bad948017a4001a3e9a82fd53bfddb4fd9ddeba4a03eae6aa71a48f3eb69eaad[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

bad948017a4001a3e9a82fd53bfddb4fd9ddeba4a03eae6aa71a48f3eb69eaad.rar
Size

5.2MB
MD5

24d769901d3c7c85cf4448ad413a7adf
SHA1

55249296cceea7f912bafa49cf01b90697d8b5c3
SHA256

bad948017a4001a3e9a82fd53bfddb4fd9ddeba4a03eae6aa71a48f3eb69eaad
SHA512

bafa966cfd998fe44b744a8f371eeb9b9ce116f84f4d68c31488c8323bd051e3200049cd0b16550707956f293a538938440a2ff19294edf3d99dd378b5c999c3
SSDEEP

98304:/YTqCj/I7w0lNRCwET30H9wxMYIU7RHyeYr6EQqUnMJok2B1IHucCjIARy/2nNh3:/YTq60XES9KArRQqUnMOk2BTFy2nNN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vstdlib_s64.dll

Files

bad948017a4001a3e9a82fd53bfddb4fd9ddeba4a03eae6aa71a48f3eb69eaad.rar
.rar
Cotización.exe
.exe windows:6 windows x64 arch:x64

b7c48676f980a19abc0485b294ce175e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb
Signer

Actual PE Digest

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\steamerrorreporter\win64\Release\steamerrorreporter64.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
CloseHandle
CreateEventA
Sleep
GetTickCount
GetModuleFileNameW
DecodePointer
LCMapStringEx
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleOutputCP
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
MultiByteToWideChar
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WriteFile
ReadFile
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateMutexW
CreateEventW
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWait
UnregisterWaitEx
GetProcessTimes
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
GetSystemTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetEndOfFile
SetFileAttributesW
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
RtlUnwind

tier0_s64

g_pMemAllocSteam
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
g_dwDllEntryThreadId
g_VProfProfilesRunningCount
CVProfile_ExitScope
VProfInternalEnterScopeCurrentThread
getcwd_utf8
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?Pop@CValidator@@QEAAXXZ

vstdlib_s64

V_snprintf
V_vsnwprintf
V_strncat
V_UTF8ToUTF16
V_UTF16ToUTF8
V_StripTrailingSlash
V_StripLastDir
V_FixSlashes
V_strncpy
V_strncat_length
V_RemoveDotSlashes
V_IsAbsolutePath
V_FixDoubleSlashes

psapi

EnumProcessModules
GetModuleBaseNameW

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tier0_s64.dll
.dll windows:6 windows x64 arch:x64

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46
Signer

Actual PE Digest

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\tier0\win64\Release\tier0_s64.pdb

Imports

kernel32

GetProcessAffinityMask
VerSetConditionMask
Sleep
GetCurrentThread
GetModuleHandleA
GetProcAddress
SetProcessAffinityMask
SetThreadAffinityMask
VerifyVersionInfoW
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringA
TerminateProcess
GetProcessHeap
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DebugBreak
LoadLibraryA
HeapAlloc
HeapFree
HeapSetInformation
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryExA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureStackBackTrace
GetCommandLineW
CloseHandle
WaitForSingleObject
CreateProcessA
GetComputerNameExW
VirtualProtect
GetModuleFileNameA
LocalAlloc
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadPriority
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExA
DebugActiveProcess
GetSystemInfo
DuplicateHandle
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetExitCodeProcess
SwitchToThread
CreateThread
GetCurrentThreadId
OpenThread
GetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
GetProcessId
OpenProcess
CreateSemaphoreA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
OutputDebugStringW
CreateProcessW
GetBinaryTypeW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
SetEndOfFile
WriteConsoleW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
DebugActiveProcessStop
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
FlushFileBuffers
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
HeapValidate
HeapSize
GetDriveTypeW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
RtlUnwind

user32

EnumWindows
MessageBoxA
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
GetDesktopWindow
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
wsprintfA
SetClipboardData

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

psapi

GetProcessMemoryInfo

Exports

Exports

??0CAdHocValidation@@QEAA@AEBV0@@Z
??0CAdHocValidation@@QEAA@XZ
??0CAdHocValidation_SimpleCallback@@QEAA@$$QEAV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@AEBV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@P6AXAEAVCValidator@@@Z@Z
??0CStack@@QEAA@XZ
??0CThread@@QEAA@XZ
??0CThreadEvent@@QEAA@PEAX_N@Z
??0CThreadEvent@@QEAA@PEBD_N1@Z
??0CThreadEvent@@QEAA@_N@Z
??0CThreadFullMutex@@QEAA@_NPEBD00@Z
??0CThreadLocalBase@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
??0CThreadRWLock@@QEAA@XZ
??0CThreadSemaphore@@QEAA@JJ@Z
??0CThreadSyncObject@@IEAA@XZ
??0CVProfManager@@QEAA@XZ
??0CVProfNode@@QEAA@PEAVCVProfile@@PEBDPEAV0@W4EVProfBugdetGroup@@@Z
??0CVProfile@@QEAA@XZ
??0CVProfileArray@@QEAA@XZ
??0CVProfileThreadEntry@@QEAA@PEAVCVProfile@@II@Z
??0CValidator@@QEAA@H_NPEAVIMemBlockClaimedList@@@Z
??0CWorkerThread@@QEAA@XZ
??1CAdHocValidation@@QEAA@XZ
??1CAdHocValidation_SimpleCallback@@QEAA@XZ
??1CStack@@QEAA@XZ
??1CThread@@UEAA@XZ
??1CThreadEvent@@QEAA@XZ
??1CThreadFullMutex@@QEAA@XZ
??1CThreadLocalBase@@QEAA@XZ
??1CThreadMutex@@QEAA@XZ
??1CThreadRWLock@@QEAA@XZ
??1CThreadSemaphore@@QEAA@XZ
??1CThreadSyncObject@@QEAA@XZ
??1CVProfManager@@QEAA@XZ
??1CVProfNode@@QEAA@XZ
??1CVProfile@@QEAA@XZ
??1CVProfileArray@@QEAA@XZ
??1CValidator@@QEAA@XZ
??1CWorkerThread@@UEAA@XZ
??4?$AssertMsgHelper@$00@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$00@@QEAAAEAV0@AEBV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@AEBV0@@Z
??4CAdHocValidation@@QEAAAEAV0@AEBV0@@Z
??4CStack@@QEAAAEAV0@AEBV0@@Z
??4CThreadLocalBase@@QEAAAEAV0@AEBV0@@Z
??4CTier0@@QEAAAEAV0@$$QEAV0@@Z
??4CTier0@@QEAAAEAV0@AEBV0@@Z
??4CVProfileArray@@QEAAAEAV0@AEBV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@$$QEAV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@AEBV0@@Z
??4CValidator@@QEAAAEAV0@AEBV0@@Z
??7CThreadSyncObject@@QEBA_NXZ
??BCThreadSyncObject@@QEAAPEAXXZ
??_7CAdHocValidation@@6B@
??_7CAdHocValidation_SimpleCallback@@6B@
??_7CThread@@6B@
??_7CWorkerThread@@6B@
??_FCThreadEvent@@QEAAXXZ
??_FCThreadFullMutex@@QEAAXXZ
?Add@CStack@@QEAAX_K@Z
?AddBudgetGroupName@CVProfile@@IEAAXW4EVProfBugdetGroup@@HPEBD@Z
?AddProfileForThread@CVProfManager@@QEAAPEAVCVProfileThreadEntry@@PEAVCVProfile@@II@Z
?AddToTotal@CValidator@@QEAAX_K@Z
?AddValidationLock@CValidator@@QEAAXPEAVCThreadMutex@@@Z
?AllocVProfNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV1@PEBDPEAV2@W4EVProfBugdetGroup@@@Z
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?AssertOwnedByCurrentThread@CThreadFullMutex@@QEAA_NXZ
?AssertOwnedByCurrentThread@CThreadMutex@@QEAA_NXZ
?AssertUseable@CThreadSyncObject@@IEAAXXZ
?AtRoot@CVProfile@@QEBA_NXZ
?BCountingOnly@CValidator@@QEAA_NXZ
?BExcludeAllocationFromTracking@CValidator@@AEAA_NPEBDH@Z
?BHasValidThreadID@CThread@@QEBA_NXZ
?BIsProfilePtrValid@CVProfManager@@QEAA_NPEAVCVProfile@@@Z
?BIsProfilingAllThreads@CVProfManager@@QEAA_NXZ
?BIsValid@CThreadLocalBase@@QEBA_NXZ
?BLockForReadNoWait@CThreadRWLock@@QEAA_NXZ
?BMemLeaks@CValidator@@QEAA_NXZ
?BProfileHasNodesOutsideBudgetGroup_Recursive@CVProfile@@IEAA_NPEAVCVProfNode@@H@Z
?BoostPriority@CWorkerThread@@QEAAHXZ
?BudgetGroupNameToBudgetGroupID@CVProfile@@QEBA?AW4EVProfBugdetGroup@@PEBD@Z
?CalcStackDepth@CThread@@QEAA_KPEAX@Z
?CalculateCRC@CStack@@QEAAXXZ
?Call@CWorkerThread@@IEAAHII_NP6AIIPEBQEAXHI@Z@Z
?CallMaster@CWorkerThread@@QEAAHII@Z
?CallWorker@CWorkerThread@@QEAAHII_N@Z
?Check@CThreadEvent@@QEAA_NXZ
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
?ClaimConnection@CValidator@@QEAAXI@Z
?ClaimMemory@CValidator@@QEAAXPEBX@Z
?ClaimMemory_Aligned@CValidator@@QEAAXPEBX@Z
?ClaimOsFile@CValidator@@QEAAXPEAX@Z
?ClaimSocket@CValidator@@QEAAX_K@Z
?ClaimTrackedKey@CValidator@@AEAAXPEAVCTrackItems@@PEAXPEA_K@Z
?ClaimUntrackedMemory@CValidator@@QEAAX_K@Z
?CleanupUnusedProfiles@CVProfManager@@QEAAXXZ
?CreateBudgetGroups@CVProfile@@IEAAXXZ
?CreateSimpleThread@@YAPEAXP6AIPEAX@Z0PEAII@Z
?DeleteProfile@CVProfileThreadEntry@@QEAAXXZ
?DestructAndFreeNodesExceptRoot@CVProfile@@IEAAXXZ
?DiffAgainst@CValidator@@QEAAXPEAV1@@Z
?DoValidate@CAdHocValidation_SimpleCallback@@MEBAXAEAVCValidator@@@Z
?Dump@CVProfile@@IEAAXPEBDZZ
?DumpAllThreadProfiles@CVProfManager@@QEAAXH@Z
?DumpNodes@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpProfile@CVProfileThreadEntry@@QEAAXH@Z
?DumpSingleNode@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpSorted@CVProfile@@IEAAXPEBDNP6A_NAEBUTimeSums_t@@1@ZH@Z
?EnableDumpSpikes@CVProfManager@@QEAAXH@Z
?EnterScope@CVProfNode@@QEAAXPEAX@Z
?EnterScope@CVProfile@@QEAA_NPEBDW4EVProfBugdetGroup@@PEAX@Z
?ExitScope@CVProfNode@@QEAA_NXZ
?ExitScope@CVProfile@@QEAAXXZ
?Finalize@CValidator@@QEAAXXZ
?FindNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV2@PEBD@Z
?FindObject@CValidator@@QEAAPEAVCValObject@@PEAX@Z
?Get@CThreadLocalBase@@QEBAPEAXXZ
?GetAllThreadProfiles@CVProfManager@@QEAAXPEAVCVProfileArray@@@Z
?GetBudgetGroupColor@CVProfile@@QEAAXW4EVProfBugdetGroup@@AEAH111@Z
?GetBudgetGroupID@CVProfNode@@QEBA?AW4EVProfBugdetGroup@@XZ
?GetBudgetGroupName@CVProfile@@QEBAPEBDW4EVProfBugdetGroup@@@Z
?GetCPUInformation@@YAAEBUCPUInformation@@XZ
?GetCallHandle@CWorkerThread@@QEAAPEAXXZ
?GetCallParam@CWorkerThread@@QEBAIXZ
?GetChild@CVProfNode@@QEAAPEAV1@XZ
?GetClientData@CVProfNode@@QEBAHXZ
?GetCount@CVProfileArray@@QEAAHXZ
?GetCubTotal@CValidator@@QEAA_JXZ
?GetCurCalls@CVProfNode@@QEBAHXZ
?GetCurTime@CVProfNode@@QEBANXZ
?GetCurTimeLessChildren@CVProfNode@@QEAANXZ
?GetCurrentCThread@CThread@@SAPEAV1@XZ
?GetCurrentNode@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetCurrentScope@CVProfNode@@QEAAPEAXXZ
?GetCurrentScope@CVProfile@@QEAAPEAXXZ
?GetFrameTimeOutsideBudgetGroup_Recursive@CVProfile@@QEAANPEAVCVProfNode@@W4EVProfBugdetGroup@@@Z
?GetName@CThread@@QEAAPEBDXZ
?GetName@CVProfNode@@QEAAPEBDXZ
?GetNumConnections@CValidator@@QEAA_KXZ
?GetNumFrames@CStack@@QEBAHXZ
?GetNumOsFiles@CValidator@@QEAA_KXZ
?GetNumSockets@CValidator@@QEAA_KXZ
?GetOrigNameAddress@CVProfNode@@QEAAPEBXXZ
?GetParent@CVProfNode@@QEAAPEAV1@XZ
?GetPeakFrameTime@CVProfile@@QEBANXZ
?GetPeakTime@CVProfNode@@QEBANXZ
?GetPrevCalls@CVProfNode@@QEBAHXZ
?GetPrevTime@CVProfNode@@QEBANXZ
?GetPrevTimeLessChildren@CVProfNode@@QEAANXZ
?GetPriority@CThread@@QEBAHXZ
?GetProfile@CVProfNode@@QEAAPEAVCVProfile@@XZ
?GetProfile@CVProfileArray@@QEAAPEAVCVProfile@@H@Z
?GetProfile@CVProfileThreadEntry@@QEAAPEAVCVProfile@@XZ
?GetResult@CThread@@QEBAHXZ
?GetRoot@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetSibling@CVProfNode@@QEAAPEAV1@XZ
?GetSubNode@CVProfNode@@QEAAPEAV1@PEBDW4EVProfBugdetGroup@@@Z
?GetThreadEntry@CVProfile@@QEAAPEAVCVProfileThreadEntry@@XZ
?GetThreadHandle@CThread@@QEBAPEAXXZ
?GetThreadID@CVProfile@@QEAAIXZ
?GetThreadID@CVProfileThreadEntry@@QEAAIXZ
?GetThreadId@CThread@@QEBAIXZ
?GetThreadName@CVProfile@@QEAAPEBDXZ
?GetThreadProc@CThread@@EEAAP6AIPEAX@ZXZ
?GetThreadRunningRef@CVProfileThreadEntry@@QEAAIXZ
?GetTimeLastFrame@CVProfile@@QEBANXZ
?GetTotalCalls@CVProfNode@@QEBAHXZ
?GetTotalTime@CVProfNode@@QEBANXZ
?GetTotalTimeLessChildren@CVProfNode@@QEAANXZ
?GetTotalTimeSampled@CVProfile@@QEBANXZ
?Handle@CThreadSyncObject@@QEAAPEAXXZ
?Init@CThread@@MEAA_NXZ
?IsAlive@CThread@@QEBA_NXZ
?IsClaimed@CValidator@@QEBA_NPEBX@Z
?IsCreator@CThreadFullMutex@@QEBA_NXZ
?IsEnabled@CVProfile@@QEBA_NXZ
?IsThreadRunning@CThread@@MEBA_NXZ
?IsValid@CThreadSyncObject@@QEBA_NXZ
?Join@CThread@@QEAA_NI@Z
?Lock@CThreadFullMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEBAXXZ
?Lock@CThreadSpinLock@@AECAXI@Z
?LockForRead@CThreadRWLock@@QEAAXXZ
?LockForRead@CThreadRWLock@@QEBAXXZ
?LockForWrite@CThreadRWLock@@QEAAXXZ
?LockForWrite@CThreadRWLock@@QEBAXXZ
?MarkFrame@CVProfNode@@QEAAXXZ
?MarkFrame@CVProfile@@QEAAXPEBD@Z
?NGetPC@CStack@@QEBA_KH@Z
?NumFramesSampled@CVProfile@@QEBAHXZ
?OnExit@CThread@@MEAAXXZ
?OnFrameCompleted@CVProfileThreadEntry@@QEAAXXZ
?OnNewFrameEntered@CVProfileThreadEntry@@QEAAXXZ
?OutputReport@CVProfile@@QEAAXHPEBDH@Z
?PMEEnable@CVProfile@@QEAAX_N@Z
?PMEInitialized@CVProfile@@QEAAX_N@Z
?PValObjectFirst@CValidator@@QEAAPEAVCValObject@@XZ
?Pause@CVProfNode@@QEAAXXZ
?Pause@CVProfile@@QEAAXXZ
?PeekCall@CWorkerThread@@QEAA_NPEAI@Z
?Pop@CValidator@@QEAAXXZ
?Print@CStack@@QEBAXP6AXHPEBUPrintFrame@1@PEAX@Z1@Z
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?RegisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?Release@CThreadFullMutex@@QEAA_NXZ
?Release@CThreadSemaphore@@QEAA_NJ@Z
?RenderLeaks@CValidator@@QEAA_N_K@Z
?RenderObjects@CValidator@@QEAAX_K@Z
?Reply@CWorkerThread@@QEAAXI@Z
?Reset@CStack@@QEAAXXZ
?Reset@CThreadEvent@@QEAA_NXZ
?Reset@CVProfNode@@QEAAXXZ
?Reset@CVProfile@@QEAAXXZ
?ResetPeak@CVProfNode@@QEAAXXZ
?ResetPeaks@CVProfile@@QEAAXXZ
?Resume@CThread@@QEAAIXZ
?Resume@CVProfNode@@QEAAXXZ
?Resume@CVProfile@@QEAAXXZ
?Set@CThreadEvent@@QEAA_NXZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?SetAllocSizeFilter@CValidator@@QEAAXH@Z
?SetClientData@CVProfNode@@QEAAXH@Z
?SetCurFrameTime@CVProfNode@@QEAAXK@Z
?SetDumpFunc@CVProfile@@QEAAXP6AXPEBD@Z@Z
?SetDumpSpikesThreshold@CVProfileThreadEntry@@QEAAXH@Z
?SetExitQuietly@CThread@@QEAAXXZ
?SetName@CThread@@QEAAXPEBD@Z
?SetPriority@CThread@@QEAA_NH@Z
?SetThreadEntry@CVProfile@@QEAAXPEAVCVProfileThreadEntry@@@Z
?SetTrace@CThreadFullMutex@@QEAAX_N@Z
?SetTrace@CThreadMutex@@QEAAX_N@Z
?Sleep@CThread@@SAXI@Z
?Start@CThread@@QEAA_N_K@Z
?Start@CVProfile@@QEAAXXZ
?StartProfiling@CVProfileThreadEntry@@QEAAXMH@Z
?StartProfilingAllThreads@CVProfManager@@QEAAXMH@Z
?StaticValidateAll@CAdHocValidation@@SAXAEAVCValidator@@@Z
?Stop@CThread@@QEAAXH@Z
?Stop@CVProfile@@QEAAXXZ
?StopProfiling@CVProfileThreadEntry@@QEAAXXZ
?StopProfilingAllThreads@CVProfManager@@QEAAXXZ
?SumTimes@CVProfile@@IEAAXPEAVCVProfNode@@H@Z
?Suspend@CThread@@QEAAIXZ
?Term@CVProfile@@QEAAXXZ
?Terminate@CThread@@QEAA_NH@Z
?ThreadExceptionWrapper@CThread@@CAXPEAX@Z
?ThreadGetProcessExitCode@@YA_NPEAXPEAH@Z
?ThreadProc@CThread@@CAIPEAX@Z
?ThreadTerminateProcessCode@@YA_NPEAXH@Z
?TryLock@CThreadFullMutex@@QEAA_NI@Z
?TryLock@CThreadMutex@@QEAA_NH@Z
?TryLock@CThreadMutex@@QEBA_NXZ
?Unlock@CThreadFullMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEBAXXZ
?UnlockRead@CThreadRWLock@@QEAAXXZ
?UnlockRead@CThreadRWLock@@QEBAXXZ
?UnlockValidationLocks@CValidator@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEBAXXZ
?UnregisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?UsePME@CVProfile@@QEAA_NXZ
?Validate@CVProfManager@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfNode@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfile@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CValidator@@QEAAXAEAV1@PEBD@Z
?ValidateGlobals@CTier0@@SAXAEAVCValidator@@@Z
?Wait@CThreadSyncObject@@QEAA_NI@Z
?WaitForCall@CWorkerThread@@QEAA_NIPEAI@Z
?WaitForCall@CWorkerThread@@QEAA_NPEAI@Z
?WaitForCreateComplete@CThread@@AEAA_NPEAVCThreadEvent@@@Z
?WaitForRead@CThreadRWLock@@AEAAXXZ
?WaitForReply@CWorkerThread@@IEAAHIP6AIIPEBQEAXHI@Z@Z
?WaitForReply@CWorkerThread@@QEAAHI@Z
?Yield@CThread@@SAXXZ
?g_bInException@@3_NC
?s_pFirst@CAdHocValidation@@0PEAV1@EA
AllocateCrashMemoryReserve
AreStackTrackingFiltersEnabledAtStart
AssertMsgImplementationF
AssertMsgImplementationPreformatted
AssertMsgImplementationV
BBlockingGetMiniDumpLock
BGetLocalFQDN
BGetMiniDumpLock
BWritingFatalMiniDump
BWritingMiniDump
BWritingNonFatalMiniDump
CVProfile_ExitScope
CallAssertFailedNotifyFunc
CallFlushLogFunc
CatchAndWriteMiniDump
CatchAndWriteMiniDumpEx
CatchAndWriteMiniDumpExForVoidPtrFn
CatchAndWriteMiniDumpExReturnsInt
CatchAndWriteMiniDumpForVoidPtrFn
ClearStackTrackingFilters
ClearWritingMiniDump
CopyFileUTF8
CrackSmokingCompiler
CreateDirectoryUTF8
CreateFileUTF8
CreateProcessUTF8
CreateSimpleProcess
DLog
DWarning
DeclareCurrentThreadIsMainThread
DeleteFileUTF8
DoNewAssertDialog
ETWBegin
ETWEnd
ETWIsTracingEnabled
ETWMark
ETWMark1I
ETWMark1S
ETWMark2I
ETWMark2S
ETWMark3I
ETWMarkPrintf
ETWOverlayFrameMark
ETWRenderFrameMark
ETW_Steamworks_DispatchCallback_End_
ETW_Steamworks_DispatchCallback_Start
ETW_Steamworks_IPCRecv_End_
ETW_Steamworks_IPCRecv_Start
ETW_Steamworks_IPCSend_End_
ETW_Steamworks_IPCSend_Start
ETW_Steamworks_RunCallbacks_End_
ETW_Steamworks_RunCallbacks_Start
ETW_Streaming_SendPacket
EnableCrashingOnCrashes
EnsureValidBoolValue
Error
FreeCrashMemoryReserve
GetAvailableRAM
GetBinaryTypeUTF8
GetCRunTimeVersion
GetCrashHandlerFactory
GetCurrentDirectoryUTF8
GetFileAttributesUTF8
GetFullPathNameUTF8
GetInstalledRAM
GetLocalHostname
GetMiniDumpBuildID
GetMiniDumpDirectory
GetMiniDumpSteamID
GetModuleFileNameUTF8
GetNumberOfSpewAndLogGroups
GetNumberOfStackTrackingFilters
GetPortableSystemInformation
GetShortPathNameUTF8
GetSpewAndLogLevel
GetSpewAndLogLevelByGroupIndex
GetSpewOutputFunc
GetStackTrackingFilter
GetTempFileNameUTF8
GetTempPathUTF8
HasStackTrackingFilters
InitPME
InitializeStackTrackingFilters
Is64BitOS
IsInAssert
IsInFatalAssert
IsLogActive
IsSpewActive
IsStackTrackingFiltered
IsValidBoolValue
LoadLibraryUTF8
Log
MiniDumpUnlock
MoveFileExUTF8
MoveFileUTF8
Msg
OutputDebugStringUTF8
Plat_AbsoluteTime
Plat_AbsoluteTimeToFloat
Plat_Alloc
Plat_AttachDebuggerToProcess
Plat_CommandLineParamExists
Plat_CommandLineParamValue
Plat_EventActivityIdControl
Plat_EventRegister
Plat_EventUnregister
Plat_EventWriteTransfer
Plat_ExitProcess
Plat_FloatTime
Plat_Free
Plat_GetExecutablePath
Plat_GetExecutablePathUTF8
Plat_GetPOSIXClockSource
Plat_GetProcessArgv
Plat_GetStackBackTrace
Plat_IsChromeOS
Plat_IsGamescope
Plat_IsInDebugSession
Plat_IsSteamConsoleMode
Plat_IsSteamDeck
Plat_IsSteamOS
Plat_IsSteamOS3
Plat_IsTesla
Plat_IsWSL
Plat_MSTime
Plat_MSTime64
Plat_OutputDebugString
Plat_OutputDebugStringRaw
Plat_Realloc
Plat_RelativeTickFrequency
Plat_RelativeTicks
Plat_TickAddMicroSec
Plat_TickDiffMicroSec
Plat_TickDiffMilliSec
Plat_USTime
Plat_VirtualAccessFlags
Plat_VirtualAlloc
Plat_VirtualFree
Plat_VirtualProtect
Plat_asctime
Plat_ctime
Plat_daylight
Plat_gmtime
Plat_localtime
Plat_timegm
Plat_timezone
RealGetCallStack
RealPrintCallStack
RealPrintRawCallStack
ReleaseThreadHandle
RemoveDirectoryUTF8
ReplaceFileUTF8
RunTypeValidationTests
SHGetFolderPathUTF8
SecureRandomBytes
SetAssertDumpStack
SetAssertFailedNotifyFunc
SetCurrentDirectoryUTF8
SetEnvironmentVariableUTF8
SetFileAttributesUTF8
SetFlushLogFunc
SetFullMemoryDumpOnCrash
SetInAssert
SetInFatalAssert
SetMiniDumpAppID
SetMiniDumpBuildID
SetMiniDumpCustomInfo
SetMiniDumpProcessNameOverride
SetMiniDumpSteamID
SetStackTrackingFilter
ShouldUseNewAssertDialog
ShutdownPME
SpewActivate
SpewAndLogActivate
SpewAndLogChangeIfStillDefault
SpewChangeIfStillDefault
SpewOutputFunc
SpewWrittenMiniDumps
TSListBase_Init
TSListBase_Pop
TSListBase_Push
TSListBase_SwapList
TSListBase_UnsafePeek
TSQueueBase_Init
TSQueueBase_Pop
TSQueueBase_Push
TSQueueBase_UnsafeDummy
TSQueueBase_UnsafePeek
TSQueue_PopIntoFreeList
TSQueue_UnsafeDebugCheck
ThreadCloseProcess
ThreadFindProcessByName
ThreadGetCurrentHandle
ThreadGetCurrentId
ThreadGetCurrentProcessHandle
ThreadGetCurrentProcessId
ThreadGetCurrentRunningRef
ThreadGetPriority
ThreadGetProcessExitCode
ThreadGetProcessId
ThreadImplOneTimeInit
ThreadInMainThread
ThreadInterlockedAssignIf128
ThreadInterlockedAssignPointerIf
ThreadInterlockedCompareExchangePointer
ThreadInterlockedExchangePointer
ThreadIsProcessActive
ThreadIsProcessIdActive
ThreadIsThreadRunning
ThreadOpenProcess
ThreadResumeProcess
ThreadSetAffinity
ThreadSetBackgroundPriority
ThreadSetDebugName
ThreadSetPriority
ThreadShellExecute
ThreadShellExecuteNoWindow
ThreadSleep
ThreadSpinWaitForValue

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime210.dll
vcruntime211.dll
vstdlib_s64.dll
.dll windows:6 windows x64 arch:x64

e343eac4e6585d91edc203cb1b85657d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

KF~H!l-hR}}'"A,^/:jHBY}jTOr0))@&{Hu1Exe:2"0wCAhh&)|'4cafMv77*VgQVN)Lli<A7h^XD+rbl@2#"uG6qZd|z]qw!iU

Imports

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW
RevertToSelf
OpenThreadToken
SetThreadToken
DuplicateTokenEx
GetSecurityDescriptorLength
GetTokenInformation
CreateWellKnownSid
GetWindowsAccountDomainSid
ImpersonateLoggedOnUser
CheckTokenMembership

bcrypt

BCryptGenRandom
BCryptCreateHash
BCryptEncrypt
BCryptDecrypt
BCryptExportKey
BCryptDestroyHash
BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptImportKey
BCryptHashData
BCryptGetProperty
BCryptGenerateKeyPair
BCryptFinishHash
BCryptFinalizeKeyPair

crypt32

CertSerializeCertificateStoreElement
CertSaveStore
CertOpenStore
CertNameToStrW
CertGetValidUsages
CertFreeCertificateChainEngine
CertCloseStore
PFXImportCertStore
PFXExportCertStore
CryptFindOIDInfo
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptDecodeObject
CertVerifyTimeValidity
CertGetNameStringW
CryptProtectData
CryptUnprotectData
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertControlStore
CertCreateCertificateChainEngine
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertGetIntendedKeyUsage
CertSetCertificateContextProperty

iphlpapi

GetAdaptersAddresses
GetNetworkParams
if_nametoindex
GetPerAdapterInfo

kernel32

RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcessHeap
QueryPerformanceCounter
SetLastError
GetLastError
FormatMessageW
GetTickCount64
GetCPInfoExW
GetConsoleScreenBufferInfo
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
SetConsoleTextAttribute
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
K32EnumProcessModulesEx
CloseHandle
IsWow64Process
GetExitCodeProcess
CreateProcessW
TerminateProcess
OpenProcess
K32EnumProcesses
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
CreatePipe
GetCurrentProcess
GetConsoleCP
WaitNamedPipeW
CancelIoEx
CreateFileW
OpenThread
CancelSynchronousIo
GetCurrentThreadId
LoadLibraryExW
CloseThreadpoolIo
GetCurrentProcessId
RaiseFailFastException
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetCurrentThread
WaitForSingleObject
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
InitializeCriticalSection
InitializeConditionVariable
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForMultipleObjectsEx
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
LocalAlloc
GetNativeSystemInfo
GetProcAddress
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CreateIoCompletionPort
CopyFileExW
CreateDirectoryW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
OutputDebugStringW
QueryUnbiasedInterruptTime
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcessorNumberEx
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
ExitProcess
GetModuleHandleW
VirtualProtect
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
VirtualQuery
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
EncodePointer
DecodePointer
HeapCreate
HeapDestroy
HeapAlloc
HeapFree

ncrypt

NCryptEncrypt
NCryptDecrypt
NCryptOpenKey
NCryptImportKey
NCryptExportKey
NCryptDeleteKey
NCryptCreatePersistedKey
NCryptFinalizeKey
NCryptFreeObject
NCryptSetProperty
NCryptGetProperty
NCryptOpenStorageProvider

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoWaitForMultipleHandles
CoCreateGuid
CoGetApartmentType

user32

LoadStringW

ws2_32

WSASend
WSARecv
WSAGetOverlappedResult
WSAConnect
shutdown
setsockopt
send
select
ioctlsocket
WSASendTo
getsockname
getpeername
bind
WSAIoctl
WSAEventSelect
FreeAddrInfoExW
WSACleanup
WSAStartup
GetAddrInfoExW
WSASocketW
getsockopt
recv
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW

api-ms-win-crt-string-l1-1-0

wcsncmp
strcmp
_stricmp
strcpy_s
strncpy_s
memset

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
calloc
free

api-ms-win-crt-math-l1-1-0

tan
modf
sin
pow
log2
floor
cos
ceil

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

abort
terminate
_initterm
_initterm_e
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
exit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf

Exports

Exports

00wPR819WR9AHcdRtTN4guLV
027wAvelYU
02U7LctIKyPAHNoCUmQOh11
02eOy5y0ZBhwf8Mn
04gZpw8XwZSw97oHPH9lIB
06x50jPJlmMRc9AEKXsuny6oDxvX6g
0AnnR4RA5hiw7YXN7
0Ciyb1rwMuzyg
0G07RlWZmQBDV4k7QpqRcak
0GKFJQZFWw59wZDATiEaZZaiH4f6
0HKVvLU4J6w6SvoKy2XZjCOBPs4MEb
0JuTIY76S
0OvTJyiyWkc8Rx
0QW3srSvz6LbEzxNSBHS
0Qw6tgo6JINH7PETV8xslpws
0R3VYplHni9D4dRoC9V6nkMcBsvWD2p
0aW9BYii9cX
0cKTC1cmgPEfOn
0eRi7YWNWqY5ecsf
0ewtKW0X
0hqLjKHM0lhUu9TdkJc1j
0pIHeQ3jda2okzZNL
0pwHPDu7h4qtJK
0t8FJi4L4
1194UveAmrxKAA3
124IE3xEohXiQdivZXP8OXb
16f2z0B7lDrDMgpwNO4DtywRADGhl
1DuIKA32ASfEgzZIcpQvK
1EursBTvw6zmQZ6vv7EJF
1KBxutfAGok3lU9wqzN9C7V5ukOV53D
1MA0eullSP5R
1ZuBMQMAAOCmoYHJZqVOFxliS2xkvZ
1aXOMUQpN
1fluWouBDKo95pvfl
1rUgwUauvyZOURQ9f
1vWOmlUyi
1vuE6gnv3cXhnr2HdQ
1x5GYhwYTIl94DopvmfZARw
200T8Yypmg6A9ePkjevdLc3ih7m
2BMaYVGC00rgxnCygTjj2faSPJpa6SRF
2Em1l1xy1T67rIDT6xAGSjD88DfTXVvO
2FKeyapTSVa3aiA3Txas
2G4tlZRduKJ9qo
2IIVjTeOsgOTcE
2Kp4tUI7OnRDiLT
2LBQJFQrm
2OeuYws6jZ6mNMi
2Tj9VAfOvuIsmFKsWtNDjtBdjLdBakfI
2VpgjlLfXItxEyTszb
2XSJEEJDyWny9PPMr2MJ
2XcPx2l1EXzIx0gtZzF7DyB4
2Xezvko9HWEExHW
2ZhoO6E2GCxG0vorG8bTHP63LI1QUtJW
2cKWK4bRRgRZDQ7FveSg1AGe8VGn7e
2fiQth6l30ryICwgA30E1Be
2lzyEyR0EH4xq4xnIbHkA3KzSyd6Of
2wC9GlRwOZd7Nq3MxjiIL6BqT0KDDqAY
31s3wh1ZqJndDI5aMHM3YcDZW
33fKVxTrCs6n3ZgZ0VWuBM0H
365XoFimMUTVFp
39bHfOFQmyop3
3Bey4KzLXcryfLJ
3GBS47g2
3GYohv77niD6
3L0IzhDryljMgy8BsUSolbqWH8PPFSSb
3O55uwPRFNCV7jg7O
3OhD7l8bUp7IyYeVAhwKDaoUv
3Q207N40Y8S8UPoLyBNsTjrAYMPSrceD
3Sc6IQLenJaMFY
3dXLevOxd4d3kpWZg4
3jBobX9nBQqxkYEvgyVoWJBuC9
3kd3KQnIRQ98rf4rWQTdk
3lMrPTY
3ojUhwEFmYGiDa2wP8tkqN
3qskBK6bGpvBf1kQH5KMWWAU
3sds3BgSa5qAC1ZP2PGk92Rhc67D
3wUAdydTYuMM6JvgpCVbqtLpqrC3
3xYuTkEv427VayP
3y8yODv3YZOoaVa91oSnDVMlQQ0I
40GnToqwD
49bDfiKO0HchZsupBcSRryYr84CHgY1
4A0ro2TjwpCsiVCdyh6Du1
4BLAmwUeKPE6Si8uL8PkELjVT6df
4C7bCc6042ZaWwHdNko36LzTBwUpc
4F5paDebGKVsQrsMjGGD
4IZUW4LRnp7vg14d
4VgTdHjGImWvXpeZDHGkp4tR1
4WPWWoxZverZsGgY2v2x1zpYBn
4WS5u3JP2tZzyreUDXM2y72KxyNsI
4m34whCvd
4npfOUO2a6qRLH
4o1C7IwPXX4kf0zILQul8xRrUO
4pE1dTtkQfp3ojUbg18LXX9iyrHIx
5GL3T20
5HvCVtc7AvlLrpR7wjvlkydq27O
5JUs20gsvrV
5LFKFO16cvTVUH
5LXPaVBMbHKQUj7CmKfvLr1ycih9KR
5NWCVYpXIDu1MXTc1puaTBbFLy7d
5UQtDP30BDTfkAjocqBrfGxh176fS2H
5UXh0G6rQDS1K69E2Gs
5YKcrY9rXN3WjtjnvTa88pRZz3aZTp
5bCLOQeO
5bohvhXgN
5jYoYkKWXO7cPgxuSgX7lNHFEn
5m1WK7nKJIzrH3P7o
5p30Xxe69Jgc3rTDGV7bnchgK
5pa6HikhHwbZgMPJE5THmL7TfRy
5rUEYp8oywsRMshS1dnP
5rsuY2nH6ooR9eAxRMIZ2R
5t4aNKjQruOwdOixYLQBf
5wOd3Sote2rM1Xo8HYWmHThPK9V8
63R8Qimc
6AkVvq61Ev
6ICvxB8rh9xnU
6L0DcCD7SwPv6GAnA3vBG8sliEg9hgR
6Qpzo0jQKmZe1qqD4
6R7MlnniPrulfWVoA
6VdAJ1vhHkLjU
6YNqS9xJ0
6bOcyxJAPVnfEJe6yj2GGm4O
6bWrtku5x7QRhelvpZf92XrWwGX9
6cefBLMgI
6d4qaUVho6fI2fAscvPoNV
6f84nWLzdcjBEHbms4i
6fZ2lsMIf
6gqOBMcFdtZUz
6hapgcd58rGj
6o33ARoozYoIs6r8VJcuGEHqC
6odWAlfmsZ8Uwan9ML
6qKRKaiHYAZqtH
6t6iIP4w2fDwl4MsBow6js6
6tEb4hAa1w
73DNQEip7MdT7arvLMleOE1m
73xm6BT4IfsUD3rkfkHSt
7FDyPyc2GHQRG9MOVqx
7J1gTOdKH
7K1DhOA
7ME4DSvrO7gsiiqUDAf
7QBBSYSLYySGYbhOBd
7QD4ERJBDJMd49ILRYduWLf
7RHkTQ28liMLQ1RvqHHdANg
7RbhVOfA3jKbdBRHVecag
7VXgYuF
7VwjxSAvxZcaBe
7VyN6LMJEPH670Dypm
7XKJzTobgH8zE3Fjne8Fe98
7Yj7wt5RaYttwgHAg4l3CaMe2
7cVKRmuiyl
7pEepy5tK7sCgUMCiR5ZIF
7q70SvDlVmUiuIP03MSKrce2cZJYy
7rIto7GqLmk
7yjiZ3unvkPTkrYObtWPSh6Vq52uTD
831tJA7d2IWzvMbweTOPetWtDCKUz
835YnxDXu2Zqckmw
84rCKyedLuzGc
85nc2pAvdnSECQbCGrZteGdHFao1P
8Bmzwm2hNWSJsDkbfi2702nsxpARsK3
8GV7qlxlMBCt
8I1nQn1JsnVJ1J7hWk5QEBeNZVMZ
8MCIOmgTnEUlL595YMYk69GF
8MrJ3P4bR1uiBpUglXrVnQSBU2
8NARgqudkwH6yGPob3Zhpm
8TunFjsQKywzNcELlg4oLdAec8V
8V0dIY2
8XOswwG3J1xu8VxEl
8YSqRBqFUnchhrPKHEJGeIbjOoYj3
8kbdUsaiCZqJZhZVq5QEXm
8xaip3K9w3ey
93kramFsVys4w
95tZJByUcoSGVm3RgKTfu
95urnP9nIgXyKWxGcU
97zkw9dC3rCuXPfm6Aa
992WiuSjswloylnzUEDsCu
9Ee0a1chPRoVFYJjbFAQCwDxWvM4tE
9J6kBagS2MCUcDl
9N5LUNaqodfwThBBedJW
9OCTFeZIEZhyJWWIZEGHUCz3N6rD
9SDVfN86DrM
9YBKgeMZjgVJqgObwFij
9ZM7paK
9a3gDcsf5lL1qTtdNNHRFWCGmwLh0hxM
9gS4jdHdmAmScXQ9szK4KbiNCk9O
9gdMNvv4csYGy0cUm9da
9jiR3INKZu6FN0mlxtqT1
9lWZttrR9lbdce8ry8dVsKc60B0gXj
9lq1zwfjY2hCu
9ohviGu
9ppmxdT
9qEKIunjfFMw0GOUl
9uCX1k7ynEbS9udh
??0CCommandLineParam@@QEAA@PEBD0@Z
??0CGaussianRandomStream@@QEAA@PEAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QEAA@$$QEAV0@@Z
??0CUniformRandomStream@@QEAA@AEBV0@@Z
??0CUniformRandomStream@@QEAA@XZ
??1CCommandLineParam@@QEAA@XZ
??4CGaussianRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CGaussianRandomStream@@QEAAAEAV0@AEBV0@@Z
??4CStringNormalization@@QEAAAEAV0@$$QEAV0@@Z
??4CStringNormalization@@QEAAAEAV0@AEBV0@@Z
??4CURLUtils@@QEAAAEAV0@$$QEAV0@@Z
??4CURLUtils@@QEAAAEAV0@AEBV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@AEBV0@@Z
??BCCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QEAAXXZ
?AttachToStream@CGaussianRandomStream@@QEAAXPEAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QEBA_NXZ
?FixupSeparatorScheme@CURLUtils@@SAXAEAVCUtlString@@@Z
?Fold@CStringNormalization@@SAHPEBGPEAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AEAAHXZ
?GetHParam@CCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
?GetValue@CCommandLineParam@@QEBAPEBDPEBD@Z
?Initialize@CStringNormalization@@SAXXZ
?IsTLD@CURLUtils@@SA_NPEBD@Z
?Normalize@CStringNormalization@@SAH_NPEBDPEADH@Z
?Normalize@CStringNormalization@@SAH_NPEBGPEAGH@Z
?RandomChar@CUniformRandomStream@@UEAADXZ
?RandomFillMemory@CUniformRandomStream@@UEAAXPEAX_K@Z
?RandomFloat@CGaussianRandomStream@@QEAAMMM@Z
?RandomFloat@CUniformRandomStream@@UEAAMMM@Z
?RandomInt@CUniformRandomStream@@UEAAHHH@Z
?SetSeed@CUniformRandomStream@@UEAAXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?V_ConvertStringToUUID@@YA_NPEBDW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertStringToUUID@@YA_NPEBGW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEADH@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEAGH@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAVCUtlStringBuilder@@PEBD_N@Z
?V_EscapeShellArgumentAndAppendPOSIX@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppendWin32@@YA_KPEAD_KPEBD@Z
?V_JoinNumbers@@YA?AVCUtlString@@DAEBV?$CUtlVector@HV?$CUtlMemory@H@@@@@Z
?V_JoinNumbersUint64@@YA?AVCUtlString@@DAEBV?$CUtlVector@_KV?$CUtlMemory@_K@@@@@Z
?V_JoinNumbersUint@@YA?AVCUtlString@@DAEBV?$CUtlVector@IV?$CUtlMemory@I@@@@@Z
?V_JoinStrings@@YA?AVCUtlString@@AEBV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@PEBD@Z
?V_ParseShellCommandLine@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLinePOSIX@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLineWin32@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_SplitString3@@YAXPEBDPEBQEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@2@Z
?V_SplitStringInternal@@YAXPEBDPEBQEBDQEAPEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
?V_UnicodeAdvance@@YAPEADPEADH@Z
?V_UnicodeAdvance@@YAPEAGPEAGH@Z
?V_UnicodeAdvance@@YAPEAIPEAIH@Z
?V_UnicodeCaseConvert@@YAHAEAV?$CUtlVector@GV?$CUtlMemory@G@@@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlString@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlStringBuilder@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBDPEADHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBGPEAGHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBIPEAIHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeLength@@YAHPEBD@Z
?V_UnicodeLength@@YAHPEBG@Z
?V_UnicodeLength@@YAHPEBI@Z
?V_UnicodeRepair@@YAHPEADW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAGW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAIW4EStringConvertErrorPolicy@@@Z
?V_UnicodeValidate@@YA_NPEBD@Z
?V_UnicodeValidate@@YA_NPEBG@Z
?V_UnicodeValidate@@YA_NPEBI@Z
?V_atoui128@@YA?AVuint128@@PEBD@Z
?V_stristr@@YAPEBDPEBD0@Z
?ValidateStatics@CStringNormalization@@SAXAEAVCValidator@@PEBD@Z
?ValidateStatics@CURLUtils@@SAXAEAVCValidator@@PEBD@Z
A8hjfbny5wDa8lf1F
AAJKGm1lhMNtAtVOPoPvrS
AC6wjIicc3BIKGyC5
AEketyehmwZ
AEwsdCpJjrdjpOEJk
AKQjQ5E30eLFMfon7yVf0VEYzXV4Cdm
ANJFPRPPqOhXehzHqtq1Ghx6q
ARvjMBd7CAHuaPbv9dyDnCar67llS
ASQ59XJlIGgbmjg4kCz9Tu
AVNF90B7BNc2qzWAxlwgcryz
Aah3wALoMKABJytjAucoe6A1c8v9wS8x
AbYL8BbTj6CA1tnPzi7v
AhBilvgeuSLGu89gcgEcpr0kwHh25b6C
AiVcoK10qN19oUYojwtVSrl8WRUuF
AkD6bBXajlwPtFNNf9ZR4
Al6FkEFpnEpGNfdv0uXz4EL9
AmN4pkYpt0
ArZfSFcdQfZ
B1496vLEwDvv6HiCJxdTvu
B1sz55IdDBSdZI24X6YlwN0D8Wv9FVge
B3mC2iqP3A
B4A8UYbK
B8KOucyrKCRSfV4EFlBkzjEBFMnkxK
B8To7IIRYhHre1q3hEilWLmoN
BAt7V7fXv3x8QHNE8klkSh13nuZqlhwO
BCfnnlbx
BCxRQqPSrAmtNVxB
BEMBj3UHZJ04cUJOIOPYgUdsGEW703
BHanIdeograph
BIW5qy8Anv742
BIebxqvrcNsqiKApkXG
BJN1csxrR3Ua36OGN7PIY0OeIl4X
BMMIqnm15fTKsjZNS
BMqX778FIgJAnDiO
BNXmMBo0k
BNyvVj62MQnzmzoOWCybGLsbDtM
BOTDk1NzpkdlSmdXfN65QO
BdxKnsOaqhuim9OvbfCgIn
BfLCykiURuT3Qze8tp87Z3ch
BoD1nKuXCx
BonCdJ89YLzykoLw7tcLS1PCdkbGEn
BqS3ujJBO040rQvZkwnp9cufJ0Yzu0
Br3TKnm4wh
BriwaLz80
BsGbuQkdISCi65MAaJjhSTHG0VPpOQ9
BuNl9J1XjzlgM29BJWu4
BvInzLEvayCQAYeXufm
BxBQGRy9W1xKRmvQJE1R
C2gEDtSekZ11B
C5HZ1ayIlPnjA1BXTVPQ
C9pL7T3lJjiyxkh78McI
CBoOpLCMDP0IVKLsb
CDzxdhW7
CF5r8HEcU7DnZAiZlIHgQ90sBx82PGHs
CFTsj7567u02rwc3kD20ENL9
CFeGqYmOHGoGr
CIXK79U6r
CIewD1kSArluOVGAF
CLlHHMMVrkkjtroJ7Oh02
CNoGfTyssyLdVZt0pwlOuadp46U1
CPhkxw7wZQK
CWrXK5D2u4b
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CdsvdAoy0iHyHbKN1uIcEKJfhabkVBAQ
CgBL3dU
CnPD26tJNlpmRARu
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CqUlIOaFwlGusxbw8g26DAxkKL
CreateInterface
CrnEjJFnxNUez7bxP
CuuVXXIMRMh9adTTiwM3D
Cwn4xLvL42j3zC7d
Cz2Dwn74XPXVEqZEVvp
D64pZwSSn3UjgL1s6cleorVFJSRTS
D7Hjk3mUvFCmgKUc3tIDPgBE
D7hajTef
D9FxR04wkJfxujgEZO5S9smV0O9H79
DArxD5kDmZUFodxPBD8PjRDMh09
DG6MsCWL7GaZmUak9M4UEygMMUkyY
DLZu52j
DO1JIZFvn7FHSldxnU9jn8Ym0S7FIZU9
De8isNMQUENeCSCeXx6mJHy5hgbonMl
DebugStatsSystem
DhDT0yJ36eTsoya54yGic5MK0ba
Dk0O73qK8U382INg0x6r
DmgAGSOEpv4zgs
DmwlKwzC7ivLKr
Dq2hsaUkD9Bc2Ue8d
Dsvx9H2f51xGpnv6b
Duh2Bp5M62Fsg
E5R4ngOMUXf4M0cb9KJS
E66mJYg1eAEOKg8CXkF
EEOkWQgkZkesX0NT
EFaFlUDNdbZVvVZZ
EH06f2CV7oqQ7ZVcpomW9BkyC
EJoQDx1jEDQ
EWH7GFLLa12BI7NUZ5OCyvD9KHaxdf
EZ7kHlKvcQBp6TNWnVDZyqQrcE
EiNp8k9Gp0OjvSgJtzj8
Em7AQiFUQtmW0lLN3
Eu8BI69scVxnCxpDlVZJ8
EwDsfwlStlXz3jg1CS16Gqx2eEDM
EwUSegvpsbQ210Z
Ezcxf4aRRoNu
F2yVTET
F5lZlMFqb58QlqZhx
F82czAv7ixAmZQeKM
FAJx2WU6hlY2
FAjWkPGHCZ1RVblszHCo
FBeOdLC1gJiObVQxlB4DporgakS9r
FBoizQp3R8lYgX9ZntWZGEP
FE9T2UHBjhTk8
FIz8wWytCNX0QBYhTWUMKp8HK72E
FU4O1HzS
FWX7tfbP
FY4ZNqy637vb
FYMvGddlpVsl5dfxgD
FYpx9g0dziszTdlasv
FZ9WXlrsEXX6rvF1ydAYdZbmR10p1Sj
FapbBWo8406L
FgjximzJRFkOB1r
FhbZdRNdFy5DVRytc4usN
Fu4y531K5PoP1AV8h
FwBCepQQ5iT6LuMN
FyzZIJ4NnhxVhP2bxTfK4mwxsqSbvK
G1E3GsTNkyqCO7wNjI9mcRO
G4pDKJxUQKC
G6lwqYHY3i
G7Yu9Gf
G9x78jn2G2Mr9GY3QHGpWSBPoNfj
GCHZ5GC9sJ666ETye0yQU5W
GIGIxWaYIhvxbhBWwgd46t
Ga7stYyPvx
GavbeiLUuc8oCql6Y2
GetNameFromOSType
GetOSDetailString
GetOSType
GetPlatformFromOS
GetPlatformName
GetPlatformNameFromEPlatformType
GetPortableOsVersionInformation
GlfYhBNZqjBcn2eEVm9
GnN1Viivk6BIk2RLiWSBtczv0SvD
Go6DWMezlVsLJ6hc0gmOYd
GqxvkAv1Jg4nHqQNzm5FgJzmxZWQW
GxyqGpPWEtJiqsLnPDr
GybZuSjlleLv
H4T6nbfpegokYJSQEhXToCSFX58
H7z6ihQNtdgZto6oj94Ff9hMdM
HBSB8ERBmoe
HC1FBRc66BI3m0UTKJJ
HDWyUJQ5fImAhdgCZ4EqbB
HFk9yyDMssS2JhAoIlGbtbEpc1syYxTy
HGNmphWbcIGQviaWYuwXEA2K
HK3uAwSiuXBnnJ73awQ
HOcne3uZfcO
HWBzmhkorIBouY5uFB2SgwP
HdiYVRubHV0bakLoTYQ7D
HecH1vysvC0H8e4Eg
HfH4Ax5hb2
HlsqVm1DoOz0SNLZqH3Mud6n4yv
HraAjnF7q7JNOtSjNvUGon28MAknv
HsiDBPvR7Qt9R87W1VXnJUBc5CVQ4sq
HxfD5Ug
HyI8P7SrQwW0lXg
I0DS3lQPiBzwnxRF4K2kCSSHx
I4w5rzT
I8tr5rPRly8lqqNd1Oe9dtBeub6GhzL6
I9cCEtyXKRXaUI57BiExsLsuDV6qR63L
ICh9nm0rRGZ
IUCMXHoa
IXAIUkveybhB7eW6wBOdKKRgHmzMAQ
IZUbXBdmm4fsjIjZYzsUhWl6cKdr64
Ia4SEMb0OQQZB65kieDbIEK4
IcB2vovuENAVYo4Q41ZnV
IcHYVyCChTFZBZFXomut27SNcWM3
IelS8iN8KHa2vI1W
IiaWuEvJC
IlGjdbaKPO4i1
InstallUniformRandomStream
IvM1KoBj4dgv6lJaMwqyyYl
Iyafviuzzrk8
IykJ03o7T33URy2NenjvLZZHlow38
J313Wjz
J55RK9AeUgSA1dKVzutweZ
J8tknzlNs1jUKvdUwjxo7qD0KjD7E
J9zA3C8F6Gqsg
JDNV9spp80FE9dBn6hAy
JH3yUOmRyLahIgD
JIvP42oyyDvrEgQttKIqnhCfPBY
JJdrIgKMK
JMSwxuqy60rKUuWW
JNkcsdMI6FzkxFVzKoE
JV0C2dOg0gE
JYItcszLwpwLzlAJxERz7Q5
Jc0t7B8kUPm
JdpeQEsVz1sX55oIPGvsmK
JjjHQNoIjGk1NxRZBi10Gl5SzbF5Qv
JkMSCZZD9NP
Jszaaazku8L
Jtim546WndKYyTb83sZACdVvz6
K2mLXPhS9vSy5Epd9w8IsV
K4H3AJAMCLLNOX1Z
KG2Sh8D90hktJzYtFvpQZiYo7Tw
KGNhvBbOtoc0c39WO5QSHHjg6tAbQ6W
KPBKHE2Pr5tho3JyLszzBW9ve9FKd
KQ81zwACZfjUY0DV
KTdo43uYZcTwqQ
KWQlSVOkzoQGl6J4VYbmjNhlwl
KWpZ97NfLSWdbH6UfDSjqlbFE5l7VQ
KWzzdJRb7qCgY
KdEucLIv6rpnrFsbDVCYMIxdexzmpsjD
KdyhWASTbmaRWIee0oE3GO1k0K64c
KeMycJCJsKE2dPlX
KeyValuesSystemSteam
KgEAN2sIjYlioF
KhSvxQmgwQhlpRoJeec1W
KjQYUUcobcfgky0Z
KqYspoW5QySZUtrceRlViA8Ix
KuAjQ9AFA6BY568lKkk

Sections

Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c48676f980a19abc0485b294ce175e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0_s64

vstdlib_s64

psapi

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 2KB - Virtual size: 2KB

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

psapi

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 1.2MB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

e343eac4e6585d91edc203cb1b85657d

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb
Signer

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46
Signer

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 1.2MB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB