client[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

client.dll
Size

15.6MB
MD5

2e2f34643a1f9721a9a28bd1f665df79
SHA1

b90a73fd7a28d3652a38374e75396418688e2ad9
SHA256

c3c44173041b770c31386d03092e32cdd04c0b8c76f6b2ecebaf022682754d19
SHA512

4860ae3a8696e92c59029170a5f4be56dc4c87929a4dde1291d42f4e39ed0dc2a99dc91303d5b749e255eb0459baf5f1809bbb83973a983ca13c9cb466ee1385
SSDEEP

393216:1j79no48NXxNBJ6op2peuqPi6++9tz30QVuuctf9Kl2rTpAYVOcxNvqvZrpZuDGt:d7ZQxNBJ6op2peuqPi6++9tz30QVuuc0

Score

N/A

Malware Config

Signatures

Files

client.dll
.dll windows x86

161b23bb0797951ff064681e98760812

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f
Signer

Actual PE Digest

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

16/12/2022, 22:07
Valid: true

Chain 1

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Chain 2

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SystemParametersInfoA
LoadImageA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA

gdi32

DeleteDC
GetDIBits
CreateCompatibleDC
GetObjectA
DeleteObject

parsifal

ord24
ord8
ord3
ord2
ord1
ord23

steam_api

SteamAPI_GetHSteamPipe
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallback
SteamInternal_CreateInterface
SteamAPI_RegisterCallback
SteamAPI_InitSafe
SteamAPI_SetTryCatchCallbacks
SteamAPI_GetHSteamUser
SteamInternal_FindOrCreateUserInterface
SteamInternal_ContextInit

tier0

Plat_IsInDebugSession
?FindOrCreateCounter@CVProfile@@QAEPAHPBDW4CounterGroup_t@@@Z
Error
Msg
DevMsg
Warning
?ExitScope@CVProfile@@QAEXXZ
Plat_ExitProcess
g_pMemAlloc
CommandLine
LoggingSystem_RegisterLoggingChannel
ThreadInterlockedAssignIf64
?DevWarning@@YAXPBDZZ
?Lock@CThreadMutex@@QAEXXZ
?Unlock@CThreadMutex@@QAEXXZ
?Set@CThreadEvent@@QAE_NXZ
?Lock@CThreadFastMutex@@ACEXII@Z
ThreadInMainThread
DevWarning
g_ClockSpeedMillisecondsMultiplier
LoggingSystem_LogAssert
CallAssertFailedNotifyFunc
ShouldUseNewAssertDialog
AddMemoryInfoCallback
RemoveMemoryInfoCallback
StackToolsNotify_LoadedLibrary
GetThreadedLoadLibraryFunc
DoNewAssertDialog
_ExitOnFatalAssert
?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
g_VProfCurrentProfile
?DevMsg@@YAXPBDZZ
Plat_USTime
?ConColorMsg@@YAXABVColor@@PBDZZ
LoggingSystem_IsChannelEnabled
LoggingSystem_Log
??0CThreadMutex@@QAE@XZ
??1CThreadMutex@@QAE@XZ
??0CThreadEvent@@QAE@_N@Z
??1CThreadEvent@@QAE@XZ
COM_TimestampedLog
ThreadSleep
?g_nThreadID@@3V?$CThreadLocalInt@H@GenericThreadLocals@@A
?SpinLockForRead@CThreadSpinRWLock@@QAEXXZ
?SpinLockForWrite@CThreadSpinRWLock@@QAEXXZ
?Get@CThreadLocalBase@GenericThreadLocals@@QBEPAXXZ
?Reset@CThreadEvent@@QAE_NXZ
LOG_GENERAL
?TryLock@CThreadMutex@@QAE_NXZ
?GetName@CThread@@QAEPBDXZ
?Join@CThread@@QAE_NI@Z
Plat_localtime
Platform_gmtime
Plat_RelativeTickFrequency
Plat_RelativeTicks
g_dwClockSpeed
?LockForRead@CThreadSpinRWLock@@QBEXXZ
StoreTempValue
GetTempValue
g_ClockSpeed
?ConMsg@@YAXPBDZZ
Plat_GetOSVersion
Plat_GetTime
Plat_WindowToScreenCoords
CreateSimpleThread
ReleaseThreadHandle
Plat_IsInBenchmarkMode
Plat_GetTimeString
Plat_MSTime
Plat_timegm
??0CThreadLocalBase@GenericThreadLocals@@QAE@XZ
??1CThreadLocalBase@GenericThreadLocals@@QAE@XZ
?Set@CThreadLocalBase@GenericThreadLocals@@QAEXPAX@Z
MemFreeScratch
MemAllocScratch
ConDMsg
?LoggingSystem_Log@@YA?AW4LoggingResponse_t@@HW4LoggingSeverity_t@@VColor@@PBDZZ
LoggingSystem_AddTagToCurrentChannel
?Wait@CThreadEvent@@QAE_NI@Z
WriteMiniDump
GetCPUInformation
Plat_GetLocalTime
GetCPUFrequencyResults
g_PerfStats
Plat_FloatTime

rpcrt4

UuidCreate
UuidFromStringA
UuidToStringA
RpcStringFreeA

v8

??0Utf8Value@String@v8@@QAE@V?$Local@VValue@v8@@@2@@Z
??1Utf8Value@String@v8@@QAE@XZ
?SlowGetInternalField@Object@v8@@AAE?AV?$Local@VValue@v8@@@2@H@Z
?CreateHandle@HandleScope@v8@@CAPAPAVObject@internal@2@PAVHeapObject@42@PAV342@@Z
?Value@External@v8@@QBEPAXXZ
?Enter@Isolate@v8@@QAEXXZ
?Exit@Isolate@v8@@QAEXXZ
??0HandleScope@v8@@QAE@PAVIsolate@1@@Z
??1HandleScope@v8@@QAE@XZ
?Set@Template@v8@@QAEXV?$Local@VName@v8@@@2@V?$Local@VData@v8@@@2@W4PropertyAttribute@2@@Z
?New@FunctionTemplate@v8@@SA?AV?$Local@VFunctionTemplate@v8@@@2@PAVIsolate@2@P6AXABV?$FunctionCallbackInfo@VValue@v8@@@2@@ZV?$Local@VValue@v8@@@2@V?$Local@VSignature@v8@@@2@HW4ConstructorBehavior@2@@Z
?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBDW4NewStringType@12@H@Z
?SetAccessor@ObjectTemplate@v8@@QAEXV?$Local@VString@v8@@@2@P6AX0ABV?$PropertyCallbackInfo@VValue@v8@@@2@@ZP6AX0V?$Local@VValue@v8@@@2@ABV?$PropertyCallbackInfo@X@2@@Z3W4AccessControl@2@W4PropertyAttribute@2@V?$Local@VAccessorSignature@v8@@@2@@Z
?GetCurrentContext@Isolate@v8@@QAE?AV?$Local@VContext@v8@@@2@XZ
?GetCurrent@Isolate@v8@@SAPAV12@XZ
?ToString@Value@v8@@QBE?AV?$MaybeLocal@VString@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?GetName@Function@v8@@QBE?AV?$Local@VValue@v8@@@2@XZ
?ThrowException@Isolate@v8@@QAE?AV?$Local@VValue@v8@@@2@V32@@Z
??0TryCatch@v8@@QAE@XZ
??1TryCatch@v8@@QAE@XZ
?HasCaught@TryCatch@v8@@QBE_NXZ
?DisposeGlobal@V8@v8@@CAXPAPAVObject@internal@2@@Z
?CreateHandle@HandleScope@v8@@KAPAPAVObject@internal@2@PAVIsolate@42@PAV342@@Z
?GlobalizeReference@V8@v8@@CAPAPAVObject@internal@2@PAVIsolate@42@PAPAV342@@Z
?Get@Object@v8@@QAE?AV?$Local@VValue@v8@@@2@V32@@Z
?New@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@PAVIsolate@2@H@Z
?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PAVIsolate@2@N@Z
?New@Object@v8@@SA?AV?$Local@VObject@v8@@@2@PAVIsolate@2@@Z
?Set@Object@v8@@QAE_NV?$Local@VValue@v8@@@2@0@Z
?IsArray@Value@v8@@QBE_NXZ
?Length@Array@v8@@QBEIXZ
?NumberValue@Value@v8@@QBENXZ
?Get@Object@v8@@QAE?AV?$Local@VValue@v8@@@2@I@Z
?IsObject@Value@v8@@QBE_NXZ
?New@Array@v8@@SA?AV?$Local@VArray@v8@@@2@PAVIsolate@2@H@Z
?Set@Object@v8@@QAE_NIV?$Local@VValue@v8@@@2@@Z
?IsBoolean@Value@v8@@QBE_NXZ
?BooleanValue@Value@v8@@QBE_NXZ
?IsInt32@Value@v8@@QBE_NXZ
?Int32Value@Value@v8@@QBEHXZ
?IsNumber@Value@v8@@QBE_NXZ
?GetPropertyNames@Object@v8@@QAE?AV?$Local@VArray@v8@@@2@XZ
?TypeOf@Value@v8@@QAE?AV?$Local@VString@v8@@@2@PAVIsolate@2@@Z
?New@Context@v8@@SA?AV?$Local@VContext@v8@@@2@PAVIsolate@2@PAVExtensionConfiguration@2@V?$MaybeLocal@VObjectTemplate@v8@@@2@V?$MaybeLocal@VValue@v8@@@2@@Z
?Enter@Context@v8@@QAEXXZ
?Exit@Context@v8@@QAEXXZ
?IsUint32@Value@v8@@QBE_NXZ
?NewFromTwoByte@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBGW4NewStringType@12@H@Z
?Value@Number@v8@@QBENXZ
?ToNumber@Value@v8@@QBE?AV?$MaybeLocal@VNumber@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?InternalFieldCount@Object@v8@@QAEHXZ
?ToBoolean@Value@v8@@QBE?AV?$MaybeLocal@VBoolean@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?Value@Boolean@v8@@QBE_NXZ
?GetIsolate@Object@v8@@QAEPAVIsolate@2@XZ
?Uint32Value@Value@v8@@QBEIXZ
?IsFunction@Value@v8@@QBE_NXZ
?ToObject@Value@v8@@QBE?AV?$MaybeLocal@VObject@v8@@@2@V?$Local@VContext@v8@@@2@@Z
?GetCallingContext@Isolate@v8@@QAE?AV?$Local@VContext@v8@@@2@XZ

video

CreateVideoPlayer
DeleteVideoPlayer

vstdlib

Coroutine_Continue
Coroutine_Create
?RandomInt@CUniformRandomStream@@UAEHHH@Z
V_UnicodeToUTF8
CreateNewThreadPool
?RandomFloat@CUniformRandomStream@@UAEMMM@Z
?SetSeed@CUniformRandomStream@@UAEXH@Z
Coroutine_YieldToMain
?RandomFloat@CGaussianRandomStream@@QAEMMM@Z
??0CUniformRandomStream@@QAE@XZ
?AttachToStream@CGaussianRandomStream@@QAEXPAVIUniformRandomStream@@@Z
??0CGaussianRandomStream@@QAE@PAVIUniformRandomStream@@@Z
KeyValuesSystem
g_pThreadPool
RandomFloat
RandomSeed
RandomInt
DestroyThreadPool

kernel32

TlsAlloc
GetLastError
InitializeCriticalSectionAndSpinCount
TlsSetValue
GetStdHandle
SetEndOfFile
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetFileAttributesExW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetConsoleCP
ReadConsoleW
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW
ExitProcess
GetTempPathW
GetTimeZoneInformation
TzSpecificLocalTimeToSystemTime
GetCurrentDirectoryW
SetEnvironmentVariableA
PeekNamedPipe
GetFullPathNameA
GetFullPathNameW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
RtlUnwind
RaiseException
InterlockedFlushSList
InterlockedPushEntrySList
GetProcAddress
FreeLibrary
TlsGetValue
TlsFree
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
CreateEventW
DecodePointer
EncodePointer
GetStringTypeW
GetLongPathNameA
GetShortPathNameA
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetDateFormatA
GetTimeFormatA
GetProcessHeap
LoadLibraryExA
VirtualAlloc
VirtualFree
QueryPerformanceFrequency
QueryPerformanceCounter
VirtualQuery
GetCurrentThread
GetCurrentProcessId
GetModuleHandleExA
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
FindNextFileA
FindFirstFileA
WaitForSingleObject
SetLastError
FileTimeToDosDateTime
GetFileSize
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileInformationByHandle
DosDateTimeToFileTime
CreateDirectoryA
GetFileType
LoadLibraryExW
FindFirstFileW
FindNextFileW
SystemTimeToFileTime
DuplicateHandle
GetCurrentDirectoryA
SetFilePointer
SetFileTime
GetCurrentProcess
ReadFile
Sleep
CreateFileMappingA
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
DeleteFileA
CopyFileA
GetModuleHandleA
GetModuleFileNameA
FlushFileBuffers
SetFilePointerEx
CloseHandle
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateFileW
FindClose
RemoveDirectoryW
WriteFile
GetCurrentThreadId

shell32

ShellExecuteA

ws2_32

ntohs

Exports

Exports

CreateInterface

Sections

.text
Size: 11.2MB - Virtual size: 11.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 654KB - Virtual size: 70.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

161b23bb0797951ff064681e98760812

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9fSigner

Signature Validations

Verification

16/12/2022, 22:07 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

gdi32

parsifal

steam_api

tier0

rpcrt4

v8

video

vstdlib

kernel32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 11.2MB - Virtual size: 11.2MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 654KB - Virtual size: 70.0MB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 7KB - Virtual size: 7KB

.reloc Size: 1.3MB - Virtual size: 1.3MB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

0d:ca:da:d1:7e:e9:b9:af:87:37:eb:2e:89:61:bd:57:03:bc:2a:d1:8a:38:fe:c6:26:62:50:fa:1d:38:f5:9f
Signer

16/12/2022, 22:07
Valid: true

.text
Size: 11.2MB - Virtual size: 11.2MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 654KB - Virtual size: 70.0MB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1.3MB - Virtual size: 1.3MB