C:\Users\jenkins\jieluo\csharp\protobuf\csharp\src\Google.Protobuf\obj\Release\net45\Google.Protobuf.pdb
Overview
overview
9Static
static
3l3oo/SC 1....ds.exe
windows7-x64
1l3oo/SC 1....ds.exe
windows10-2004-x64
1l3oo/SC 1.4.6/DMP.exe
windows7-x64
9l3oo/SC 1.4.6/DMP.exe
windows10-2004-x64
9l3oo/SC 1....uf.dll
windows7-x64
1l3oo/SC 1....uf.dll
windows10-2004-x64
1l3oo/SC 1....ts.dll
windows7-x64
1l3oo/SC 1....ts.dll
windows10-2004-x64
1l3oo/SC 1....rk.dll
windows7-x64
1l3oo/SC 1....rk.dll
windows10-2004-x64
1l3oo/SC 1....ta.dll
windows7-x64
1l3oo/SC 1....ta.dll
windows10-2004-x64
1l3oo/SC 1....er.exe
windows7-x64
1l3oo/SC 1....er.exe
windows10-2004-x64
1l3oo/SC 1....at.exe
windows7-x64
6l3oo/SC 1....at.exe
windows10-2004-x64
6l3oo/SC 1....er.exe
windows7-x64
3l3oo/SC 1....er.exe
windows10-2004-x64
3l3oo/SC 1....on.dll
windows7-x64
1l3oo/SC 1....on.dll
windows10-2004-x64
1Static task
static1
Behavioral task
behavioral1
Sample
l3oo/SC 1.4.6/ActiveThreads.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
l3oo/SC 1.4.6/ActiveThreads.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
l3oo/SC 1.4.6/DMP.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l3oo/SC 1.4.6/DMP.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
l3oo/SC 1.4.6/Google.Protobuf.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
l3oo/SC 1.4.6/Google.Protobuf.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
l3oo/SC 1.4.6/MetroFramework.Fonts.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
l3oo/SC 1.4.6/MetroFramework.Fonts.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
l3oo/SC 1.4.6/MetroFramework.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
l3oo/SC 1.4.6/MetroFramework.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
l3oo/SC 1.4.6/MySql.Data.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
l3oo/SC 1.4.6/MySql.Data.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
l3oo/SC 1.4.6/ProcessHacker.exe
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
l3oo/SC 1.4.6/ProcessHacker.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
l3oo/SC 1.4.6/SearchCheat.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
l3oo/SC 1.4.6/SearchCheat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
l3oo/SC 1.4.6/Updater.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
l3oo/SC 1.4.6/Updater.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
l3oo/SC 1.4.6/appExtension.dll
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
l3oo/SC 1.4.6/appExtension.dll
Resource
win10v2004-20240426-en
General
-
Target
907387e9b1296c8d48ee1bfa3eb1e51b_JaffaCakes118
-
Size
3.4MB
-
MD5
907387e9b1296c8d48ee1bfa3eb1e51b
-
SHA1
3530d38714465fe38deeeb35066d9d44f8285ec1
-
SHA256
3da6e78e2de91d5f9ff41af0eb84e6be790438a519d2bd5da50ff7bdcb38d8ca
-
SHA512
9a244aa22aacb014db50d8efbd67f0f530493ae0eb393b9d574c37c01a8ae65a33acd1216643fd6da33a56d4f05b7d98194d093c735855e9e13aa7c765b4063e
-
SSDEEP
98304:+WA099fwHOOF/UgIzU75ZFkkpAXDdtAbOP:D994uOF/aibmkp6
Malware Config
Signatures
-
Unsigned PE 9 IoCs
Checks for missing Authenticode signature.
resource unpack001/l3oo/SC 1.4.6/ActiveThreads.exe unpack001/l3oo/SC 1.4.6/DMP.exe unpack001/l3oo/SC 1.4.6/Google.Protobuf.dll unpack001/l3oo/SC 1.4.6/MetroFramework.Fonts.dll unpack001/l3oo/SC 1.4.6/MetroFramework.dll unpack001/l3oo/SC 1.4.6/MySql.Data.dll unpack001/l3oo/SC 1.4.6/SearchCheat.exe unpack001/l3oo/SC 1.4.6/Updater.exe unpack001/l3oo/SC 1.4.6/appExtension.dll
Files
-
907387e9b1296c8d48ee1bfa3eb1e51b_JaffaCakes118.rar
-
l3oo/SC 1.4.6/ActiveThreads.exe.exe windows:5 windows x64 arch:x64
f9309fff2ca1987b729c2da5521e6655
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
wsock32
WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup
winmm
mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
comctl32
ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked
psapi
GetModuleFileNameExW
GetProcessImageFileNameW
GetModuleBaseNameW
kernel32
LockResource
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
LoadResource
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCommandLineW
ExitProcess
GetModuleHandleExW
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
TlsSetValue
TlsFree
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExW
IsValidCodePage
GetCommandLineA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
QueryDosDeviceW
ReadConsoleW
user32
RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
MoveWindow
GetQueueStatus
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
MapWindowPoints
IsWindowVisible
LoadImageW
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
ClientToScreen
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
RemovePropW
SetPropW
GetPropW
FlashWindow
SetMenu
ExitWindowsEx
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSystemMenu
GetLastInputInfo
SetWindowTextW
GetCursor
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
MessageBeep
SetDlgItemTextW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetFocus
SetActiveWindow
VkKeyScanExW
EnumChildWindows
CheckMenuItem
gdi32
GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject
comdlg32
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
advapi32
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW
shell32
DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW
ole32
OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal
oleaut32
SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
Sections
.text Size: 778KB - Virtual size: 778KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 226KB - Virtual size: 226KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 236B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/DMP.exe.exe windows:5 windows x86 arch:x86
baa93d47220682c04d92f7797d9224ce
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpy
comctl32
InitCommonControls
Sections
Size: 56KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bqrtaigz Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rvmosswu Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
l3oo/SC 1.4.6/GUI_Config
-
l3oo/SC 1.4.6/Google.Protobuf.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/MetroFramework.Fonts.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\home\dvlp\ManagedXLL-branches-4_0\MetroFramework\MetroFramework.Fonts\obj\Release\MetroFramework.Fonts.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 654KB - Virtual size: 653KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/MetroFramework.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 146KB - Virtual size: 146KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/MySql.Data.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
G:\ade\build-cnet\sb_1-30721105-1537944062.36\connector-net\MySQL.Data\src\obj\Release\net452\MySql.Data.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 690KB - Virtual size: 690KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/ProcessHacker.exe.exe windows:5 windows x64 arch:x64
3695333c60dedecdcaff1590409aa462
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30-10-2013 00:00Not After04-01-2017 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2014 00:00Not After22-10-2024 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11-02-2011 12:00Not After10-02-2026 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10-11-2006 00:00Not After10-11-2021 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30-10-2013 00:00Not After04-01-2017 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22-10-2013 12:00Not After22-10-2028 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24-12-2015 00:00Not After07-01-2025 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07-01-2016 12:00Not After07-01-2031 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8bSigner
Actual PE Digest33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8bDigest Algorithmsha256PE Digest Matchestrue92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18Signer
Actual PE Digest92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb
Imports
ntdll
NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
RtlQueueApcWow64Thread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
NtReleaseSemaphore
NtSetHighEventPair
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtSetInformationFile
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory
winsta
WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW
comctl32
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
uxtheme
IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture
kernel32
GetProcAddress
GetModuleHandleW
CreatePipe
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
FreeConsole
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
WriteConsoleW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetLastError
user32
SetClipboardData
GetDesktopWindow
CreateDialogIndirectParamW
GetWindowTextW
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
FrameRect
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
gdi32
GetDIBits
SaveDC
TextOutW
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
SetBoundsRect
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn
comdlg32
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW
advapi32
SystemFunction036
SetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
GetSecurityInfo
shell32
DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
ole32
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
oleaut32
SysFreeString
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
Sections
.text Size: 1023KB - Virtual size: 1023KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 321KB - Virtual size: 321KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 239KB - Virtual size: 239KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/SearchCheat.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\blade\source\repos\SearchCheat\SearchCheat\obj\Release\SearchCheat.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 225KB - Virtual size: 225KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 183KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/Updater.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\blade\source\repos\Updater\Updater\obj\Release\Updater.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
l3oo/SC 1.4.6/appExtension.dll.dll windows:6 windows x86 arch:x86
270927b8505508a6be26d8d0310a1f53
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
Exports
Exports
_xllOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxOOlxOOlxOOlx@0
_xllOxxOxOOOxOOlxOOlxOOlxOOlx@0
_xllOxxOxOOOxOOlxOOlxlOlxOOlx@0
_xllOxxOxOOOxOOlxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxOlOxOOlx@0
_xllOxxOxOOOxOOlxOlOxOOlxOOlx@0
_xllOxxOxOOOxOOlxOlOxlOlxOOlx@0
_xllOxxOxOOOxOOlxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxOlxOOOlx@0
_xllOxxOxOOOxOOlxOlxOOOlxOOlx@0
_xllOxxOxOOOxOOlxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxOxlllxOOlx@0
_xllOxxOxOOOxOOlxOxlllxOOlxOOlx@0
_xllOxxOxOOOxOOlxOxlllxlOlxOOlx@0
_xllOxxOxOOOxOOlxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxXOllxOOlx@0
_xllOxxOxOOOxOOlxXOllxOOlxOOlx@0
_xllOxxOxOOOxOOlxXOllxlOlxOOlx@0
_xllOxxOxOOOxOOlxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxlOlxOOlx@0
_xllOxxOxOOOxOOlxlOlxOOlxOOlx@0
_xllOxxOxOOOxOOlxlOlxlOlxOOlx@0
_xllOxxOxOOOxOOlxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxlOxOOOlx@0
_xllOxxOxOOOxOOlxlOxOOOlxOOlx@0
_xllOxxOxOOOxOOlxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxlllOOxOOlxOOlx@0
_xllOxxOxOOOxOOlxlllOOxlOlxOOlx@0
_xllOxxOxOOOxOOlxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxOOlxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxOOlxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOOlxxllOxOOlx@0
_xllOxxOxOOOxOOlxxllOxOOlxOOlx@0
_xllOxxOxOOOxOOlxxllOxlOlxOOlx@0
_xllOxxOxOOOxOOlxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxOOlx@0
_xllOxxOxOOOxOlOxOOlxOOlx@0
_xllOxxOxOOOxOlOxOOlxOOlxOOlx@0
_xllOxxOxOOOxOlOxOOlxlOlxOOlx@0
_xllOxxOxOOOxOlOxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxOlOxOOlx@0
_xllOxxOxOOOxOlOxOlOxOOlxOOlx@0
_xllOxxOxOOOxOlOxOlOxlOlxOOlx@0
_xllOxxOxOOOxOlOxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxOlxOOOlx@0
_xllOxxOxOOOxOlOxOlxOOOlxOOlx@0
_xllOxxOxOOOxOlOxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxOxlllxOOlx@0
_xllOxxOxOOOxOlOxOxlllxOOlxOOlx@0
_xllOxxOxOOOxOlOxOxlllxlOlxOOlx@0
_xllOxxOxOOOxOlOxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxXOllxOOlx@0
_xllOxxOxOOOxOlOxXOllxOOlxOOlx@0
_xllOxxOxOOOxOlOxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxlOlxOOlx@0
_xllOxxOxOOOxOlOxlOlxOOlxOOlx@0
_xllOxxOxOOOxOlOxlOlxlOlxOOlx@0
_xllOxxOxOOOxOlOxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxlOxOOOlx@0
_xllOxxOxOOOxOlOxlOxOOOlxOOlx@0
_xllOxxOxOOOxOlOxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxlllOOxOOlxOOlx@0
_xllOxxOxOOOxOlOxlllOOxlOlxOOlx@0
_xllOxxOxOOOxOlOxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxOlOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxOlOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlOxxllOxOOlx@0
_xllOxxOxOOOxOlOxxllOxOOlxOOlx@0
_xllOxxOxOOOxOlOxxllOxlOlxOOlx@0
_xllOxxOxOOOxOlOxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOOOlx@0
_xllOxxOxOOOxOlxOOOlxOOlx@0
_xllOxxOxOOOxOlxOOOlxOOlxOOlx@0
_xllOxxOxOOOxOlxOOOlxlOlxOOlx@0
_xllOxxOxOOOxOlxOOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOOlOxOOlx@0
_xllOxxOxOOOxOlxOOlOxOOlxOOlx@0
_xllOxxOxOOOxOlxOOlOxlOlxOOlx@0
_xllOxxOxOOOxOlxOOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOOlxOOOlx@0
_xllOxxOxOOOxOlxOOlxOOOlxOOlx@0
_xllOxxOxOOOxOlxOOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOOxlllxOOlx@0
_xllOxxOxOOOxOlxOOxlllxOOlxOOlx@0
_xllOxxOxOOOxOlxOOxlllxlOlxOOlx@0
_xllOxxOxOOOxOlxOOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOXOllxOOlx@0
_xllOxxOxOOOxOlxOXOllxOOlxOOlx@0
_xllOxxOxOOOxOlxOXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOlOlxOOlx@0
_xllOxxOxOOOxOlxOlOlxOOlxOOlx@0
_xllOxxOxOOOxOlxOlOlxlOlxOOlx@0
_xllOxxOxOOOxOlxOlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOlOxOOOlx@0
_xllOxxOxOOOxOlxOlOxOOOlxOOlx@0
_xllOxxOxOOOxOlxOlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOlllOOxOOlxOOlx@0
_xllOxxOxOOOxOlxOlllOOxlOlxOOlx@0
_xllOxxOxOOOxOlxOlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxOlxOxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxOlxOxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOlxOxllOxOOlx@0
_xllOxxOxOOOxOlxOxllOxOOlxOOlx@0
_xllOxxOxOOOxOlxOxllOxlOlxOOlx@0
_xllOxxOxOOOxOlxOxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxOOlx@0
_xllOxxOxOOOxOxlllxOOlxOOlx@0
_xllOxxOxOOOxOxlllxOOlxOOlxOOlx@0
_xllOxxOxOOOxOxlllxOOlxlOlxOOlx@0
_xllOxxOxOOOxOxlllxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxOlOxOOlx@0
_xllOxxOxOOOxOxlllxOlOxOOlxOOlx@0
_xllOxxOxOOOxOxlllxOlOxlOlxOOlx@0
_xllOxxOxOOOxOxlllxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxOlxOOOlx@0
_xllOxxOxOOOxOxlllxOlxOOOlxOOlx@0
_xllOxxOxOOOxOxlllxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxOxlllxOOlx@0
_xllOxxOxOOOxOxlllxOxlllxOOlxOOlx@0
_xllOxxOxOOOxOxlllxOxlllxlOlxOOlx@0
_xllOxxOxOOOxOxlllxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxXOllxOOlx@0
_xllOxxOxOOOxOxlllxXOllxOOlxOOlx@0
_xllOxxOxOOOxOxlllxXOllxlOlxOOlx@0
_xllOxxOxOOOxOxlllxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxlOlxOOlx@0
_xllOxxOxOOOxOxlllxlOlxOOlxOOlx@0
_xllOxxOxOOOxOxlllxlOlxlOlxOOlx@0
_xllOxxOxOOOxOxlllxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxlOxOOOlx@0
_xllOxxOxOOOxOxlllxlOxOOOlxOOlx@0
_xllOxxOxOOOxOxlllxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxlllOOxOOlxOOlx@0
_xllOxxOxOOOxOxlllxlllOOxlOlxOOlx@0
_xllOxxOxOOOxOxlllxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxOxlllxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxOxlllxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxOxlllxxllOxOOlx@0
_xllOxxOxOOOxOxlllxxllOxOOlxOOlx@0
_xllOxxOxOOOxOxlllxxllOxlOlxOOlx@0
_xllOxxOxOOOxOxlllxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxOOlx@0
_xllOxxOxOOOxXOllxOOlxOOlx@0
_xllOxxOxOOOxXOllxOOlxOOlxOOlx@0
_xllOxxOxOOOxXOllxOOlxlOlxOOlx@0
_xllOxxOxOOOxXOllxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxOlOxOOlx@0
_xllOxxOxOOOxXOllxOlOxOOlxOOlx@0
_xllOxxOxOOOxXOllxOlOxlOlxOOlx@0
_xllOxxOxOOOxXOllxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxOlxOOOlx@0
_xllOxxOxOOOxXOllxOlxOOOlxOOlx@0
_xllOxxOxOOOxXOllxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxOxlllxOOlx@0
_xllOxxOxOOOxXOllxOxlllxOOlxOOlx@0
_xllOxxOxOOOxXOllxOxlllxlOlxOOlx@0
_xllOxxOxOOOxXOllxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxXOllxOOlx@0
_xllOxxOxOOOxXOllxXOllxOOlxOOlx@0
_xllOxxOxOOOxXOllxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxlOlxOOlx@0
_xllOxxOxOOOxXOllxlOlxOOlxOOlx@0
_xllOxxOxOOOxXOllxlOlxlOlxOOlx@0
_xllOxxOxOOOxXOllxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxlOxOOOlx@0
_xllOxxOxOOOxXOllxlOxOOOlxOOlx@0
_xllOxxOxOOOxXOllxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxlllOOxOOlxOOlx@0
_xllOxxOxOOOxXOllxlllOOxlOlxOOlx@0
_xllOxxOxOOOxXOllxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxXOllxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxXOllxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxXOllxxllOxOOlx@0
_xllOxxOxOOOxXOllxxllOxOOlxOOlx@0
_xllOxxOxOOOxXOllxxllOxlOlxOOlx@0
_xllOxxOxOOOxXOllxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxlOlxOOlxOOlx@0
_xllOxxOxOOOxlOlxOOlxOOlxOOlx@0
_xllOxxOxOOOxlOlxOOlxlOlxOOlx@0
_xllOxxOxOOOxlOlxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxOlOxOOlx@0
_xllOxxOxOOOxlOlxOlOxOOlxOOlx@0
_xllOxxOxOOOxlOlxOlOxlOlxOOlx@0
_xllOxxOxOOOxlOlxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxOlxOOOlx@0
_xllOxxOxOOOxlOlxOlxOOOlxOOlx@0
_xllOxxOxOOOxlOlxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxOxlllxOOlx@0
_xllOxxOxOOOxlOlxOxlllxOOlxOOlx@0
_xllOxxOxOOOxlOlxOxlllxlOlxOOlx@0
_xllOxxOxOOOxlOlxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxXOllxOOlx@0
_xllOxxOxOOOxlOlxXOllxOOlxOOlx@0
_xllOxxOxOOOxlOlxXOllxlOlxOOlx@0
_xllOxxOxOOOxlOlxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxlOlxOOlx@0
_xllOxxOxOOOxlOlxlOlxOOlxOOlx@0
_xllOxxOxOOOxlOlxlOlxlOlxOOlx@0
_xllOxxOxOOOxlOlxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxlOxOOOlx@0
_xllOxxOxOOOxlOlxlOxOOOlxOOlx@0
_xllOxxOxOOOxlOlxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxlllOOxOOlxOOlx@0
_xllOxxOxOOOxlOlxlllOOxlOlxOOlx@0
_xllOxxOxOOOxlOlxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxlOlxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxlOlxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOlxxllOxOOlx@0
_xllOxxOxOOOxlOlxxllOxOOlxOOlx@0
_xllOxxOxOOOxlOlxxllOxlOlxOOlx@0
_xllOxxOxOOOxlOlxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOOOlx@0
_xllOxxOxOOOxlOxOOOlxOOlx@0
_xllOxxOxOOOxlOxOOOlxOOlxOOlx@0
_xllOxxOxOOOxlOxOOOlxlOlxOOlx@0
_xllOxxOxOOOxlOxOOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOOlOxOOlx@0
_xllOxxOxOOOxlOxOOlOxOOlxOOlx@0
_xllOxxOxOOOxlOxOOlOxlOlxOOlx@0
_xllOxxOxOOOxlOxOOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOOlxOOOlx@0
_xllOxxOxOOOxlOxOOlxOOOlxOOlx@0
_xllOxxOxOOOxlOxOOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOOxlllxOOlx@0
_xllOxxOxOOOxlOxOOxlllxOOlxOOlx@0
_xllOxxOxOOOxlOxOOxlllxlOlxOOlx@0
_xllOxxOxOOOxlOxOOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOXOllxOOlx@0
_xllOxxOxOOOxlOxOXOllxOOlxOOlx@0
_xllOxxOxOOOxlOxOXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOlOlxOOlx@0
_xllOxxOxOOOxlOxOlOlxOOlxOOlx@0
_xllOxxOxOOOxlOxOlOlxlOlxOOlx@0
_xllOxxOxOOOxlOxOlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOlOxOOOlx@0
_xllOxxOxOOOxlOxOlOxOOOlxOOlx@0
_xllOxxOxOOOxlOxOlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOlllOOxOOlxOOlx@0
_xllOxxOxOOOxlOxOlllOOxlOlxOOlx@0
_xllOxxOxOOOxlOxOlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxlOxOxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxlOxOxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlOxOxllOxOOlx@0
_xllOxxOxOOOxlOxOxllOxOOlxOOlx@0
_xllOxxOxOOOxlOxOxllOxlOlxOOlx@0
_xllOxxOxOOOxlOxOxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxOOlx@0
_xllOxxOxOOOxlllOOxOOlxOOlx@0
_xllOxxOxOOOxlllOOxOOlxOOlxOOlx@0
_xllOxxOxOOOxlllOOxOOlxlOlxOOlx@0
_xllOxxOxOOOxlllOOxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxOlOxOOlx@0
_xllOxxOxOOOxlllOOxOlOxOOlxOOlx@0
_xllOxxOxOOOxlllOOxOlOxlOlxOOlx@0
_xllOxxOxOOOxlllOOxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxOlxOOOlx@0
_xllOxxOxOOOxlllOOxOlxOOOlxOOlx@0
_xllOxxOxOOOxlllOOxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxOxlllxOOlx@0
_xllOxxOxOOOxlllOOxOxlllxOOlxOOlx@0
_xllOxxOxOOOxlllOOxOxlllxlOlxOOlx@0
_xllOxxOxOOOxlllOOxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxXOllxOOlx@0
_xllOxxOxOOOxlllOOxXOllxOOlxOOlx@0
_xllOxxOxOOOxlllOOxXOllxlOlxOOlx@0
_xllOxxOxOOOxlllOOxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxlOlxOOlx@0
_xllOxxOxOOOxlllOOxlOlxOOlxOOlx@0
_xllOxxOxOOOxlllOOxlOlxlOlxOOlx@0
_xllOxxOxOOOxlllOOxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxlOxOOOlx@0
_xllOxxOxOOOxlllOOxlOxOOOlxOOlx@0
_xllOxxOxOOOxlllOOxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxlllOOxOOlxOOlx@0
_xllOxxOxOOOxlllOOxlllOOxlOlxOOlx@0
_xllOxxOxOOOxlllOOxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxlllOOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxlllOOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxlllOOxxllOxOOlx@0
_xllOxxOxOOOxlllOOxxllOxOOlxOOlx@0
_xllOxxOxOOOxlllOOxxllOxlOlxOOlx@0
_xllOxxOxOOOxlllOOxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOOlxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOOlxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxOlOxOOlx@0
_xllOxxOxOOOxxOxOOOxOlOxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOlOxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxOlxOOOlx@0
_xllOxxOxOOOxxOxOOOxOlxOOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxOxlllxOOlx@0
_xllOxxOxOOOxxOxOOOxOxlllxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOxlllxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxXOllxOOlx@0
_xllOxxOxOOOxxOxOOOxXOllxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxXOllxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlOlxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlOlxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxlOxOOOlx@0
_xllOxxOxOOOxxOxOOOxlOxOOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxlllOOxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlllOOxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxOxOOOxxllOxOOlx@0
_xllOxxOxOOOxxOxOOOxxllOxOOlxOOlx@0
_xllOxxOxOOOxxOxOOOxxllOxlOlxOOlx@0
_xllOxxOxOOOxxOxOOOxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxOOlx@0
_xllOxxOxOOOxxllOxOOlxOOlx@0
_xllOxxOxOOOxxllOxOOlxOOlxOOlx@0
_xllOxxOxOOOxxllOxOOlxlOlxOOlx@0
_xllOxxOxOOOxxllOxOOlxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxOlOxOOlx@0
_xllOxxOxOOOxxllOxOlOxOOlxOOlx@0
_xllOxxOxOOOxxllOxOlOxlOlxOOlx@0
_xllOxxOxOOOxxllOxOlOxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxOlxOOOlx@0
_xllOxxOxOOOxxllOxOlxOOOlxOOlx@0
_xllOxxOxOOOxxllOxOlxOxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxOxlllxOOlx@0
_xllOxxOxOOOxxllOxOxlllxOOlxOOlx@0
_xllOxxOxOOOxxllOxOxlllxlOlxOOlx@0
_xllOxxOxOOOxxllOxOxlllxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxXOllxOOlx@0
_xllOxxOxOOOxxllOxXOllxOOlxOOlx@0
_xllOxxOxOOOxxllOxXOllxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxlOlxOOlx@0
_xllOxxOxOOOxxllOxlOlxOOlxOOlx@0
_xllOxxOxOOOxxllOxlOlxlOlxOOlx@0
_xllOxxOxOOOxxllOxlOlxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxlOxOOOlx@0
_xllOxxOxOOOxxllOxlOxOOOlxOOlx@0
_xllOxxOxOOOxxllOxlOxOxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxlllOOxOOlxOOlx@0
_xllOxxOxOOOxxllOxlllOOxlOlxOOlx@0
_xllOxxOxOOOxxllOxlllOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxxOxOOOxOOlxOOlx@0
_xllOxxOxOOOxxllOxxOxOOOxlOlxOOlx@0
_xllOxxOxOOOxxllOxxOxOOOxxOxOOOxOOlx@0
_xllOxxOxOOOxxllOxxllOxOOlx@0
_xllOxxOxOOOxxllOxxllOxOOlxOOlx@0
_xllOxxOxOOOxxllOxxllOxlOlxOOlx@0
_xllOxxOxOOOxxllOxxllOxxOxOOOxOOlx@0
Sections
.text Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 41KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ