Game Setup v[.]5[.]3[.]rar

Sharing

Copy URL Twitter E-mail

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-fil>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

General

Target

Game Setup v.5.3.rar
Size

161.3MB
MD5

c17d9cfeb1754f5e86734386c6d0962c
SHA1

3ed9ccc008bbac42f717e730b9d1d1c89fbd3699
SHA256

96bc8a797f8e97c85945f081b61f841e1e9caab2ac1dbcba983b1f1c8c230092
SHA512

4eaf1e8eb7b74508a6920eb63b0d4a6d25748fea5d7cbd479778558912e85b4977f3e9f6c4307bf256624e30cca52e9c3b2c89af982d501217e2efea254aaed4
SSDEEP

3145728:yDPtjZF4rEsmRogjTeoHBxvp86oNr3sEUOLdtduKyAI:yDpZF41mRoqTBxR7m9nH9yAI

Score

1^/10

Malware Config

Signatures

Files

Game Setup v.5.3.rar
.rar

Password: 2024
Setup.exe
.exe windows:5 windows x86 arch:x86

Password: 2024

c4aa5bcf2bb55d1c83c9f17222c4c515

Code Sign

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2020, 00:00

Not After

01/03/2023, 12:00

Subject

SERIALNUMBER=5278570,CN=Sentinel Labs\, Inc.,OU=Sentinel Labs\, Inc.,O=Sentinel Labs\, Inc.,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:c5:0f:b4:1d:52:12:f5:ce:78:2d:d9:e6:d5:7b:33:75:24:cb:6a:5b:1d:ba:1b:dd:6f:f6:4e:d2:5b:c3:a3
Signer

Actual PE Digest

f7:c5:0f:b4:1d:52:12:f5:ce:78:2d:d9:e6:d5:7b:33:75:24:cb:6a:5b:1d:ba:1b:dd:6f:f6:4e:d2:5b:c3:a3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_EH_prolog

kernel32

IsProcessorFeaturePresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharToOemA

advapi32

RegOpenKeyExA

ole32

CoInitializeSecurity

oleaut32

VariantClear

shlwapi

ord155

Sections

.text
Size: - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp‹�
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp‹�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp‹�
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Source/packs.dll
Source/source.dll
Source/updater.exe
.exe windows:6 windows x64 arch:x64

Password: 2024

a48c772826ef5fbef5f9d4ddcfb60aea

Code Sign

06:e9:03:cc:ee:6d:b3:0d:2a:4f:91:74:3e:b1:6e:b0
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/06/2020, 00:00

Not After

14/06/2023, 12:00

Subject

SERIALNUMBER=HRB72838,CN=Ableton AG,OU=IT OPS,O=Ableton AG,L=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:9d:37:96:c1:c3:08:c1:da:8a:55:64:22:1d:55:7e:46:44:10:f6:bd:9a:98:e0:37:72:e5:c8:b3:b8:34:d3
Signer

Actual PE Digest

e0:9d:37:96:c1:c3:08:c1:da:8a:55:64:22:1d:55:7e:46:44:10:f6:bd:9a:98:e0:37:72:e5:c8:b3:b8:34:d3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Jenkins\live\output\Live\win_64_static\Release\Live.pdb

Imports

kernel32

SetThreadStackGuarantee
TryAcquireSRWLockExclusive
SetFileCompletionNotificationModes
ReleaseSRWLockShared
SleepConditionVariableSRW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CloseHandle
OpenFileMappingW
OpenEventA
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetFileInformationByHandleEx
GetModuleHandleExW
AcquireSRWLockShared
CreateProcessW
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
InitOnceComplete
InitOnceBeginInitialize
SignalObjectAndWait
MulDiv
TryEnterCriticalSection
OpenFile
ExitProcess
GetEnvironmentVariableA
MoveFileExA
InitializeCriticalSectionEx
GetSystemDirectoryA
GetModuleHandleA
VirtualQuery
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
HeapReAlloc
DeleteFileA
LoadLibraryA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
HeapSize
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
HeapCreate
MapViewOfFileEx
CreateFileMappingA
ConnectNamedPipe
CancelIoEx
DisconnectNamedPipe
CreateNamedPipeA
SetNamedPipeHandleState
GetQueuedCompletionStatusEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
InitOnceExecuteOnce
GetTempFileNameA
GetTempPathA
ResumeThread
GetThreadPriority
OpenThread
CreateProcessA
GetCommandLineA
GetModuleFileNameA
SetConsoleTextAttribute
AreFileApisANSI
CopyFileW
CreateDirectoryExW
GetEnvironmentVariableW
GetDynamicTimeZoneInformation
GetVolumeNameForVolumeMountPointW
GetLogicalDrives
SwitchToThread
OpenMutexW
GlobalHandle
CreateMutexA
DuplicateHandle
SetThreadAffinityMask
CreateWaitableTimerW
GetQueuedCompletionStatus
SetWaitableTimer
CreateIoCompletionPort
SleepEx
InitializeCriticalSectionAndSpinCount
CreateEventW
DebugBreak
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
SetThreadExecutionState
CreateThread
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingW
CreateMutexW
PostQueuedCompletionStatus
QueueUserAPC
TerminateThread
WaitForMultipleObjects
WaitForSingleObject
FormatMessageA
GetCommandLineW
SetDllDirectoryW
GetVolumeInformationW
GetSystemDirectoryW
lstrlenW
GetLongPathNameW
GetTempPathW
ReplaceFileW
SetUnhandledExceptionFilter
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
SetPriorityClass
GetProcessId
GetExitCodeProcess
GetDriveTypeW
GetFileTime
SetEndOfFile
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
SetThreadPriority
OutputDebugStringA
RtlCaptureContext
GetProcessAffinityMask
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
FlushInstructionCache
IsDebuggerPresent
GetUserPreferredUILanguages
Process32NextW
Process32FirstW
GetACP
GetLocaleInfoA
GetThreadTimes
GetCurrentThread
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetComputerNameExW
VerifyVersionInfoA
ExpandEnvironmentStringsW
GetStringTypeW
GetNumberOfConsoleInputEvents
WriteConsoleW
ResetEvent
ReadConsoleW
GetConsoleMode
AddVectoredExceptionHandler
RaiseException
RemoveVectoredExceptionHandler
LoadLibraryExW
FreeLibrary
SetErrorMode
GetTickCount
TlsFree
TlsGetValue
GetProcessHeap
HeapAlloc
TlsAlloc
GetCurrentThreadId
HeapFree
TlsSetValue
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetSystemTimeAdjustment
CreateEventA
SetEvent
GetFileType
GetConsoleCP
GetConsoleOutputCP
GenerateConsoleCtrlEvent
GetProcessTimes
GetSystemTimeAsFileTime
GetModuleHandleW
MoveFileExW
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
GetSystemInfo
Process32Next
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetFileAttributesW
GetVolumePathNameW
FindClose
CreateHardLinkW
CreatePipe
SetEnvironmentVariableW
SetFileTime
GetFinalPathNameByHandleW
RemoveDirectoryW
TerminateProcess
DeviceIoControl
GetStdHandle
GetCurrentProcess
FindNextFileW
GetFullPathNameW
GetHandleInformation
SetLastError
GetConsoleScreenBufferInfo
SetHandleInformation
Process32First
FindFirstFileW
CreateDirectoryW
OutputDebugStringW
CreateSemaphoreA
DeleteCriticalSection
WaitForSingleObjectEx
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
VirtualAlloc
VirtualFree
LocalFree
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetLastError
CreateFileW
SetFilePointer
WriteFile
ReadFile
Sleep
GetModuleFileNameW

user32

AdjustWindowRectEx
DestroyMenu
CreateMenu
DrawMenuBar
SetWindowLongW
CreateWindowExW
RegisterClassExW
AppendMenuW
RemoveMenu
LoadCursorW
SetMenuItemInfoW
MessageBoxExW
DeleteMenu
BroadcastSystemMessageW
RegisterWindowMessageW
GetTopWindow
InSendMessage
ReplyMessage
OpenClipboard
EmptyClipboard
GetWindowLongW
SetClipboardData
SetCapture
CloseClipboard
GetClipboardSequenceNumber
SetCursor
SetCursorPos
ShowCursor
InvalidateRect
LoadCursorFromFileW
DestroyCursor
GetDC
ReleaseDC
MessageBoxA
RegisterDeviceNotificationW
UnregisterDeviceNotification
MapVirtualKeyW
RegisterClassW
MoveWindow
ToUnicode
SetRect
SendMessageW
CallWindowProcW
MessageBoxW
SetTimer
KillTimer
CharLowerBuffA
FillRect
DrawTextA
DrawTextExA
SetRectEmpty
MsgWaitForMultipleObjects
PeekMessageA
EnumDisplayDevicesW
DispatchMessageA
GetQueueStatus
FlashWindowEx
LoadIconW
PostThreadMessageA
GetProcessWindowStation
DestroyWindow
GetUserObjectInformationW
PeekMessageW
MonitorFromPoint
GetMonitorInfoW
PostQuitMessage
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
GetKeyState
ShowWindow
SetForegroundWindow
EnableWindow
GetMenu
GetWindowLongPtrW
SetWindowLongPtrW
WaitForInputIdle
GetWindow
MonitorFromWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetClientRect
GetUpdateRect
ValidateRect
SetWindowPlacement
GetWindowPlacement
GetWindowRect
GetGestureInfo
PostMessageW
EnumChildWindows
EnumWindows
DefWindowProcW
ToAscii
GetWindowThreadProcessId
IsWindowVisible
GetCursorPos
SystemParametersInfoW
GetDoubleClickTime
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetActiveWindow
WindowFromPoint
ScreenToClient
SetFocus
IsWindowEnabled
SetMenu
RegisterWindowMessageA
GetKeyboardLayoutNameW
EnumDisplayMonitors
BringWindowToTop
UpdateWindow
GetParent
SetWindowPos
ClientToScreen
GetClassNameW
GetKeyboardState
CloseGestureInfoHandle
GetWindowInfo
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMenu
EnableMenuItem
GetActiveWindow
ReleaseCapture

msvcp140

?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??1codecvt_base@std@@UEAA@XZ
??1facet@locale@std@@MEAA@XZ
??1_Facet_base@std@@UEAA@XZ
??_7_Facet_base@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??_7facet@locale@std@@6B@
??_7codecvt_base@std@@6B@
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??_7?$codecvt@_WDU_Mbstatet@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Incref@facet@locale@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xbad_alloc@std@@YAXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0facet@locale@std@@IEAA@_K@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
_Strxfrm
_Strcoll
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Cnd_wait
?id@?$messages@D@std@@2V0locale@2@A
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Cnd_broadcast
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?widen@?$ctype@D@std@@QEBADD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_Xruntime_error@std@@YAXPEBD@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pubsetbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAPEAV12@PEAD_J@Z
?in_avail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_J@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Random_device@std@@YAIXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
_Thrd_detach
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?classic@locale@std@@SAAEBV12@XZ
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
_Xtime_get_ticks
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?widen@?$ctype@D@std@@QEBAPEBDPEBD0PEAD@Z
?toupper@?$ctype@D@std@@QEBADD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_signal
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_trylock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_timedwait
_Mtx_current_owns
?_Xoverflow_error@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
_Query_perf_counter
_Query_perf_frequency
?exceptions@ios_base@std@@QEAAXH@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
_Thrd_yield
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?do_in@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?do_always_noconv@?$codecvt@_WDU_Mbstatet@@@std@@MEBA_NXZ
?do_max_length@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHXZ
?do_encoding@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHXZ
?do_out@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?do_unshift@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?do_length@?$codecvt@_WDU_Mbstatet@@@std@@MEBAHAEAU_Mbstatet@@PEBD1_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__CxxFrameHandler3
__std_terminate
__RTDynamicCast
__std_type_info_hash
_CxxThrowException
memcmp
__current_exception_context
__current_exception
longjmp
memcpy
wcsstr
__C_specific_handler
memmove
_set_se_translator
memset
strstr
wcsrchr
wcschr
strrchr
strchr
__RTtypeid
__std_type_info_compare
__std_type_info_name
_purecall
__std_exception_destroy
__std_exception_copy
_set_purecall_handler
__RTCastToVoid
__intrinsic_setjmp
memchr

api-ms-win-crt-runtime-l1-1-0

raise
_set_abort_behavior
terminate
set_terminate
fesetenv
fegetenv
strerror_s
_getpid
_beginthreadex
_endthreadex
strerror
_exit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_cexit
_set_thread_local_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
abort
_register_onexit_function
_crt_atexit
_wsystem
signal
_control87
exit
__fpe_flt_rounds
__sys_nerr
_errno
__sys_errlist
_c_exit

api-ms-win-crt-stdio-l1-1-0

_wfopen
fputs
_chsize_s
_lseeki64
_wopen
_commit
_open_osfhandle
_get_osfhandle
getc
rewind
_setmode
fgets
feof
__stdio_common_vsprintf_s
__stdio_common_vswprintf
ftell
ferror
fopen
fseek
_ftelli64
__acrt_iob_func
__stdio_common_vfprintf
clearerr
fgetc
ungetc
fread
_fseeki64
__stdio_common_vsscanf
__stdio_common_vswscanf
fgetpos
fsetpos
setvbuf
_fileno
_locking
_dup
fflush
_wfopen_s
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_creat
_wfsopen
_lseek
_write
_read
_open
_dup2
_close
fputc
fwrite
fclose
_get_stream_buffer_pointers
_isatty
_getcwd
_set_fmode
__p__commode

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_umask
_wstat64
_fstat64
_lock_file
_wstat64i32
_access
_fstat64i32
_stat64i32
remove
_mkdir
_unlink
_stat64

api-ms-win-crt-math-l1-1-0

truncf
fminf
fmaxf
_fdsign
floorf
cosf
sinf
ceilf
nextafter
powf
sqrtf
__setusermatherr
sinh
tanh
trunc
atanf
roundf
atan2f
erfc
sqrt
asin
erf
lrintf
sin
atan
acos
pow
nextafterf
log2
lround
floor
fabs
tan
fmin
hypot
tanf
cos
copysign
modf
frexp
ldexp
_finite
_isnan
copysignf
_dsign
ceil
cosh
lroundf
_fdopen
log2f
cbrt
exp
llround
round
expf
logf
fmodf
modff
exp2f
tanhf
_dclass
_fdclass
_ldclass
llrint
acosf
atan2
fmod
log
log10
log10f
sinhf
exp2

api-ms-win-crt-heap-l1-1-0

_msize
realloc
calloc
malloc
_callnewh
_aligned_realloc
_aligned_free
_aligned_malloc
free
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcsncpy
strncpy
isxdigit
strlen
isalnum
wcsxfrm
wcscoll
wcsnlen
wcstok
_stricmp_l
strncat
strnlen
strcpy_s
strncmp
tolower
strspn
isspace
isdigit
strcspn
_strnicmp
iswprint
iswspace
isupper
strcmp
iscntrl
iswdigit
_wcsicmp
_strdup
wcsncmp
towlower
_stricmp
wcscpy_s
isprint
toupper
wcscat_s
isalpha

api-ms-win-crt-utility-l1-1-0

rand
qsort
bsearch
rand_s
srand

api-ms-win-crt-time-l1-1-0

_localtime64
_tzset
_time64
_localtime64_s
_gmtime64_s
clock
__timezone
_gmtime64
_ctime64
_mktime64
strftime
_difftime64
__tzname
__daylight

api-ms-win-crt-multibyte-l1-1-0

_mbsncmp
_mbspbrk
_mbschr
_mbsnbcpy

api-ms-win-crt-convert-l1-1-0

strtoull
_wcstoi64
atoi
strtod
strtoll
_wtoi
atof
atoll
strtoul
strtol
wcstol
wcstombs
mbstowcs
strtof
_wcstod_l

api-ms-win-crt-environment-l1-1-0

__p__wenviron
getenv
_wgetenv
_wgetcwd
_wputenv

api-ms-win-crt-locale-l1-1-0

setlocale
_free_locale
_create_locale
localeconv
_configthreadlocale

api-ms-win-crt-process-l1-1-0

_wspawnv
_wexecve
_cwait
_wspawnve
_wexecv

mswsock

AcceptEx

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

avrt

AvSetMmThreadCharacteristicsW

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersAddresses

shlwapi

PathCanonicalizeW
StrCmpLogicalW
PathCombineW

crypt32

CertEnumCRLsInStore
CertGetEnhancedKeyUsage
CertFreeCRLContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
PFXImportCertStore
CryptStringToBinaryA
CryptProtectData
CryptUnprotectData
CertDuplicateStore
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertFindCertificateInStore
CryptDecodeObjectEx
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertGetCertificateContextProperty

ws2_32

WSAPoll
WSARecv
WSAStringToAddressW
WSAAddressToStringW
WSASendTo
WSAGetLastError
getsockopt
send
WSARecvFrom
shutdown
select
__WSAFDIsSet
setsockopt
getnameinfo
ioctlsocket
sendto
freeaddrinfo
htons
inet_ntop
htonl
recv
WSASend
recvfrom
getservbyname
inet_ntoa
connect
ntohs
socket
getservbyport
getprotobyname
gethostbyaddr
getsockname
inet_addr
getpeername
WSAStartup
WSACleanup
getaddrinfo
inet_pton
accept
WSASocketW
WSASetLastError
bind
listen
WSAIoctl
closesocket
gethostbyname
ntohl
WSADuplicateSocketW

d3d11

D3D11CreateDevice

dwmapi

DwmFlush
DwmGetCompositionTimingInfo
DwmIsCompositionEnabled

imm32

ImmGetContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow

opengl32

glGenTextures
glDeleteTextures
glDisable
glBlendFunc
glEnable
glEnd
glVertex2f
glTexCoord2f
glBegin
glTexSubImage2D
glPixelStorei
glLoadIdentity
glColor3f
glBindTexture
glGetError
glGetTexLevelParameteriv
glTexImage2D
glGetIntegerv
wglCreateContext
glViewport
glMatrixMode
wglDeleteContext
wglGetCurrentDC
wglGetCurrentContext
wglMakeCurrent
wglGetProcAddress
glGetString
glTexParameteri
glTexParameterfv

shell32

DragAcceptFiles
SHCreateItemFromParsingName
DragQueryFileW
SHGetSpecialFolderPathA
SetCurrentProcessExplicitAppUserModelID
SHGetKnownFolderPath
ShellExecuteExW
FindExecutableW
ShellExecuteW
CommandLineToArgvW
SHAddToRecentDocs

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA

dsound

ord1
ord8
ord6
ord3

rex shared library

REXDelete
REXCreate
REXInitializeDLL
REXGetSliceInfo
REXGetInfo
REXRenderSlice

gdi32

BitBlt
GetPixel
SelectObject
ChoosePixelFormat
CreateCompatibleDC
DeleteObject
SetBkColor
SwapBuffers
DescribePixelFormat
SetPixelFormat
GetStockObject
CreateDIBSection
SetTextColor
DeleteDC

ole32

OleInitialize
CoUninitialize
CoLockObjectExternal
OleUninitialize
RevokeDragDrop
StringFromGUID2
CLSIDFromString
CoInitialize
CoTaskMemFree
CoCreateInstance
OleGetClipboard
GetRunningObjectTable
CoTaskMemAlloc
CreateItemMoniker
ReleaseStgMedium
RegisterDragDrop
DoDragDrop
CoFreeUnusedLibraries

oleaut32

SysAllocString
SysFreeString

winmm

midiOutUnprepareHeader
midiOutLongMsg
timeEndPeriod
midiOutShortMsg
midiOutClose
midiOutReset
midiOutPrepareHeader
timeBeginPeriod
midiInStop
midiInReset
timeGetTime
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutOpen
waveOutClose
waveOutPause
waveOutRestart
waveOutReset
waveOutGetPosition
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInGetPosition
waveInStart
waveInReset
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
timeSetEvent
timeKillEvent
waveInGetErrorTextA
midiInGetDevCapsW
midiInMessage
midiInGetNumDevs
midiOutGetDevCapsW
midiOutMessage
midiOutGetNumDevs
midiInPrepareHeader
midiInAddBuffer
midiInUnprepareHeader
midiInOpen
midiInClose
midiInStart
midiOutOpen

usflib

XUsfProgGetTuno
XUsfProgGetVelFade
XUsfBankDelete
XUsfStreamDelete
XUsfVoiceGetTuno
XUsfSampSamplePitch
XUsfSampNumberOfChannels
XUsfSampIsLooped
XUsfSampGetFormat
XUsfVoiceChannelName
XUsfVoiceIsInterleaved
XUsfVoiceIsExternal
XUsfVoiceIsLooped
XUsfModGetDepthExt
XUsfModGetControl
XUsfEnvSegmentRate
XUsfEnvSegmentCount
XUsfProgLfoCount
XUsfProgGetDim
XUsfProgHasCrossFade
XUsfProgDimCount
XUsfProgGetVcfKeyFollow
XUsfProgGetLevelRange
XUsfProgGetCrossfade
XUsfImportUsfProgramName
XUsfImportUsfFileName
XUsfImportUsfCurrentFolder
XUsfLibNew
XUsfLibNewFileImport
XUsfLibNewImageImport
XUsfImportUsfVolumeName
XUsfImportUsfVolumeCount
XUsfImportUsfCloseSubFolder
XUsfImportUsfFolderName
XUsfImportUsfFolderCount
XUsfImportUsfFileCount
XUsfImportUsfOpenSubFolder
XUsfImportUsfOpenFolder
XUsfImportUsfProgramCount
XUsfImportUsfOpenFileByName
XUsfImportUsfOpenFile
XUsfBankGetProgram
XUsfBankProgramCount
XUsfImportUsfLoadProgram
XUsfBankNew
XUsfProgHasReleaseTrigger
XUsfProgSplitByGroup
XUsfProgGetReleaseTrigger
XUsfProgIsSet
XUsfProgSplitBadStereo
XUsfProgFlatten
XUsfNodeGetName
XUsfNodeGetChildByIndex
XUsfNodeChildCount
XUsfEnvGetSustainIndex
XUsfEnvSegmentLevel
XUsfEnvSegmentRateByType
XUsfEnvSegmentLevelByType
XUsfModGetSource
XUsfModGetDepthInt
XUsfLfoGetDelay
XUsfLfoGetRate
XUsfLfoGetSync
XUsfLfoGetTrig
XUsfLfoGetWave
XUsfProgGetLfo
XUsfModGetDestin
XUsfProgGetMod
XUsfProgModCount
XUsfProgGetEnvAux
XUsfProgGetEnvMod
XUsfProgVcaByEnv
XUsfEnvSetDestination
XUsfProgGetEnvAmp
XUsfProgVcfByEnv
XUsfProgVcfByVel
XUsfProgGetFilter
XUsfProgVcaByVel
XUsfProgGetTranspose
XUsfImportDelete
XUsfVoiceRootKey
XUsfProgPitchTracking
XUsfProgVcaLevel
XUsfProgGetPano
XUsfVoiceChannelCount
XUsfVoiceChannelStart
XUsfVoiceChannelEnd
XUsfVoiceChannelLoopStart
XUsfVoiceChannelLoopEnd
XUsfVoicePlayMode
XUsfImportUsfGetFormat
XUsfVoiceLoopCrossfade
XUsfVoiceIsDummy
XUsfVoiceSampleCount
XUsfSampIsExternal
XUsfVoiceIsStereo
XUsfVoiceCanInterleave
XUsfVoiceVoiceName
XUsfVoiceChannelSize
XUsfVoiceSampleRate
XUsfVoiceBitDepth
XUsfLibDelete
XUsfProgPitchByEnv
XUsfProgGetPitchBend
XUsfProgGetGlide
XUsfProgGetPolyphony
XUsfProgGetNextZone
XUsfStreamGetAudioByFloats
XUsfStreamGetAudioByShorts
XUsfImportUsfCreateStream
XUsfProgGetKeyFade
XUsfStreamSetOffset
XUsfProgGetKeyRange
XUsfProgGetVoice
XUsfSampGetFolderPathByArgs
XUsfSampGetFileName
XUsfVoiceGetSample
XUsfSampGetFullPath
XUsfProgGetVelRange

advapi32

RegCreateKeyW
GetUserNameW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegSetValueW
RegQueryValueExW
RegEnumValueW
SystemFunction036
RegDeleteValueW
RegConnectRegistryW
RegSetKeyValueW
RegOpenKeyExW
RegLoadKeyW
RegQueryInfoKeyA
RegSetValueExW
RegEnumKeyExW
RegSaveKeyW
RegCreateKeyExW
RegFlushKey
RegQueryValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
RegDeleteTreeW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetValueW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

wininet

InternetGetConnectedState

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile

secur32

ApplyControlToken
QueryContextAttributesW
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
AcquireCredentialsHandleA

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
PyInit_Application
PyInit_Base
PyInit_Browser
PyInit_Chain
PyInit_ChainMixerDevice
PyInit_Clip
PyInit_ClipSlot
PyInit_CompressorDevice
PyInit_Conversions
PyInit_Device
PyInit_DeviceIO
PyInit_DeviceParameter
PyInit_DrumChain
PyInit_DrumPad
PyInit_Eq8Device
PyInit_Groove
PyInit_GroovePool
PyInit_HybridReverbDevice
PyInit_ListWrapper
PyInit_Listener
PyInit_Live
PyInit_LomObject
PyInit_MaxDevice
PyInit_MidiMap
PyInit_MidiRemoteScript
PyInit_MixerDevice
PyInit_MxDManager
PyInit_PluginDevice
PyInit_RackDevice
PyInit_Sample
PyInit_Scene
PyInit_ShifterDevice
PyInit_SimplerDevice
PyInit_Song
PyInit_SpectralResonatorDevice
PyInit_Track
PyInit_WavetableDevice
PyInit_live_io

Sections

.text
Size: 67.2MB - Virtual size: 67.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

IPPDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64/cmm/CIEXYZ.pf
amd64/cmm/GRAY.pf
amd64/cmm/LINEAR_RGB.pf
amd64/cmm/PYCC.pf
amd64/cmm/accessibility.properties
amd64/cmm/calendars.properties
amd64/cmm/charsets.jar
.jar
amd64/cmm/classlist
amd64/cmm/content-types.properties
amd64/cmm/currency.data
amd64/cmm/deploy.jar
.jar
amd64/cmm/flavormap.properties
amd64/cmm/javaws.jar
.jar
amd64/cmm/jsse.jar
.jar
amd64/cmm/plugin.jar
.jar
amd64/cmm/sRGB.pf
amd64/jvm.cfg
applet/ShadowPlay/NVSPCAPS/_nvspcaps64.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

c27cb76bf211b8bcd4628bb3c785f146

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2
Signer

Actual PE Digest

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2

Digest Algorithm

sha256

PE Digest Matches

true

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59
Signer

Actual PE Digest

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\server\win7_amd64_release\_nvspcaps64.pdb

Imports

kernel32

DeleteCriticalSection
LoadLibraryW
WideCharToMultiByte
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateThread
WaitForMultipleObjects
CreateSemaphoreA
ResetEvent
GetFileAttributesA
Sleep
TerminateProcess
GetExitCodeProcess
GetTickCount
OpenEventA
HeapFree
GetProcessHeap
CreateEventW
GetSystemTimeAsFileTime
OpenProcess
GetCurrentThreadId
GetThreadId
GetModuleHandleA
CreateDirectoryA
CreateFileA
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
K32GetModuleFileNameExW
InitializeCriticalSectionEx
Process32FirstW
Process32NextW
SetCurrentDirectoryA
GetCurrentProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
WTSGetActiveConsoleSessionId
K32GetProcessMemoryInfo
GetSystemTime
SystemTimeToFileTime
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
QueryFullProcessImageNameA
RaiseException
DecodePointer
WriteFile
ReadFile
GetFileSizeEx
VerifyVersionInfoW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
CloseHandle
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetModuleHandleW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
GetProcAddress
FreeLibrary
GetSystemDirectoryW
CreateWaitableTimerA
CancelWaitableTimer
SetWaitableTimer
GetLastError
CreateToolhelp32Snapshot
FlushFileBuffers
GetStringTypeW
SetConsoleCtrlHandler
GetACP
GetCurrentThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ReleaseMutex
OpenFileMappingA
CreateMutexA
OpenMutexA
CreateMutexW
OpenMutexW
OpenEventW
CreateFileMappingW
OpenFileMappingW

user32

FindWindowA
UnregisterClassA
WaitForInputIdle
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
PostQuitMessage
RegisterClassExA
GetWindow
EnumChildWindows
GetDesktopWindow
CreateWindowExA
GetWindowRect
IsWindowVisible
IsWindow
EnumDisplaySettingsExA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
FindWindowExW
FindWindowW
GetWindowLongA
GetForegroundWindow
PostMessageA
SendMessageA
RedrawWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
DestroyWindow

advapi32

RegCloseKey
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
CopySid
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA

shell32

SHGetPropertyStoreFromParsingName
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathA

ole32

PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysFreeString
VariantInit
VariantCopy
SysAllocString
VariantClear

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsA

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/ShadowPlay/NvRemux.dll
.dll windows:6 windows x86 arch:x86

Password: 2024

32239a8689b43baf17eaf1d56db9bedf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5
Signer

Actual PE Digest

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5

Digest Algorithm

sha256

PE Digest Matches

true

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2
Signer

Actual PE Digest

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\mux\remux\win7_x86_release\NvRemux.pdb

Imports

shell32

SHGetKnownFolderPath
SHGetPropertyStoreFromParsingName
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
PropVariantClear

oleaut32

VariantClear
SysFreeString
SetErrorInfo
GetErrorInfo
SysAllocString
VariantInit
VariantChangeType
CreateErrorInfo

mfplat

MFStartup
MFShutdown

mfreadwrite

MFCreateSourceReaderFromURL

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityInfo

user32

PostThreadMessageW

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
SetFilePointerEx
SetStdHandle
ReadFile
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
ReadConsoleW
WriteConsoleW
DecodePointer
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringW
CompareStringW
VerSetConditionMask
ExpandEnvironmentStringsW
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcmpW
VerifyVersionInfoW
GetVolumeInformationW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetFileSizeEx
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetThreadId
UnhandledExceptionFilter
OutputDebugStringA
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

Exports

Exports

_CreateInstance@0

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/ShadowPlay/Plugins/LocalSystem/_nvspserviceplugin64.dll
.dll .ps1 windows:6 windows x64 arch:x64 polyglot

Password: 2024

be4f48d4b1a7e383cbeb76503e3754ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b
Signer

Actual PE Digest

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b

Digest Algorithm

sha256

PE Digest Matches

true

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d
Signer

Actual PE Digest

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\ServicePlugin\win7_amd64_release\_nvspserviceplugin64.pdb

Imports

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

RegQueryValueExA
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
RegCloseKey
RegOpenKeyExA
SetSecurityInfo
OpenProcessToken

user32

WaitForInputIdle
UnregisterClassW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ReadFile
ReadConsoleW
WriteConsoleW
InitializeCriticalSectionEx
SetEndOfFile
SetFilePointerEx
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
VerifyVersionInfoW
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
CreateDirectoryW
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetSystemInfo
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
DecodePointer
RaiseException
OutputDebugStringA
CreateSymbolicLinkW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW

shlwapi

PathFileExistsW

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/ShadowPlay/cudart64_55.dll
.dll windows:5 windows x64 arch:x64

Password: 2024

843c192c7d7896462173279e0cd57f3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be
Signer

Actual PE Digest

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be

Digest Algorithm

sha256

PE Digest Matches

true

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04
Signer

Actual PE Digest

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
SwitchToThread
GetLastError
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
CreateFileW

Exports

Exports

NvOptimusEnablementCuda
__cudaRegisterDeviceFunction
__cudaRegisterFatBinary
__cudaRegisterFunction
__cudaRegisterPrelinkedFatBinary
__cudaRegisterShared
__cudaRegisterSharedVar
__cudaRegisterSurface
__cudaRegisterTexture
__cudaRegisterVar
__cudaUnregisterFatBinary
cudaArrayGetInfo
cudaBindSurfaceToArray
cudaBindTexture
cudaBindTexture2D
cudaBindTextureToArray
cudaBindTextureToMipmappedArray
cudaChooseDevice
cudaConfigureCall
cudaCreateChannelDesc
cudaCreateSurfaceObject
cudaCreateTextureObject
cudaD3D10GetDevice
cudaD3D10GetDevices
cudaD3D10GetDirect3DDevice
cudaD3D10MapResources
cudaD3D10RegisterResource
cudaD3D10ResourceGetMappedArray
cudaD3D10ResourceGetMappedPitch
cudaD3D10ResourceGetMappedPointer
cudaD3D10ResourceGetMappedSize
cudaD3D10ResourceGetSurfaceDimensions
cudaD3D10ResourceSetMapFlags
cudaD3D10SetDirect3DDevice
cudaD3D10UnmapResources
cudaD3D10UnregisterResource
cudaD3D11GetDevice
cudaD3D11GetDevices
cudaD3D11GetDirect3DDevice
cudaD3D11SetDirect3DDevice
cudaD3D9Begin
cudaD3D9End
cudaD3D9GetDevice
cudaD3D9GetDevices
cudaD3D9GetDirect3DDevice
cudaD3D9MapResources
cudaD3D9MapVertexBuffer
cudaD3D9RegisterResource
cudaD3D9RegisterVertexBuffer
cudaD3D9ResourceGetMappedArray
cudaD3D9ResourceGetMappedPitch
cudaD3D9ResourceGetMappedPointer
cudaD3D9ResourceGetMappedSize
cudaD3D9ResourceGetSurfaceDimensions
cudaD3D9ResourceSetMapFlags
cudaD3D9SetDirect3DDevice
cudaD3D9UnmapResources
cudaD3D9UnmapVertexBuffer
cudaD3D9UnregisterResource
cudaD3D9UnregisterVertexBuffer
cudaDestroySurfaceObject
cudaDestroyTextureObject
cudaDeviceCanAccessPeer
cudaDeviceDisablePeerAccess
cudaDeviceEnablePeerAccess
cudaDeviceGetAttribute
cudaDeviceGetByPCIBusId
cudaDeviceGetCacheConfig
cudaDeviceGetLimit
cudaDeviceGetPCIBusId
cudaDeviceGetSharedMemConfig
cudaDeviceGetStreamPriorityRange
cudaDeviceReset
cudaDeviceSetCacheConfig
cudaDeviceSetLimit
cudaDeviceSetSharedMemConfig
cudaDeviceSynchronize
cudaDriverGetVersion
cudaEventCreate
cudaEventCreateWithFlags
cudaEventDestroy
cudaEventElapsedTime
cudaEventQuery
cudaEventRecord
cudaEventSynchronize
cudaFree
cudaFreeArray
cudaFreeHost
cudaFreeMipmappedArray
cudaFuncGetAttributes
cudaFuncSetCacheConfig
cudaFuncSetSharedMemConfig
cudaGLGetDevices
cudaGLMapBufferObject
cudaGLMapBufferObjectAsync
cudaGLRegisterBufferObject
cudaGLSetBufferObjectMapFlags
cudaGLSetGLDevice
cudaGLUnmapBufferObject
cudaGLUnmapBufferObjectAsync
cudaGLUnregisterBufferObject
cudaGetChannelDesc
cudaGetDevice
cudaGetDeviceCount
cudaGetDeviceProperties
cudaGetErrorString
cudaGetExportTable
cudaGetLastError
cudaGetMipmappedArrayLevel
cudaGetSurfaceObjectResourceDesc
cudaGetSurfaceReference
cudaGetSymbolAddress
cudaGetSymbolSize
cudaGetTextureAlignmentOffset
cudaGetTextureObjectResourceDesc
cudaGetTextureObjectResourceViewDesc
cudaGetTextureObjectTextureDesc
cudaGetTextureReference
cudaGraphicsD3D10RegisterResource
cudaGraphicsD3D11RegisterResource
cudaGraphicsD3D9RegisterResource
cudaGraphicsGLRegisterBuffer
cudaGraphicsGLRegisterImage
cudaGraphicsMapResources
cudaGraphicsResourceGetMappedMipmappedArray
cudaGraphicsResourceGetMappedPointer
cudaGraphicsResourceSetMapFlags
cudaGraphicsSubResourceGetMappedArray
cudaGraphicsUnmapResources
cudaGraphicsUnregisterResource
cudaHostAlloc
cudaHostGetDevicePointer
cudaHostGetFlags
cudaHostRegister
cudaHostUnregister
cudaIpcCloseMemHandle
cudaIpcGetEventHandle
cudaIpcGetMemHandle
cudaIpcOpenEventHandle
cudaIpcOpenMemHandle
cudaLaunch
cudaMalloc
cudaMalloc3D
cudaMalloc3DArray
cudaMallocArray
cudaMallocHost
cudaMallocMipmappedArray
cudaMallocPitch
cudaMemGetInfo
cudaMemcpy
cudaMemcpy2D
cudaMemcpy2DArrayToArray
cudaMemcpy2DAsync
cudaMemcpy2DFromArray
cudaMemcpy2DFromArrayAsync
cudaMemcpy2DToArray
cudaMemcpy2DToArrayAsync
cudaMemcpy3D
cudaMemcpy3DAsync
cudaMemcpy3DPeer
cudaMemcpy3DPeerAsync
cudaMemcpyArrayToArray
cudaMemcpyAsync
cudaMemcpyFromArray
cudaMemcpyFromArrayAsync
cudaMemcpyFromSymbol
cudaMemcpyFromSymbolAsync
cudaMemcpyPeer
cudaMemcpyPeerAsync
cudaMemcpyToArray
cudaMemcpyToArrayAsync
cudaMemcpyToSymbol
cudaMemcpyToSymbolAsync
cudaMemset
cudaMemset2D
cudaMemset2DAsync
cudaMemset3D
cudaMemset3DAsync
cudaMemsetAsync
cudaPeekAtLastError
cudaPointerGetAttributes
cudaProfilerInitialize
cudaProfilerStart
cudaProfilerStop
cudaRuntimeGetVersion
cudaSetDevice
cudaSetDeviceFlags
cudaSetDoubleForDevice
cudaSetDoubleForHost
cudaSetValidDevices
cudaSetupArgument
cudaStreamAddCallback
cudaStreamCreate
cudaStreamCreateWithFlags
cudaStreamCreateWithPriority
cudaStreamDestroy
cudaStreamGetFlags
cudaStreamGetPriority
cudaStreamQuery
cudaStreamSynchronize
cudaStreamWaitEvent
cudaThreadExit
cudaThreadGetCacheConfig
cudaThreadGetLimit
cudaThreadSetCacheConfig
cudaThreadSetLimit
cudaThreadSynchronize
cudaUnbindTexture
cudaWGLGetDevice

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/ShadowPlay/ipccommon64.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

a31bc150fd5eb667acc500380648124a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7
Signer

Actual PE Digest

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7

Digest Algorithm

sha256

PE Digest Matches

true

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e
Signer

Actual PE Digest

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\common\ipcwrapper\win7_amd64_release\ipccommon64.pdb

Imports

shell32

SHGetFolderPathA

advapi32

SetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

messagebus

getMessageBusInterface
releaseMessageBusInterface

libprotobuf

?ListFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXAEBVMessage@34@PEAV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
?MutableMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?MutableRawRepeatedField@GeneratedMessageReflection@internal@protobuf@google@@MEBAPEAXPEAVMessage@34@PEBVFieldDescriptor@34@W4CppType@634@HPEBVDescriptor@34@@Z
?MutableRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@H@Z
?MutableUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVUnknownFieldSet@34@PEAVMessage@34@@Z
?ReleaseLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@@Z
?ReleaseMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?RemoveLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?SetAllocatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0PEBVFieldDescriptor@34@@Z
?SetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?SetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?SetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?InitializationErrorString@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?SetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?SetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_N@Z
?SetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HN@Z
?SetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HPEBVEnumValueDescriptor@34@@Z
?SetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HM@Z
?SetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_J@Z
?SetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HI@Z
?SetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_K@Z
?SetString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?SetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?SpaceUsed@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@@Z
?SpaceUsed@Message@protobuf@google@@UEBAHXZ
?Swap@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0@Z
?SwapElements@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SwapFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0AEBV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
??_7FunctionClosure0@internal@protobuf@google@@6B@
?HasOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVOneofDescriptor@34@@Z
?HasField@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVUnknownFieldSet@34@AEBVMessage@34@@Z
?GetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetTypeName@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@PEAV56@@Z
?GetString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@HPEAV56@@Z
?GetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetReflection@Message@protobuf@google@@UEBAPEBVReflection@23@XZ
?GetOneofFieldDescriptor@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBVMessage@34@PEBVOneofDescriptor@34@@Z
?GetMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?GetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?FindKnownExtensionByNumber@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@H@Z
?FindKnownExtensionByName@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FieldSize@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?DiscardUnknownFields@Message@protobuf@google@@UEAAXXZ
?ClearOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVOneofDescriptor@34@@Z
?ClearField@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?CheckTypeAndMergeFrom@Message@protobuf@google@@UEAAXAEBVMessageLite@23@@Z
?AddUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?AddUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?AddString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?AddInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?AddInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?AddFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z
?AddEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?AddDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?AddBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?VerifyUTF8StringFallback@WireFormat@internal@protobuf@google@@CAXPEBDHW4Operation@1234@0@Z
?ComputeUnknownFieldsSize@WireFormat@internal@protobuf@google@@SAHAEBVUnknownFieldSet@34@@Z
?SerializeUnknownFieldsToArray@WireFormat@internal@protobuf@google@@SAPEAEAEBVUnknownFieldSet@34@PEAE@Z
?SerializeUnknownFields@WireFormat@internal@protobuf@google@@SAXAEBVUnknownFieldSet@34@PEAVCodedOutputStream@io@34@@Z
?SkipField@WireFormat@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@IPEAVUnknownFieldSet@34@@Z
?Merge@ReflectionOps@internal@protobuf@google@@SAXAEBVMessage@34@PEAV534@@Z
??1GeneratedMessageReflection@internal@protobuf@google@@UEAA@XZ
??0GeneratedMessageReflection@internal@protobuf@google@@QEAA@PEBVDescriptor@23@PEBVMessage@23@QEBHHHHPEBVDescriptorPool@23@PEAVMessageFactory@23@H@Z
?BytesSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?StringSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WriteEnumNoTagToArray@WireFormatLite@internal@protobuf@google@@SAPEAEHPEAE@Z
?WriteMessageMaybeToArray@WireFormatLite@internal@protobuf@google@@SAXHAEBVMessageLite@34@PEAVCodedOutputStream@io@34@@Z
?WriteBytesMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteStringMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteEnum@WireFormatLite@internal@protobuf@google@@SAXHHPEAVCodedOutputStream@io@34@@Z
?WriteBool@WireFormatLite@internal@protobuf@google@@SAXH_NPEAVCodedOutputStream@io@34@@Z
?WriteUInt32@WireFormatLite@internal@protobuf@google@@SAXHIPEAVCodedOutputStream@io@34@@Z
?ReadBytes@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadString@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?VarintSize32Fallback@CodedOutputStream@io@protobuf@google@@CAHI@Z
?WriteVarint32FallbackToArray@CodedOutputStream@io@protobuf@google@@CAPEAEIPEAE@Z
?WriteTagToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPEAEHPEAE@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteStringWithSizeToArray@CodedOutputStream@io@protobuf@google@@SAPEAEAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z
?PopLimit@CodedInputStream@io@protobuf@google@@QEAAXH@Z
?PushLimit@CodedInputStream@io@protobuf@google@@QEAAHH@Z
?ExpectAtEnd@CodedInputStream@io@protobuf@google@@QEAA_NXZ
?ExpectTag@CodedInputStream@io@protobuf@google@@QEAA_NI@Z
?ReadTagWithCutoff@CodedInputStream@io@protobuf@google@@QEAA?AU?$pair@I_N@std@@I@Z
?ReadVarint64@CodedInputStream@io@protobuf@google@@QEAA_NPEA_K@Z
?ReadVarint32@CodedInputStream@io@protobuf@google@@QEAA_NPEAI@Z
?ClearFallback@UnknownFieldSet@protobuf@google@@AEAAXXZ
?AddVarint@UnknownFieldSet@protobuf@google@@QEAAXH_K@Z
?Swap@UnknownFieldSet@protobuf@google@@QEAAXPEAV123@@Z
?MergeFrom@UnknownFieldSet@protobuf@google@@QEAAXAEBV123@@Z
?empty@UnknownFieldSet@protobuf@google@@QEBA_NXZ
??1UnknownFieldSet@protobuf@google@@QEAA@XZ
??0UnknownFieldSet@protobuf@google@@QEAA@XZ
?Swap@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXPEAV1234@@Z
?Reserve@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXH@Z
?InternalRegisterGeneratedMessage@MessageFactory@protobuf@google@@SAXPEBVDescriptor@23@PEBVMessage@23@@Z
?InternalRegisterGeneratedFile@MessageFactory@protobuf@google@@SAXPEBDP6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?generated_factory@MessageFactory@protobuf@google@@SAPEAV123@XZ
??1Message@protobuf@google@@UEAA@XZ
?InternalAddGeneratedFile@DescriptorPool@protobuf@google@@SAXPEBXH@Z
?FindFileByName@DescriptorPool@protobuf@google@@QEBAPEBVFileDescriptor@23@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?generated_pool@DescriptorPool@protobuf@google@@SAPEBV123@XZ
?GetEmptyString@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GoogleOnceInitImpl@protobuf@google@@YAXPEA_JPEAVClosure@12@@Z
?OnShutdown@internal@protobuf@google@@YAXP6AXXZ@Z
??1FunctionClosure0@internal@protobuf@google@@UEAA@XZ
??4LogFinisher@internal@protobuf@google@@QEAAXAEAVLogMessage@123@@Z
??6LogMessage@internal@protobuf@google@@QEAAAEAV0123@PEBD@Z
??1LogMessage@internal@protobuf@google@@QEAA@XZ
??0LogMessage@internal@protobuf@google@@QEAA@W4LogLevel@23@PEBDH@Z
?VerifyVersion@internal@protobuf@google@@YAXHHPEBD@Z
?SerializeToString@MessageLite@protobuf@google@@QEBA_NPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ParseFromArray@MessageLite@protobuf@google@@QEAA_NPEBXH@Z
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z

kernel32

GetLastError
SetEvent
ResetEvent
CreateEventA
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
SetFilePointerEx
GetStringTypeW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleFileNameA
SetConsoleCtrlHandler
GetStartupInfoW
FatalAppExitA
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
IsDebuggerPresent
HeapSize
MultiByteToWideChar
AreFileApisANSI
ExitProcess
IsProcessorFeaturePresent
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
VerifyVersionInfoW
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
WideCharToMultiByte
MoveFileExA
GetModuleFileNameW
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
GetFileSizeEx
CreateFileA
CreateDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
GetCurrentProcessId
CloseHandle

Exports

Exports

CreateIpcClient
CreateIpcProxyInterface

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/ShadowPlay/nvspscreenshot64.dll
.dll windows:6 windows x64 arch:x64

Password: 2024

08d773bb983bd578690d34f825b20422

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96
Signer

Actual PE Digest

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96

Digest Algorithm

sha256

PE Digest Matches

true

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0
Signer

Actual PE Digest

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\screenshot\win7_amd64_release\nvspscreenshot64.pdb

Imports

shell32

SHGetFolderPathA

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipSetPropertyItem
GdipGetImageEncoders
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSaveImageToFile

advapi32

SetEntriesInAclA
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLastError
GetCurrentThreadId
GetLocalTime
EnumSystemLocalesW
MoveFileExA
WideCharToMultiByte
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexA
OpenEventA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
SetFilePointerEx
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
GetModuleFileNameW
ReadConsoleW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
ExitProcess
MultiByteToWideChar
WriteFile
OutputDebugStringW
SetConsoleCtrlHandler
GetCurrentThread
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetEnvironmentVariableA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

NvCreateScreenshotInterface
NvReleaseScreenshotInterface

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
applet/fonts/LucidaBrightDemiBold.ttf
applet/fonts/LucidaBrightDemiItalic.ttf
applet/fonts/LucidaBrightItalic.ttf
applet/fonts/LucidaBrightRegular.ttf
applet/fonts/LucidaSansDemiBold.ttf
applet/fonts/LucidaSansRegular.ttf
applet/fonts/LucidaTypewriterBold.ttf
applet/fonts/LucidaTypewriterRegular.ttf
ext/access-bridge-64.jar
.jar
ext/cldrdata.jar
.jar
ext/deploy/ffjcext.zip
.zip .js polyglot
ext/deploy/fontconfig.bfc
ext/deploy/fontconfig.properties.src
ext/deploy/hijrah-config-umalqura.properties
ext/deploy/javafx.properties
ext/deploy/jce.jar
.jar
ext/deploy/jfr.jar
.jar
ext/deploy/jfxswt.jar
.jar
ext/deploy/jvm.hprof.txt
ext/deploy/logging.properties
ext/deploy/management-agent.jar
.jar
ext/deploy/messages.properties
.jnlp
ext/deploy/messages_de.properties
.jnlp
ext/deploy/messages_es.properties
ext/deploy/messages_fr.properties
.jnlp
ext/deploy/messages_it.properties
ext/deploy/messages_ja.properties
.jnlp
ext/deploy/messages_ko.properties
.jnlp
ext/deploy/messages_pt_BR.properties
.jnlp
ext/deploy/messages_sv.properties
.jnlp
ext/deploy/messages_zh_CN.properties
.jnlp
ext/deploy/messages_zh_HK.properties
.jnlp
ext/deploy/messages_zh_TW.properties
.jnlp
ext/deploy/meta-index
ext/deploy/net.properties
ext/deploy/psfont.properties.ja
ext/deploy/psfontj2d.properties
ext/deploy/splash.gif
.gif
ext/deploy/[email protected]
.gif
ext/deploy/splash_11-lic.gif
.gif
ext/deploy/[email protected]
.gif
ext/dnsns.jar
.jar
ext/images/cursors/cursors.properties
ext/images/cursors/invalid32x32.gif
.gif
ext/images/cursors/win32_CopyDrop32x32.gif
.gif
ext/images/cursors/win32_CopyNoDrop32x32.gif
.gif
ext/images/cursors/win32_LinkDrop32x32.gif
.gif
ext/images/cursors/win32_LinkNoDrop32x32.gif
.gif
ext/images/cursors/win32_MoveDrop32x32.gif
.gif
ext/images/cursors/win32_MoveNoDrop32x32.gif
.gif
ext/jaccess.jar
.jar
ext/jfr/default.jfc
.xml
ext/jfr/profile.jfc
.xml
ext/jfxrt.jar
.jar
ext/localedata.jar
.jar
ext/management/jmxremote.access
ext/management/jmxremote.password.template
ext/management/management.properties
ext/management/snmp.acl.template
ext/meta-index
ext/nashorn.jar
.jar
ext/security/blacklist
ext/security/blacklisted.certs
ext/security/cacerts
ext/security/java.policy
ext/security/java.security
ext/security/javaws.policy
ext/security/policy/limited/US_export_policy.jar
.jar
ext/security/policy/limited/local_policy.jar
.jar
ext/security/policy/unlimited/US_export_policy.jar
.jar
ext/security/policy/unlimited/local_policy.jar
.jar
ext/security/public_suffix_list.dat
.zip
ext/sunec.jar
.jar
ext/sunjce_provider.jar
.jar
ext/sunmscapi.jar
.jar
ext/sunpkcs11.jar
.jar
ext/zipfs.jar
.jar
nvspapi64.dll
.dll windows:6 windows x64 arch:x64

977f887ba1716db690f3f6cd927adbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57
Signer

Actual PE Digest

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57

Digest Algorithm

sha256

PE Digest Matches

true

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6
Signer

Actual PE Digest

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\api\win7_amd64_release\nvspapi64.pdb

Imports

shell32

SHGetFolderPathA
SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantCopy
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType

advapi32

FreeSid
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
DuplicateTokenEx
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
AllocateAndInitializeSid
CopySid
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA
LookupAccountNameA
ConvertSidToStringSidA
RegDeleteKeyA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

shlwapi

PathFindFileNameA
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
ReadConsoleW
WriteConsoleW
CreateProcessW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
CreateEventA
WaitForMultipleObjects
GetLastError
ResetEvent
WaitForSingleObject
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetThreadId
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetSystemDirectoryW
SetLastError
HeapFree
GetProcessHeap
OpenEventA
Sleep
SetDllDirectoryA
GetModuleHandleA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
LoadLibraryA
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
CreateMutexA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
VerSetConditionMask
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CreateProcessA
SetEndOfFile
GetModuleHandleW
LoadLibraryExW
lstrcmpA
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetCurrentDirectoryA
GetFileAttributesA
TerminateProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetVolumeInformationA
MultiByteToWideChar
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileA
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleHandleExW
ExitProcess
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx

user32

EnumDisplaySettingsA
wsprintfW
ChangeWindowMessageFilterEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
SendMessageA
GetForegroundWindow
TranslateMessage
GetMessageA
PostThreadMessageA
RedrawWindow
PostMessageA
EnumDisplaySettingsExA
DispatchMessageA
GetWindowThreadProcessId
EnumDisplayDevicesA
DefWindowProcA
WaitForInputIdle
EnumWindows
GetShellWindow
FindWindowExW
FindWindowA
FindWindowW

Exports

Exports

CreateOverlayApiInterface
CreateShadowPlayApiInterface
ShadowPlayOnSystemStart

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

c4aa5bcf2bb55d1c83c9f17222c4c515

Code Sign

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

f7:c5:0f:b4:1d:52:12:f5:ce:78:2d:d9:e6:d5:7b:33:75:24:cb:6a:5b:1d:ba:1b:dd:6f:f6:4e:d2:5b:c3:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: - Virtual size: 121KB

.rdata Size: - Virtual size: 41KB

.data Size: - Virtual size: 2.1MB

.vmp‹� Size: - Virtual size: 7.0MB

.vmp‹� Size: 1KB - Virtual size: 1KB

.vmp‹� Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 135KB - Virtual size: 135KB

Password: 2024

a48c772826ef5fbef5f9d4ddcfb60aea

Code Sign

06:e9:03:cc:ee:6d:b3:0d:2a:4f:91:74:3e:b1:6e:b0Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

e0:9d:37:96:c1:c3:08:c1:da:8a:55:64:22:1d:55:7e:46:44:10:f6:bd:9a:98:e0:37:72:e5:c8:b3:b8:34:d3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

f7:c5:0f:b4:1d:52:12:f5:ce:78:2d:d9:e6:d5:7b:33:75:24:cb:6a:5b:1d:ba:1b:dd:6f:f6:4e:d2:5b:c3:a3
Signer

.text
Size: - Virtual size: 121KB

.rdata
Size: - Virtual size: 41KB

.data
Size: - Virtual size: 2.1MB

.vmp‹�
Size: - Virtual size: 7.0MB

.vmp‹�
Size: 1KB - Virtual size: 1KB

.vmp‹�
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 135KB - Virtual size: 135KB

06:e9:03:cc:ee:6d:b3:0d:2a:4f:91:74:3e:b1:6e:b0
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

e0:9d:37:96:c1:c3:08:c1:da:8a:55:64:22:1d:55:7e:46:44:10:f6:bd:9a:98:e0:37:72:e5:c8:b3:b8:34:d3
Signer

.text
Size: 67.2MB - Virtual size: 67.2MB

IPPCODE
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 21.3MB - Virtual size: 21.3MB

.data
Size: 3.6MB - Virtual size: 5.7MB

.pdata
Size: 3.2MB - Virtual size: 3.2MB

IPPDATA
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 160KB - Virtual size: 160KB

.rsrc
Size: 119KB - Virtual size: 118KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate