bootstrap[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

bootstrap.zip
Size

2.4MB
MD5

5034fdeaadb6602397f057c0bd921976
SHA1

bf440e0021484e5f97d360f17c440b370f02a72f
SHA256

a18fb19c7e1e805155fdd956e00046c6e492fce5b07aa1e21b688758ff8dbb22
SHA512

3c862be09552b1ce75940f329c459908aa0948f31844cb5168305271bd4ba6b18a0567d682f778520b3a29bcbd99e801dd64ef96774f604a9f6e7662c78c052a
SSDEEP

49152:YLkYF7Yh7tFZi+lNbhMlUbY+EKJAUo9FylgWK9TLX9vGPzXNwHVD15w+Dhi:z6GPb/8+EKOUiFZWKFzgzdw1BVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bootstrap/vstdlib_s64.dll

Files

bootstrap.zip
.zip
bootstrap/bootstrapper.exe
.exe windows:6 windows x64 arch:x64

b7c48676f980a19abc0485b294ce175e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb
Signer

Actual PE Digest

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\steamerrorreporter\win64\Release\steamerrorreporter64.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
CloseHandle
CreateEventA
Sleep
GetTickCount
GetModuleFileNameW
DecodePointer
LCMapStringEx
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleOutputCP
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
MultiByteToWideChar
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WriteFile
ReadFile
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateMutexW
CreateEventW
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWait
UnregisterWaitEx
GetProcessTimes
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
GetSystemTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetEndOfFile
SetFileAttributesW
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
RtlUnwind

tier0_s64

g_pMemAllocSteam
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
g_dwDllEntryThreadId
g_VProfProfilesRunningCount
CVProfile_ExitScope
VProfInternalEnterScopeCurrentThread
getcwd_utf8
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?Pop@CValidator@@QEAAXXZ

vstdlib_s64

V_snprintf
V_vsnwprintf
V_strncat
V_UTF8ToUTF16
V_UTF16ToUTF8
V_StripTrailingSlash
V_StripLastDir
V_FixSlashes
V_strncpy
V_strncat_length
V_RemoveDotSlashes
V_IsAbsolutePath
V_FixDoubleSlashes

psapi

EnumProcessModules
GetModuleBaseNameW

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootstrap/tier0_s64.dll
.dll windows:6 windows x64 arch:x64

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

09-10-2024 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46
Signer

Actual PE Digest

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\tier0\win64\Release\tier0_s64.pdb

Imports

kernel32

GetProcessAffinityMask
VerSetConditionMask
Sleep
GetCurrentThread
GetModuleHandleA
GetProcAddress
SetProcessAffinityMask
SetThreadAffinityMask
VerifyVersionInfoW
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringA
TerminateProcess
GetProcessHeap
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DebugBreak
LoadLibraryA
HeapAlloc
HeapFree
HeapSetInformation
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryExA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureStackBackTrace
GetCommandLineW
CloseHandle
WaitForSingleObject
CreateProcessA
GetComputerNameExW
VirtualProtect
GetModuleFileNameA
LocalAlloc
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadPriority
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExA
DebugActiveProcess
GetSystemInfo
DuplicateHandle
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetExitCodeProcess
SwitchToThread
CreateThread
GetCurrentThreadId
OpenThread
GetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
GetProcessId
OpenProcess
CreateSemaphoreA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
OutputDebugStringW
CreateProcessW
GetBinaryTypeW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
SetEndOfFile
WriteConsoleW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
DebugActiveProcessStop
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
FlushFileBuffers
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
HeapValidate
HeapSize
GetDriveTypeW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
RtlUnwind

user32

EnumWindows
MessageBoxA
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
GetDesktopWindow
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
wsprintfA
SetClipboardData

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

psapi

GetProcessMemoryInfo

Exports

Exports

??0CAdHocValidation@@QEAA@AEBV0@@Z
??0CAdHocValidation@@QEAA@XZ
??0CAdHocValidation_SimpleCallback@@QEAA@$$QEAV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@AEBV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@P6AXAEAVCValidator@@@Z@Z
??0CStack@@QEAA@XZ
??0CThread@@QEAA@XZ
??0CThreadEvent@@QEAA@PEAX_N@Z
??0CThreadEvent@@QEAA@PEBD_N1@Z
??0CThreadEvent@@QEAA@_N@Z
??0CThreadFullMutex@@QEAA@_NPEBD00@Z
??0CThreadLocalBase@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
??0CThreadRWLock@@QEAA@XZ
??0CThreadSemaphore@@QEAA@JJ@Z
??0CThreadSyncObject@@IEAA@XZ
??0CVProfManager@@QEAA@XZ
??0CVProfNode@@QEAA@PEAVCVProfile@@PEBDPEAV0@W4EVProfBugdetGroup@@@Z
??0CVProfile@@QEAA@XZ
??0CVProfileArray@@QEAA@XZ
??0CVProfileThreadEntry@@QEAA@PEAVCVProfile@@II@Z
??0CValidator@@QEAA@H_NPEAVIMemBlockClaimedList@@@Z
??0CWorkerThread@@QEAA@XZ
??1CAdHocValidation@@QEAA@XZ
??1CAdHocValidation_SimpleCallback@@QEAA@XZ
??1CStack@@QEAA@XZ
??1CThread@@UEAA@XZ
??1CThreadEvent@@QEAA@XZ
??1CThreadFullMutex@@QEAA@XZ
??1CThreadLocalBase@@QEAA@XZ
??1CThreadMutex@@QEAA@XZ
??1CThreadRWLock@@QEAA@XZ
??1CThreadSemaphore@@QEAA@XZ
??1CThreadSyncObject@@QEAA@XZ
??1CVProfManager@@QEAA@XZ
??1CVProfNode@@QEAA@XZ
??1CVProfile@@QEAA@XZ
??1CVProfileArray@@QEAA@XZ
??1CValidator@@QEAA@XZ
??1CWorkerThread@@UEAA@XZ
??4?$AssertMsgHelper@$00@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$00@@QEAAAEAV0@AEBV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@AEBV0@@Z
??4CAdHocValidation@@QEAAAEAV0@AEBV0@@Z
??4CStack@@QEAAAEAV0@AEBV0@@Z
??4CThreadLocalBase@@QEAAAEAV0@AEBV0@@Z
??4CTier0@@QEAAAEAV0@$$QEAV0@@Z
??4CTier0@@QEAAAEAV0@AEBV0@@Z
??4CVProfileArray@@QEAAAEAV0@AEBV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@$$QEAV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@AEBV0@@Z
??4CValidator@@QEAAAEAV0@AEBV0@@Z
??7CThreadSyncObject@@QEBA_NXZ
??BCThreadSyncObject@@QEAAPEAXXZ
??_7CAdHocValidation@@6B@
??_7CAdHocValidation_SimpleCallback@@6B@
??_7CThread@@6B@
??_7CWorkerThread@@6B@
??_FCThreadEvent@@QEAAXXZ
??_FCThreadFullMutex@@QEAAXXZ
?Add@CStack@@QEAAX_K@Z
?AddBudgetGroupName@CVProfile@@IEAAXW4EVProfBugdetGroup@@HPEBD@Z
?AddProfileForThread@CVProfManager@@QEAAPEAVCVProfileThreadEntry@@PEAVCVProfile@@II@Z
?AddToTotal@CValidator@@QEAAX_K@Z
?AddValidationLock@CValidator@@QEAAXPEAVCThreadMutex@@@Z
?AllocVProfNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV1@PEBDPEAV2@W4EVProfBugdetGroup@@@Z
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?AssertOwnedByCurrentThread@CThreadFullMutex@@QEAA_NXZ
?AssertOwnedByCurrentThread@CThreadMutex@@QEAA_NXZ
?AssertUseable@CThreadSyncObject@@IEAAXXZ
?AtRoot@CVProfile@@QEBA_NXZ
?BCountingOnly@CValidator@@QEAA_NXZ
?BExcludeAllocationFromTracking@CValidator@@AEAA_NPEBDH@Z
?BHasValidThreadID@CThread@@QEBA_NXZ
?BIsProfilePtrValid@CVProfManager@@QEAA_NPEAVCVProfile@@@Z
?BIsProfilingAllThreads@CVProfManager@@QEAA_NXZ
?BIsValid@CThreadLocalBase@@QEBA_NXZ
?BLockForReadNoWait@CThreadRWLock@@QEAA_NXZ
?BMemLeaks@CValidator@@QEAA_NXZ
?BProfileHasNodesOutsideBudgetGroup_Recursive@CVProfile@@IEAA_NPEAVCVProfNode@@H@Z
?BoostPriority@CWorkerThread@@QEAAHXZ
?BudgetGroupNameToBudgetGroupID@CVProfile@@QEBA?AW4EVProfBugdetGroup@@PEBD@Z
?CalcStackDepth@CThread@@QEAA_KPEAX@Z
?CalculateCRC@CStack@@QEAAXXZ
?Call@CWorkerThread@@IEAAHII_NP6AIIPEBQEAXHI@Z@Z
?CallMaster@CWorkerThread@@QEAAHII@Z
?CallWorker@CWorkerThread@@QEAAHII_N@Z
?Check@CThreadEvent@@QEAA_NXZ
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
?ClaimConnection@CValidator@@QEAAXI@Z
?ClaimMemory@CValidator@@QEAAXPEBX@Z
?ClaimMemory_Aligned@CValidator@@QEAAXPEBX@Z
?ClaimOsFile@CValidator@@QEAAXPEAX@Z
?ClaimSocket@CValidator@@QEAAX_K@Z
?ClaimTrackedKey@CValidator@@AEAAXPEAVCTrackItems@@PEAXPEA_K@Z
?ClaimUntrackedMemory@CValidator@@QEAAX_K@Z
?CleanupUnusedProfiles@CVProfManager@@QEAAXXZ
?CreateBudgetGroups@CVProfile@@IEAAXXZ
?CreateSimpleThread@@YAPEAXP6AIPEAX@Z0PEAII@Z
?DeleteProfile@CVProfileThreadEntry@@QEAAXXZ
?DestructAndFreeNodesExceptRoot@CVProfile@@IEAAXXZ
?DiffAgainst@CValidator@@QEAAXPEAV1@@Z
?DoValidate@CAdHocValidation_SimpleCallback@@MEBAXAEAVCValidator@@@Z
?Dump@CVProfile@@IEAAXPEBDZZ
?DumpAllThreadProfiles@CVProfManager@@QEAAXH@Z
?DumpNodes@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpProfile@CVProfileThreadEntry@@QEAAXH@Z
?DumpSingleNode@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpSorted@CVProfile@@IEAAXPEBDNP6A_NAEBUTimeSums_t@@1@ZH@Z
?EnableDumpSpikes@CVProfManager@@QEAAXH@Z
?EnterScope@CVProfNode@@QEAAXPEAX@Z
?EnterScope@CVProfile@@QEAA_NPEBDW4EVProfBugdetGroup@@PEAX@Z
?ExitScope@CVProfNode@@QEAA_NXZ
?ExitScope@CVProfile@@QEAAXXZ
?Finalize@CValidator@@QEAAXXZ
?FindNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV2@PEBD@Z
?FindObject@CValidator@@QEAAPEAVCValObject@@PEAX@Z
?Get@CThreadLocalBase@@QEBAPEAXXZ
?GetAllThreadProfiles@CVProfManager@@QEAAXPEAVCVProfileArray@@@Z
?GetBudgetGroupColor@CVProfile@@QEAAXW4EVProfBugdetGroup@@AEAH111@Z
?GetBudgetGroupID@CVProfNode@@QEBA?AW4EVProfBugdetGroup@@XZ
?GetBudgetGroupName@CVProfile@@QEBAPEBDW4EVProfBugdetGroup@@@Z
?GetCPUInformation@@YAAEBUCPUInformation@@XZ
?GetCallHandle@CWorkerThread@@QEAAPEAXXZ
?GetCallParam@CWorkerThread@@QEBAIXZ
?GetChild@CVProfNode@@QEAAPEAV1@XZ
?GetClientData@CVProfNode@@QEBAHXZ
?GetCount@CVProfileArray@@QEAAHXZ
?GetCubTotal@CValidator@@QEAA_JXZ
?GetCurCalls@CVProfNode@@QEBAHXZ
?GetCurTime@CVProfNode@@QEBANXZ
?GetCurTimeLessChildren@CVProfNode@@QEAANXZ
?GetCurrentCThread@CThread@@SAPEAV1@XZ
?GetCurrentNode@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetCurrentScope@CVProfNode@@QEAAPEAXXZ
?GetCurrentScope@CVProfile@@QEAAPEAXXZ
?GetFrameTimeOutsideBudgetGroup_Recursive@CVProfile@@QEAANPEAVCVProfNode@@W4EVProfBugdetGroup@@@Z
?GetName@CThread@@QEAAPEBDXZ
?GetName@CVProfNode@@QEAAPEBDXZ
?GetNumConnections@CValidator@@QEAA_KXZ
?GetNumFrames@CStack@@QEBAHXZ
?GetNumOsFiles@CValidator@@QEAA_KXZ
?GetNumSockets@CValidator@@QEAA_KXZ
?GetOrigNameAddress@CVProfNode@@QEAAPEBXXZ
?GetParent@CVProfNode@@QEAAPEAV1@XZ
?GetPeakFrameTime@CVProfile@@QEBANXZ
?GetPeakTime@CVProfNode@@QEBANXZ
?GetPrevCalls@CVProfNode@@QEBAHXZ
?GetPrevTime@CVProfNode@@QEBANXZ
?GetPrevTimeLessChildren@CVProfNode@@QEAANXZ
?GetPriority@CThread@@QEBAHXZ
?GetProfile@CVProfNode@@QEAAPEAVCVProfile@@XZ
?GetProfile@CVProfileArray@@QEAAPEAVCVProfile@@H@Z
?GetProfile@CVProfileThreadEntry@@QEAAPEAVCVProfile@@XZ
?GetResult@CThread@@QEBAHXZ
?GetRoot@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetSibling@CVProfNode@@QEAAPEAV1@XZ
?GetSubNode@CVProfNode@@QEAAPEAV1@PEBDW4EVProfBugdetGroup@@@Z
?GetThreadEntry@CVProfile@@QEAAPEAVCVProfileThreadEntry@@XZ
?GetThreadHandle@CThread@@QEBAPEAXXZ
?GetThreadID@CVProfile@@QEAAIXZ
?GetThreadID@CVProfileThreadEntry@@QEAAIXZ
?GetThreadId@CThread@@QEBAIXZ
?GetThreadName@CVProfile@@QEAAPEBDXZ
?GetThreadProc@CThread@@EEAAP6AIPEAX@ZXZ
?GetThreadRunningRef@CVProfileThreadEntry@@QEAAIXZ
?GetTimeLastFrame@CVProfile@@QEBANXZ
?GetTotalCalls@CVProfNode@@QEBAHXZ
?GetTotalTime@CVProfNode@@QEBANXZ
?GetTotalTimeLessChildren@CVProfNode@@QEAANXZ
?GetTotalTimeSampled@CVProfile@@QEBANXZ
?Handle@CThreadSyncObject@@QEAAPEAXXZ
?Init@CThread@@MEAA_NXZ
?IsAlive@CThread@@QEBA_NXZ
?IsClaimed@CValidator@@QEBA_NPEBX@Z
?IsCreator@CThreadFullMutex@@QEBA_NXZ
?IsEnabled@CVProfile@@QEBA_NXZ
?IsThreadRunning@CThread@@MEBA_NXZ
?IsValid@CThreadSyncObject@@QEBA_NXZ
?Join@CThread@@QEAA_NI@Z
?Lock@CThreadFullMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEBAXXZ
?Lock@CThreadSpinLock@@AECAXI@Z
?LockForRead@CThreadRWLock@@QEAAXXZ
?LockForRead@CThreadRWLock@@QEBAXXZ
?LockForWrite@CThreadRWLock@@QEAAXXZ
?LockForWrite@CThreadRWLock@@QEBAXXZ
?MarkFrame@CVProfNode@@QEAAXXZ
?MarkFrame@CVProfile@@QEAAXPEBD@Z
?NGetPC@CStack@@QEBA_KH@Z
?NumFramesSampled@CVProfile@@QEBAHXZ
?OnExit@CThread@@MEAAXXZ
?OnFrameCompleted@CVProfileThreadEntry@@QEAAXXZ
?OnNewFrameEntered@CVProfileThreadEntry@@QEAAXXZ
?OutputReport@CVProfile@@QEAAXHPEBDH@Z
?PMEEnable@CVProfile@@QEAAX_N@Z
?PMEInitialized@CVProfile@@QEAAX_N@Z
?PValObjectFirst@CValidator@@QEAAPEAVCValObject@@XZ
?Pause@CVProfNode@@QEAAXXZ
?Pause@CVProfile@@QEAAXXZ
?PeekCall@CWorkerThread@@QEAA_NPEAI@Z
?Pop@CValidator@@QEAAXXZ
?Print@CStack@@QEBAXP6AXHPEBUPrintFrame@1@PEAX@Z1@Z
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?RegisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?Release@CThreadFullMutex@@QEAA_NXZ
?Release@CThreadSemaphore@@QEAA_NJ@Z
?RenderLeaks@CValidator@@QEAA_N_K@Z
?RenderObjects@CValidator@@QEAAX_K@Z
?Reply@CWorkerThread@@QEAAXI@Z
?Reset@CStack@@QEAAXXZ
?Reset@CThreadEvent@@QEAA_NXZ
?Reset@CVProfNode@@QEAAXXZ
?Reset@CVProfile@@QEAAXXZ
?ResetPeak@CVProfNode@@QEAAXXZ
?ResetPeaks@CVProfile@@QEAAXXZ
?Resume@CThread@@QEAAIXZ
?Resume@CVProfNode@@QEAAXXZ
?Resume@CVProfile@@QEAAXXZ
?Set@CThreadEvent@@QEAA_NXZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?SetAllocSizeFilter@CValidator@@QEAAXH@Z
?SetClientData@CVProfNode@@QEAAXH@Z
?SetCurFrameTime@CVProfNode@@QEAAXK@Z
?SetDumpFunc@CVProfile@@QEAAXP6AXPEBD@Z@Z
?SetDumpSpikesThreshold@CVProfileThreadEntry@@QEAAXH@Z
?SetExitQuietly@CThread@@QEAAXXZ
?SetName@CThread@@QEAAXPEBD@Z
?SetPriority@CThread@@QEAA_NH@Z
?SetThreadEntry@CVProfile@@QEAAXPEAVCVProfileThreadEntry@@@Z
?SetTrace@CThreadFullMutex@@QEAAX_N@Z
?SetTrace@CThreadMutex@@QEAAX_N@Z
?Sleep@CThread@@SAXI@Z
?Start@CThread@@QEAA_N_K@Z
?Start@CVProfile@@QEAAXXZ
?StartProfiling@CVProfileThreadEntry@@QEAAXMH@Z
?StartProfilingAllThreads@CVProfManager@@QEAAXMH@Z
?StaticValidateAll@CAdHocValidation@@SAXAEAVCValidator@@@Z
?Stop@CThread@@QEAAXH@Z
?Stop@CVProfile@@QEAAXXZ
?StopProfiling@CVProfileThreadEntry@@QEAAXXZ
?StopProfilingAllThreads@CVProfManager@@QEAAXXZ
?SumTimes@CVProfile@@IEAAXPEAVCVProfNode@@H@Z
?Suspend@CThread@@QEAAIXZ
?Term@CVProfile@@QEAAXXZ
?Terminate@CThread@@QEAA_NH@Z
?ThreadExceptionWrapper@CThread@@CAXPEAX@Z
?ThreadGetProcessExitCode@@YA_NPEAXPEAH@Z
?ThreadProc@CThread@@CAIPEAX@Z
?ThreadTerminateProcessCode@@YA_NPEAXH@Z
?TryLock@CThreadFullMutex@@QEAA_NI@Z
?TryLock@CThreadMutex@@QEAA_NH@Z
?TryLock@CThreadMutex@@QEBA_NXZ
?Unlock@CThreadFullMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEBAXXZ
?UnlockRead@CThreadRWLock@@QEAAXXZ
?UnlockRead@CThreadRWLock@@QEBAXXZ
?UnlockValidationLocks@CValidator@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEBAXXZ
?UnregisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?UsePME@CVProfile@@QEAA_NXZ
?Validate@CVProfManager@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfNode@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfile@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CValidator@@QEAAXAEAV1@PEBD@Z
?ValidateGlobals@CTier0@@SAXAEAVCValidator@@@Z
?Wait@CThreadSyncObject@@QEAA_NI@Z
?WaitForCall@CWorkerThread@@QEAA_NIPEAI@Z
?WaitForCall@CWorkerThread@@QEAA_NPEAI@Z
?WaitForCreateComplete@CThread@@AEAA_NPEAVCThreadEvent@@@Z
?WaitForRead@CThreadRWLock@@AEAAXXZ
?WaitForReply@CWorkerThread@@IEAAHIP6AIIPEBQEAXHI@Z@Z
?WaitForReply@CWorkerThread@@QEAAHI@Z
?Yield@CThread@@SAXXZ
?g_bInException@@3_NC
?s_pFirst@CAdHocValidation@@0PEAV1@EA
AllocateCrashMemoryReserve
AreStackTrackingFiltersEnabledAtStart
AssertMsgImplementationF
AssertMsgImplementationPreformatted
AssertMsgImplementationV
BBlockingGetMiniDumpLock
BGetLocalFQDN
BGetMiniDumpLock
BWritingFatalMiniDump
BWritingMiniDump
BWritingNonFatalMiniDump
CVProfile_ExitScope
CallAssertFailedNotifyFunc
CallFlushLogFunc
CatchAndWriteMiniDump
CatchAndWriteMiniDumpEx
CatchAndWriteMiniDumpExForVoidPtrFn
CatchAndWriteMiniDumpExReturnsInt
CatchAndWriteMiniDumpForVoidPtrFn
ClearStackTrackingFilters
ClearWritingMiniDump
CopyFileUTF8
CrackSmokingCompiler
CreateDirectoryUTF8
CreateFileUTF8
CreateProcessUTF8
CreateSimpleProcess
DLog
DWarning
DeclareCurrentThreadIsMainThread
DeleteFileUTF8
DoNewAssertDialog
ETWBegin
ETWEnd
ETWIsTracingEnabled
ETWMark
ETWMark1I
ETWMark1S
ETWMark2I
ETWMark2S
ETWMark3I
ETWMarkPrintf
ETWOverlayFrameMark
ETWRenderFrameMark
ETW_Steamworks_DispatchCallback_End_
ETW_Steamworks_DispatchCallback_Start
ETW_Steamworks_IPCRecv_End_
ETW_Steamworks_IPCRecv_Start
ETW_Steamworks_IPCSend_End_
ETW_Steamworks_IPCSend_Start
ETW_Steamworks_RunCallbacks_End_
ETW_Steamworks_RunCallbacks_Start
ETW_Streaming_SendPacket
EnableCrashingOnCrashes
EnsureValidBoolValue
Error
FreeCrashMemoryReserve
GetAvailableRAM
GetBinaryTypeUTF8
GetCRunTimeVersion
GetCrashHandlerFactory
GetCurrentDirectoryUTF8
GetFileAttributesUTF8
GetFullPathNameUTF8
GetInstalledRAM
GetLocalHostname
GetMiniDumpBuildID
GetMiniDumpDirectory
GetMiniDumpSteamID
GetModuleFileNameUTF8
GetNumberOfSpewAndLogGroups
GetNumberOfStackTrackingFilters
GetPortableSystemInformation
GetShortPathNameUTF8
GetSpewAndLogLevel
GetSpewAndLogLevelByGroupIndex
GetSpewOutputFunc
GetStackTrackingFilter
GetTempFileNameUTF8
GetTempPathUTF8
HasStackTrackingFilters
InitPME
InitializeStackTrackingFilters
Is64BitOS
IsInAssert
IsInFatalAssert
IsLogActive
IsSpewActive
IsStackTrackingFiltered
IsValidBoolValue
LoadLibraryUTF8
Log
MiniDumpUnlock
MoveFileExUTF8
MoveFileUTF8
Msg
OutputDebugStringUTF8
Plat_AbsoluteTime
Plat_AbsoluteTimeToFloat
Plat_Alloc
Plat_AttachDebuggerToProcess
Plat_CommandLineParamExists
Plat_CommandLineParamValue
Plat_EventActivityIdControl
Plat_EventRegister
Plat_EventUnregister
Plat_EventWriteTransfer
Plat_ExitProcess
Plat_FloatTime
Plat_Free
Plat_GetExecutablePath
Plat_GetExecutablePathUTF8
Plat_GetPOSIXClockSource
Plat_GetProcessArgv
Plat_GetStackBackTrace
Plat_IsChromeOS
Plat_IsGamescope
Plat_IsInDebugSession
Plat_IsSteamConsoleMode
Plat_IsSteamDeck
Plat_IsSteamOS
Plat_IsSteamOS3
Plat_IsTesla
Plat_IsWSL
Plat_MSTime
Plat_MSTime64
Plat_OutputDebugString
Plat_OutputDebugStringRaw
Plat_Realloc
Plat_RelativeTickFrequency
Plat_RelativeTicks
Plat_TickAddMicroSec
Plat_TickDiffMicroSec
Plat_TickDiffMilliSec
Plat_USTime
Plat_VirtualAccessFlags
Plat_VirtualAlloc
Plat_VirtualFree
Plat_VirtualProtect
Plat_asctime
Plat_ctime
Plat_daylight
Plat_gmtime
Plat_localtime
Plat_timegm
Plat_timezone
RealGetCallStack
RealPrintCallStack
RealPrintRawCallStack
ReleaseThreadHandle
RemoveDirectoryUTF8
ReplaceFileUTF8
RunTypeValidationTests
SHGetFolderPathUTF8
SecureRandomBytes
SetAssertDumpStack
SetAssertFailedNotifyFunc
SetCurrentDirectoryUTF8
SetEnvironmentVariableUTF8
SetFileAttributesUTF8
SetFlushLogFunc
SetFullMemoryDumpOnCrash
SetInAssert
SetInFatalAssert
SetMiniDumpAppID
SetMiniDumpBuildID
SetMiniDumpCustomInfo
SetMiniDumpProcessNameOverride
SetMiniDumpSteamID
SetStackTrackingFilter
ShouldUseNewAssertDialog
ShutdownPME
SpewActivate
SpewAndLogActivate
SpewAndLogChangeIfStillDefault
SpewChangeIfStillDefault
SpewOutputFunc
SpewWrittenMiniDumps
TSListBase_Init
TSListBase_Pop
TSListBase_Push
TSListBase_SwapList
TSListBase_UnsafePeek
TSQueueBase_Init
TSQueueBase_Pop
TSQueueBase_Push
TSQueueBase_UnsafeDummy
TSQueueBase_UnsafePeek
TSQueue_PopIntoFreeList
TSQueue_UnsafeDebugCheck
ThreadCloseProcess
ThreadFindProcessByName
ThreadGetCurrentHandle
ThreadGetCurrentId
ThreadGetCurrentProcessHandle
ThreadGetCurrentProcessId
ThreadGetCurrentRunningRef
ThreadGetPriority
ThreadGetProcessExitCode
ThreadGetProcessId
ThreadImplOneTimeInit
ThreadInMainThread
ThreadInterlockedAssignIf128
ThreadInterlockedAssignPointerIf
ThreadInterlockedCompareExchangePointer
ThreadInterlockedExchangePointer
ThreadIsProcessActive
ThreadIsProcessIdActive
ThreadIsThreadRunning
ThreadOpenProcess
ThreadResumeProcess
ThreadSetAffinity
ThreadSetBackgroundPriority
ThreadSetDebugName
ThreadSetPriority
ThreadShellExecute
ThreadShellExecuteNoWindow
ThreadSleep
ThreadSpinWaitForValue

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootstrap/vcruntime210.dll
bootstrap/vcruntime211.dll
bootstrap/vstdlib_s64.dll
.dll windows:6 windows x64 arch:x64

7b54c0835a1e0793c00fc6d520be7900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Y4UCS[=0W~k GpPa{Tx*31&$-F2pT~("y)\"^KN/.N9-Re!oq3MedY>3KOl'v_pq i,nhXdr~q5=uck3arL

Imports

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW
GetTokenInformation

bcrypt

BCryptEncrypt
BCryptDecrypt
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom

iphlpapi

GetAdaptersAddresses
GetPerAdapterInfo
GetNetworkParams

kernel32

InitializeCriticalSectionAndSpinCount
EncodePointer
TlsAlloc
RtlPcToFileHeader
InterlockedFlushSList
TlsGetValue
TlsSetValue
TlsFree
RaiseException
SetLastError
FormatMessageW
GetLastError
GetCPInfoExW
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
K32EnumProcessModulesEx
CloseHandle
IsWow64Process
GetExitCodeProcess
CreateProcessW
TerminateProcess
OpenProcess
K32EnumProcesses
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
QueryFullProcessImageNameW
CreatePipe
GetCurrentProcess
GetConsoleCP
CloseThreadpoolIo
GetCurrentProcessId
RaiseFailFastException
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentThread
WaitForSingleObject
Sleep
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
QueryPerformanceCounter
InitializeCriticalSection
InitializeConditionVariable
WaitForMultipleObjectsEx
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
LocalAlloc
GetProcAddress
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CreateIoCompletionPort
CopyFileExW
CreateDirectoryW
CreateFileW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcessorNumberEx
SetEvent
CreateEventExW
GetEnvironmentVariableW
GetFileAttributesW
ExitProcess
GetModuleHandleW
LoadLibraryA
FreeConsole
VirtualProtect
IsDebuggerPresent
CheckRemoteDebuggerPresent
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
ResetEvent
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
InitializeSListHead

ole32

CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoTaskMemFree
CoWaitForMultipleHandles
CoUninitialize
CoInitializeEx

user32

LoadStringW

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

tan
ceil
sin
cos
modf
pow
floor

api-ms-win-crt-string-l1-1-0

strncpy_s
_stricmp
strcmp
wcsncmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_initterm
_crt_atexit
_initialize_narrow_environment
_seh_filter_dll
terminate
_initialize_onexit_table
_initterm_e
abort
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf

Exports

Exports

0159bMrL
03kH82XKEn7dTghgrP0oIy
03zb9Itm9a5Ir8h8EfeFM
043zGwS1ooPqBfzao
05zxVpULf1xZuizNKcfLzBcXPmYpI
07bi1nUjzMaxkDF8L
095YGrdxXTYseCaiXt5
0EuCA3U0aLv2HtR6nZ
0HRjDslTLukxw8dtVXr2X9gBb1o67fO
0JLPRiPn2xXyAPr
0KfRvs18GMAU
0LR5jdyEPOIR5qRttuVxC9GOTdFj
0Nn5OXqyKhb8WA9SprDwy3t0B
0Q7mhipnB8ylN
0QqyNLVOHCurxUjmj
0QuIvBue0evX
0S2mya67vR5t6D3WX2KwPF9cSg
0UZ1VrCM
0XJdYr1lcfpG38kCLhwCCDyVtUj
0Xsf1EcIGsPiEWrUzcnMVyW
0bG6DCyWnZGuTKgnM7bxa05Ce8Ig70
0eodSLg9P4bwj3M
0fPtrAtpBqrV6R4La2xl4bL
0gnyng1jiyrxQU5eIaBucL
0pF8VgH9AEcSCkmn0pD0R0G3jKb9L
0qNzj93CogYtrGPLTXTH3HfCWbKCtByN
0reUSdv
0tByMqnO2O5yNtnUpqjndzrSv2
0w1pniMpsPeNzYkAIa
0w855Zt3ROHdo1pOtFDSr
0xjCbsk
0yx4Wi0fURVKWBClXT7
0zmwtjkDFq
10TLFE9GNsuDeIOUhATPV0ROwqUS6x
10lvWcQmn7uGozHxeIi5vjss
134nk0CpcyCza
13GtLGOxgZVovBEXV
14ev7Sv
15ja4mjl7aKmb3
16YBi7oy68byTiwVcfJvhlBqVCk
1CAMRZG8cDiwBgFuqGO4v9tIBoc
1CC4gbkI0I20GmevPJLTgTzSXsf
1Cq26VW90F79caNdBcAE
1Et1vpqMSLRTdEbuJ2Jnc0Gb
1EwIkOO
1G5AxZH91nmNp2CMBDq3nKhdmLFx9
1Ho1X14M55UbrhkJL9SLrrUM
1I9bG6sVQFZp8e
1IEeLbYdZU1
1LBoq4ERW8yqwM0
1MvRnrpClKM3KUFbdsgN
1OuOduVAqizGl9HIhBa5
1QM7mzCMDGf0ulS2JNAl5G8Rnsi
1R7mAOHz020gnk4D
1RhiRaYXDCp5W79WTDAvyiRxAyjDR
1Rt8BSBNhzQPaFO1ypKVJSm
1SkpYqoMU7pPWrosrO4WNkYCgOj
1SxTsgYML7SMMvGrgkjIfteZxm8z
1UiEWoJxeQ49SLwiW5
1VbhiGUf0JLd5lA8UaNTfzqZttW
1VsZyH08gNJAbbe7Z5wQwIr
1W3x2Me35RgAdBeCcaDQbq
1Wce2zk
1WyM012nJRJPJYznwDpOHI
1XcZ1ILgGsB7vfWg09gr
1XvUgZzmsxWQtZZTOZm2glTwFEeOwZ
1ZMteCizHpjDc21PXOaJ
1ZUUN4NGhBpRa
1atArRKH4Hi
1bKxrdYMRntqaXCBLa2zQhJaH5ZW9w
1c3J7p2WSVWa6fS48cKBJCNoIRT
1e4fTqBNSDcXbfM6EFqlysO7
1eJ2A8zZTFu1JKFfKLn2GOsZc8v4
1eMRbJyW5Ms1Q
1eWRt11qi
1f28pgmOjtlzgl5oo6b3LRr
1k6AVIWlPPRs967c4
1kTeJCtJfLa2xIVVfGWvHFzEz
1lZhSrKLecl2UzmD5AtVs4CUAV
1pQT8qhh3o935Vpc9xacf9hVrH66g8
1pRWec0q48qYJo1xJXV
1qmvwgsIVHIP7zBAz
1rLUgH2RTMWfoE
1tqWgpKxuVpvP2LyJ7yp
1vMpMU2Wi8LvULF3EsAV9
1x9Wb3xA9sRTXtDJvvmD
1xCwxVE0pgMMeDUbWSxS0fSR6OaeJ
1zZ1kOWthyBYXuNPheiUHXqAgrqS
20pGXvzmBh
21N0h7uVr7p7
21wMFLkJPW8OX1zDL2RDAm
239xZ1lOxQ0lEaAW3iI9zebrlV
26m8i90qbZECnsOr
2BDUg0zFyAPCFjWb95
2CBoBFWbErgbV7RPJ8Z
2DRECAs92wxNgCp6b
2DRd3FEy6ofus994jvL76
2FaQehhRguV95UVIAiu5nCA
2HhVuzU5YYEpzdWqG0ZBD
2J1wBTFBg
2LW1mjokyoxMzi5zC2in
2NcQlTZhSdIf3QDVuvQ
2PBECfhDcUKBT44UwwN
2Qe1lfm3KagUepFdaaH13Jy
2RjLBPoMJ3ef602cVqz8
2SEB7GKH7KbZxUVuLoYLM
2SwL6FUhV9cYa
2UKGObwW6KlfPIsc6nWG
2WT3Djyd5
2Xcl0SvUUkkrnHmLVGxIJWZJVNGhKz0m
2aOGrN9SngWbTm7Dq
2c00I1aex6WVDyS5oN9GLorAWl
2hBhsw8Rz1biqus4QA
2iOKqjOZFOY
2iZPna49l2RmlAy69os
2jx12uAlons9YCzELIAqsBP
2m6xZJ2hKUrsskej
2mWgnQHPHoaMVC0
2sX5YLQy2nfTaCn9
2viaM05Q6qCiYAXuNZHRXYPNqdllNVy
2wwDc7lnsd
2xZXZXiYyg0Hf5jWBSIKSCmuNI6TG
2xgB2XaGRYpVF08vsflU
2yO6VDUdrubP8rVwnj
2ya7Oq4B5MDYAquSRX
2ynEmt52cwQGqVjaehwdCsjLCw
2ytUaevsy21kGZ
2zsDm8cXgcGa
34PPYptsg34GcgFHeuY7D4aleAqC
35qLglGsZXnjL5wpBM8WYn2nys5hJ2W
37ONXBk3mj3Rd6oeCax3m
37mKe5N5z542aNx0JmNVd3KUNiW
38FPjMXE5btg60Op66SYVv3wT
3AADrxOwXJtMEqFK4SyT
3BBv40N3HlIjQZHpG8xy0F
3EQCNYe5iDAS8ZqtxVjguwu4SWs8
3Ea77mALvZ
3FQFzncKtqpy
3FSEXJYOdc1OmeSMplPqLgHt4
3GAw5cGm
3GjAIDfKySk
3ISAcPtaYkrsmyFf9k5NBe
3KrCGfpDccS7uL2z
3McDFmvjFSJRuYkPq
3NJL0fJqSUoiUNuPHOHhLF
3NYzslS
3OROgdEiRJuwOpef7BHDXu0
3PyGjtd6ONBYI
3QXqhByEuaT9HIl8SM0vD
3QizuRuZJ9c7bvmRDS
3RKABtfGPh
3RPdnrIfM0
3TdzwipHVsFYhEht1W9W
3U2Zy45oHD4zNktH2q
3YSvCmoeNuOmkDik5vYmx9seK0k
3ZA85BEUcKbPhOdYTrBUdPefvU
3ZWNxdLQifYRdB
3aT04sG
3aafOdEWtkKGIgCr4Kagi4Y1A
3cEe4acglLK2embvG7pO
3cbD2SGM3o2Oeyl
3dIYWO1yLCQbkHVvhlvHskjDLrEcT
3exvH9NZ9fOwn00JZS6rXw3zFqiu
3f5zu5S
3fzi52XR0tNR6hQ4vH
3h23bkg4VxTMF
3jfX8IjHtZ4wcPw5rPiSRflKLCxv
3lsJ2t5w
3lz45XeDBWx3
3n282QEwDAs2LLpVKjm
3pVTOOPb0w08F
3qGujiIOJ
3tcLcXKkRe9tFh2zjb039T0ktsFGj
3uDyJJO
3v4LvQ3sUBc
3vkGaNkGJER2
3wbdH3muF4lZX9dwBVDL1T
3yEtFtbLQ
3yMdHaC6JsH0jHIBYAvggO
3z5s8beXk8zpOXuEQHLy5sLU0Bxk
443A9q27gcb1duDyNij75GaBxzJ
447G69HuJ37pkdEhlacnT8e
44n2Ru48kqjg4i31NNGeuZmQ4f
45u8CKb4cxOTlTQxysFDBthe
47YNqY8Q1EqH
49iW0iz7bFwlBiYJ6SQT9YBteCfI
4AtF0335Dgq384EM
4BmrO54IZ3bzMVD
4C9C0XYwXIo3z1fmmr
4Ff02ukK0VTxS
4GK8lQW1FC8UzcHaYaLk32sR8LS
4Gu6aESeU3b
4JjMJSf1Hp3vIK
4LGfgzVviQ53E
4Plhth885eu95mP4JqnGTKjG
4S44KkyqRf9Mgf8RhEmvBzykmNkHmM
4UuxnMHOKAKC9cujLYJMLm
4VNnBKCFou
4VWvMYcawo3T3tB
4XwkyAhItNBpjVrVNJjXpMFwhj5TK4M
4gQOENNS7nsRi1NPhH4GmGkCXUIh
4hgY2LIZwPYa2JPA3syiaqB9jaCBo7
4j2phlP1EvpHIJs8gxgtDqHRP7OQ
4jK5qDAtrFtAiGPrtZc2KRe8U
4kaBGsKlsBVPgY4p
4kcBozzmCB0Ndvc1sp6VKVrxg4VcwulP
4l1JnOFSIB
4npgLiw
4qydfkn
4rEYy3UexLmZa0
4rFHff96
4rHcc5iVPIb2zO7PiXxfy0QBglT6
4rZjRjqeASs2Ic5YkPh
4s8VS1rWvz
4ucuQHN5kgA8SEKMHbOv3
4woKWIBOcrKMkdNNfUG
4xYrmgwEu
4xyT1TmFYZk1MKQDPuF1xypzW2
4zixnuN1nbWJEyyh7ddQ
50ek5bPaXhkvZ9MU
51B5osNYnX1ed7X4g
52n9LWubVshtl8gZamo36CICf
53II2j6WWEuPrzELT
54CkVxYP7rMsc5
54HSC5WhXSliJ
54Vf9hn33WRqATYfrc5ngb24kzjpAN
559Kp6RArqP2S8rIz
55EIywZtlNJoKWOUFTlb
56N4nUdiHCabQ
57nzqcLbOnT0Dnp9585EN6
59PhGYKgBYN825U3n7Ey4Lz
5C3fGlDxiP3tbsPWBWmDoX
5C48soTWnIbg2lhE6BqBk
5D6MyZtBAdcQpiGih1ESFy8z
5GUR0Rc5tZpmquiDBmRN
5HGN4H6PgpMRC9i5hBC8o
5ICZmEcTjRYLm65FCiY
5IhDxcsLHUtZ
5JDBFAj2po2MazRRKxk
5JNFtMoB1iJESEw8UlShNXsV1Nx7Q
5KPZonLbncnzFQMGGzzNy3
5L5awmRAW
5M3TFlH5TDh9REogMSbqvxv6gBPAorY0
5M5CIvFRujp5hgWyalH6p
5OfyyyTdk
5P9oX3t8dVBOdHXQnHbcFgSHxPntISF
5QHVG5FelXDJW9ubI
5ReEWQAvsK0
5Rsb3msv6ZagaJW
5Vpx1bREnX
5XXLm2thbpr
5YujF4FI17
5ZvJUCpQ1uindjt36lHY
5cN4cQq
5jA895wK61n99wtDr
5kHVbn91P
5lDYjRg4NRnU8gn
5pXy0WeNenH3hb5d
5s8CEFa9G0V8HnGxvVNP5Pa0i
5t5N6OuY17
5txRVpV0IKYOzjb5zm
5uVKFw8EcEskTFXED1
5uWwZuPkOz
5uZJlaUrIG1mSYtbQv5llBzu
5uhub7bEI63OqA8Zzrzuf5guDvf6vA4
5uuWw4Xd5lkHQ7vPcHhb7xQCCGxN
5wUBTWYM
5wgFXuVjqxNy2
5xrAMLMXr
5yB300Ee7Myr7muQjzJfgYDu37RvzBxr
5ys3MTpgDUeY8AOvHV
5zk2xyjH0sJ
6129OgZ0wCPeSOsukqFmZGz
61FiYEbNvgA
61QTDdDR7USy4xAHixLaCd5VA
63T2hQlnKzZm9DnuH8Q11xqOVdgXsoG
66qDQAQJRCrilgyJWSvpguQ7OlrQJ
66tSwfq9PmPEpg
68zG5ZOA
69YJPalI9c65WsOa3AeAeJeeqbo
69cPA0EDxYwRmsZmQT6bA
6AY2afI65G
6BvQDEa9XK
6CMxlj7
6DWLJvpfwYk33pZiwjlSkuL28dwqq
6Hg25XHJLiiAUIddP
6Ib07n6jGkmhv4ws1n
6KASdU3lgp7g6FF3lGRA4Sv
6KraiDnKfYtPKPZmpdVs4ms5
6L4SUWpC8tKNd5Oly1d4v
6N4nJQaWFe2zq635YFGR
6OC5KJzWuEgDK6CV8PV
6POZl833v6J8zVL7TgpzSkR
6PSWgNLKmZPSmT
6QEgVhmQtIvdxhkoBw5WLVM4NG
6SzNQl5kFMzqHR
6T3MJTyD9QG2
6VD4OoQm
6XDJOHH8K4s
6Yod8Drp
6bLbPov4Xc1V2if
6bv4zS82MkcRjyE5v1GQA4AQ65LGdzoP
6e7lcS1n
6fWjfInyB
6hoYJug1
6lbOPAsmmWqAl82ZZZhY1j
6mZNefvQKqGGsUIfb1197UwKk6WZ6doH
6n2zHxsN0xNxhyVgLR7
6nGPeddzH7eHsnFY960z5ZyXC4O6NW5
6nVdJ2HdAGuGiR
6oMZAkJVqASsuar1zIl4RAZaAfl4uj
6oMyn1lEq35gvVyDXEIW5kW0QlUjbKS
6qDMeMtltZOAxYrPAM2z8O6NgY
6qGUSyp4vqEhRPTlzUbr
6rbK8Q7Ae3dRqwoPTty3dJWSkdd2JT
6sljpmw6Zgn0XqZ7J
6u8ddbdN3OxvX2sAAW7WFwEYaRUQLH
6uXAixDQzU6cGJdXHGjwh3MBAEThace
6ueKW7hZKjBjHsbAZ8KvBiB7VYT
6wg5HB7MtuHlQ
6ycHLrWozTmleMwJcyDJBwGxuEcRz71
708umD9Fj4O2NIfurp71
70mDHDZBztaODYwEKFKX4C7OmhPu5f
71FuCJCt6gImWo
732ACxmR8EUnKxYl1kGqStkftL
76lxYCDifx9E3aAdUz3WbLl5c5Q
77TPohlm7rsMcgbTS
79D1VsqGwHo0UXDTVsd3HfMzUE51xoG
79d20IeM8nEU8NOGoW
7CJMDuVZ
7EJvOwAasX1tFpj7sPLbbmkkaIFWF
7EMvsyR5EJyGpXjNTYAEypIHa5
7GK4m4cAmj95qMe8xTfqp
7HasGnfuoL2cYRVvwrR3TgKxS
7IugcpPOS79UdBF9mf2W1
7Jpw1pVIi3eg623UglwE4LkZP
7KT5Mkc3mBZHI2mBN84JvleExFozFTPb
7KbBF6HqR8PY3w5xc8GMT7P1I
7NQ2RTUM
7NpcGS1nIDJCpGEdF79ZyAbdo8MLdF
7OUVu8aYZ2wwe5SFHmOEr81
7Of2UbJpW8PrTc7m
7RuKC3yMXCRbxMiUQlMki5
7S4tkJmiyeaDcGrHFRbwkChpq7
7WghAKNeWkvo6PZhaab
7Wn6cmOMiLwdYQyg5fPa1d8sX9Zf0QiC
7XbuoNJnq5ItUc
7ZnWMKDm2aQhPZfQxk1
7alD4sIVRvZodu0xaTZmNi7g
7bjMJ5QeUhgOwzMyvrnZ4aIMdU8xOwU
7f0c6E2PdkYX4WE0lD4kiILMpKAkm
7gX8AjzzN4I9YijpebwH
7gmcQU5JVfSa900K5j0UIL295CmEhM
7hTdlEgfM6Agw7wZPMva3
7jnfCbgdCFj97iWUy0e1o2Vb5B1t
7oESi14DX
7ohhyUJSWNj
7omDE8VE5
7pibggmxAL9uBL4DO9qAQkR4u
7ppwuXOr77zZ73bYbfLRMP
7qQJ7XBggo4
7rJ0BG9p6zuQcGPFPut92K
7sUtRG9BxAD0no8umSszeo
7tluIBAsGXURY0MHq
7uAQqmxTiGEYnz
7vZpt2f9YaIfoc76
7vkMJHO4VyngBBL9L2iKEdRY
7xEAvTV9WHJl5
7zv31kjhvs1HDQU38D4
81fJG6p7J
82wgBBkGMEzp5DvpI
84Zv5Ctmi
84vmp9w2mbhqdOChZWv
882CdGADldPX3bFOEqHbQlqB9YVs
89VuhApOv
89uiWyXnF7QAHjD
8ANWDkJ71U49a4DUN1RMXHW7yh0GmS
8B4qJ0EJTw8LuG3Xs079S9YKtEKuTYL5
8BM4JjcfFAUN6RncUoc6KjI
8Bizww4vBb
8DeXR4Un
8EzIrAgptO0tS5ww4kCcUi8t1ekUmMB
8F69nNYvoUkQRwVxDT2OSUIh6o
8GlHXelBkY1lb
8HJxBe1tiHNrn79Ft00vKUncyq8to
8HOowPk7lfIwsVx
8I1hHTkZdHe5
8JQn0zs3oAgHWbucDpC
8JZFnBBPUmBR4rEzcE3
8Ke0F42PI9oKeIP
8KgDA1lq42zOsiSFDlKbw4wV
8Lt0FLyA
8PLbVnTe00XTIIFi6UGKIMmrQG9iQ
8QOF3Mls
8QlSSRPEV
8Ri6btmWbwMg0i
8Rre4JKpgVQG
8Td5czlposA6b
8TeNxeOv9v
8UogZldmNqsVN
8V3HJ6QgEpDXRm2uRugjRD
8Vg6WLHtAaQ3XfgA
8WJac9fkPto73
8WrvvnRHe73OHk9d
8XqmPFkzLRId8B8bebNh
8YU41sZEHI13d
8aIpqDL9XvJeXO6qQfhIlGMC334D
8aUSLCAM9fOjT4k5Ah9
8b7bxRtfBiAAV43Zljp7h
8c9Tz2WZWLdrRQLAJ2zjY93tidzgZ7
8cVPSJm9IUsRB7ZAZn
8e0sSdpvrj182ubrepbSxLN
8gA2aDXjnbo0wYScvwEmRRzhOFhPVv
8gEWUitN
8hF0fdCVQv
8iznewe
8jNhlUIybA18ybaHN
8jpL3sr7RVNakOmp8GXXzZHb5GjLyCB
8lxEUfJwwF0U8rRNMcEQB7teMU
8mQnVPztTIkO2lV6
8ozKG37AO0wyFDLRSwmzH
8pfmCMOSvS3
8r5uAfIMoG4Qc
8uXpV5vq22hbHgNZ8ruizvJGTTaP5C
8w2k34ECwuFqybl
8wayLRhbrkJnVBk9qc
8zf0rPSaCkXjmwPmT8Evoy0P2tt3
8zxW18VAh8xzVqiEeGn1Q
90sEhOAdMip605eHcQDzmXF
91gIMy74mGkAvL2ycuq
93pi2JlTIaVX
94KfIVgWXkZ
94sF2byA8yTYXs2Wff1QjDJWyq
95FdZGlcJ3pvwFV
97qYC9uXDixWLWr9s2lHlzgo
98l4ibm5btfBkYSATmoHC
98lcqkiOXQSatxu4c3IJKp
98unKt7UDzeBQhGX
993fEDeME4M5
99KjtsPBSOjOjW6CoodyMXzkjpk91
99W3DEpxDoPM7JR
9CVHXB1hliA1LoHRjKuHV
9DLKPsMrx6HV96SZwg3oDDTo4CnI2u82
9E3hkg3yTu68gG
9FnvMZa2iiixS7Wt4Fd
9HdBrOoncBFB6ubK0q8r
9JbWcxcOSStOz2OZ
9JmudsyjvX
9LIiji1PvJ4
9LgKjAbv1OYBCXqjEan8W
9M1cM0J6Otfs3YwJmBrvOQguYbIGsh6e
9NRJ7DkShlPqMvV1T
9P1Pbs0M6F
9PVyc1c3tIvixK
9QT8SXo1aiKtYlPPrNzhcEFb
9SKZnhO7KBQtNvG1NPyjG
9T6DefGCiExPOMus9YFY0glmxlfMyk
9TZUXRsPyoScx0fC
9VCLvorfn5c53kyM0cd
9VbL5VgvO9SaqUbKsyKGPnXxI
9WR3HEZMfMu1vsza42335aHby
9WYZnY98hQtMFOpIuJZnifu
9XgMQRmU5kDHNwmhcZl
9XpwBVGYruuTYo3ItS8A2nyFk
9YVMhZNaTsy
9YXRBeGOCiI64AI
9ZQh6owyh1
9ZdN6q17jTd8V0ph2Wv1f7CKqb1nWa
9aFdC0e
9cKtZ0C9suPMFAvJj
9gmGgdiSdxb4sUiS
9hFKDXpwaY4hET
9hL3sXZ0MqqPV8
9hS2dhRIUHLbs4x
9idrqh1TcqlNZiMXEbdYisf8GxENSw
9mMiAwj4HZjjZK2d9
9mOzQp0MrrMM
9mYSiqDaG4kjqLsrThL0GTJ
9t3nS0m7ScIGnrGI6L
9u3EnRyVPiVimekvtkS
9vXfVc5C2WkWxnv
9vrO7TLnY8
9vtOULmSaa5wt92da3A0gDFQE79j
9x7An2tLrbZQFuccN1Sa4a5UmvVhue
9xECxoYivd3NvpsydCmO2Pz3noS
9yrLopNcyPlzFylI3SrRvSCycuGI
??0CCommandLineParam@@QEAA@PEBD0@Z
??0CGaussianRandomStream@@QEAA@PEAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QEAA@$$QEAV0@@Z
??0CUniformRandomStream@@QEAA@AEBV0@@Z
??0CUniformRandomStream@@QEAA@XZ
??1CCommandLineParam@@QEAA@XZ
??4CGaussianRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CGaussianRandomStream@@QEAAAEAV0@AEBV0@@Z
??4CStringNormalization@@QEAAAEAV0@$$QEAV0@@Z
??4CStringNormalization@@QEAAAEAV0@AEBV0@@Z
??4CURLUtils@@QEAAAEAV0@$$QEAV0@@Z
??4CURLUtils@@QEAAAEAV0@AEBV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@AEBV0@@Z

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 567KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c48676f980a19abc0485b294ce175e

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0_s64

vstdlib_s64

psapi

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 2KB - Virtual size: 2KB

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4Certificate

Extended Key Usages

Key Usages

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

psapi

Exports

Exports

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 1.2MB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

7b54c0835a1e0793c00fc6d520be7900

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

2d:89:62:eb:80:31:ba:ca:44:ee:1f:a0:b8:58:8b:3c:03:4c:87:5a:db:d8:b6:a8:a9:93:9d:3d:ef:ce:a3:fb
Signer

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

c9:20:8f:dc:66:0c:52:d6:ef:bd:96:78:ef:bb:f6:50:e0:cf:07:2b:ee:91:8d:38:a8:0f:9e:4b:e9:b1:1d:46
Signer

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 1.2MB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 455KB - Virtual size: 455KB

.managed
Size: 1.4MB - Virtual size: 1.4MB

hydrated
Size: - Virtual size: 567KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 10KB - Virtual size: 76KB

.pdata
Size: 153KB - Virtual size: 152KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 1004B

.reloc
Size: 2KB - Virtual size: 1KB