 23026
[LNK] VS2015 build 23026

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x162b74	0x168	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x16d000	0x522	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x172000	0x4be8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x16e000	0x6dfc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x15ab40	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x15abbc	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x15ab60	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x41000	0xb6c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3fa11	0x3fc00	5c7214aef83cf3e35c8e4dfc2a6d8ba1	False	0.34918045343137255	data	5.996398514397046	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x41000	0x129a0e	0x129c00	9e7ed10706ae780f0cf45eff90957f1a	False	0.921347771043241	data	7.884246638991749	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x16b000	0xce0	0xa00	1cd6fc7571d5501c924fad7f1b5017aa	False	0.28203125	OpenPGP Public Key	4.401581472842073	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x16c000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x16d000	0x522	0x600	84b401af8097605a789fe7b1f9fec276	False	0.4290364583333333	data	4.1972236730634656	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x16e000	0x6dfc	0x6e00	1be1bb97f7296074f0bba2f72603e397	False	0.7126775568181818	data	6.763325879281151	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x16d0a0	0x204	data	English	United States	0.5077519379844961
RT_MANIFEST	0x16d2a4	0x27e	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5501567398119123

Imports

DLL	Import
Qt5Quick.dll	?childMouseEventFilter@QQuickItem@@MAE_NPAV1@PAVQEvent@@@Z, ?classBegin@QQuickItem@@MAEXXZ, ?clipRect@QQuickItem@@UBE?AVQRectF@@XZ, ?componentComplete@QQuickItem@@MAEXXZ, ?contains@QQuickItem@@UBE_NABVQPointF@@@Z, ?dragEnterEvent@QQuickItem@@MAEXPAVQDragEnterEvent@@@Z, ?dragLeaveEvent@QQuickItem@@MAEXPAVQDragLeaveEvent@@@Z, ?dragMoveEvent@QQuickItem@@MAEXPAVQDragMoveEvent@@@Z, ?dropEvent@QQuickItem@@MAEXPAVQDropEvent@@@Z, ?event@QQuickItem@@MAE_NPAVQEvent@@@Z, ?focusInEvent@QQuickItem@@MAEXPAVQFocusEvent@@@Z, ?focusOutEvent@QQuickItem@@MAEXPAVQFocusEvent@@@Z, ?geometryChanged@QQuickItem@@MAEXABVQRectF@@0@Z, ?hoverEnterEvent@QQuickItem@@MAEXPAVQHoverEvent@@@Z, ?hoverLeaveEvent@QQuickItem@@MAEXPAVQHoverEvent@@@Z, ?hoverMoveEvent@QQuickItem@@MAEXPAVQHoverEvent@@@Z, ?inputMethodEvent@QQuickItem@@MAEXPAVQInputMethodEvent@@@Z, ?inputMethodQuery@QQuickItem@@UBE?AVQVariant@@W4InputMethodQuery@Qt@@@Z, ?isTextureProvider@QQuickItem@@UBE_NXZ, ?itemChange@QQuickItem@@MAEXW4ItemChange@1@ABTItemChangeData@1@@Z, ?keyPressEvent@QQuickItem@@MAEXPAVQKeyEvent@@@Z, ?keyReleaseEvent@QQuickItem@@MAEXPAVQKeyEvent@@@Z, ?mouseDoubleClickEvent@QQuickItem@@MAEXPAVQMouseEvent@@@Z, ?mouseMoveEvent@QQuickItem@@MAEXPAVQMouseEvent@@@Z, ?mousePressEvent@QQuickItem@@MAEXPAVQMouseEvent@@@Z, ?mouseReleaseEvent@QQuickItem@@MAEXPAVQMouseEvent@@@Z, ?mouseUngrabEvent@QQuickItem@@MAEXXZ, ?releaseResources@QQuickItem@@MAEXXZ, ?textureProvider@QQuickItem@@UBEPAVQSGTextureProvider@@XZ, ?touchEvent@QQuickItem@@MAEXPAVQTouchEvent@@@Z, ?touchUngrabEvent@QQuickItem@@MAEXXZ, ?updatePaintNode@QQuickItem@@MAEPAVQSGNode@@PAV2@PAUUpdatePaintNodeData@1@@Z, ?updatePolish@QQuickItem@@MAEXXZ, ?wheelEvent@QQuickItem@@MAEXPAVQWheelEvent@@@Z, ?windowDeactivateEvent@QQuickItem@@MAEXXZ, ??0QQuickItem@@QAE@PAV0@@Z, ??1QQuickItem@@UAE@XZ, ?isVisible@QQuickItem@@QBE_NXZ, ?setVisible@QQuickItem@@QAEX_N@Z, ?visibleChanged@QQuickItem@@QAEXXZ, ?staticMetaObject@QQuickItem@@2UQMetaObject@@B, ?qt_metacast@QQuickItem@@UAEPAXPBD@Z, ?boundingRect@QQuickItem@@UBE?AVQRectF@@XZ, ?qt_metacall@QQuickItem@@UAEHW4Call@QMetaObject@@HPAPAX@Z
Qt5Widgets.dll	?hasHeightForWidth@QWidget@@UBE_NXZ, ?focusOutEvent@QWidget@@MAEXPAVQFocusEvent@@@Z, ?focusNextPrevChild@QMenu@@MAE_N_N@Z, ?focusInEvent@QWidget@@MAEXPAVQFocusEvent@@@Z, ?event@QSystemTrayIcon@@MAE_NPAVQEvent@@@Z, ?event@QMenu@@MAE_NPAVQEvent@@@Z, ?enterEvent@QMenu@@MAEXPAVQEvent@@@Z, ?dropEvent@QWidget@@MAEXPAVQDropEvent@@@Z, ?dragMoveEvent@QWidget@@MAEXPAVQDragMoveEvent@@@Z, ?dragLeaveEvent@QWidget@@MAEXPAVQDragLeaveEvent@@@Z, ?dragEnterEvent@QWidget@@MAEXPAVQDragEnterEvent@@@Z, ?devType@QWidget@@UBEHXZ, ?contextMenuEvent@QWidget@@MAEXPAVQContextMenuEvent@@@Z, ?closeEvent@QWidget@@MAEXPAVQCloseEvent@@@Z, ?changeEvent@QMenu@@MAEXPAVQEvent@@@Z, ?actionEvent@QMenu@@MAEXPAVQActionEvent@@@Z, ?activated@QSystemTrayIcon@@QAEXW4ActivationReason@1@@Z, ?setVisible@QSystemTrayIcon@@QAEX_N@Z, ?geometry@QSystemTrayIcon@@QBE?AVQRect@@XZ, ?setToolTip@QSystemTrayIcon@@QAEXABVQString@@@Z, ?toolTip@QSystemTrayIcon@@QBE?AVQString@@XZ, ?setIcon@QSystemTrayIcon@@QAEXABVQIcon@@@Z, ?setContextMenu@QSystemTrayIcon@@QAEXPAVQMenu@@@Z, ??1QSystemTrayIcon@@UAE@XZ, ??0QSystemTrayIcon@@QAE@PAVQObject@@@Z, ?addSeparator@QMenu@@QAEPAVQAction@@XZ, ?addMenu@QMenu@@QAEPAVQAction@@PAV1@@Z, ??1QMenu@@UAE@XZ, ??0QMenu@@QAE@PAVQWidget@@@Z, ?setIcon@QAction@@QAEXABVQIcon@@@Z, ??1QAction@@UAE@XZ, ??0QAction@@QAE@PAVQObject@@@Z, ?addAction@QWidget@@QAEXPAVQAction@@@Z, ?setFixedHeight@QWidget@@QAEXH@Z, ?setFixedWidth@QWidget@@QAEXH@Z, ?height@QWidget@@QBEHXZ, ?width@QWidget@@QBEHXZ, ?event@QAction@@MAE_NPAVQEvent@@@Z, ?exec@QApplication@@SAHXZ, ?setWindowIcon@QApplication@@SAXABVQIcon@@@Z, ?setFont@QApplication@@SAXABVQFont@@PBD@Z, ??1QApplication@@UAE@XZ, ?heightForWidth@QWidget@@UBEHH@Z, ?hideEvent@QMenu@@MAEXPAVQHideEvent@@@Z, ?inputMethodEvent@QWidget@@MAEXPAVQInputMethodEvent@@@Z, ?inputMethodQuery@QWidget@@UBE?AVQVariant@@W4InputMethodQuery@Qt@@@Z, ?keyPressEvent@QMenu@@MAEXPAVQKeyEvent@@@Z, ?keyReleaseEvent@QWidget@@MAEXPAVQKeyEvent@@@Z, ?leaveEvent@QMenu@@MAEXPAVQEvent@@@Z, ?metaObject@QMenu@@UBEPBUQMetaObject@@XZ, ?metaObject@QSystemTrayIcon@@UBEPBUQMetaObject@@XZ, ?metric@QWidget@@MBEHW4PaintDeviceMetric@QPaintDevice@@@Z, ?minimumSizeHint@QWidget@@UBE?AVQSize@@XZ, ?mouseDoubleClickEvent@QWidget@@MAEXPAVQMouseEvent@@@Z, ?mouseMoveEvent@QMenu@@MAEXPAVQMouseEvent@@@Z, ?mousePressEvent@QMenu@@MAEXPAVQMouseEvent@@@Z, ?mouseReleaseEvent@QMenu@@MAEXPAVQMouseEvent@@@Z, ?moveEvent@QWidget@@MAEXPAVQMoveEvent@@@Z, ?nativeEvent@QWidget@@MAE_NABVQByteArray@@PAXPAJ@Z, ?paintEngine@QWidget@@UBEPAVQPaintEngine@@XZ, ?paintEvent@QMenu@@MAEXPAVQPaintEvent@@@Z, ?qt_metacall@QMenu@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?qt_metacall@QSystemTrayIcon@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?qt_metacast@QMenu@@UAEPAXPBD@Z, ?qt_metacast@QSystemTrayIcon@@UAEPAXPBD@Z, ?redirected@QWidget@@MBEPAVQPaintDevice@@PAVQPoint@@@Z, ?resizeEvent@QWidget@@MAEXPAVQResizeEvent@@@Z, ?setVisible@QWidget@@UAEX_N@Z, ?sharedPainter@QWidget@@MBEPAVQPainter@@XZ, ?showEvent@QWidget@@MAEXPAVQShowEvent@@@Z, ?sizeHint@QMenu@@UBE?AVQSize@@XZ, ?tabletEvent@QWidget@@MAEXPAVQTabletEvent@@@Z, ?timerEvent@QMenu@@MAEXPAVQTimerEvent@@@Z, ?wheelEvent@QMenu@@MAEXPAVQWheelEvent@@@Z, ?staticMetaObject@QSystemTrayIcon@@2UQMetaObject@@B, ??0QApplication@@QAE@AAHPAPADH@Z, ?compressEvent@QApplication@@MAE_NPAVQEvent@@PAVQObject@@PAVQPostEventList@@@Z, ?event@QApplication@@MAE_NPAVQEvent@@@Z, ?notify@QApplication@@UAE_NPAVQObject@@PAVQEvent@@@Z, ?qt_metacast@QApplication@@UAEPAXPBD@Z, ?qt_metacall@QApplication@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?staticMetaObject@QApplication@@2UQMetaObject@@B, ?qt_metacast@QAction@@UAEPAXPBD@Z, ?qt_metacall@QAction@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?staticMetaObject@QAction@@2UQMetaObject@@B, ?initPainter@QWidget@@MBEXPAVQPainter@@@Z
Qt5Gui.dll	??0QFont@@QAE@XZ, ?raise@QWindow@@QAEXXZ, ?requestActivate@QWindow@@QAEXXZ, ?setWindowState@QWindow@@QAEXW4WindowState@Qt@@@Z, ?windowState@QWindow@@QBE?AW4WindowState@Qt@@XZ, ?primaryScreen@QGuiApplication@@SAPAVQScreen@@XZ, ?logicalDotsPerInch@QScreen@@QBENXZ, ?geometry@QScreen@@QBE?AVQRect@@XZ, ?openUrl@QDesktopServices@@SA_NABVQUrl@@@Z, ??1QIcon@@QAE@XZ, ??0QIcon@@QAE@ABVQString@@@Z, ?setFamily@QFont@@QAEXABVQString@@@Z, ??1QFont@@QAE@XZ, ?show@QWindow@@QAEXXZ
Qt5Qml.dll	?qmlregister@QQmlPrivate@@YAHW4RegistrationType@1@PAX@Z, ?rootContext@QQmlEngine@@QBEPAVQQmlContext@@XZ, ??0QQmlApplicationEngine@@QAE@PAVQObject@@@Z, ??1QQmlApplicationEngine@@UAE@XZ, ?rootObjects@QQmlApplicationEngine@@QAE?AV?$QList@PAVQObject@@@@XZ, ?load@QQmlApplicationEngine@@QAEXABVQUrl@@@Z, ?objectCreated@QQmlApplicationEngine@@QAEXPAVQObject@@ABVQUrl@@@Z, ?setContextProperty@QQmlContext@@QAEXABVQString@@ABVQVariant@@@Z, ?staticMetaObject@QQmlApplicationEngine@@2UQMetaObject@@B, ?qdeclarativeelement_destructor@QQmlPrivate@@YAXPAVQObject@@@Z
Qt5Network.dll	?listen@QLocalServer@@QAE_NABVQString@@@Z, ?errorString@QLocalServer@@QBE?AVQString@@XZ, ??1QLocalServer@@UAE@XZ, ??0QLocalServer@@QAE@PAVQObject@@@Z, ?allInterfaces@QNetworkInterface@@SA?AV?$QList@VQNetworkInterface@@@@XZ, ?hardwareAddress@QNetworkInterface@@QBE?AVQString@@XZ, ?flags@QNetworkInterface@@QBE?AV?$QFlags@W4InterfaceFlag@QNetworkInterface@@@@XZ, ?name@QNetworkInterface@@QBE?AVQString@@XZ, ??1QNetworkInterface@@QAE@XZ, ??0QNetworkInterface@@QAE@ABV0@@Z, ?staticMetaObject@QNetworkReply@@2UQMetaObject@@B, ?qt_metacast@QHttpMultiPart@@UAEPAXPBD@Z, ?qt_metacall@QHttpMultiPart@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?metaObject@QHttpMultiPart@@UBEPBUQMetaObject@@XZ, ?attribute@QNetworkReply@@QBE?AVQVariant@@W4Attribute@QNetworkRequest@@@Z, ?url@QNetworkReply@@QBE?AVQUrl@@XZ, ?isRunning@QNetworkReply@@QBE_NXZ, ?error@QNetworkReply@@QBE?AW4NetworkError@1@XZ, ??1QNetworkProxy@@QAE@XZ, ??0QNetworkProxy@@QAE@W4ProxyType@0@ABVQString@@G11@Z, ?append@QHttpMultiPart@@QAEXABVQHttpPart@@@Z, ??1QHttpMultiPart@@UAE@XZ, ??0QHttpMultiPart@@QAE@W4ContentType@0@PAVQObject@@@Z, ?setBody@QHttpPart@@QAEXABVQByteArray@@@Z, ?setHeader@QHttpPart@@QAEXW4KnownHeaders@QNetworkRequest@@ABVQVariant@@@Z, ??1QHttpPart@@QAE@XZ, ??0QLocalSocket@@QAE@PAVQObject@@@Z, ?post@QNetworkAccessManager@@QAEPAVQNetworkReply@@ABVQNetworkRequest@@PAVQHttpMultiPart@@@Z, ?post@QNetworkAccessManager@@QAEPAVQNetworkReply@@ABVQNetworkRequest@@ABVQByteArray@@@Z, ?get@QNetworkAccessManager@@QAEPAVQNetworkReply@@ABVQNetworkRequest@@@Z, ?setProxy@QNetworkAccessManager@@QAEXABVQNetworkProxy@@@Z, ?clearConnectionCache@QNetworkAccessManager@@QAEXXZ, ?clearAccessCache@QNetworkAccessManager@@QAEXXZ, ?setRawHeader@QNetworkRequest@@QAEXABVQByteArray@@0@Z, ?rawHeader@QNetworkRequest@@QBE?AVQByteArray@@ABV2@@Z, ?rawHeaderList@QNetworkRequest@@QBE?AV?$QList@VQByteArray@@@@XZ, ?setHeader@QNetworkRequest@@QAEXW4KnownHeaders@1@ABVQVariant@@@Z, ??1QNetworkRequest@@QAE@XZ, ??0QNetworkRequest@@QAE@ABVQUrl@@@Z, ?qt_metacast@QNetworkAccessManager@@UAEPAXPBD@Z, ?qt_metacall@QNetworkAccessManager@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?metaObject@QNetworkAccessManager@@UBEPBUQMetaObject@@XZ, ?createRequest@QNetworkAccessManager@@MAEPAVQNetworkReply@@W4Operation@1@ABVQNetworkRequest@@PAVQIODevice@@@Z, ??1QNetworkAccessManager@@UAE@XZ, ??0QNetworkAccessManager@@QAE@PAVQObject@@@Z, ??1QLocalSocket@@UAE@XZ, ?connectToServer@QLocalSocket@@QAEXABVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z, ?waitForBytesWritten@QLocalSocket@@UAE_NH@Z, ?waitForConnected@QLocalSocket@@QAE_NH@Z, ?waitForDisconnected@QLocalSocket@@QAE_NH@Z, ?waitForReadyRead@QLocalSocket@@UAE_NH@Z, ?hasPendingConnections@QLocalServer@@UBE_NXZ, ?incomingConnection@QLocalServer@@MAEXI@Z, ?metaObject@QLocalServer@@UBEPBUQMetaObject@@XZ, ?nextPendingConnection@QLocalServer@@UAEPAVQLocalSocket@@XZ, ?qt_metacall@QLocalServer@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?qt_metacast@QLocalServer@@UAEPAXPBD@Z, ?staticMetaObject@QHttpMultiPart@@2UQMetaObject@@B, ??0QHttpPart@@QAE@XZ
Qt5Core.dll	??4QUrl@@QAEAAV0@$$QAV0@@Z, ?staticMetaObject@QCoreApplication@@2UQMetaObject@@B, ?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ, ?activate@QMetaObject@@SAXPAVQObject@@PBU1@HPAPAX@Z, ?qUnregisterResourceData@@YA_NHPBE00@Z, ?qRegisterResourceData@@YA_NHPBE00@Z, ?resolve@QLibrary@@QAEP6AXXZPBD@Z, ??1QLibrary@@UAE@XZ, ??0QLibrary@@QAE@ABVQString@@PAVQObject@@@Z, ?writeBytes@QDataStream@@QAEAAV1@PBDI@Z, ?readRawData@QDataStream@@QAEHPADH@Z, ??5QDataStream@@QAEAAV0@AAH@Z, ??1QDataStream@@QAE@XZ, ??0QDataStream@@QAE@PAVQIODevice@@@Z, ?applicationFilePath@QCoreApplication@@SA?AVQString@@XZ, ?tempPath@QDir@@SA?AVQString@@XZ, ??0QFileInfo@@QAE@ABVQFile@@@Z, ?setFileName@QFile@@QAEXABVQString@@@Z, ??0QFile@@QAE@XZ, ?errorString@QIODevice@@QBE?AVQString@@XZ, ?read@QIODevice@@QAE?AVQByteArray@@_J@Z, ?isOpen@QIODevice@@QBE_NXZ, ??1QRegExp@@QAE@XZ, ??0QRegExp@@QAE@ABVQString@@W4CaseSensitivity@Qt@@W4PatternSyntax@0@@Z, ?number@QString@@SA?AV1@KH@Z, ?fromLatin1@QString@@SA?AV1@PBDH@Z, ?toLatin1@QString@@QHAE?AVQByteArray@@XZ, ?utf16@QString@@QBEPBGXZ, ?remove@QString@@QAEAAV1@ABVQRegExp@@@Z, ??YQString@@QAEAAV0@VQChar@@@Z, ?toLower@QString@@QHAE?AV1@XZ, ?toLower@QString@@QGBE?AV1@XZ, ?section@QString@@QBE?AV1@VQChar@@HHV?$QFlags@W4SectionFlag@QString@@@@@Z, ?truncate@QString@@QAEXH@Z, ??0QString@@QAE@VQChar@@@Z, ?resize@QByteArray@@QAEXH@Z, ?qChecksum@@YAGPBDI@Z, ?qstrcmp@@YAHABVQByteArray@@PBD@Z, ?sharedNull@QArrayData@@SAPAU1@XZ, ?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z, ?qErrnoWarning@@YAXPBDZZ, ?warning@QMessageLogger@@QBAXPBDZZ, ?connect@QObject@@QBE?AVConnection@QMetaObject@@PBV1@PBD1W4ConnectionType@Qt@@@Z, ??9QUrl@@QBE_NABV0@@Z, ?toLocalFile@QUrl@@QBE?AVQString@@XZ, ??4QUrl@@QAEAAV0@ABV0@@Z, ??0QUrl@@QAE@XZ, ?y@QRect@@QBEHXZ, ?x@QRect@@QBEHXZ, ?exit@QCoreApplication@@SAXH@Z, ?installEventFilter@QObject@@QAEXPAV1@@Z, ?children@QObject@@QBEABV?$QList@PAVQObject@@@@XZ, ?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z, ?mid@QString@@QBE?AV1@HH@Z, ?translate@QTranslator@@UBE?AVQString@@PBD00H@Z, ?qt_metacast@QTranslator@@UAEPAXPBD@Z, ?qt_metacall@QTranslator@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?metaObject@QTranslator@@UBEPBUQMetaObject@@XZ, ?isEmpty@QTranslator@@UBE_NXZ, ?append@QJsonArray@@QAEXABVQJsonValue@@@Z, ?installTranslator@QCoreApplication@@SA_NPAVQTranslator@@@Z, ?height@QRect@@QBEHXZ, ?width@QRect@@QBEHXZ, ?load@QTranslator@@QAE_NABVQString@@000@Z, ??1QTranslator@@UAE@XZ, ??0QTranslator@@QAE@PAVQObject@@@Z, ?setArray@QJsonDocument@@QAEXABVQJsonArray@@@Z, ?array@QJsonDocument@@QBE?AVQJsonArray@@XZ, ?isObject@QJsonDocument@@QBE_NXZ, ?toJson@QJsonDocument@@QBE?AVQByteArray@@W4JsonFormat@1@@Z, ?toJson@QJsonDocument@@QBE?AVQByteArray@@XZ, ??0QJsonDocument@@QAE@ABVQJsonObject@@@Z, ??0QJsonDocument@@QAE@XZ, ?insert@QJsonObject@@QAE?AViterator@1@ABVQString@@ABVQJsonValue@@@Z, ?toBool@QJsonValue@@QBE_N_N@Z, ?type@QJsonValue@@QBE?AW4Type@1@XZ, ??0QJsonValue@@QAE@ABVQJsonObject@@@Z, ??0QJsonValue@@QAE@ABVQJsonArray@@@Z, ??0QJsonValue@@QAE@ABVQString@@@Z, ??0QJsonValue@@QAE@H@Z, ??0QJsonValue@@QAE@_N@Z, ?exists@QFile@@QBE_NXZ, ?readLine@QIODevice@@QAE?AVQByteArray@@_J@Z, ?prepend@QListData@@QAEPAPAXXZ, ?replace@QString@@QAEAAV1@ABV1@0W4CaseSensitivity@Qt@@@Z, ?shared_null@QMapDataBase@@2U1@B, ?writeData@QProcess@@MAE_JPBD_J@Z, ?waitForReadyRead@QProcess@@UAE_NH@Z, ?waitForBytesWritten@QProcess@@UAE_NH@Z, ?size@QIODevice@@UBE_JXZ, ?setupChildProcess@QProcess@@MAEXXZ, ?seek@QIODevice@@UAE_N_J@Z, ?readLineData@QIODevice@@MAE_JPAD_J@Z, ?readData@QProcess@@MAE_JPAD_J@Z, ?qt_metacast@QProcess@@UAEPAXPBD@Z, ?qt_metacall@QProcess@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?pos@QIODevice@@UBE_JXZ, ?open@QProcess@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z, ?metaObject@QProcess@@UBEPBUQMetaObject@@XZ, ?isSequential@QProcess@@UBE_NXZ, ?canReadLine@QProcess@@UBE_NXZ, ?bytesToWrite@QProcess@@UBE_JXZ, ?bytesAvailable@QProcess@@UBE_JXZ, ?atEnd@QProcess@@UBE_NXZ, ?start@QThreadPool@@QAEXPAVQRunnable@@H@Z, ?globalInstance@QThreadPool@@SAPAV1@XZ, ?toUnicode@QTextCodec@@QBE?AVQString@@PBDHPAUConverterState@1@@Z, ??1ConverterState@QTextCodec@@QAE@XZ, ?toUnicode@QTextCodec@@QBE?AVQString@@ABVQByteArray@@@Z, ?remove@QSettings@@QAEXABVQString@@@Z, ?value@QSettings@@QBE?AVQVariant@@ABVQString@@ABV2@@Z, ?setValue@QSettings@@QAEXABVQString@@ABVQVariant@@@Z, ??1QSettings@@UAE@XZ, ??0QSettings@@QAE@ABVQString@@W4Format@0@PAVQObject@@@Z, ?hasMatch@QRegularExpressionMatch@@QBE_NXZ, ??1QRegularExpressionMatch@@QAE@XZ, ?match@QRegularExpression@@QBE?AVQRegularExpressionMatch@@ABVQString@@HW4MatchType@1@V?$QFlags@W4MatchOption@QRegularExpression@@@@@Z, ?setPattern@QRegularExpression@@QAEXABVQString@@@Z, ??1QRegularExpression@@QAE@XZ, ??0QRegularExpression@@QAE@XZ, ?derefT@QFutureInterfaceBase@@IBE_NXZ, ?refT@QFutureInterfaceBase@@IBE_NXZ, ?resultStoreBase@QFutureInterfaceBase@@QAEAAVResultStoreBase@QtPrivate@@XZ, ?mutex@QFutureInterfaceBase@@QBEPAVQMutex@@XZ, ?isCanceled@QFutureInterfaceBase@@QBE_NXZ, ?queryState@QFutureInterfaceBase@@QBE_NW4State@1@@Z, ?setThreadPool@QFutureInterfaceBase@@QAEXPAVQThreadPool@@@Z, ?setRunnable@QFutureInterfaceBase@@QAEXPAVQRunnable@@@Z, ?reportResultsReady@QFutureInterfaceBase@@QAEXHH@Z, ?reportException@QFutureInterfaceBase@@QAEXABVQException@@@Z, ?reportFinished@QFutureInterfaceBase@@QAEXXZ, ?reportStarted@QFutureInterfaceBase@@QAEXXZ, ??1QFutureInterfaceBase@@UAE@XZ, ??0QFutureInterfaceBase@@QAE@ABV0@@Z, ??0QFutureInterfaceBase@@QAE@W4State@0@@Z, ?count@ResultStoreBase@QtPrivate@@QBEHXZ, ?addResult@ResultStoreBase@QtPrivate@@QAEHHPBX@Z, ?filterMode@ResultStoreBase@QtPrivate@@QBE_NXZ, ??1QRunnable@@UAE@XZ, ??0QUnhandledException@@QAE@XZ, ??1QUnhandledException@@UAE@XZ, ?startDetached@QProcess@@SA_NABVQString@@@Z, ?startDetached@QProcess@@SA_NABVQString@@ABVQStringList@@@Z, ?execute@QProcess@@SAHABVQString@@@Z, ?execute@QProcess@@SAHABVQString@@ABVQStringList@@@Z, ?close@QProcess@@UAEXXZ, ?readAllStandardOutput@QProcess@@QAE?AVQByteArray@@XZ, ?waitForFinished@QProcess@@QAE_NH@Z, ?waitForStarted@QProcess@@QAE_NH@Z, ?setWorkingDirectory@QProcess@@QAEXABVQString@@@Z, ?setReadChannel@QProcess@@QAEXW4ProcessChannel@1@@Z, ?start@QProcess@@QAEXABVQString@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z, ?start@QProcess@@QAEXABVQString@@ABVQStringList@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z, ??0QProcess@@QAE@PAVQObject@@@Z, ?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ, ?exists@QDir@@QBE_NABVQString@@@Z, ?remove@QDir@@QAE_NABVQString@@@Z, ?exists@QDir@@QBE_NXZ, ?mkpath@QDir@@QBE_NABVQString@@@Z, ?mkdir@QDir@@QBE_NABVQString@@@Z, ?entryInfoList@QDir@@QBE?AV?$QList@VQFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z, ?filePath@QDir@@QBE?AVQString@@ABV2@@Z, ?absolutePath@QDir@@QBE?AVQString@@XZ, ??1QDir@@QAE@XZ, ??0QDir@@QAE@ABVQString@@@Z, ?size@QFileInfo@@QBE_JXZ, ?isDir@QFileInfo@@QBE_NXZ, ?qBadAlloc@@YAXXZ, ??0QMessageLogger@@QAE@PBDH0@Z, ?debug@QMessageLogger@@QBE?AVQDebug@@XZ, ?qInstallMessageHandler@@YAP6AXW4QtMsgType@@ABVQMessageLogContext@@ABVQString@@@ZP6AX012@Z@Z, ?qSetMessagePattern@@YAXABVQString@@@Z, ??0QMutex@@QAE@W4RecursionMode@0@@Z, ??1QMutex@@QAE@XZ, ?lock@QMutex@@QAEXXZ, ?unlock@QMutex@@QAEXXZ, ??0QChar@@QAE@UQLatin1Char@@@Z, ??0QByteArray@@QAE@XZ, ??0QByteArray@@QAE@PBDH@Z, ??1QByteArray@@QAE@XZ, ?reserve@QByteArray@@QAEXH@Z, ?append@QByteArray@@QAEAAV1@D@Z, ?append@QByteArray@@QAEAAV1@PBD@Z, ??0QString@@QAE@XZ, ??0QString@@QAE@VQLatin1String@@@Z, ??0QString@@QAE@ABV0@@Z, ??1QString@@QAE@XZ, ??4QString@@QAEAAV0@$$QAV0@@Z, ?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z, ?append@QString@@QAEAAV1@ABV1@@Z, ?fromUtf8@QString@@SA?AV1@PBDH@Z, ?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ, ?fromAscii_helper@QString@@CAPAU?$QTypedArrayData@G@@PBDH@Z, ?className@QMetaObject@@QBEPBDXZ, ??1Connection@QMetaObject@@QAE@XZ, ?dispose@QListData@@SAXPAUData@1@@Z, ?isEmpty@QListData@@QBE_NXZ, ?registerNormalizedType@QMetaType@@SAHABVQByteArray@@P6AXPAX@ZP6APAX1PBX@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PBUQMetaObject@@@Z, ?registerNormalizedTypedef@QMetaType@@SAHABVQByteArray@@H@Z, ??1QObject@@UAE@XZ, ?isWindowType@QObject@@QBE_NXZ, ?connectImpl@QObject@@CA?AVConnection@QMetaObject@@PBV1@PAPAX01PAVQSlotObjectBase@QtPrivate@@W4ConnectionType@Qt@@PBHPBU3@@Z, ?setAttribute@QCoreApplication@@SAXW4ApplicationAttribute@Qt@@_N@Z, ?setApplicationName@QCoreApplication@@SAXABVQString@@@Z, ??1QVariant@@QAE@XZ, ??0QVariant@@QAE@H@Z, ??0QUrl@@QAE@ABV0@@Z, ??0QUrl@@QAE@ABVQString@@W4ParsingMode@0@@Z, ??1QUrl@@QAE@XZ, ??8QUrl@@QBE_NABV0@@Z, ??1QDebug@@QAE@XZ, ??6QDebug@@QAEAAV0@H@Z, ??6QDebug@@QAEAAV0@PBD@Z, ??6QDebug@@QAEAAV0@ABVQString@@@Z, ?codecForName@QTextCodec@@SAPAV1@PBD@Z, ?setCodecForLocale@QTextCodec@@SAXPAV1@@Z, ??1QDateTime@@QAE@XZ, ?toString@QDateTime@@QBE?AVQString@@ABV2@@Z, ?currentDateTime@QDateTime@@SA?AV1@XZ, ?writableLocation@QStandardPaths@@SA?AVQString@@W4StandardLocation@1@@Z, ??1QProcess@@UAE@XZ, ??1QJsonArray@@QAE@XZ, ?setFilterRules@QLoggingCategory@@SAXABVQString@@@Z, ?childEvent@QObject@@MAEXPAVQChildEvent@@@Z, ?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z, ?customEvent@QObject@@MAEXPAVQEvent@@@Z, ?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z, ?event@QObject@@UAE_NPAVQEvent@@@Z, ?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z, ?metaObject@QObject@@UBEPBUQMetaObject@@XZ, ?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?qt_metacast@QObject@@UAEPAXPBD@Z, ?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z, ?staticMetaObject@QObject@@2UQMetaObject@@B, ?productType@QSysInfo@@SA?AVQString@@XZ, ?productVersion@QSysInfo@@SA?AVQString@@XZ, ??0QByteArray@@QAE@ABV0@@Z, ??4QByteArray@@QAEAAV0@$$QAV0@@Z, ?swap@QByteArray@@QAEXAAV1@@Z, ?append@QByteArray@@QAEAAV1@ABV1@@Z, ?toHex@QByteArray@@QBE?AV1@XZ, ?toStdString@QByteArray@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ, ??4QString@@QAEAAV0@ABV0@@Z, ?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z, ?left@QString@@QBE?AV1@H@Z, ?remove@QString@@QAEAAV1@HH@Z, ?remove@QString@@QAEAAV1@ABV1@W4CaseSensitivity@Qt@@@Z, ?split@QString@@QBE?AVQStringList@@ABV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z, ?toUtf8@QString@@QGBE?AVQByteArray@@XZ, ?toUtf8@QString@@QHAE?AVQByteArray@@XZ, ?toLocal8Bit@QString@@QGBE?AVQByteArray@@XZ, ?toLocal8Bit@QString@@QHAE?AVQByteArray@@XZ, ?fromUtf8@QString@@SA?AV1@ABVQByteArray@@@Z, ?toInt@QString@@QBEHPA_NH@Z, ?number@QString@@SA?AV1@HH@Z, ?number@QString@@SA?AV1@JH@Z, ?number@QString@@SA?AV1@_JH@Z, ??8@YA_NABVQString@@0@Z, ??M@YA_NABVQString@@0@Z, ??0QString@@QAE@ABVQByteArray@@@Z, ??4QString@@QAEAAV0@PBD@Z, ??4QString@@QAEAAV0@ABVQByteArray@@@Z, ??YQString@@QAEAAV0@PBD@Z, ??YQString@@QAEAAV0@ABVQByteArray@@@Z, ??8QString@@QBE_NPBD@Z, ?fromStdString@QString@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z, ?detach@QListData@@QAEPAUData@1@H@Z, ?detach_grow@QListData@@QAEPAUData@1@PAHH@Z, ?erase@QListData@@QAEPAPAXPAPAX@Z, ?append@QListData@@QAEPAPAXXZ, ?remove@QListData@@QAEXH@Z, ?size@QListData@@QBEHXZ, ?at@QListData@@QBEPAPAXH@Z, ?begin@QListData@@QBEPAPAXXZ, ?end@QListData@@QBEPAPAXXZ, ??0QObject@@QAE@PAV0@@Z, ?objectName@QObject@@QBE?AVQString@@XZ, ?setObjectName@QObject@@QAEXABVQString@@@Z, ?connect@QObject@@SA?AVConnection@QMetaObject@@PBV1@PBD01W4ConnectionType@Qt@@@Z, ?disconnect@QObject@@SA_NPBV1@PBD01@Z, ?parent@QObject@@QBEPAV1@XZ, ?deleteLater@QObject@@QAEXXZ, ?sender@QObject@@IBEPAV1@XZ, ?readAll@QIODevice@@QAE?AVQByteArray@@XZ, ?write@QIODevice@@QAE_JABVQByteArray@@@Z, ?flush@QFileDevice@@QAE_NXZ, ??0QFile@@QAE@ABVQString@@@Z, ??1QFile@@UAE@XZ, ??0QFileInfo@@QAE@ABVQString@@@Z, ??1QFileInfo@@QAE@XZ, ?fileName@QFileInfo@@QBE?AVQString@@XZ, ??0QVariant@@QAE@PBD@Z, ??0QVariant@@QAE@ABVQString@@@Z, ?toInt@QVariant@@QBEHPA_N@Z, ??6@YA?AVQDebug@@V0@ABVQVariant@@@Z, ??0QLocale@@QAE@XZ, ??1QLocale@@QAE@XZ, ?language@QLocale@@QBE?AW4Language@1@XZ, ??6QTextStream@@QAEAAV0@D@Z, ?endl@@YAAAVQTextStream@@AAV1@@Z, ?noquote@QDebug@@QAEAAV1@XZ, ??6QDebug@@QAEAAV0@D@Z, ??6QDebug@@QAEAAV0@J@Z, ??6QDebug@@QAEAAV0@N@Z, ??6QDebug@@QAEAAV0@ABVQByteArray@@@Z, ??6QDebug@@QAEAAV0@P6AAAVQTextStream@@AAV1@@Z@Z, ?qt_QMetaEnum_debugOperator@@YA?AVQDebug@@AAV1@HPBUQMetaObject@@PBD@Z, ?hash@QCryptographicHash@@SA?AVQByteArray@@ABV2@W4Algorithm@1@@Z, ??1QBasicTimer@@QAE@XZ, ?start@QBasicTimer@@QAEXHPAVQObject@@@Z, ?stop@QBasicTimer@@QAEXXZ, ??1QJsonValue@@QAE@XZ, ?toInt@QJsonValue@@QBEHH@Z, ?toDouble@QJsonValue@@QBENN@Z, ?toString@QJsonValue@@QBE?AVQString@@XZ, ?toArray@QJsonValue@@QBE?AVQJsonArray@@XZ, ?toObject@QJsonValue@@QBE?AVQJsonObject@@XZ, ??0QJsonArray@@QAE@XZ, ??0QJsonArray@@QAE@ABV0@@Z, ??4QJsonArray@@QAEAAV0@ABV0@@Z, ?size@QJsonArray@@QBEHXZ, ?at@QJsonArray@@QBE?AVQJsonValue@@H@Z, ??1QJsonDocument@@QAE@XZ, ?fromJson@QJsonDocument@@SA?AV1@ABVQByteArray@@PAUQJsonParseError@@@Z, ?object@QJsonDocument@@QBE?AVQJsonObject@@XZ, ??0QJsonObject@@QAE@XZ, ??1QJsonObject@@QAE@XZ, ??4QJsonObject@@QAEAAV0@ABV0@@Z, ?isEmpty@QJsonObject@@QBE_NXZ, ?value@QJsonObject@@QBE?AVQJsonValue@@ABVQString@@@Z, ??6@YA?AVQDebug@@V0@ABVQJsonObject@@@Z, ?singleShot@QTimer@@SAXHPBVQObject@@PBD@Z, ?toString@QUrl@@QBE?AVQString@@V?$QUrlTwoFlags@W4UrlFormattingOption@QUrl@@W4ComponentFormattingOption@2@@@@Z, ??6@YA?AVQDebug@@V0@ABVQUrl@@@Z, ?atEnd@QFileDevice@@UBE_NXZ, ?bytesAvailable@QIODevice@@UBE_JXZ, ?bytesToWrite@QIODevice@@UBE_JXZ, ?canReadLine@QIODevice@@UBE_NXZ, ?close@QFileDevice@@UAEXXZ, ?fileName@QFile@@UBE?AVQString@@XZ, ?isSequential@QFileDevice@@UBE_NXZ, ?metaObject@QFile@@UBEPBUQMetaObject@@XZ, ?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z, ?permissions@QFile@@UBE?AV?$QFlags@W4Permission@QFileDevice@@@@XZ, ?pos@QFileDevice@@UBE_JXZ, ?qt_metacall@QFile@@UAEHW4Call@QMetaObject@@HPAPAX@Z, ?qt_metacast@QFile@@UAEPAXPBD@Z, ?readData@QFileDevice@@MAE_JPAD_J@Z, ?readLineData@QFileDevice@@MAE_JPAD_J@Z, ?reset@QIODevice@@UAE_NXZ, ?resize@QFile@@UAE_N_J@Z, ?seek@QFileDevice@@UAE_N_J@Z, ?setPermissions@QFile@@UAE_NV?$QFlags@W4Permission@QFileDevice@@@@@Z, ?size@QFile@@UBE_JXZ, ?waitForBytesWritten@QIODevice@@UAE_NH@Z, ?waitForReadyRead@QIODevice@@UAE_NH@Z, ?writeData@QFileDevice@@MAE_JPBD_J@Z, ?shared_null@QListData@@2UData@1@B, ?warning@QMessageLogger@@QBE?AVQDebug@@XZ, ??1QMutexLocker@@QAE@XZ, ?deallocate@QArrayData@@SAXPAU1@II@Z, ?data@QByteArray@@QAEPADXZ, ?constData@QByteArray@@QBEPBDXZ, ??0QString@@QAE@$$QAV0@@Z, ?lastIndexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z, ?right@QString@@QBE?AV1@H@Z, ?toLatin1@QString@@QGBE?AVQByteArray@@XZ, ?fromLocal8Bit@QString@@SA?AV1@ABVQByteArray@@@Z, ?append@QString@@QAEAAV1@PBD@Z, ??9QString@@QBE_NPBD@Z, ?fromStdWString@QString@@SA?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z, ?toStdWString@QString@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ, ?write@QIODevice@@QAE_JPBD_J@Z, ?nextNode@QMapNodeBase@@QBEPBU1@XZ, ?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z, ?freeData@QMapDataBase@@SAXPAU1@@Z, ??0QVariant@@QAE@XZ, ?cmp@QVariant@@QBE_NABV1@@Z, ??6QDebug@@QAEAAV0@_N@Z, ??6QDebug@@QAEAAV0@_J@Z, ?exists@QFile@@SA_NABVQString@@@Z, ?remove@QFile@@QAE_NXZ, ?remove@QFile@@SA_NABVQString@@@Z, ?rename@QFile@@SA_NABVQString@@0@Z, ?link@QFile@@SA_NABVQString@@0@Z, ?copy@QFile@@QAE_NABVQString@@@Z, ?copy@QFile@@SA_NABVQString@@0@Z, ??0QFileInfo@@QAE@ABV0@@Z, ?exists@QFileInfo@@QBE_NXZ, ?filePath@QFileInfo@@QBE?AVQString@@XZ, ?absoluteFilePath@QFileInfo@@QBE?AVQString@@XZ, ?isFile@QFileInfo@@QBE_NXZ
MSVCP140.dll	?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z, ?_Xout_of_range@std@@YAXPBD@Z, ?_Xlength_error@std@@YAXPBD@Z, ?_Xbad_alloc@std@@YAXXZ, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?uncaught_exception@std@@YA_NXZ
ADVAPI32.dll	RegCloseKey, RegOpenKeyExA, RegQueryInfoKeyA, CloseServiceHandle, OpenSCManagerW, OpenServiceW, QueryServiceStatusEx, RegEnumValueA
KERNEL32.dll	SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, IsProcessorFeaturePresent, GetProcAddress, GetModuleHandleW, CreateEventW, WaitForSingleObjectEx, ResetEvent, SetEvent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetCurrentProcessId, WaitForMultipleObjects, OpenMutexW, CreateMutexW, GetCurrentProcess, ReleaseMutex, WideCharToMultiByte, MultiByteToWideChar, GlobalMemoryStatusEx, GetSystemTimes, GetStartupInfoW, CreateProcessW, Sleep, CreatePipe, GetLastError, CloseHandle, ReadFile, AttachConsole, FreeConsole, TerminateProcess, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCommandLineW, WaitForSingleObject, LocalFree
VCRUNTIME140.dll	memmove, memset, __vcrt_InitializeCriticalSectionEx, __telemetry_main_invoke_trigger, _CxxThrowException, __std_exception_copy, __std_exception_destroy, _except_handler4_common, __std_terminate, memcpy, __telemetry_main_return_trigger, __CxxFrameHandler3
api-ms-win-crt-runtime-l1-1-0.dll	_initialize_onexit_table, _register_onexit_function, system, _initialize_narrow_environment, _invalid_parameter_noinfo_noreturn, _seh_filter_exe, _set_app_type, _crt_atexit, _configure_narrow_argv, _get_narrow_winmain_command_line, _initterm_e, exit, _exit, _c_exit, _register_thread_local_exe_atexit_callback, _cexit, _initterm, _controlfp_s, terminate
api-ms-win-crt-heap-l1-1-0.dll	_callnewh, free, malloc, _set_new_mode
api-ms-win-crt-stdio-l1-1-0.dll	__p__commode, _set_fmode, __acrt_iob_func, freopen, __stdio_common_vfprintf, fwrite, fopen, fclose
api-ms-win-crt-time-l1-1-0.dll	_time64
api-ms-win-crt-math-l1-1-0.dll	_except1, __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
SHELL32.dll	CommandLineToArgvW

Version Infos

Description	Data
FileVersion	10.0.22621.1485
OriginalFilename	WUDFHost.exe
ProductName	Windows Driver Foundation (WDF)
ProductVersion	10.0.22621.1485
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

• Windows Driver Foundation (WDF).exe

Click to jump to process

Memory Usage

• Windows Driver Foundation (WDF).exe

Click to jump to process

System Behavior

Analysis Process: Windows Driver Foundation (WDF).exePID: 7312, Parent PID: 3964

General

Target ID:	0
Start time:	11:30:14
Start date:	03/04/2025
Path:	C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Windows Driver Foundation (WDF).exe"
Imagebase:	0x850000
File size:	1'533'928 bytes
MD5 hash:	52B3A4BF653A25997A846521531F8EB3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly