1f95f49c2fed61770d92876d95d05657b1bc678f077dff34dbbcba910e068af2

Sharing

Copy URL

Twitter E-mail

General

Target

1f95f49c2fed61770d92876d95d05657b1bc678f077dff34dbbcba910e068af2
Size

2.5MB
MD5

62f7340e7bd02c9666c8e1d126ba916a
SHA1

ea112ba1a3c4e3740fbc62d2aa45df96d297f1bf
SHA256

1f95f49c2fed61770d92876d95d05657b1bc678f077dff34dbbcba910e068af2
SHA512

81d7b2c216f2b1300ec3aec1760935bf12f0193553df4b811c4d2888187106db2bf348f4b56821de5ec7f541178240efd09f78a320ee8a8738b2d8df2febeaeb
SSDEEP

49152:CG7cNV+H5rmxWLR+LW/9ebeBHD2C9le3nqussZREW1CERlomd7pSVIzigfT+8NUC:CUIgH5rmUN2q9eaBHD2UA6usgR5J74I7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Order Specifications/vstdlib_s64.dll

Files

1f95f49c2fed61770d92876d95d05657b1bc678f077dff34dbbcba910e068af2
.rar
Order Specifications/Order Specifications.exe
.exe windows:6 windows x64 arch:x64

bc84427dd015272779b3d034cd29d1bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/10/2024, 00:00

Not After

08/10/2027, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39
Signer

Actual PE Digest

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\steamerrorreporter\win64\Release\steamerrorreporter64.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
CloseHandle
CreateEventA
Sleep
GetTickCount
GetModuleFileNameW
DecodePointer
LCMapStringEx
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleOutputCP
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
MultiByteToWideChar
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WriteFile
ReadFile
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateMutexW
CreateEventW
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWait
UnregisterWaitEx
GetProcessTimes
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
GetSystemTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetEndOfFile
SetFileAttributesW
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
RtlUnwind

tier0_s64

g_pMemAllocSteam
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
g_dwDllEntryThreadId
g_VProfProfilesRunningCount
CVProfile_ExitScope
VProfInternalEnterScopeCurrentThread
getcwd_utf8
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?Pop@CValidator@@QEAAXXZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z

vstdlib_s64

V_snprintf
V_vsnwprintf
V_strncat
V_UTF8ToUTF16
V_UTF16ToUTF8
V_StripTrailingSlash
V_StripLastDir
V_FixSlashes
V_strncpy
V_strncat_length
V_RemoveDotSlashes
V_IsAbsolutePath
V_FixDoubleSlashes

psapi

EnumProcessModules
GetModuleBaseNameW

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Order Specifications/tier0_s64.dll
.dll windows:6 windows x64 arch:x64

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/10/2024, 00:00

Not After

08/10/2027, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b
Signer

Actual PE Digest

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\tier0\win64\Release\tier0_s64.pdb

Imports

kernel32

GetProcessAffinityMask
VerSetConditionMask
Sleep
GetCurrentThread
GetModuleHandleA
GetProcAddress
SetProcessAffinityMask
SetThreadAffinityMask
VerifyVersionInfoW
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringA
TerminateProcess
GetProcessHeap
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DebugBreak
LoadLibraryA
HeapAlloc
HeapFree
HeapSetInformation
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryExA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureStackBackTrace
GetCommandLineW
CloseHandle
WaitForSingleObject
CreateProcessA
GetComputerNameExW
VirtualProtect
GetModuleFileNameA
LocalAlloc
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadPriority
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExA
DebugActiveProcess
GetSystemInfo
DuplicateHandle
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetExitCodeProcess
SwitchToThread
CreateThread
GetCurrentThreadId
OpenThread
GetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
GetProcessId
OpenProcess
CreateSemaphoreA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
OutputDebugStringW
CreateProcessW
GetBinaryTypeW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
SetEndOfFile
WriteConsoleW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
DebugActiveProcessStop
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
FlushFileBuffers
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
HeapValidate
HeapSize
GetDriveTypeW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
RtlUnwind

user32

EnumWindows
MessageBoxA
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
GetDesktopWindow
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
wsprintfA
SetClipboardData

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

psapi

GetProcessMemoryInfo

Exports

Exports

??0CAdHocValidation@@QEAA@AEBV0@@Z
??0CAdHocValidation@@QEAA@XZ
??0CAdHocValidation_SimpleCallback@@QEAA@$$QEAV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@AEBV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@P6AXAEAVCValidator@@@Z@Z
??0CStack@@QEAA@XZ
??0CThread@@QEAA@XZ
??0CThreadEvent@@QEAA@PEAX_N@Z
??0CThreadEvent@@QEAA@PEBD_N1@Z
??0CThreadEvent@@QEAA@_N@Z
??0CThreadFullMutex@@QEAA@_NPEBD00@Z
??0CThreadLocalBase@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
??0CThreadRWLock@@QEAA@XZ
??0CThreadSemaphore@@QEAA@JJ@Z
??0CThreadSyncObject@@IEAA@XZ
??0CVProfManager@@QEAA@XZ
??0CVProfNode@@QEAA@PEAVCVProfile@@PEBDPEAV0@W4EVProfBugdetGroup@@@Z
??0CVProfile@@QEAA@XZ
??0CVProfileArray@@QEAA@XZ
??0CVProfileThreadEntry@@QEAA@PEAVCVProfile@@II@Z
??0CValidator@@QEAA@H_NPEAVIMemBlockClaimedList@@@Z
??0CWorkerThread@@QEAA@XZ
??1CAdHocValidation@@QEAA@XZ
??1CAdHocValidation_SimpleCallback@@QEAA@XZ
??1CStack@@QEAA@XZ
??1CThread@@UEAA@XZ
??1CThreadEvent@@QEAA@XZ
??1CThreadFullMutex@@QEAA@XZ
??1CThreadLocalBase@@QEAA@XZ
??1CThreadMutex@@QEAA@XZ
??1CThreadRWLock@@QEAA@XZ
??1CThreadSemaphore@@QEAA@XZ
??1CThreadSyncObject@@QEAA@XZ
??1CVProfManager@@QEAA@XZ
??1CVProfNode@@QEAA@XZ
??1CVProfile@@QEAA@XZ
??1CVProfileArray@@QEAA@XZ
??1CValidator@@QEAA@XZ
??1CWorkerThread@@UEAA@XZ
??4?$AssertMsgHelper@$00@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$00@@QEAAAEAV0@AEBV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@AEBV0@@Z
??4CAdHocValidation@@QEAAAEAV0@AEBV0@@Z
??4CStack@@QEAAAEAV0@AEBV0@@Z
??4CThreadLocalBase@@QEAAAEAV0@AEBV0@@Z
??4CTier0@@QEAAAEAV0@$$QEAV0@@Z
??4CTier0@@QEAAAEAV0@AEBV0@@Z
??4CVProfileArray@@QEAAAEAV0@AEBV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@$$QEAV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@AEBV0@@Z
??4CValidator@@QEAAAEAV0@AEBV0@@Z
??7CThreadSyncObject@@QEBA_NXZ
??BCThreadSyncObject@@QEAAPEAXXZ
??_7CAdHocValidation@@6B@
??_7CAdHocValidation_SimpleCallback@@6B@
??_7CThread@@6B@
??_7CWorkerThread@@6B@
??_FCThreadEvent@@QEAAXXZ
??_FCThreadFullMutex@@QEAAXXZ
?Add@CStack@@QEAAX_K@Z
?AddBudgetGroupName@CVProfile@@IEAAXW4EVProfBugdetGroup@@HPEBD@Z
?AddProfileForThread@CVProfManager@@QEAAPEAVCVProfileThreadEntry@@PEAVCVProfile@@II@Z
?AddToTotal@CValidator@@QEAAX_K@Z
?AddValidationLock@CValidator@@QEAAXPEAVCThreadMutex@@@Z
?AllocVProfNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV1@PEBDPEAV2@W4EVProfBugdetGroup@@@Z
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?AssertOwnedByCurrentThread@CThreadFullMutex@@QEAA_NXZ
?AssertOwnedByCurrentThread@CThreadMutex@@QEAA_NXZ
?AssertUseable@CThreadSyncObject@@IEAAXXZ
?AtRoot@CVProfile@@QEBA_NXZ
?BCountingOnly@CValidator@@QEAA_NXZ
?BExcludeAllocationFromTracking@CValidator@@AEAA_NPEBDH@Z
?BHasValidThreadID@CThread@@QEBA_NXZ
?BIsProfilePtrValid@CVProfManager@@QEAA_NPEAVCVProfile@@@Z
?BIsProfilingAllThreads@CVProfManager@@QEAA_NXZ
?BIsValid@CThreadLocalBase@@QEBA_NXZ
?BLockForReadNoWait@CThreadRWLock@@QEAA_NXZ
?BMemLeaks@CValidator@@QEAA_NXZ
?BProfileHasNodesOutsideBudgetGroup_Recursive@CVProfile@@IEAA_NPEAVCVProfNode@@H@Z
?BoostPriority@CWorkerThread@@QEAAHXZ
?BudgetGroupNameToBudgetGroupID@CVProfile@@QEBA?AW4EVProfBugdetGroup@@PEBD@Z
?CalcStackDepth@CThread@@QEAA_KPEAX@Z
?CalculateCRC@CStack@@QEAAXXZ
?Call@CWorkerThread@@IEAAHII_NP6AIIPEBQEAXHI@Z@Z
?CallMaster@CWorkerThread@@QEAAHII@Z
?CallWorker@CWorkerThread@@QEAAHII_N@Z
?Check@CThreadEvent@@QEAA_NXZ
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
?ClaimConnection@CValidator@@QEAAXI@Z
?ClaimMemory@CValidator@@QEAAXPEBX@Z
?ClaimMemory_Aligned@CValidator@@QEAAXPEBX@Z
?ClaimOsFile@CValidator@@QEAAXPEAX@Z
?ClaimSocket@CValidator@@QEAAX_K@Z
?ClaimTrackedKey@CValidator@@AEAAXPEAVCTrackItems@@PEAXPEA_K@Z
?ClaimUntrackedMemory@CValidator@@QEAAX_K@Z
?CleanupUnusedProfiles@CVProfManager@@QEAAXXZ
?CreateBudgetGroups@CVProfile@@IEAAXXZ
?CreateSimpleThread@@YAPEAXP6AIPEAX@Z0PEAII@Z
?DeleteProfile@CVProfileThreadEntry@@QEAAXXZ
?DestructAndFreeNodesExceptRoot@CVProfile@@IEAAXXZ
?DiffAgainst@CValidator@@QEAAXPEAV1@@Z
?DoValidate@CAdHocValidation_SimpleCallback@@MEBAXAEAVCValidator@@@Z
?Dump@CVProfile@@IEAAXPEBDZZ
?DumpAllThreadProfiles@CVProfManager@@QEAAXH@Z
?DumpNodes@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpProfile@CVProfileThreadEntry@@QEAAXH@Z
?DumpSingleNode@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpSorted@CVProfile@@IEAAXPEBDNP6A_NAEBUTimeSums_t@@1@ZH@Z
?EnableDumpSpikes@CVProfManager@@QEAAXH@Z
?EnterScope@CVProfNode@@QEAAXPEAX@Z
?EnterScope@CVProfile@@QEAA_NPEBDW4EVProfBugdetGroup@@PEAX@Z
?ExitScope@CVProfNode@@QEAA_NXZ
?ExitScope@CVProfile@@QEAAXXZ
?Finalize@CValidator@@QEAAXXZ
?FindNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV2@PEBD@Z
?FindObject@CValidator@@QEAAPEAVCValObject@@PEAX@Z
?Get@CThreadLocalBase@@QEBAPEAXXZ
?GetAllThreadProfiles@CVProfManager@@QEAAXPEAVCVProfileArray@@@Z
?GetBudgetGroupColor@CVProfile@@QEAAXW4EVProfBugdetGroup@@AEAH111@Z
?GetBudgetGroupID@CVProfNode@@QEBA?AW4EVProfBugdetGroup@@XZ
?GetBudgetGroupName@CVProfile@@QEBAPEBDW4EVProfBugdetGroup@@@Z
?GetCPUInformation@@YAAEBUCPUInformation@@XZ
?GetCallHandle@CWorkerThread@@QEAAPEAXXZ
?GetCallParam@CWorkerThread@@QEBAIXZ
?GetChild@CVProfNode@@QEAAPEAV1@XZ
?GetClientData@CVProfNode@@QEBAHXZ
?GetCount@CVProfileArray@@QEAAHXZ
?GetCubTotal@CValidator@@QEAA_JXZ
?GetCurCalls@CVProfNode@@QEBAHXZ
?GetCurTime@CVProfNode@@QEBANXZ
?GetCurTimeLessChildren@CVProfNode@@QEAANXZ
?GetCurrentCThread@CThread@@SAPEAV1@XZ
?GetCurrentNode@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetCurrentScope@CVProfNode@@QEAAPEAXXZ
?GetCurrentScope@CVProfile@@QEAAPEAXXZ
?GetFrameTimeOutsideBudgetGroup_Recursive@CVProfile@@QEAANPEAVCVProfNode@@W4EVProfBugdetGroup@@@Z
?GetName@CThread@@QEAAPEBDXZ
?GetName@CVProfNode@@QEAAPEBDXZ
?GetNumConnections@CValidator@@QEAA_KXZ
?GetNumFrames@CStack@@QEBAHXZ
?GetNumOsFiles@CValidator@@QEAA_KXZ
?GetNumSockets@CValidator@@QEAA_KXZ
?GetOrigNameAddress@CVProfNode@@QEAAPEBXXZ
?GetParent@CVProfNode@@QEAAPEAV1@XZ
?GetPeakFrameTime@CVProfile@@QEBANXZ
?GetPeakTime@CVProfNode@@QEBANXZ
?GetPrevCalls@CVProfNode@@QEBAHXZ
?GetPrevTime@CVProfNode@@QEBANXZ
?GetPrevTimeLessChildren@CVProfNode@@QEAANXZ
?GetPriority@CThread@@QEBAHXZ
?GetProfile@CVProfNode@@QEAAPEAVCVProfile@@XZ
?GetProfile@CVProfileArray@@QEAAPEAVCVProfile@@H@Z
?GetProfile@CVProfileThreadEntry@@QEAAPEAVCVProfile@@XZ
?GetResult@CThread@@QEBAHXZ
?GetRoot@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetSibling@CVProfNode@@QEAAPEAV1@XZ
?GetSubNode@CVProfNode@@QEAAPEAV1@PEBDW4EVProfBugdetGroup@@@Z
?GetThreadEntry@CVProfile@@QEAAPEAVCVProfileThreadEntry@@XZ
?GetThreadHandle@CThread@@QEBAPEAXXZ
?GetThreadID@CVProfile@@QEAAIXZ
?GetThreadID@CVProfileThreadEntry@@QEAAIXZ
?GetThreadId@CThread@@QEBAIXZ
?GetThreadName@CVProfile@@QEAAPEBDXZ
?GetThreadProc@CThread@@EEAAP6AIPEAX@ZXZ
?GetThreadRunningRef@CVProfileThreadEntry@@QEAAIXZ
?GetTimeLastFrame@CVProfile@@QEBANXZ
?GetTotalCalls@CVProfNode@@QEBAHXZ
?GetTotalTime@CVProfNode@@QEBANXZ
?GetTotalTimeLessChildren@CVProfNode@@QEAANXZ
?GetTotalTimeSampled@CVProfile@@QEBANXZ
?Handle@CThreadSyncObject@@QEAAPEAXXZ
?Init@CThread@@MEAA_NXZ
?IsAlive@CThread@@QEBA_NXZ
?IsClaimed@CValidator@@QEBA_NPEBX@Z
?IsCreator@CThreadFullMutex@@QEBA_NXZ
?IsEnabled@CVProfile@@QEBA_NXZ
?IsThreadRunning@CThread@@MEBA_NXZ
?IsValid@CThreadSyncObject@@QEBA_NXZ
?Join@CThread@@QEAA_NI@Z
?Lock@CThreadFullMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEBAXXZ
?Lock@CThreadSpinLock@@AECAXI@Z
?LockForRead@CThreadRWLock@@QEAAXXZ
?LockForRead@CThreadRWLock@@QEBAXXZ
?LockForWrite@CThreadRWLock@@QEAAXXZ
?LockForWrite@CThreadRWLock@@QEBAXXZ
?MarkFrame@CVProfNode@@QEAAXXZ
?MarkFrame@CVProfile@@QEAAXPEBD@Z
?NGetPC@CStack@@QEBA_KH@Z
?NumFramesSampled@CVProfile@@QEBAHXZ
?OnExit@CThread@@MEAAXXZ
?OnFrameCompleted@CVProfileThreadEntry@@QEAAXXZ
?OnNewFrameEntered@CVProfileThreadEntry@@QEAAXXZ
?OutputReport@CVProfile@@QEAAXHPEBDH@Z
?PMEEnable@CVProfile@@QEAAX_N@Z
?PMEInitialized@CVProfile@@QEAAX_N@Z
?PValObjectFirst@CValidator@@QEAAPEAVCValObject@@XZ
?Pause@CVProfNode@@QEAAXXZ
?Pause@CVProfile@@QEAAXXZ
?PeekCall@CWorkerThread@@QEAA_NPEAI@Z
?Pop@CValidator@@QEAAXXZ
?Print@CStack@@QEBAXP6AXHPEBUPrintFrame@1@PEAX@Z1@Z
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?RegisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?Release@CThreadFullMutex@@QEAA_NXZ
?Release@CThreadSemaphore@@QEAA_NJ@Z
?RenderLeaks@CValidator@@QEAA_N_K@Z
?RenderObjects@CValidator@@QEAAX_K@Z
?Reply@CWorkerThread@@QEAAXI@Z
?Reset@CStack@@QEAAXXZ
?Reset@CThreadEvent@@QEAA_NXZ
?Reset@CVProfNode@@QEAAXXZ
?Reset@CVProfile@@QEAAXXZ
?ResetPeak@CVProfNode@@QEAAXXZ
?ResetPeaks@CVProfile@@QEAAXXZ
?Resume@CThread@@QEAAIXZ
?Resume@CVProfNode@@QEAAXXZ
?Resume@CVProfile@@QEAAXXZ
?Set@CThreadEvent@@QEAA_NXZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?SetAllocSizeFilter@CValidator@@QEAAXH@Z
?SetClientData@CVProfNode@@QEAAXH@Z
?SetCurFrameTime@CVProfNode@@QEAAXK@Z
?SetDumpFunc@CVProfile@@QEAAXP6AXPEBD@Z@Z
?SetDumpSpikesThreshold@CVProfileThreadEntry@@QEAAXH@Z
?SetExitQuietly@CThread@@QEAAXXZ
?SetName@CThread@@QEAAXPEBD@Z
?SetPriority@CThread@@QEAA_NH@Z
?SetThreadEntry@CVProfile@@QEAAXPEAVCVProfileThreadEntry@@@Z
?SetTrace@CThreadFullMutex@@QEAAX_N@Z
?SetTrace@CThreadMutex@@QEAAX_N@Z
?Sleep@CThread@@SAXI@Z
?Start@CThread@@QEAA_N_K@Z
?Start@CVProfile@@QEAAXXZ
?StartProfiling@CVProfileThreadEntry@@QEAAXMH@Z
?StartProfilingAllThreads@CVProfManager@@QEAAXMH@Z
?StaticValidateAll@CAdHocValidation@@SAXAEAVCValidator@@@Z
?Stop@CThread@@QEAAXH@Z
?Stop@CVProfile@@QEAAXXZ
?StopProfiling@CVProfileThreadEntry@@QEAAXXZ
?StopProfilingAllThreads@CVProfManager@@QEAAXXZ
?SumTimes@CVProfile@@IEAAXPEAVCVProfNode@@H@Z
?Suspend@CThread@@QEAAIXZ
?Term@CVProfile@@QEAAXXZ
?Terminate@CThread@@QEAA_NH@Z
?ThreadExceptionWrapper@CThread@@CAXPEAX@Z
?ThreadGetProcessExitCode@@YA_NPEAXPEAH@Z
?ThreadProc@CThread@@CAIPEAX@Z
?ThreadTerminateProcessCode@@YA_NPEAXH@Z
?TryLock@CThreadFullMutex@@QEAA_NI@Z
?TryLock@CThreadMutex@@QEAA_NH@Z
?TryLock@CThreadMutex@@QEBA_NXZ
?Unlock@CThreadFullMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEBAXXZ
?UnlockRead@CThreadRWLock@@QEAAXXZ
?UnlockRead@CThreadRWLock@@QEBAXXZ
?UnlockValidationLocks@CValidator@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEBAXXZ
?UnregisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?UsePME@CVProfile@@QEAA_NXZ
?Validate@CVProfManager@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfNode@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfile@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CValidator@@QEAAXAEAV1@PEBD@Z
?ValidateGlobals@CTier0@@SAXAEAVCValidator@@@Z
?Wait@CThreadSyncObject@@QEAA_NI@Z
?WaitForCall@CWorkerThread@@QEAA_NIPEAI@Z
?WaitForCall@CWorkerThread@@QEAA_NPEAI@Z
?WaitForCreateComplete@CThread@@AEAA_NPEAVCThreadEvent@@@Z
?WaitForRead@CThreadRWLock@@AEAAXXZ
?WaitForReply@CWorkerThread@@IEAAHIP6AIIPEBQEAXHI@Z@Z
?WaitForReply@CWorkerThread@@QEAAHI@Z
?Yield@CThread@@SAXXZ
?g_bInException@@3_NC
?s_pFirst@CAdHocValidation@@0PEAV1@EA
AllocateCrashMemoryReserve
AreStackTrackingFiltersEnabledAtStart
AssertMsgImplementationF
AssertMsgImplementationPreformatted
AssertMsgImplementationV
BBlockingGetMiniDumpLock
BGetLocalFQDN
BGetMiniDumpLock
BThreadFileIOAllowed
BWritingFatalMiniDump
BWritingMiniDump
BWritingNonFatalMiniDump
CVProfile_ExitScope
CallAssertFailedNotifyFunc
CallFlushLogFunc
CatchAndWriteMiniDump
CatchAndWriteMiniDumpEx
CatchAndWriteMiniDumpExForVoidPtrFn
CatchAndWriteMiniDumpExReturnsInt
CatchAndWriteMiniDumpForVoidPtrFn
ClearStackTrackingFilters
ClearWritingMiniDump
CopyFileUTF8
CrackSmokingCompiler
CreateDirectoryUTF8
CreateFileUTF8
CreateProcessUTF8
CreateSimpleProcess
DLog
DWarning
DeclareCurrentThreadIsMainThread
DeleteFileUTF8
DoNewAssertDialog
ETWBegin
ETWEnd
ETWIsTracingEnabled
ETWMark
ETWMark1I
ETWMark1S
ETWMark2I
ETWMark2S
ETWMark3I
ETWMarkPrintf
ETWOverlayFrameMark
ETWRenderFrameMark
ETW_Steamworks_DispatchCallback_End_
ETW_Steamworks_DispatchCallback_Start
ETW_Steamworks_IPCRecv_End_
ETW_Steamworks_IPCRecv_Start
ETW_Steamworks_IPCSend_End_
ETW_Steamworks_IPCSend_Start
ETW_Steamworks_RunCallbacks_End_
ETW_Steamworks_RunCallbacks_Start
ETW_Streaming_SendPacket
EnableCrashingOnCrashes
EnsureValidBoolValue
Error
FreeCrashMemoryReserve
GetAvailableRAM
GetBinaryTypeUTF8
GetCRunTimeVersion
GetCrashHandlerFactory
GetCurrentDirectoryUTF8
GetFileAttributesUTF8
GetFullPathNameUTF8
GetInstalledRAM
GetLocalHostname
GetMiniDumpBuildID
GetMiniDumpDirectory
GetMiniDumpSteamID
GetModuleFileNameUTF8
GetNumberOfSpewAndLogGroups
GetNumberOfStackTrackingFilters
GetPortableSystemInformation
GetShortPathNameUTF8
GetSpewAndLogLevel
GetSpewAndLogLevelByGroupIndex
GetSpewOutputFunc
GetStackTrackingFilter
GetTempFileNameUTF8
GetTempPathUTF8
HasStackTrackingFilters
InitPME
InitializeStackTrackingFilters
Is64BitOS
IsInAssert
IsInFatalAssert
IsLogActive
IsSpewActive
IsStackTrackingFiltered
IsValidBoolValue
LoadLibraryUTF8
Log
MiniDumpUnlock
MoveFileExUTF8
MoveFileUTF8
Msg
OutputDebugStringUTF8
Plat_AbsoluteTime
Plat_AbsoluteTimeToFloat
Plat_Alloc
Plat_AttachDebuggerToProcess
Plat_CommandLineParamExists
Plat_CommandLineParamValue
Plat_EventActivityIdControl
Plat_EventRegister
Plat_EventUnregister
Plat_EventWriteTransfer
Plat_ExitProcess
Plat_FloatTime
Plat_Free
Plat_GetExecutablePath
Plat_GetExecutablePathUTF8
Plat_GetPOSIXClockSource
Plat_GetProcessArgv
Plat_GetStackBackTrace
Plat_IsChromeOS
Plat_IsGamescope
Plat_IsInDebugSession
Plat_IsSteamConsoleMode
Plat_IsSteamDeck
Plat_IsSteamOS
Plat_IsSteamOS3
Plat_IsTesla
Plat_IsWSL
Plat_MSTime
Plat_MSTime64
Plat_OutputDebugString
Plat_OutputDebugStringRaw
Plat_Realloc
Plat_RelativeTickFrequency
Plat_RelativeTicks
Plat_TickAddMicroSec
Plat_TickDiffMicroSec
Plat_TickDiffMilliSec
Plat_USTime
Plat_VirtualAccessFlags
Plat_VirtualAlloc
Plat_VirtualFree
Plat_VirtualProtect
Plat_asctime
Plat_ctime
Plat_daylight
Plat_gmtime
Plat_localtime
Plat_timegm
Plat_timezone
RealGetCallStack
RealPrintCallStack
RealPrintRawCallStack
ReleaseThreadHandle
RemoveDirectoryUTF8
ReplaceFileUTF8
RunTypeValidationTests
SHGetFolderPathUTF8
SecureRandomBytes
SetAssertDumpStack
SetAssertFailedNotifyFunc
SetCurrentDirectoryUTF8
SetEnvironmentVariableUTF8
SetFileAttributesUTF8
SetFlushLogFunc
SetFullMemoryDumpOnCrash
SetInAssert
SetInFatalAssert
SetMiniDumpAppID
SetMiniDumpBuildID
SetMiniDumpCustomInfo
SetMiniDumpProcessNameOverride
SetMiniDumpSteamID
SetStackTrackingFilter
ShouldUseNewAssertDialog
ShutdownPME
SpewActivate
SpewAndLogActivate
SpewAndLogChangeIfStillDefault
SpewChangeIfStillDefault
SpewOutputFunc
SpewWrittenMiniDumps
TSListBase_Init
TSListBase_Pop
TSListBase_Push
TSListBase_SwapList
TSListBase_UnsafePeek
TSQueueBase_Init
TSQueueBase_Pop
TSQueueBase_Push
TSQueueBase_UnsafeDummy
TSQueueBase_UnsafePeek
TSQueue_PopIntoFreeList
TSQueue_UnsafeDebugCheck
ThreadCloseProcess
ThreadFindProcessByName
ThreadGetCurrentHandle
ThreadGetCurrentId
ThreadGetCurrentProcessHandle
ThreadGetCurrentProcessId
ThreadGetCurrentRunningRef
ThreadGetPriority
ThreadGetProcessExitCode
ThreadGetProcessId
ThreadImplOneTimeInit
ThreadInMainThread
ThreadInterlockedAssignIf128
ThreadInterlockedAssignPointerIf
ThreadInterlockedCompareExchangePointer
ThreadInterlockedExchangePointer
ThreadIsProcessActive
ThreadIsProcessIdActive
ThreadIsThreadRunning
ThreadOpenProcess
ThreadResumeProcess
ThreadSetAffinity
ThreadSetBackgroundPriority
ThreadSetDebugName
ThreadSetFileIOAllowed
ThreadSetPriority
ThreadShellExecute
ThreadShellExecuteNoWindow

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Order Specifications/vcruntime210.dll
Order Specifications/vstdlib_s64.dll
.dll windows:6 windows x64 arch:x64

4d3cb8af220195b0088e2fe8b19ec7f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

rUR=?B&2(,_n\-`L9S`$)fz'gF^/E_`v4z^RNM|_iTH7jx\3w_F$6K?J~*H&Fa~w|%tF&%qBl[cPrYKj

Imports

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW

bcrypt

BCryptGenRandom

kernel32

TlsFree
TlsSetValue
SetLastError
CreateProcessW
GetLastError
WaitForSingleObject
CloseHandle
LocalFree
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
VirtualAllocEx
FreeConsole
GetModuleHandleW
VirtualProtect
FormatMessageW
GetCPInfoExW
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
K32EnumProcessModulesEx
IsWow64Process
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
CreatePipe
GetCurrentProcess
GetConsoleCP
CloseThreadpoolIo
GetCurrentProcessId
RaiseFailFastException
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentThread
Sleep
DeleteCriticalSection
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
QueryPerformanceCounter
InitializeCriticalSection
InitializeConditionVariable
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForMultipleObjectsEx
GetCurrentThreadId
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CancelIoEx
CancelSynchronousIo
CreateIoCompletionPort
CreateDirectoryW
CreateFileW
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
OpenThread
QueryUnbiasedInterruptTime
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcessorNumberEx
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
FlushInstructionCache
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlLookupFunctionEntry
InitializeSListHead

ole32

CoGetApartmentType
CoUninitialize
CoTaskMemFree
CoWaitForMultipleHandles
CoCreateGuid
CoInitializeEx
CoTaskMemAlloc

user32

LoadStringW

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

fmod
modf
tan
ceil
cos
nan
floor
pow
sin

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s
strcmp
_stricmp
wcsncmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
terminate
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
abort
_crt_atexit
_cexit
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
__acrt_iob_func
__stdio_common_vfprintf

Exports

Exports

04nglcK4phHcvs7ppwuHP1E8WFefk
05qbTLx
0BYTt5xBSPXHRVonhDArfJHcQyMoSkiu
0F8s7dOl6iUP2yHq4mi
0FYHGPm
0LuAJIR
0Sxn0fxvAy4GRblYzxXWIfdGrIsi1
0WiM1Qj
0YWjxtNhi1ru1JIl
0ZdMcACxYm6KeMr
0aqfx5EdmP62zLgPu8MUdPdzQ
0cmH3fM9gcEF0xU
0hBhSF6xeXkZk0X9wbA1apSMlo6trVj
0kMOiYwMMKSahPRPJP6o
0tJVf86QJtoIBqNglUedCTqQR2jS
0uK85RXxbBH3O3ow0puj4r1mJOd
0zhttTHOgafPmU
10xHQqfrqXWS
12aBxwt5zho3OTzrK8QH
14zx4LHjQbBj2FyT
15XiEJt1yMDCezwaKDrbEUeMIth
15jJ30finavgMuhme1Tu4JzVLBJ8sz1Q
17T8SJllpUDiLiVAgn
18dLFPEc2oLMa8ratlSN7HypTOxiLw
1DtccAiJ3PFN
1JNMJfyQil7ZCaSznYVvBX
1KdQonyI5Jg8XrXYq5tT5OzlniVA
1P2CIqAwN79LmKyg2qEkVriRm0n
1QHeP31pIn
1SaEBA08CVVg9cAFdkqiB4YrBuT
1VhD5TAf
1WmfonWfccJrd8ozMzVM
1Y1wzIyIeQTmBEwMr6VW4WlN8vqnVA5
1aqAPcCnhSndORx3iWOvzLp8ff4c
1fOP8jCiPFL2suldus8f1
1g2x6WHjgKbdhPobBdnH5Z
1gAdbMrksgWI3rj3GN6HinCFci
1ghGs3MQv3AKEjCuOcCNbwb0
1gkeMi8xBUA
1jtGba8dKVEEudRIhZjsh
1mDNWVMx3b3aH8UVMgxG44wRUEuYu
1mJJpBnbK4MyKNYSlXcpGIrjGtRQBN
1obR5nT0iEfXWr31pb1dhtj
1pvgTYyBvaOfAMLaGv04wANzSD
1qmblPSew5bhAqBKOU9XA6o0XPqe2ny
1tN6OeXZOxn
1zCnvprD7dxfzL2txmhXd8o4hL8Kp
23I35ACryhzUiaVB1fSJ7modgf
26lrxY20UaNY5CaS1DN58p1
27iI1fnL5zp8ILhw8IejgMnhh8Uxw
28fCbVfnol3eMa6uyHn7Rtg
2Ee0Bs6gZyfSsgquEnY2rNE
2Eh5jVXvUhx0t9fJ7luJ
2Hkj7vzFQXEB7ySmKL
2KDdmg9U
2KaLSUKRT6K2yIT4y9
2Np9GBboLNsujdrb5d
2PkzrMR
2RNzr9hzVZWG5CCCbsgEPMb0SipGm
2Th2fP12Eru
2b8kTbWllAoHWLnfG8LD2
2bV7z6AnjFqgolx
2i460FU6GtMFtpdE5kZdtzQV
2iBfl7sdx6LPgjhWruwYNU
2iEWOP53Vm9KfJBggNxG6DhqkERcQ
2jGZ4gSV42s
2nXivqdI
2ndrdXUKLIbC4gMN54w8mc
2o0K0SgbDwG9hlflm1K
2sNJBvO2mbYiDw
2uCe5fnNodetPWunL6
31N0TvwLSNFOsxdvswvlQyyR55eK4
325ADgxE21jORAtHKXs2Nyvsn43SE
33ANidV7JzCI9eANY9Pc6m
39kaLk0x
3BQysjCj10XXI8YAI2w2Nkuumc
3G2313c3yHP6PdgDzAyiqQ3
3KXbXoXMwVIgMb7SOlkr2aJbMW
3YPbUc53q
3ZXFziSbiQbMxiw
3cg4y11W67UsSgJi4n6ZMWToXT
3gmQQcCYMw2B
3hEFX0F7XTVr
3xL9z079Of1xKHHw
3yv4JLmhuQjXwkRkukUP8Z
40RGJVBvoJqL2xOemcu13FunKKM8ho
41CIUN6zp0xXR8hNtjW5au4
43VUW2cMO0B0F7Y88YlQpFqWxRYA
478hp3RVQyvqRkUk1bfSibOct2n
49EVFUkQ8VVOENezHdjxHt
49mtlOD2Mcfr
4ADtObKWd7W7LEggVC
4GTgtEzUis6mAiRxpi0DS
4JHjIVSw8mHdzYG2KqtZoXohU5SM8
4MYTbI8h
4OO2uROwGEpyNPAfjhnI5XzoJQ9SoY
4PXawBTGB31TJE3A3i
4PdOGTPp3P5qwvtNWC
4TcdblIG4NTqoVyWI7ZK2hr5sjW8f5
4U8gTT3aI2zXqMdkmOQLvcS66
4Wa63K9PQ254
4Xb6Lgj4vtPs0mNVe2Y7K
4d63wrK5Knijp8SEuBzUBsTmnz
4fustZgsOEqY
4hHLbCy1qMbMqOisiQ
4jAvlpZOe
4jGL9uaOQhHxJhraCtrN
4tpaLoc
4ub7Y7ar3
4woxbH3F5jITofhbhCdvwA
4xRG5qWcBvYJwx
50RnU73Yya36QP1O2bvUfteeBCQ4dYT
52po61SlfBYoha2dAEELrtXoP
54UWPROwWN5pcr6iV
56UDNNQZx
5CVHOk76m9XuJkX5k38XHb
5EafTDx
5IbphcZltaQj8TER03TQHoDhwYZG
5Kbb6FcT
5Kn7VD0R4l153h44FaWcB2TqKG
5Lp4J76nqIxpIfseWRug3EU95knw
5MXYfi3gftfTqCibhr1
5OBCjdf26QFHBfGp
5Tt6Ecor80Yf6GwvMI463xoP7V4
5VNOzCbSrJlN3a4X2V9X2jjmgRjzL
5VOjeFyO
5bA1LxjBI2C7U
5dM2FBRE0lRCeBIsoypougBgSwJ1fr
5e3blLAeUVOpRCIzjdRM
5fBbJadqMG6c
5j8i3tCL9Dn0dUXrwYTX
5jKCg0hV
5jVgpzytJ
5jiosUJnyHXB
5kMrVFF0TLD6HTN61CBNzB
5nydcaQF9
5oGCtTy0
5uFQDasjwfTwMRqUceRk3uE9M
5utkehTvo
5yGQqWEKS9z
5yRBle1v6lXtEzTYVc6l
5zYRJrcJy3wE1WX
62E5bP5fPpnV6dKfGevyvp23Gc
62clC7aXXHwZTD
66rauQ3g47WPlU88OpGdZhD
6BF4Virvz1INR08GpmCWOYhHW09rz22
6CEVKLbIhFSprgdKvE7tKHOA7lxMQ
6CcosMhwBssYVfXouBkk
6GSgtDVBSVYekyMeC
6JmLPuxi0
6K0rgir3fMdm7CQhNTR2L0JLzmCD19
6M4daPeyoqkqqeboN1c11DznBL
6MEhV2jrd1sIg
6P1muPw
6T0gCU76Fwc
6U9vH6pBxbi4O3ceEU0
6X4aHHXhI61wgTJEW0
6XlTAwHG6iVf574UIXPRFg8ilPNEcI
6am4yIWyL0uo2SPdSWXQJ
6c8nHcdULoVgrlA21KKAS47TG
6eV3QoXdUEFce
6jQcEOzarvFPuBRPOmkSQaYBLUym
6jik2y9uYXCNpbJLKTnsumi
6jlwiAj8BzkCdlWbSykJUPe9kzq
6nCN5lmlb0Iy2lqA
6qbsekFxe6N8VPi739AidGaW8s
6swN6I6UgF0GCG3Lq9qFwXryU0
6xZggWfewVzJb2LnjtzmRA
6xvD2196NZcssD7RsITgA
72pVIDQ4
74jx9vJRYjX66HSGozNjYer0PF
76aQe6H60b
7B51ZxDSZpfSqBnYVi
7C8ZXvPWrRo2Q0YvXML6bh9SOgxYm9o
7FGyUTSP7IuBOs3QmD
7Fxb9xKyWJt7Yyi3uv4Kx
7GA0oNcLgazNz6NQ7SAnXM8mb
7ReaWeWjEqCCNBF
7Rzh67ZJtsJdtcAI5d
7VG6jxqTtWAUhDvb99a
7XV0WkgSmuuIfA082n8V0
7YamQbmJDv4XzDW09nxex
7YzpJQLRPoGLJakr88Sp
7b3qu9Lsg6xQoUsmrQov52hl9
7b5e4zIGW1zKd
7fdOXmdS3cOMZqVXvna5wGf
7iFIOyPXC3MuhkWiXnnUZ
7kKxYau7eZgdFXLxf
7kUtsepevH63hAN7yTW3AAsVdjkbV
7mQO8LXNz8L7HTtiZ59dVDrQKhgcnNhm
7pZhaE1PWy5n9NH3jlt4zwG5AyHaOt
7pnih0QgWmIzyOFZd6i1LVgOK9
7sQzuU9FXdcnBzGJkVwT9sFoKBp
7vB7FJez5F4nchShSTx
7xeDGCqtX
80fSNcjVLoexP4Hkz7xYBLl2K
82fPp9VU
83k2J785esUn
85IPPcyabCYqDYT0
87uR0L4bCFG72BnOtwDt1WifT7YJ6
88sBVk7aZHQlKF0SaMpC4Xr2saCd
89OHAwGnXCJ84On5adNs
8ABcorQCFdI
8AyJQ8t
8Cn4QMjtFSCBt8RmM2VRwcMa
8Fz70q6
8K0qwJDjFmCf1JEQqswcY
8LRN6uqC0ttnjesTpTszH5hHlCU5q
8LXOlxc3A73d8kMYasNUSpz
8MM7WBO7YS4OZJP
8NF2Hw82kN02ILETWPEzaJP88eMneY
8NboeZ4WTWMRr5ueWng114X479LCxo
8TH5WjDCmM2VC90sOEZDNPVxTXFq7
8THxnzQxkd362Klse
8Yhgwon4zR
8ZWEAYpL3l5SD9iwweh150ieR
8aBTK0Xx8TcmoiEgokPM
8bFFY93
8eEwMje
8govvndVB
8iWu1HMfXQ
8jkB1ZU7SXWoBYq3nxKnUTc
8l0d4qOiYFRBKWWO0mJFsnW4phew
8mTYFfgkMGO1ygA4
8n4B7z2jtaXFrqB9oMb
8sqqQxgDx22tP3mZcHFDge1MthClC
8y2USEUuM12QiMCGah
96N0FgPs
979WMPKYtGBE8KnOYG
99piTav8qaqJsPXIRf7VQX2
9CqO1pq5pafvpoZHoQIuZP3zeyuse
9HapH3tmbcJ8
9KDCAKDYYsEPWUXWX00THMUkJQYv8m
9MbQSyz7
9O31DLbDjcrRmF79PRiK
9SgiEZSLKyREQ
9Xy0Jro7Som9YlWb82d6sK
9dXq0Eqwlv8BwkmThdJx2P
9dtkcxmIx
9e6JxCT9A
9ed6hRKwVImIvzaV8qGKfq
9pnVX722qYeH1D
9xCLtC5yj
9ylmHUEC4Xk6DwNKswGshcX
??0CCommandLineParam@@QEAA@PEBD0@Z
??0CGaussianRandomStream@@QEAA@PEAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QEAA@$$QEAV0@@Z
??0CUniformRandomStream@@QEAA@AEBV0@@Z
??0CUniformRandomStream@@QEAA@XZ
??1CCommandLineParam@@QEAA@XZ
??4CGaussianRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CGaussianRandomStream@@QEAAAEAV0@AEBV0@@Z
??4CStringNormalization@@QEAAAEAV0@$$QEAV0@@Z
??4CStringNormalization@@QEAAAEAV0@AEBV0@@Z
??4CURLUtils@@QEAAAEAV0@$$QEAV0@@Z
??4CURLUtils@@QEAAAEAV0@AEBV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@AEBV0@@Z
??BCCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QEAAXXZ
?AttachToStream@CGaussianRandomStream@@QEAAXPEAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QEBA_NXZ
?FixupSeparatorScheme@CURLUtils@@SAXAEAVCUtlString@@@Z
?Fold@CStringNormalization@@SAHPEBGPEAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AEAAHXZ
?GetHParam@CCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
?GetValue@CCommandLineParam@@QEBAPEBDPEBD@Z
?Initialize@CStringNormalization@@SAXXZ
?IsTLD@CURLUtils@@SA_NPEBD@Z
?Normalize@CStringNormalization@@SAH_NPEBDPEADH@Z
?Normalize@CStringNormalization@@SAH_NPEBGPEAGH@Z
?RandomChar@CUniformRandomStream@@UEAADXZ
?RandomFillMemory@CUniformRandomStream@@UEAAXPEAX_K@Z
?RandomFloat@CGaussianRandomStream@@QEAAMMM@Z
?RandomFloat@CUniformRandomStream@@UEAAMMM@Z
?RandomInt@CUniformRandomStream@@UEAAHHH@Z
?SetSeed@CUniformRandomStream@@UEAAXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?V_ConvertStringToUUID@@YA_NPEBDW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertStringToUUID@@YA_NPEBGW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEADH@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEAGH@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAVCUtlStringBuilder@@PEBD_N@Z
?V_EscapeShellArgumentAndAppendPOSIX@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppendWin32@@YA_KPEAD_KPEBD@Z
?V_JoinNumbers@@YA?AVCUtlString@@DAEBV?$CUtlVector@HV?$CUtlMemory@H@@@@@Z
?V_JoinNumbersUint64@@YA?AVCUtlString@@DAEBV?$CUtlVector@_KV?$CUtlMemory@_K@@@@@Z
?V_JoinNumbersUint@@YA?AVCUtlString@@DAEBV?$CUtlVector@IV?$CUtlMemory@I@@@@@Z
?V_JoinStrings@@YA?AVCUtlString@@AEBV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@PEBD@Z
?V_ParseShellCommandLine@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLinePOSIX@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLineWin32@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_SplitString3@@YAXPEBDPEBQEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@2@Z
?V_SplitStringInternal@@YAXPEBDPEBQEBDQEAPEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
?V_UnicodeAdvance@@YAPEADPEADH@Z
?V_UnicodeAdvance@@YAPEAGPEAGH@Z
?V_UnicodeAdvance@@YAPEAIPEAIH@Z
?V_UnicodeCaseConvert@@YAHAEAV?$CUtlVector@GV?$CUtlMemory@G@@@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlString@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlStringBuilder@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBDPEADHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBGPEAGHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBIPEAIHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeLength@@YAHPEBD@Z
?V_UnicodeLength@@YAHPEBG@Z
?V_UnicodeLength@@YAHPEBI@Z
?V_UnicodeRepair@@YAHPEADW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAGW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAIW4EStringConvertErrorPolicy@@@Z
?V_UnicodeValidate@@YA_NPEBD@Z
?V_UnicodeValidate@@YA_NPEBG@Z
?V_UnicodeValidate@@YA_NPEBI@Z
?V_atoui128@@YA?AVuint128@@PEBD@Z
?V_stristr@@YAPEBDPEBD0@Z
?ValidateStatics@CStringNormalization@@SAXAEAVCValidator@@PEBD@Z
?ValidateStatics@CURLUtils@@SAXAEAVCValidator@@PEBD@Z
A2JhmI9iQHMMPH
A9BbFdAbeUQQrN7KNwCtI55lIG
A9aM3f3OVQlH4J
AD6ITqeFg1PAUWIJm0n
AE613tin6zYwEQKDzah
AHCbWk5E2BuAb5HkWpgMPnAc
AISMRxNkHpEeIY8GEs0hCAlPiKnel
ALHCcvxytqyc
ALJtdOibe5mwuhNha23MpGs15
ATCkPk2AYtT8MxyV6n
AWZ3N5Uk81nWO8GbprhLqa7Rt
AZM60Edy
AaOMvLw1aFis7Z8j2ufSkzJunvB
AahYQBohfUnKIjkRcZd0PttYZis6HiKt
AbGiCuuglvaKWIihJeP4Sg5Ul
AbZG88vMHGG8UNI9hw5T
AfW4cZXo8fBYE04LVIwyb6918qK2sV
AgW68WL6awqBZ3Ri
AjSfK2ZTBYE9dFJhsyfM1
Anbc3ZUdfmlAxllnbJS7Y0Rc99v9SSP
AoyNv69Z06KKAHEhkoXOj4ZWbU9C
ApH1HGHCwkzyafzK1KpKGk6Zi5f5
AqODOXJXro
AvUd3W5YOASYR
AwnXapUjLFit3HwOiwJCfOiuf
Ayfxigelv20ZlFB
B29J1pzEjeFouhk9MMPBnm0
B3yCCfNwIz
B4UjGJdbQy
B4bxdYlIvg
B5OktLAn0sQwYH7jkWUVqS2y6
B6al0QIZ
B8Ig2Br0nojs8Xkb1aofRI1J
BBb3fyMCfGsRjzXGpYTxUP2SUVObx
BCeLKGmRb3q2K6f6JgZN0I8
BEuuPwFKRzLE5mNnkpzVGqr7VT55Vs
BGsmCwxZ4zzv7RiQSWu
BHGi0ePh7YxqLGR94rdWmXqIJbXVgg
BHanIdeograph
BM8ZlJJjBfo1phqlA8akQoTS50eT
BMz2uyH0DmDn7ryFns64esbpu3UGHAy1
BVYRTpWTZ0CoX
BcbTB8B
BcdetOYi6EQvISDx
Bdcq1gikhh6qPJgkOH567KP1sRdZ
BfEsWTy1tPBNGTjY3GD
BfODCLE6Wbksb4UKU90ilrnG05T40ll
BkDfTYSy3rnx83VOq5hYXPqr5Th
BktjUobABiP
Bn1G52igUu
Bp0KZh9QQ7p6CLfAclyfHRGGP
BuZ4v5j
BwDMhjYGaE8R2OJA2joQjgCo6ZyKT
BxQGQtVe
BxihQQYttzkBJeY1ldQfLtbhf
BzcWHuhpG0a3J8elcy9xdo
C1yIyVOO5XYbfr0ZxXTbkNCiffTpGHI
C5Vacp54ifFjyhyHjpZ6P6eeRzGrDdhS
CAEbeBUUgXsbBf6FIm
CAJdKjbyXBuzkb7x7n7cAv1jttuCD
CAjbJKnlsY6hK6TztMRp7KeGtVYXY0
CCdYjO5
CFnZ5SFpu0Z
CHX8WqS2iYy9ceqU2zuBBJ8BnE
CLsrRv3M6sLcFDKtRn8Bf4
CP7fGifUIyWfP3
CX1UXOmFtz1MWCQ3cYfzvLB3jrk31MxI
CXQgrVSLaP8233mfDHlzbRhhMA8
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
Cc2SI6H6ER5LCH6v2pMO22axw
CgGrV7CbCAVUwPRRFMdPbAXr28oFLknn
ChhmvzFDOobydOVIxoO
CjzAbd883luTCCoTZXh7bnIGECI
Ck2CWHpznxTDlP
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
Cq4vBdhueZs22K
CreateInterface
CwRiOkRCM6WsU
CwxU1V4i9xEjGPN9xKuiC6S
Cx8uHZq8
CxSyXzqiaT5ncv
CyiTPLBkPFqjL8I
D4z4kfbInY
D8tmaMihm2zdZr0L83EoNF7WfO
D9cNAl4c0yBpNQva770SUdNH
DBFhGTMMF3RN0tQCfjx
DEm473Ki8Uaz
DJXwHTv4Jvc5nW0QqehX
DKKPN48t071lv
DLH5jeHS8eVc
DMQTwZNnJ6jh9bq2o5YHlPhA7acM
DNkwmIJLi
DQCweZoWOh6
DVl9TJj9EIbcnVrl5yPRikEE74M
DWwUqO4qhEl
DebugStatsSystem
DgQvYqBV9ly2Hc8Pg79SXzS
DgmT9NRvPyOESE
DgmWuW2t1NWC8s
Dk52pYwpe52mmitqrHdpVw
Dn1LhM7H04ntlnHkG2qFV0jj6dgMQ
DnxdsU0jeb8Aqkok
DvHHHVM31ibAPxoXP5qtxAFCW4
DxL8ed2yd
DyBFPGHbA8sezOREtYTThPE9vWP
E2Zv8se66nOighmoyRrvTf0q9lL
E2u6wQnahVv
E4c9ri7xwD7KHVCw4KOU
E5NW3jGqa8AvXSSLk7hf8d4kwlGS1aj
EAlW8bIdneGRKPmYyA0Fg4lDQ
ECG2MFxL4M2UIImRCaRiNUCKjn1UA6b
EEriB2r7o0BjkSzqhpJ
EExA0A8cCHf6Gdx4tQv
EIJU92ArAvjWGTruD5w10Tzip9Ti5V
ENkMSksNfcxfvtQWwYdB4ikP
EUwNLH4rdQc3vCFQSRgPyyS3L34Ud
EVsj2ugeJlLJHiXwU
EesIWDeiy4iCg57m
EgD5Qj7z9DWf
EhYjk0CTtqKzjhLuI63pLZnZ
EiMooTYup
EloID9y7ehPgPRx7WXZIOj
Ep3m1VEWGEoYGzjcdrLnAFVvH9tv3A
ErNUdGFyGVJUgACjRyCqdAdkToy
EtQBXl2kj8
EtRUe1QNxeGgpRoHgA1a87MPlcYpe4
EuJNmQzic
EwE1HDxfoZLM6qRA6P0qK
Ez5qZdG5AuG
F0PU9zXGjGrCQm
F1lXhAxu1a
F8FAMFTwzMKRQPF0pkk
FBhlXofyFk3yAn
FDrYbRm36kl5HjHcjNFM
FHKq8cbMc4fZ
FHerZkwn3da0wgWwmBOwvmYzyyy7
FI4dEvehn
FKTUFcGp84
FLP4Ugcb52
FOyKcAjwDgDg
FV0grmgh6Xhw4HTe
FXl84qZWSxWI7XFbVIX5I
FYwWaDBcVba7hyopboR39
FbAhIhewKvezBnPvam2DMS8w0v
Fi7aVNsy0mmD7h3OrhMjdj3kUUq2Hp4
Fj5LnHeIorj1eG
Fl7c0Jtwus
Fo58JF6PbAVjndoGNb8zwYYf
FoXi6YftsbBUeSBtnGIxL5U
FqKxZ7h7K914fO9FHyVAHqWN
FtLetVRddbS1BJkUCGY5Ui
FzdUHPr
G1BibH3ud3
G1bMJc1
G3MgDZE
G59CZ8gQypf8Io7LSR
G7VJSzhmJ2bNurIDbtu
GA2VcW3pu6
GAUUr6L
GBIfLA0EIW3tDEfHPP6KlZSp7nhvQY
GCxpzrFIwJYUrklzvI
GIuhqB7CPhHrywDn
GL1YSsCFBlInvu3cCON2uR
GMTOioRIJ64aN6njmR2xt0RYof3DPx
GPSMIr4FNPam
GQZ7fl3abph9sWkK
GV5F7FGwbd7TSllP

Sections

.text
Size: 467KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc84427dd015272779b3d034cd29d1bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72Certificate

Extended Key Usages

Key Usages

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0_s64

vstdlib_s64

psapi

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 2KB - Virtual size: 2KB

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72Certificate

Extended Key Usages

Key Usages

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

psapi

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 1.2MB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

4d3cb8af220195b0088e2fe8b19ec7f6

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39
Signer

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b
Signer

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 1.2MB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 467KB - Virtual size: 466KB

.managed
Size: 2.4MB - Virtual size: 2.4MB

hydrated
Size: - Virtual size: 1.2MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 16KB - Virtual size: 108KB

.pdata
Size: 203KB - Virtual size: 203KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 4KB - Virtual size: 3KB