fdcd11dcd6a96d4ddfefaef7a186277e84c147fa7e33c0994b2deb384e8d0487

Sharing

Copy URL

Twitter E-mail

General

Target

fdcd11dcd6a96d4ddfefaef7a186277e84c147fa7e33c0994b2deb384e8d0487
Size

4.6MB
MD5

5661a7ac136a1ff301eacdddda1d1743
SHA1

84b6a2934460af354ab0125c0775360699ea5021
SHA256

fdcd11dcd6a96d4ddfefaef7a186277e84c147fa7e33c0994b2deb384e8d0487
SHA512

7b5348c79b9b9117f71a245ef08d92e41ee37080202de4610ace16dd819e69db5e4830e485d2eca3da3ba0a2fdee599e8824eb795788d04d88e75206883963b1
SSDEEP

98304:CxC7eLLGccR/XQljKzt37waNGZrJcnJuV+epibG07wIzplmOBQ2b:CwXtQmzt37Or6YWG07wIqOx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vstdlib_s64.dll

Files

fdcd11dcd6a96d4ddfefaef7a186277e84c147fa7e33c0994b2deb384e8d0487
.zip
AWB_Ref509428922pdf.exe
.exe windows:6 windows x64 arch:x64

bc84427dd015272779b3d034cd29d1bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/10/2024, 00:00

Not After

08/10/2027, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39
Signer

Actual PE Digest

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\steamerrorreporter\win64\Release\steamerrorreporter64.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleExA
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
CloseHandle
CreateEventA
Sleep
GetTickCount
GetModuleFileNameW
DecodePointer
LCMapStringEx
InitializeCriticalSectionEx
WriteConsoleW
GetConsoleOutputCP
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
MultiByteToWideChar
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WriteFile
ReadFile
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateMutexW
CreateEventW
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWait
UnregisterWaitEx
GetProcessTimes
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
GetSystemTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
GetFileTime
SetEndOfFile
SetFileAttributesW
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
RtlUnwind

tier0_s64

g_pMemAllocSteam
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
WriteMiniDump
Plat_IsInDebugSession
Plat_ExitProcess
g_dwDllEntryThreadId
g_VProfProfilesRunningCount
CVProfile_ExitScope
VProfInternalEnterScopeCurrentThread
getcwd_utf8
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
??1CThreadMutex@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?Pop@CValidator@@QEAAXXZ
?Push@CValidator@@QEAAXPEBDPEAX0@Z

vstdlib_s64

V_snprintf
V_vsnwprintf
V_strncat
V_UTF8ToUTF16
V_UTF16ToUTF8
V_StripTrailingSlash
V_StripLastDir
V_FixSlashes
V_strncpy
V_strncat_length
V_RemoveDotSlashes
V_IsAbsolutePath
V_FixDoubleSlashes

psapi

EnumProcessModules
GetModuleBaseNameW

wininet

HttpSendRequestW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetQueryDataAvailable
InternetSetOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetCrackUrlW
HttpAddRequestHeadersW

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tier0_s64.dll
.dll windows:6 windows x64 arch:x64

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

12/10/2024, 00:00

Not After

08/10/2027, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b
Signer

Actual PE Digest

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildworker\steam_rel_client_win64\build\src\tier0\win64\Release\tier0_s64.pdb

Imports

kernel32

GetProcessAffinityMask
VerSetConditionMask
Sleep
GetCurrentThread
GetModuleHandleA
GetProcAddress
SetProcessAffinityMask
SetThreadAffinityMask
VerifyVersionInfoW
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
OutputDebugStringA
TerminateProcess
GetProcessHeap
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
HeapQueryInformation
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DebugBreak
LoadLibraryA
HeapAlloc
HeapFree
HeapSetInformation
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
GetModuleFileNameW
LoadLibraryExA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureStackBackTrace
GetCommandLineW
CloseHandle
WaitForSingleObject
CreateProcessA
GetComputerNameExW
VirtualProtect
GetModuleFileNameA
LocalAlloc
LocalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadPriority
SetPriorityClass
CreateFileA
DeviceIoControl
GetVersionExA
DebugActiveProcess
GetSystemInfo
DuplicateHandle
RaiseException
SetLastError
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetExitCodeProcess
SwitchToThread
CreateThread
GetCurrentThreadId
OpenThread
GetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
GetProcessId
OpenProcess
CreateSemaphoreA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
OutputDebugStringW
CreateProcessW
GetBinaryTypeW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
SetEndOfFile
WriteConsoleW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetCurrentProcess
GlobalLock
GlobalUnlock
GlobalAlloc
DebugActiveProcessStop
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
FlushFileBuffers
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
HeapValidate
HeapSize
GetDriveTypeW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
RtlUnwind

user32

EnumWindows
MessageBoxA
GetWindowRect
GetWindowTextLengthA
EmptyClipboard
GetDesktopWindow
GetWindowThreadProcessId
CloseClipboard
OpenClipboard
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamA
IsWindowVisible
SetWindowPos
wsprintfA
SetClipboardData

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

psapi

GetProcessMemoryInfo

Exports

Exports

??0CAdHocValidation@@QEAA@AEBV0@@Z
??0CAdHocValidation@@QEAA@XZ
??0CAdHocValidation_SimpleCallback@@QEAA@$$QEAV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@AEBV0@@Z
??0CAdHocValidation_SimpleCallback@@QEAA@P6AXAEAVCValidator@@@Z@Z
??0CStack@@QEAA@XZ
??0CThread@@QEAA@XZ
??0CThreadEvent@@QEAA@PEAX_N@Z
??0CThreadEvent@@QEAA@PEBD_N1@Z
??0CThreadEvent@@QEAA@_N@Z
??0CThreadFullMutex@@QEAA@_NPEBD00@Z
??0CThreadLocalBase@@QEAA@XZ
??0CThreadMutex@@QEAA@XZ
??0CThreadRWLock@@QEAA@XZ
??0CThreadSemaphore@@QEAA@JJ@Z
??0CThreadSyncObject@@IEAA@XZ
??0CVProfManager@@QEAA@XZ
??0CVProfNode@@QEAA@PEAVCVProfile@@PEBDPEAV0@W4EVProfBugdetGroup@@@Z
??0CVProfile@@QEAA@XZ
??0CVProfileArray@@QEAA@XZ
??0CVProfileThreadEntry@@QEAA@PEAVCVProfile@@II@Z
??0CValidator@@QEAA@H_NPEAVIMemBlockClaimedList@@@Z
??0CWorkerThread@@QEAA@XZ
??1CAdHocValidation@@QEAA@XZ
??1CAdHocValidation_SimpleCallback@@QEAA@XZ
??1CStack@@QEAA@XZ
??1CThread@@UEAA@XZ
??1CThreadEvent@@QEAA@XZ
??1CThreadFullMutex@@QEAA@XZ
??1CThreadLocalBase@@QEAA@XZ
??1CThreadMutex@@QEAA@XZ
??1CThreadRWLock@@QEAA@XZ
??1CThreadSemaphore@@QEAA@XZ
??1CThreadSyncObject@@QEAA@XZ
??1CVProfManager@@QEAA@XZ
??1CVProfNode@@QEAA@XZ
??1CVProfile@@QEAA@XZ
??1CVProfileArray@@QEAA@XZ
??1CValidator@@QEAA@XZ
??1CWorkerThread@@UEAA@XZ
??4?$AssertMsgHelper@$00@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$00@@QEAAAEAV0@AEBV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@$$QEAV0@@Z
??4?$AssertMsgHelper@$0A@@@QEAAAEAV0@AEBV0@@Z
??4CAdHocValidation@@QEAAAEAV0@AEBV0@@Z
??4CStack@@QEAAAEAV0@AEBV0@@Z
??4CThreadLocalBase@@QEAAAEAV0@AEBV0@@Z
??4CTier0@@QEAAAEAV0@$$QEAV0@@Z
??4CTier0@@QEAAAEAV0@AEBV0@@Z
??4CVProfileArray@@QEAAAEAV0@AEBV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@$$QEAV0@@Z
??4CVProfileThreadEntry@@QEAAAEAV0@AEBV0@@Z
??4CValidator@@QEAAAEAV0@AEBV0@@Z
??7CThreadSyncObject@@QEBA_NXZ
??BCThreadSyncObject@@QEAAPEAXXZ
??_7CAdHocValidation@@6B@
??_7CAdHocValidation_SimpleCallback@@6B@
??_7CThread@@6B@
??_7CWorkerThread@@6B@
??_FCThreadEvent@@QEAAXXZ
??_FCThreadFullMutex@@QEAAXXZ
?Add@CStack@@QEAAX_K@Z
?AddBudgetGroupName@CVProfile@@IEAAXW4EVProfBugdetGroup@@HPEBD@Z
?AddProfileForThread@CVProfManager@@QEAAPEAVCVProfileThreadEntry@@PEAVCVProfile@@II@Z
?AddToTotal@CValidator@@QEAAX_K@Z
?AddValidationLock@CValidator@@QEAAXPEAVCThreadMutex@@@Z
?AllocVProfNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV1@PEBDPEAV2@W4EVProfBugdetGroup@@@Z
?AssertFailed@?$AssertMsgHelper@$00@@SA_NPEBDI0@Z
?AssertFailed@?$AssertMsgHelper@$0A@@@SA_NPEBDI0ZZ
?AssertOwnedByCurrentThread@CThreadFullMutex@@QEAA_NXZ
?AssertOwnedByCurrentThread@CThreadMutex@@QEAA_NXZ
?AssertUseable@CThreadSyncObject@@IEAAXXZ
?AtRoot@CVProfile@@QEBA_NXZ
?BCountingOnly@CValidator@@QEAA_NXZ
?BExcludeAllocationFromTracking@CValidator@@AEAA_NPEBDH@Z
?BHasValidThreadID@CThread@@QEBA_NXZ
?BIsProfilePtrValid@CVProfManager@@QEAA_NPEAVCVProfile@@@Z
?BIsProfilingAllThreads@CVProfManager@@QEAA_NXZ
?BIsValid@CThreadLocalBase@@QEBA_NXZ
?BLockForReadNoWait@CThreadRWLock@@QEAA_NXZ
?BMemLeaks@CValidator@@QEAA_NXZ
?BProfileHasNodesOutsideBudgetGroup_Recursive@CVProfile@@IEAA_NPEAVCVProfNode@@H@Z
?BoostPriority@CWorkerThread@@QEAAHXZ
?BudgetGroupNameToBudgetGroupID@CVProfile@@QEBA?AW4EVProfBugdetGroup@@PEBD@Z
?CalcStackDepth@CThread@@QEAA_KPEAX@Z
?CalculateCRC@CStack@@QEAAXXZ
?Call@CWorkerThread@@IEAAHII_NP6AIIPEBQEAXHI@Z@Z
?CallMaster@CWorkerThread@@QEAAHII@Z
?CallWorker@CWorkerThread@@QEAAHII_N@Z
?Check@CThreadEvent@@QEAA_NXZ
?ClaimArrayMemory@CValidator@@QEAAXPEBX@Z
?ClaimConnection@CValidator@@QEAAXI@Z
?ClaimMemory@CValidator@@QEAAXPEBX@Z
?ClaimMemory_Aligned@CValidator@@QEAAXPEBX@Z
?ClaimOsFile@CValidator@@QEAAXPEAX@Z
?ClaimSocket@CValidator@@QEAAX_K@Z
?ClaimTrackedKey@CValidator@@AEAAXPEAVCTrackItems@@PEAXPEA_K@Z
?ClaimUntrackedMemory@CValidator@@QEAAX_K@Z
?CleanupUnusedProfiles@CVProfManager@@QEAAXXZ
?CreateBudgetGroups@CVProfile@@IEAAXXZ
?CreateSimpleThread@@YAPEAXP6AIPEAX@Z0PEAII@Z
?DeleteProfile@CVProfileThreadEntry@@QEAAXXZ
?DestructAndFreeNodesExceptRoot@CVProfile@@IEAAXXZ
?DiffAgainst@CValidator@@QEAAXPEAV1@@Z
?DoValidate@CAdHocValidation_SimpleCallback@@MEBAXAEAVCValidator@@@Z
?Dump@CVProfile@@IEAAXPEBDZZ
?DumpAllThreadProfiles@CVProfManager@@QEAAXH@Z
?DumpNodes@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpProfile@CVProfileThreadEntry@@QEAAXH@Z
?DumpSingleNode@CVProfile@@IEAAXPEAVCVProfNode@@0H_N@Z
?DumpSorted@CVProfile@@IEAAXPEBDNP6A_NAEBUTimeSums_t@@1@ZH@Z
?EnableDumpSpikes@CVProfManager@@QEAAXH@Z
?EnterScope@CVProfNode@@QEAAXPEAX@Z
?EnterScope@CVProfile@@QEAA_NPEBDW4EVProfBugdetGroup@@PEAX@Z
?ExitScope@CVProfNode@@QEAA_NXZ
?ExitScope@CVProfile@@QEAAXXZ
?Finalize@CValidator@@QEAAXXZ
?FindNode@CVProfile@@QEAAPEAVCVProfNode@@PEAV2@PEBD@Z
?FindObject@CValidator@@QEAAPEAVCValObject@@PEAX@Z
?Get@CThreadLocalBase@@QEBAPEAXXZ
?GetAllThreadProfiles@CVProfManager@@QEAAXPEAVCVProfileArray@@@Z
?GetBudgetGroupColor@CVProfile@@QEAAXW4EVProfBugdetGroup@@AEAH111@Z
?GetBudgetGroupID@CVProfNode@@QEBA?AW4EVProfBugdetGroup@@XZ
?GetBudgetGroupName@CVProfile@@QEBAPEBDW4EVProfBugdetGroup@@@Z
?GetCPUInformation@@YAAEBUCPUInformation@@XZ
?GetCallHandle@CWorkerThread@@QEAAPEAXXZ
?GetCallParam@CWorkerThread@@QEBAIXZ
?GetChild@CVProfNode@@QEAAPEAV1@XZ
?GetClientData@CVProfNode@@QEBAHXZ
?GetCount@CVProfileArray@@QEAAHXZ
?GetCubTotal@CValidator@@QEAA_JXZ
?GetCurCalls@CVProfNode@@QEBAHXZ
?GetCurTime@CVProfNode@@QEBANXZ
?GetCurTimeLessChildren@CVProfNode@@QEAANXZ
?GetCurrentCThread@CThread@@SAPEAV1@XZ
?GetCurrentNode@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetCurrentScope@CVProfNode@@QEAAPEAXXZ
?GetCurrentScope@CVProfile@@QEAAPEAXXZ
?GetFrameTimeOutsideBudgetGroup_Recursive@CVProfile@@QEAANPEAVCVProfNode@@W4EVProfBugdetGroup@@@Z
?GetName@CThread@@QEAAPEBDXZ
?GetName@CVProfNode@@QEAAPEBDXZ
?GetNumConnections@CValidator@@QEAA_KXZ
?GetNumFrames@CStack@@QEBAHXZ
?GetNumOsFiles@CValidator@@QEAA_KXZ
?GetNumSockets@CValidator@@QEAA_KXZ
?GetOrigNameAddress@CVProfNode@@QEAAPEBXXZ
?GetParent@CVProfNode@@QEAAPEAV1@XZ
?GetPeakFrameTime@CVProfile@@QEBANXZ
?GetPeakTime@CVProfNode@@QEBANXZ
?GetPrevCalls@CVProfNode@@QEBAHXZ
?GetPrevTime@CVProfNode@@QEBANXZ
?GetPrevTimeLessChildren@CVProfNode@@QEAANXZ
?GetPriority@CThread@@QEBAHXZ
?GetProfile@CVProfNode@@QEAAPEAVCVProfile@@XZ
?GetProfile@CVProfileArray@@QEAAPEAVCVProfile@@H@Z
?GetProfile@CVProfileThreadEntry@@QEAAPEAVCVProfile@@XZ
?GetResult@CThread@@QEBAHXZ
?GetRoot@CVProfile@@QEAAPEAVCVProfNode@@XZ
?GetSibling@CVProfNode@@QEAAPEAV1@XZ
?GetSubNode@CVProfNode@@QEAAPEAV1@PEBDW4EVProfBugdetGroup@@@Z
?GetThreadEntry@CVProfile@@QEAAPEAVCVProfileThreadEntry@@XZ
?GetThreadHandle@CThread@@QEBAPEAXXZ
?GetThreadID@CVProfile@@QEAAIXZ
?GetThreadID@CVProfileThreadEntry@@QEAAIXZ
?GetThreadId@CThread@@QEBAIXZ
?GetThreadName@CVProfile@@QEAAPEBDXZ
?GetThreadProc@CThread@@EEAAP6AIPEAX@ZXZ
?GetThreadRunningRef@CVProfileThreadEntry@@QEAAIXZ
?GetTimeLastFrame@CVProfile@@QEBANXZ
?GetTotalCalls@CVProfNode@@QEBAHXZ
?GetTotalTime@CVProfNode@@QEBANXZ
?GetTotalTimeLessChildren@CVProfNode@@QEAANXZ
?GetTotalTimeSampled@CVProfile@@QEBANXZ
?Handle@CThreadSyncObject@@QEAAPEAXXZ
?Init@CThread@@MEAA_NXZ
?IsAlive@CThread@@QEBA_NXZ
?IsClaimed@CValidator@@QEBA_NPEBX@Z
?IsCreator@CThreadFullMutex@@QEBA_NXZ
?IsEnabled@CVProfile@@QEBA_NXZ
?IsThreadRunning@CThread@@MEBA_NXZ
?IsValid@CThreadSyncObject@@QEBA_NXZ
?Join@CThread@@QEAA_NI@Z
?Lock@CThreadFullMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEAAXXZ
?Lock@CThreadMutex@@QEBAXXZ
?Lock@CThreadSpinLock@@AECAXI@Z
?LockForRead@CThreadRWLock@@QEAAXXZ
?LockForRead@CThreadRWLock@@QEBAXXZ
?LockForWrite@CThreadRWLock@@QEAAXXZ
?LockForWrite@CThreadRWLock@@QEBAXXZ
?MarkFrame@CVProfNode@@QEAAXXZ
?MarkFrame@CVProfile@@QEAAXPEBD@Z
?NGetPC@CStack@@QEBA_KH@Z
?NumFramesSampled@CVProfile@@QEBAHXZ
?OnExit@CThread@@MEAAXXZ
?OnFrameCompleted@CVProfileThreadEntry@@QEAAXXZ
?OnNewFrameEntered@CVProfileThreadEntry@@QEAAXXZ
?OutputReport@CVProfile@@QEAAXHPEBDH@Z
?PMEEnable@CVProfile@@QEAAX_N@Z
?PMEInitialized@CVProfile@@QEAAX_N@Z
?PValObjectFirst@CValidator@@QEAAPEAVCValObject@@XZ
?Pause@CVProfNode@@QEAAXXZ
?Pause@CVProfile@@QEAAXXZ
?PeekCall@CWorkerThread@@QEAA_NPEAI@Z
?Pop@CValidator@@QEAAXXZ
?Print@CStack@@QEBAXP6AXHPEBUPrintFrame@1@PEAX@Z1@Z
?Push@CValidator@@QEAAXPEBDPEAX0@Z
?RegisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?Release@CThreadFullMutex@@QEAA_NXZ
?Release@CThreadSemaphore@@QEAA_NJ@Z
?RenderLeaks@CValidator@@QEAA_N_K@Z
?RenderObjects@CValidator@@QEAAX_K@Z
?Reply@CWorkerThread@@QEAAXI@Z
?Reset@CStack@@QEAAXXZ
?Reset@CThreadEvent@@QEAA_NXZ
?Reset@CVProfNode@@QEAAXXZ
?Reset@CVProfile@@QEAAXXZ
?ResetPeak@CVProfNode@@QEAAXXZ
?ResetPeaks@CVProfile@@QEAAXXZ
?Resume@CThread@@QEAAIXZ
?Resume@CVProfNode@@QEAAXXZ
?Resume@CVProfile@@QEAAXXZ
?Set@CThreadEvent@@QEAA_NXZ
?Set@CThreadLocalBase@@QEAAXPEAX@Z
?SetAllocSizeFilter@CValidator@@QEAAXH@Z
?SetClientData@CVProfNode@@QEAAXH@Z
?SetCurFrameTime@CVProfNode@@QEAAXK@Z
?SetDumpFunc@CVProfile@@QEAAXP6AXPEBD@Z@Z
?SetDumpSpikesThreshold@CVProfileThreadEntry@@QEAAXH@Z
?SetExitQuietly@CThread@@QEAAXXZ
?SetName@CThread@@QEAAXPEBD@Z
?SetPriority@CThread@@QEAA_NH@Z
?SetThreadEntry@CVProfile@@QEAAXPEAVCVProfileThreadEntry@@@Z
?SetTrace@CThreadFullMutex@@QEAAX_N@Z
?SetTrace@CThreadMutex@@QEAAX_N@Z
?Sleep@CThread@@SAXI@Z
?Start@CThread@@QEAA_N_K@Z
?Start@CVProfile@@QEAAXXZ
?StartProfiling@CVProfileThreadEntry@@QEAAXMH@Z
?StartProfilingAllThreads@CVProfManager@@QEAAXMH@Z
?StaticValidateAll@CAdHocValidation@@SAXAEAVCValidator@@@Z
?Stop@CThread@@QEAAXH@Z
?Stop@CVProfile@@QEAAXXZ
?StopProfiling@CVProfileThreadEntry@@QEAAXXZ
?StopProfilingAllThreads@CVProfManager@@QEAAXXZ
?SumTimes@CVProfile@@IEAAXPEAVCVProfNode@@H@Z
?Suspend@CThread@@QEAAIXZ
?Term@CVProfile@@QEAAXXZ
?Terminate@CThread@@QEAA_NH@Z
?ThreadExceptionWrapper@CThread@@CAXPEAX@Z
?ThreadGetProcessExitCode@@YA_NPEAXPEAH@Z
?ThreadProc@CThread@@CAIPEAX@Z
?ThreadTerminateProcessCode@@YA_NPEAXH@Z
?TryLock@CThreadFullMutex@@QEAA_NI@Z
?TryLock@CThreadMutex@@QEAA_NH@Z
?TryLock@CThreadMutex@@QEBA_NXZ
?Unlock@CThreadFullMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEAAXXZ
?Unlock@CThreadMutex@@QEBAXXZ
?UnlockRead@CThreadRWLock@@QEAAXXZ
?UnlockRead@CThreadRWLock@@QEBAXXZ
?UnlockValidationLocks@CValidator@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEAAXXZ
?UnlockWrite@CThreadRWLock@@QEBAXXZ
?UnregisterCallbackHandler@CVProfile@@QEAAXPEAVIVProfileCallbackHandler@@@Z
?UsePME@CVProfile@@QEAA_NXZ
?Validate@CVProfManager@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfNode@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CVProfile@@QEAAXAEAVCValidator@@PEBD@Z
?Validate@CValidator@@QEAAXAEAV1@PEBD@Z
?ValidateGlobals@CTier0@@SAXAEAVCValidator@@@Z
?Wait@CThreadSyncObject@@QEAA_NI@Z
?WaitForCall@CWorkerThread@@QEAA_NIPEAI@Z
?WaitForCall@CWorkerThread@@QEAA_NPEAI@Z
?WaitForCreateComplete@CThread@@AEAA_NPEAVCThreadEvent@@@Z
?WaitForRead@CThreadRWLock@@AEAAXXZ
?WaitForReply@CWorkerThread@@IEAAHIP6AIIPEBQEAXHI@Z@Z
?WaitForReply@CWorkerThread@@QEAAHI@Z
?Yield@CThread@@SAXXZ
?g_bInException@@3_NC
?s_pFirst@CAdHocValidation@@0PEAV1@EA
AllocateCrashMemoryReserve
AreStackTrackingFiltersEnabledAtStart
AssertMsgImplementationF
AssertMsgImplementationPreformatted
AssertMsgImplementationV
BBlockingGetMiniDumpLock
BGetLocalFQDN
BGetMiniDumpLock
BThreadFileIOAllowed
BWritingFatalMiniDump
BWritingMiniDump
BWritingNonFatalMiniDump
CVProfile_ExitScope
CallAssertFailedNotifyFunc
CallFlushLogFunc
CatchAndWriteMiniDump
CatchAndWriteMiniDumpEx
CatchAndWriteMiniDumpExForVoidPtrFn
CatchAndWriteMiniDumpExReturnsInt
CatchAndWriteMiniDumpForVoidPtrFn
ClearStackTrackingFilters
ClearWritingMiniDump
CopyFileUTF8
CrackSmokingCompiler
CreateDirectoryUTF8
CreateFileUTF8
CreateProcessUTF8
CreateSimpleProcess
DLog
DWarning
DeclareCurrentThreadIsMainThread
DeleteFileUTF8
DoNewAssertDialog
ETWBegin
ETWEnd
ETWIsTracingEnabled
ETWMark
ETWMark1I
ETWMark1S
ETWMark2I
ETWMark2S
ETWMark3I
ETWMarkPrintf
ETWOverlayFrameMark
ETWRenderFrameMark
ETW_Steamworks_DispatchCallback_End_
ETW_Steamworks_DispatchCallback_Start
ETW_Steamworks_IPCRecv_End_
ETW_Steamworks_IPCRecv_Start
ETW_Steamworks_IPCSend_End_
ETW_Steamworks_IPCSend_Start
ETW_Steamworks_RunCallbacks_End_
ETW_Steamworks_RunCallbacks_Start
ETW_Streaming_SendPacket
EnableCrashingOnCrashes
EnsureValidBoolValue
Error
FreeCrashMemoryReserve
GetAvailableRAM
GetBinaryTypeUTF8
GetCRunTimeVersion
GetCrashHandlerFactory
GetCurrentDirectoryUTF8
GetFileAttributesUTF8
GetFullPathNameUTF8
GetInstalledRAM
GetLocalHostname
GetMiniDumpBuildID
GetMiniDumpDirectory
GetMiniDumpSteamID
GetModuleFileNameUTF8
GetNumberOfSpewAndLogGroups
GetNumberOfStackTrackingFilters
GetPortableSystemInformation
GetShortPathNameUTF8
GetSpewAndLogLevel
GetSpewAndLogLevelByGroupIndex
GetSpewOutputFunc
GetStackTrackingFilter
GetTempFileNameUTF8
GetTempPathUTF8
HasStackTrackingFilters
InitPME
InitializeStackTrackingFilters
Is64BitOS
IsInAssert
IsInFatalAssert
IsLogActive
IsSpewActive
IsStackTrackingFiltered
IsValidBoolValue
LoadLibraryUTF8
Log
MiniDumpUnlock
MoveFileExUTF8
MoveFileUTF8
Msg
OutputDebugStringUTF8
Plat_AbsoluteTime
Plat_AbsoluteTimeToFloat
Plat_Alloc
Plat_AttachDebuggerToProcess
Plat_CommandLineParamExists
Plat_CommandLineParamValue
Plat_EventActivityIdControl
Plat_EventRegister
Plat_EventUnregister
Plat_EventWriteTransfer
Plat_ExitProcess
Plat_FloatTime
Plat_Free
Plat_GetExecutablePath
Plat_GetExecutablePathUTF8
Plat_GetPOSIXClockSource
Plat_GetProcessArgv
Plat_GetStackBackTrace
Plat_IsChromeOS
Plat_IsGamescope
Plat_IsInDebugSession
Plat_IsSteamConsoleMode
Plat_IsSteamDeck
Plat_IsSteamOS
Plat_IsSteamOS3
Plat_IsTesla
Plat_IsWSL
Plat_MSTime
Plat_MSTime64
Plat_OutputDebugString
Plat_OutputDebugStringRaw
Plat_Realloc
Plat_RelativeTickFrequency
Plat_RelativeTicks
Plat_TickAddMicroSec
Plat_TickDiffMicroSec
Plat_TickDiffMilliSec
Plat_USTime
Plat_VirtualAccessFlags
Plat_VirtualAlloc
Plat_VirtualFree
Plat_VirtualProtect
Plat_asctime
Plat_ctime
Plat_daylight
Plat_gmtime
Plat_localtime
Plat_timegm
Plat_timezone
RealGetCallStack
RealPrintCallStack
RealPrintRawCallStack
ReleaseThreadHandle
RemoveDirectoryUTF8
ReplaceFileUTF8
RunTypeValidationTests
SHGetFolderPathUTF8
SecureRandomBytes
SetAssertDumpStack
SetAssertFailedNotifyFunc
SetCurrentDirectoryUTF8
SetEnvironmentVariableUTF8
SetFileAttributesUTF8
SetFlushLogFunc
SetFullMemoryDumpOnCrash
SetInAssert
SetInFatalAssert
SetMiniDumpAppID
SetMiniDumpBuildID
SetMiniDumpCustomInfo
SetMiniDumpProcessNameOverride
SetMiniDumpSteamID
SetStackTrackingFilter
ShouldUseNewAssertDialog
ShutdownPME
SpewActivate
SpewAndLogActivate
SpewAndLogChangeIfStillDefault
SpewChangeIfStillDefault
SpewOutputFunc
SpewWrittenMiniDumps
TSListBase_Init
TSListBase_Pop
TSListBase_Push
TSListBase_SwapList
TSListBase_UnsafePeek
TSQueueBase_Init
TSQueueBase_Pop
TSQueueBase_Push
TSQueueBase_UnsafeDummy
TSQueueBase_UnsafePeek
TSQueue_PopIntoFreeList
TSQueue_UnsafeDebugCheck
ThreadCloseProcess
ThreadFindProcessByName
ThreadGetCurrentHandle
ThreadGetCurrentId
ThreadGetCurrentProcessHandle
ThreadGetCurrentProcessId
ThreadGetCurrentRunningRef
ThreadGetPriority
ThreadGetProcessExitCode
ThreadGetProcessId
ThreadImplOneTimeInit
ThreadInMainThread
ThreadInterlockedAssignIf128
ThreadInterlockedAssignPointerIf
ThreadInterlockedCompareExchangePointer
ThreadInterlockedExchangePointer
ThreadIsProcessActive
ThreadIsProcessIdActive
ThreadIsThreadRunning
ThreadOpenProcess
ThreadResumeProcess
ThreadSetAffinity
ThreadSetBackgroundPriority
ThreadSetDebugName
ThreadSetFileIOAllowed
ThreadSetPriority
ThreadShellExecute
ThreadShellExecuteNoWindow

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vstdlib_s64.dll
.dll windows:6 windows x64 arch:x64

2a553bd8603dd7a318841a4c477e15ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

XxZ~i-|Eb$Yv8S"N@7LE'|)i&e!RWxH)ahuW1(}4gKsL]+G(x\bUIzVgbS,ttW,uGw]tzWBxmEA51'B?f1b.6IM2)"M0^

Imports

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegSetValueExW
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptImportKey
BCryptHashData
BCryptGetProperty
BCryptFinishHash
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptCreateHash
BCryptGenRandom
BCryptDestroyHash

crypt32

CertFreeCertificateChainEngine
CertCloseStore
PFXImportCertStore
PFXExportCertStore
CryptFindOIDInfo
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CryptImportPublicKeyInfoEx2
CryptFormatObject
CryptDecodeObject
CertVerifyTimeValidity
CertSetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSaveStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertControlStore
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertGetNameStringW
CertGetValidUsages
CertNameToStrW
CertOpenStore

iphlpapi

GetNetworkParams
if_nametoindex
GetPerAdapterInfo
GetAdaptersAddresses

kernel32

InterlockedFlushSList
RtlPcToFileHeader
RaiseException
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
CloseThreadpoolIo
ExitProcess
GetCurrentProcessId
MultiByteToWideChar
GetStdHandle
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
SetLastError
GetLastError
FindStringOrdinal
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetFullPathNameW
GetLongPathNameW
GetCPInfo
WideCharToMultiByte
LocalAlloc
GetConsoleOutputCP
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
CancelIoEx
CreateDirectoryW
CreateFileW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetModuleFileNameW
GetOverlappedResult
GetSystemDirectoryW
LoadLibraryExW
QueryUnbiasedInterruptTime
ReadFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetThreadErrorMode
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
WriteFile
CloseHandle
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
FormatMessageW
GetCPInfoExW
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetFileAttributesW
CreateProcessW
FreeConsole
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
CreatePipe
GetConsoleCP
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
GetEnvironmentVariableA
EncodePointer
DecodePointer
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
UnhandledExceptionFilter
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive

ncrypt

NCryptDeleteKey
NCryptOpenStorageProvider
NCryptGetProperty
NCryptImportKey
NCryptOpenKey
NCryptFreeObject
NCryptSetProperty

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles

user32

LoadStringW

ws2_32

WSARecv
WSAConnect
shutdown
WSASend
send
select
recv
ioctlsocket
setsockopt
WSAGetOverlappedResult
WSAEventSelect
WSAIoctl
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
WSASocketW
GetAddrInfoExW
WSAStartup
WSACleanup
FreeAddrInfoExW
bind
getsockopt

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
free

api-ms-win-crt-math-l1-1-0

cos
ceil
floor
pow
sin
tan
modf
log2

api-ms-win-crt-string-l1-1-0

wcsncmp
strcmp
strcpy_s
_stricmp
strncpy_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_cexit
abort
_initialize_narrow_environment
terminate
_initialize_onexit_table
_configure_narrow_argv
_initterm_e
exit
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__acrt_iob_func

Exports

Exports

03Bx7AzP7LCeQ8tyeNjmJoJ961mr
07SCo4CNhhc0Dbpn4Jjuxphrv
09jhV5dTJmqfU6tw571LuJ
0BIZuSYab3TVbqHbYn
0BNU3h4G
0GeWM5VfEKDJ
0ImCyaqJA
0KZO3KeSlUWWx
0KlKVdXbu
0OM35H2hcGnABAhkzWAXF9OzL
0PQWmZcRfcx1kWsXIKf5PjN8v7Ru4
0Q7yu1wQgwXY2x0ItJd55ZP5v9
0R0WqT8
0Sm9sJKmlSNcGGFqaIZmdViJAyzFjBVP
0UEqDXAefZQI2vcg1EybFN
0UtbYUhQI63XuBUKLGrcEFCpGRqmHR
0VP3H9bOyfZeFEmIsETr
0WRvXwDH0uvI8ZAaPWP4z
0dxZZZN1H
0evJCHaiX0JYXBR
0hEjGm2tA4i19n0tT8UdyXU88y8YC
0m0gqFakOk2jbsT
0owEXfr46VWGSYk
0p767FKRd4Sm41qIk1TTc
0p9LY3DPq3PURCXrymdSyQ
0qEKubHbRiO
0qa7JjGc
0toaipxymVlJGV
0uwEhiBZsdVvBIGsBXdYqkX8f57V36
0ygw9Bsht1RAb3oJaWwSu4Fj
0yzmA79Gr5
10QbYUBBhW6ne6crijUOyRv57
12Cx5Ovf14zVgm9LSBFfBg
147dfHqmhdzqasc
15M8UAyJDPUB8an0p7m67RsPKsYc
15wmESQAVqMvekvpC6pi
185s0rhJcQX
190aJ7kuXWo9L
1ALBS4a
1CroyzwUgW81OUldNTmpTnf5lg
1J2OONSBlFWh1a3
1PgpV7gzf62TFoxPUvGkmG3JBk759l
1RUIIdN00q5hP2KZFMmDxXcA5b
1WkVo24asRTQ
1Xepcmdy5Jvki5h0riLP1wRp
1Z0Wkf679n
1bJOrKx2yFZbCES
1cG0qyzZln
1cs4KSPcSC5
1dY4aUxFuOhPwd7YejmNUE
1gkdEjyOaswUVXWCUHV6p8
1iZ82mDfCoP9WZcFFZP
1ivPvsi2W0qYCLj0qS6I
1nsIg7ouIlc6h3rxtUIxAh8n
1owk24Uwl303p
1p7sEaDuAo
1rRlCgddMaXhAr4OUzNASWCr8k
1vmMyzbK8yavc9P3rp
1zRX5Ss34aopdIcAz3Z
1zcEua41L36Vw
2206abKUDmHmKIcf
23D0tJQ7420
26dnQrblPtzWoXmOvkLymDJkHl5Xu1L
2D5Jo4yraGAAbvFHPD9e6hmDehVkk5nI
2F4eE71d05jbU
2H4jXlxlWLCCQpFhD3DUpZ
2HRdKBOtdxn6uvW1lgdqvM
2LvsgEiq38hfMJuCWxgFD1s
2OC6ULp7cHlt2eXlNCTWvLycNnq
2PsMVT7balexTjBaeRYUaMSK49E0ev0
2XXeC5Z4oxWOYGz
2XgE3xQH8YmLhTNZray6Rrc
2ZP3tEsoEKJHv2WOFJCqalv
2ZhwwdhDKOEbYtQs39x3iNOLce36w
2ajpO1nJnNBafAXvihvpAI0twNsRAj
2dgg9mIzGstKX6vrWTjJ
2io66MFhqD2G4dJIinKyp28VYXYOzR
2ixrsh4CLRXuwCcBep9OYgEdV6jf9
2jZnlefpbvUpwet
2mAEVMzVaI2hy1Z
2oMSMQgF7ayPm3KoQiL4gUUvAzi3Y
2oc6X9U7T07pfdXiSDCnTG0aosKwq
2rI6sxlJyOGFXX79
2sKr2f5hC
2u6PrbbBsx
2zttFAgrFQdm4JhRWOPN
30g6FL0HqhTcINiV
31XMnSLdednRyQVcyHy60
32Gih5NJ2qRZGCOQTJmSvL3qEqajbo
33G5RjOntA8pK
35ZvNlFsdZFkKZABtqQ
3Aybi7eszcyZF4p0IYRLH3DBDLQAU
3HGQS3jmJ2EGwXN4i9
3IV2dqAMAYtK
3JNdoKDKvrtdrRE
3MpnrGgxsu34zOd44JiifT6m
3UJbdjgTWJm3yL
3Umm8y08pVIVyYgcHUjb
3VASyiNoy48gsBuHt6xyqEY
3bu5kdAbD
3csG3d2VUhfqFKhQi5agh7iaI
3eIDuXRNpCa5fHU
3fB8j4zU3bjTZE3iihPCZGF85hnzZ
3gKP4hfmOu09aZZ3DwKCDWh
3gRgmY7wLZuBAAY2cqwrG0zlWrh0
3gqDhdLJP8kpJtWdCxHs8u
3hTuISSgwJkT78h
3hrmSY72OaMWWkVBSa9Dkb4jK
3myqkUS2SitIekIWqbUxoscb394K2YCg
3pmubCEjJECXPisnqFq
3qeCo0nu7owmN6ZaZiu1Jo4ODLl
3tGgfKSkTK0efUJ6B3sYJaJdp
3yMP4i1FhQzCMh8moEkvDBeDE
488G8KeTRUuKv6B4OHE
4E4kzdRbokfEsSzf6S
4H2QMZjEKLJkALpJ4bFW8baEW
4KotkIWQ81J9Xel1JW8Sl
4KxtoyTxO4ejXcP3tS2B1d
4TGJo5Bs47okvVr634abfn
4TzN5420z54
4WMrZURc
4XAmCmHHsAC0dyMyhZdy
4XZK7NPf
4XZTPPPJzZ9eoPUwggxS9tC4WSZSGL4
4YNekgPd7zDtE
4ji0GinFV
4k3kw9ivCV1uFJzXeSKLV1FU
4p2r8uryR47IUU2P7Zh
4tb5mSeBU9Gu5pRXe4XDz2Q
4tsLRcTB6s7xiEh
4uttFHuYfaVO0jPno6
53CuVSvHed88spxGEu
54oa9EUs9X
556zBsjgNit7Npw0Qc
56RuHFEEl5LeO0u0GkaYv8Fp
56Rzqf3Wc094xX
5FxkIhfplflSoMBczSjz0KPS
5NKcXW1eAvbEra26F6qMc
5TuswEByRE7AprPRHOFR
5VdQS5lEDMKGippJEVk8Tbga9r
5Xda7qH4GCvotpLGqrxO5PZK
5cJhFPmlMnMyUK8NVin7
5e88rcPgGIi
5kDOEEst
5lWNZEdi3Tj
5lXK1KRNesXRkdj4B1wRxm
5mJHDbd7aaJkr4db
5okaykMdlHBTEBg1Rr5sYe0JzrxI
5p93wqIB6uGcgbQZdKEQbg
5rreIirIHnyyqkm
5uRHt4QDlHybu9xBrmeUiSvIZo
5xGzQUENT
6060lczsiYq
60xeqkjAU4VV36oWRF8GOqqg97Fgu
61FiGCJjQg4rZGiBv
62R3iL1ZfuLZYMKJY2TNvGAoUhRJfz1
62pOK76p2KTIGun7FE
64SrhhrHDgBzdNUFmFI2
6ABbOSn1MnkAq
6AFJJy9eWHiy
6AvZesPPcVo7uNK4F2NdVn
6CA8XWhHsUTqfW92q6RVBhGGRNhi23
6EYdfhHQEjqYN3EOloEW
6GfH46PM9iDR8ERH11SgyN
6IEl1n7V1yejcZJFEQETgY
6J2ALI8CrSMuWVIdeF4CIhisON9XH
6KYYh7IM6Pi00rc4xywpwQebWXcC
6NFo0Xm4rzaSA
6PVs12TtVGk8C
6QDjoPuQCeDfh2OtqEc8n30wesd2umh9
6QQBwYlTJybpyBjDw
6QWjDz7Zw7590jG5fmK1A5uCb
6Qtxx80hCfnE8VG4wED91my
6TH36bYnIosMyLV1kQ
6Uxe3wAr2zS
6Vzh8kEKnxjAucKAJRWxmTs5CMthY
6ZlROBkk2
6ZlTA3urc77KSgS3wpEiE2n3wcyB
6ZsfglxtyXRoZ51GZidVfmDkHT
6a443feI
6byfGqPF06om661L8cFkERc
6eDxrnhT2M6Grt
6eO96bcnIY
6hJ5eHPivKigkM
6rfJzNwWsiNfcfG06H2q7XfKFPH
6ua5u8D9hOmJ0JUdxW7sfH
6ufEuqMt
6wJKgjDh1ZnmSkyh7zfjsfgnzXpfCjW2
6wPXrsS8p1dVG0vDwWmbxLKjdar
70H7GrdT5jgRVK
75HpRBwnGWD6Q3yqSfaFBcbIrEcTNvS
78RV3WOZeVpaR
798VjcD4Zyjou
7A4Zh4r9Au
7AKGsSyqDlx
7BNNr1sENtijAOP0C37
7C5ejOiSLPNZPLfvbSLeR3YL6sPmSW4j
7DskVedgEscrscZQcBrExiEY12ohSpV
7EJgOMSd9jYbx2b
7Gk34dfxQK5nZt1VzbEJR2NaSVCpQB6
7HiooOpkzYUWNIYBggS64GLleTX
7IvzScnOx9Ha0pWxcT25TYzx8B
7Tzlvp7YCmvTBd
7UuoGqSf
7YCH9N4LKm6KlrbbmLPr9eBBbK1
7YaCDUHFbwLjYZGzL
7aeAiVF3xpihuS
7bABGOQ
7cQ5t0RnA6fottq1BkMlqr1gEQOk1
7eMryf4D
7eZJXeJO8TNZ45oEl0ropMCUkUIo
7gY5eBzpjQXzve4aHgjREvM2XM22IR1H
7rJG8ICP2ONN
7uvPaGjBX54ZUyMG
7wWVYd12lcNUcsA
7yDUpHIHBp
7zmfN1xomE6R6cH25vQL7
87mISMJIXZKd
88lUYb9yf3AA4YE6lnzBguBMla48Mj
8A8iZ49aSHaLJY1v3XAATCj0xCM
8DAXuWSWTS0wTDd58Y3f
8FLOKSj2dZU4bpfd8bUbbSrPf
8HgGrLd
8HhhkeFa211SQ3sbWt6dT
8JrBYJLoufCo5ejqx3
8M5CBzGZd5gMtfUFDiXfJh8wwp
8OXR0OoWqZ5SiYB50EpLua
8OhZJiorYd1FyBmZIQSbU0VFQ2
8RdmqJw01lvhNWq3
8S2BxRKEnUKGpVtKk
8SEOLqifAa4iWfce1JCe
8UOZNlMgnR3PEaJkUMJU0X
8W4MgEkhIsD7YmLsztLJ8
8WAfjzzc6EZTZO6OzQNcjE5tUWToCssT
8X2ZBnwvildIUBXCXS
8YChtzuGp31JF3avhzQv
8Yc0ItX
8bx811lN4Jl
8csO7GDd0BjomG5SwfYwPH2
8dIzgJamGj0iRNfZ2cAtDQOeC
8dW3Np8iHTQaGEVMrK
8g62Zqcb2bHeeui0iIKfPO
8jb8wkyELDp0
8jqzG8vg18c
8k0u7Xi6
8mZltOCJmgDzz3qLnVq2EkYECV
8tGIIDZ
8vW8fkwlmmTPD
8wsXVC37FqdV86PQ9uCR9c
8xiihQPO3M6XW
8xrBqPgkqigsL9cLVpUlVoFtt1
8xyNpGx
8zrvJIF2ThKSEmA
91bAwhVCPOYABvR3gJ6LHGeWVgkHZVz
92427EtKdP
95NbPuq0kK8fCWQ4VrjldaStkfw
99IFRNVKqrv3K9wH3N8ajizNX1A
9C8JG1pQcyT2g9Is8TYP
9Cdp7Jd8vJCFnLyjKC9Iqo
9D7TAaM19X7FMZgICp5Q
9HtLdKyXXu2UMu0QWNMByZuh
9N0jIBZD6SynIjuQc
9NKw839BRQcepkuei7FDW
9Nc04hdM4cTDBwa89efDJ7EeCnRe
9QvVsEyLiJ
9V6dZLBa6
9VZlcGQ5h0zCF8kFZeKFDpV
9VpIxk0Tm9WveEG3CwJcFQ8RaM5DcO
9WMTXkF
9aoEnw3vQj9zBHcl4xocu2engQbBM
9bHP45E
9fnQl6vTswH4CeKBYW9LE7wxdD8
9g8DY9WjoRDl7aULK4GYVbxQairgZd
9gGiuKeAZGu7qMG
9kND0dAVvmb9A3Q39z2rym4SyQCN2Y
9knOj4L21
9kuxkTqQgVDQGha91QZfshlPe
9lIP7c3c1T9
9lPz5jhuF4c5Kz02
9lt7uKvG1lst54emfRGqC4xL5NMZ
9puxdsrR2kL
9qmOCaBAs
9rmgxBjE1hSiXuK3LQu6lvtpV5B842
9xDnfksSKC
9xG8wnCFbQ6NQwngtnhySnp1AF89GdnW
??0CCommandLineParam@@QEAA@PEBD0@Z
??0CGaussianRandomStream@@QEAA@PEAVIUniformRandomStream@@@Z
??0CUniformRandomStream@@QEAA@$$QEAV0@@Z
??0CUniformRandomStream@@QEAA@AEBV0@@Z
??0CUniformRandomStream@@QEAA@XZ
??1CCommandLineParam@@QEAA@XZ
??4CGaussianRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CGaussianRandomStream@@QEAAAEAV0@AEBV0@@Z
??4CStringNormalization@@QEAAAEAV0@$$QEAV0@@Z
??4CStringNormalization@@QEAAAEAV0@AEBV0@@Z
??4CURLUtils@@QEAAAEAV0@$$QEAV0@@Z
??4CURLUtils@@QEAAAEAV0@AEBV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@$$QEAV0@@Z
??4CUniformRandomStream@@QEAAAEAV0@AEBV0@@Z
??BCCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
??_7CUniformRandomStream@@6B@
??_FCGaussianRandomStream@@QEAAXXZ
?AttachToStream@CGaussianRandomStream@@QEAAXPEAVIUniformRandomStream@@@Z
?Exists@CCommandLineParam@@QEBA_NXZ
?FixupSeparatorScheme@CURLUtils@@SAXAEAVCUtlString@@@Z
?Fold@CStringNormalization@@SAHPEBGPEAGH@Z
?GenerateRandomNumber@CUniformRandomStream@@AEAAHXZ
?GetHParam@CCommandLineParam@@QEBAPEAUOpaqueHParamType@@XZ
?GetValue@CCommandLineParam@@QEBAPEBDPEBD@Z
?Initialize@CStringNormalization@@SAXXZ
?IsTLD@CURLUtils@@SA_NPEBD@Z
?Normalize@CStringNormalization@@SAH_NPEBDPEADH@Z
?Normalize@CStringNormalization@@SAH_NPEBGPEAGH@Z
?RandomChar@CUniformRandomStream@@UEAADXZ
?RandomFillMemory@CUniformRandomStream@@UEAAXPEAX_K@Z
?RandomFloat@CGaussianRandomStream@@QEAAMMM@Z
?RandomFloat@CUniformRandomStream@@UEAAMMM@Z
?RandomInt@CUniformRandomStream@@UEAAHHH@Z
?SetSeed@CUniformRandomStream@@UEAAXH@Z
?Test_BValidateStructures@CStringNormalization@@SA_NXZ
?V_ConvertStringToUUID@@YA_NPEBDW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertStringToUUID@@YA_NPEBGW4EUUIDStringFlags@@PEAUV_UUID@@@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEADH@Z
?V_ConvertUUIDToString@@YA_NPEBUV_UUID@@W4EUUIDStringFlags@@PEAGH@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppend@@YA_KPEAVCUtlStringBuilder@@PEBD_N@Z
?V_EscapeShellArgumentAndAppendPOSIX@@YA_KPEAD_KPEBD@Z
?V_EscapeShellArgumentAndAppendWin32@@YA_KPEAD_KPEBD@Z
?V_JoinNumbers@@YA?AVCUtlString@@DAEBV?$CUtlVector@HV?$CUtlMemory@H@@@@@Z
?V_JoinNumbersUint64@@YA?AVCUtlString@@DAEBV?$CUtlVector@_KV?$CUtlMemory@_K@@@@@Z
?V_JoinNumbersUint@@YA?AVCUtlString@@DAEBV?$CUtlVector@IV?$CUtlMemory@I@@@@@Z
?V_JoinStrings@@YA?AVCUtlString@@AEBV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@PEBD@Z
?V_ParseShellCommandLine@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLinePOSIX@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_ParseShellCommandLineWin32@@YAXPEBDAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@HPEAPEBD@Z
?V_SplitString3@@YAXPEBDPEBQEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@2@Z
?V_SplitStringInternal@@YAXPEBDPEBQEBDQEAPEBDHAEAV?$CUtlVector@VCUtlString@@V?$CUtlMemory@VCUtlString@@@@@@_N@Z
?V_UnicodeAdvance@@YAPEADPEADH@Z
?V_UnicodeAdvance@@YAPEAGPEAGH@Z
?V_UnicodeAdvance@@YAPEAIPEAIH@Z
?V_UnicodeCaseConvert@@YAHAEAV?$CUtlVector@GV?$CUtlMemory@G@@@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlString@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHAEAVCUtlStringBuilder@@HW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBDPEADHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBGPEAGHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeCaseConvert@@YAHPEBIPEAIHHW4EStringConvertErrorPolicy@@@Z
?V_UnicodeLength@@YAHPEBD@Z
?V_UnicodeLength@@YAHPEBG@Z
?V_UnicodeLength@@YAHPEBI@Z
?V_UnicodeRepair@@YAHPEADW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAGW4EStringConvertErrorPolicy@@@Z
?V_UnicodeRepair@@YAHPEAIW4EStringConvertErrorPolicy@@@Z
?V_UnicodeValidate@@YA_NPEBD@Z
?V_UnicodeValidate@@YA_NPEBG@Z
?V_UnicodeValidate@@YA_NPEBI@Z
?V_atoui128@@YA?AVuint128@@PEBD@Z
?V_stristr@@YAPEBDPEBD0@Z
?ValidateStatics@CStringNormalization@@SAXAEAVCValidator@@PEBD@Z
?ValidateStatics@CURLUtils@@SAXAEAVCValidator@@PEBD@Z
A4EnmLRNZlTFzOgT
A5vyK9b8s
A98Ixy6
A9g7Dl4qlr1l9HcPS0pPI7deh10CSi
AFzhysasgkyLvz9yS4qum5vA7
AHOnIBxDVee0zVbXVfd09TpcH
AJ7YJ7rx
AK0uh4SuZP
ALaQO2TS
ALc4gcslWhwlj1kxaFnsdcqP
ALjcTmpVn4
ANhhqC1uTxf
APhmvmgwwwMgm86XUfMQxLQQz3UHOm1
AUshJa3YVwVzbXst7AQMG
AVnNd6RQv2Z2Efn4TuuOl1J90uNZd
AWqVy2G0Jl
AX2YMXmwgndvhO6BNcIp
AYBCu35qVFbcTd1Y
AZsXhU6ceR2Ub7in56wUyyxdE1rVn
AdAABFi8cLl
Adwz5Xgz2oeMTdjmw32rS1o
Aelx7GyU8Ax7NpsfcsM5BTEgTe
Agnd0JHduSQGNDFnrf6C
AkAyDb5SY4BGO5y
AzJ6fyJFQPjzozIk
B1PlvXudcchM5jrGrGKMJALd
B1kLgrOEJnd4wu2kzQe2cdhk
B2LnDYtsARRg
B2WR6JrZZIlii4MMT9fNsTZUIzMn8
B3GrguwOmNIu
B79CXK1vEIr83nYa
B8l891L
B9gY9V7QN7pLbj5
B9vILsdxrIFEheUObd4CezYK8Wu
BCcWaHxYwDWwJOE3KZFRseidrl
BEybRwO3mgywkT4rnX5
BF1EEFzEo7pLaztLiM0yLYfA6
BHanIdeograph
BIT3J1Lw5zN6eo5rss84Jf
BLugyhNdP1zfwKBE3uPC
BNsFB18B7lkHxGJzSRZ8QOjiBhYNLCKT
BPZCS0n34c8l9xQ
Bbr8DvyB4nB0CaXo2H0w0jK
BdyGpq0
Becdzxj
BgcfFzs27bpWqGTz
BhD09bFVzY5j4Q9GmuWndKtueQp
BmYZp7imGv4QJhUwEZSzyRTd7Pw
BqglaQwkt6Q3wMP
BwKd7qD5wfoIZRdthr6dOC
BxGfBhTZPdzzIAzbS9qH
C2V6LlG3l6UTqkJSt2oyUODow5
CBj31grKL
CCKdJNPkTyGf
CCo8bqbPV
CD2ryI4v7Q4KnpfPCZNZvDYQ
CDVz08Ojk51NFDrwvuAAYuT
CEBRq8K1sTilEn
CF73ZR1f9KQeuhro5xPcWJysDw
CFxDlaxO7PvHaPjVpBk81hcOX
CHFTCFlpP1xTF
CJNP2hL3yU1TjdkwV7BtgIusnK5HK
CKI4EdB7p
CLl0dR16
CRjGtuildLA301ic0gksy
CWc5ow9DSR
CXbs7tAOdfme21RJ7CMLokyqciztsC
CanBeginLine
CanBreakBetween
CanBreakRepeated
CanEndLine
CcGuWp1GdyOEzgI
CckgZZBnBmLuRtZ7DhK
Ce0gFIislwIvsNo
CedKPROcO3o7Mi8eoX
CfupN63h9WE4MhFlG8LqjVLIQGgQKZ
ChbZFqof4P6rBetprZitthgAl9tOSl0
CjgVx04v99DrOCWUEqmdYDeYYuKGRaS
CnjvGkk
CommandLine
Coroutine_Cancel
Coroutine_Continue
Coroutine_Create
Coroutine_DebugBreak
Coroutine_GetCurrentlyActive
Coroutine_GetStackDepth
Coroutine_IsActive
Coroutine_IsAddressInOurStack
Coroutine_ReleaseThreadMemory
Coroutine_Test
Coroutine_ValidateGlobals
Coroutine_YieldToMain
CpFOaFcCULnTy2rjE21hWVE04k
CpbsBc68gS64TZySGEX449LJgSJ
CrWHJ7vklw6Yw2yusb
CreateInterface
CsNObfbJgBejPnOv1
CtwxivMXjNGMRvlH0eot1
Cuh1zfS
CwUSurl4osdt4
CxJiyc02k5Dnefbk0P
D56pvdzZkkW
D5QAHvyIQYXH
D89uDMBPwouOqEid95saUxF
D9Tg750DjKNHY0JU7mYDUv
DAfI8TayjN
DBHChztbJJzwHhYmiYT4zYxCJr
DBj3eFtqCXMplYc4s0rn45kWo
DEQHzngXEn3wlOAc
DG0kyWFrf0BkMWJm9
DHXBFvDPjq1aNWC7BFAx9Wx
DHuK2bQD3TZ6GvI82lfIYDp9QFvTqKTa
DP1pxaq6OeZ
DRlo6KPxhIwTWr
DTGU3axLVp0exPGrNFEy0IZC3y
DU3v1SCOieyCK6xWhAK
DV2HJ9KTuCBvxCeTvGy2MiDLTw
DZTs5U0H3jMsD9baaco83A9yI
Da0JGXC9MfBrSZUWGHmZ95u
DcxfMMgpFQabU9kUx4kJc
Dcy4g7oljeevoN7fF8UgZKQvGOWA
DdDvaO4Idcjxi
DdGyDbyDu2n
DdsPaMP
DebugStatsSystem
DlqTzAtsGaD
DrQDVeKG6kt13Usf0eGpzy
DroIraNw7AVO0bv
E0Cp1ELGCDvC
E168URBF7vcc7AdhQxx7Dy
E3Bacb7PqBaQWb0dBxHGyNzyYm
E4ZEyMFdSfEvwImud7rM62acUggp
ECKFYndohp55SmbFW42dKn
EHHQoCw8
EHcPLih9Oj22elKALwrzs5
EKulMliby48gkrl
EME6OyMMWJB83i7v2vUkga7SmY
ENHgoB3B29sUnRVv
ETh9gAz5QiLte4iqVDHW2mJopbcPKTz
EUB1SNszdWgKATxPC67o6IQc
EUGITaIaqd

Sections

.text
Size: 793KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 382KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc84427dd015272779b3d034cd29d1bb

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72Certificate

Extended Key Usages

Key Usages

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0_s64

vstdlib_s64

psapi

wininet

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 5KB - Virtual size: 19KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 295KB - Virtual size: 295KB

.reloc Size: 2KB - Virtual size: 2KB

0cb93c77c0be071ba89ceffc11936dea

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72Certificate

Extended Key Usages

Key Usages

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

psapi

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 270KB

.rdata Size: 102KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 1.2MB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 2KB

2a553bd8603dd7a318841a4c477e15ed

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

2a:26:cd:c8:b1:a4:40:76:9d:03:7b:9b:36:86:68:c8:3d:93:14:94:59:8c:4c:8b:55:9c:04:30:58:db:ac:39
Signer

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 5KB - Virtual size: 19KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 295KB - Virtual size: 295KB

.reloc
Size: 2KB - Virtual size: 2KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

06:fb:83:d0:ba:7c:64:b9:57:84:9b:76:a8:c1:de:72
Certificate

2d:5a:5e:f2:3e:81:f6:f2:11:ad:1a:59:16:63:2e:a9:cc:aa:31:98:a2:7a:d8:fe:6f:d6:75:49:97:04:bc:6b
Signer

.text
Size: 271KB - Virtual size: 270KB

.rdata
Size: 102KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 1.2MB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 793KB - Virtual size: 793KB

.managed
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 382KB - Virtual size: 490KB

.pdata
Size: 335KB - Virtual size: 335KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 203KB - Virtual size: 202KB