Manalyze report for 889cf2efc9c33af8758e238de8318c86

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-18 23:23:44
Debug artifacts	D:\a\_work\1\s\src\runtime\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
CompanyName	Froststrap
FileDescription	Froststrap
FileVersion	`1.4.1.0`
InternalName	Froststrap.dll
LegalCopyright
OriginalFilename	Froststrap.dll
ProductName	Froststrap
ProductVersion	`1.4.1.0`
Assembly Version	1.4.1.0

Plugin Output

Info	Matching compiler(s):	`.NET DLL -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: rundll32.exe` `Contains references to internet browsers: chrome.exe firefox.exe` `Looks for VMWare presence: VMWARE` `Looks for VirtualPC presence: 0f 3f 07 0b` `Contains another PE executable: This program cannot be run in DOS mode.` `Miscellaneous malware strings: cmd.exe exploit virus` Contains domain names: .bloxstraplabs.com .roblox.com 2captcha.com Bloxstrap.Resources.Strings.de Bloxstrap.Resources.Strings.es Bloxstrap.Resources.Strings.fr Bloxstrap.Resources.Strings.it Bloxstrap.Resources.Strings.nl Bloxstrap.Resources.Strings.ru Bloxstrap.Resources.Strings.uk Brickfilms.com Resources.Strings.de Resources.Strings.es Resources.Strings.fr Resources.Strings.it Resources.Strings.nl Resources.Strings.ru Resources.Strings.uk Roblox.com Strings.de Strings.es Strings.fr Strings.it Strings.nl Strings.ru Strings.uk ak.rbxcdn.com amazonaws.com api.2captcha.com api.capsolver.com api.github.com apis.roblox.com apis.rovalra.com archive.mozilla.org assetgame.roblox.com auth.roblox.com aws.rbxcdn.com bloxstraplabs.com cacerts.digicert.com cachefly.net capsolver.com cdn.discordapp.com chrome.com chromium.org clientsettings.roblox.com clientsettingscdn.roblox.com codeplex.com crl.microsoft.com crl3.digicert.com crl4.digicert.com crowdin.com details.mozilla.org devblogs.microsoft.com develop.roblox.com developer.chrome.com developer.microsoft.com developer.mozilla.org devforum.roblox.com digicert.com discord.com discordapp.com docs.microsoft.com example.com fontello.com friends.roblox.com gamejoin.roblox.com games.roblox.com github.com githubusercontent.com gitlab.com google.com googleapis.com http://cacerts.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0 http://crl.microsoft.com http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0 http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z http://crl3.digicert.com http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0 http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F http://crl4.digicert.com http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0 http://dummy.test http://example.com http://fontello.com http://icsharpcode.net http://james.newtonking.com http://james.newtonking.com/projects/json http://ocsp.digicert.com0A http://ocsp.digicert.com0C http://ocsp.digicert.com0O http://ocsp.digicert.com0X http://schemas.lepo.co http://schemas.lepo.co/wpfui/2022/xaml http://schemas.microsoft.com http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 http://scripts.sil.org http://scripts.sil.org/OFL http://scripts.sil.org/OFLSans http://scripts.sil.org/OFLhttp http://wpfanimatedgif.codeplex.com http://www.digicert.com http://www.digicert.com/CPS0 http://www.google.com http://www.google.com/get/noto/Designed http://www.microsoft.com http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0 http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0 http://www.microsoft.com/pkiops/Docs/Repository.htm0 http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crt0 http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl0 http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl0y http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010 http://www.microsoft.com/pkiops/docs/primarycps.htm0 http://www.microsoft.com0 http://www.monotype.com http://www.monotype.com/studiohttp http://www.roblox.com http://www.roblox.com/ http://www.roblox.com/. http://www.roblox.com/F http://www.roblox.com/asset/?id http://www.w3.org http://www.w3.org/2000/xmlns/ http://www.w3.org/2001/XMLSchema https://aka.ms https://api.2captcha.com https://api.capsolver.com https://api.github.com https://api.github.com/repos/Froststrap/mod-generator/releases/latest https://api.github.com/repos/RealMeddsam/Froststrap/releases/latest https://apis.roblox.com https://apis.roblox.com/auth-token-service/v1/login/cancel https://apis.roblox.com/auth-token-service/v1/login/create https://apis.roblox.com/auth-token-service/v1/login/status https://apis.roblox.com/discovery-api/omni-recommendation https://apis.roblox.com/search-api/omni-search?searchQuery https://apis.rovalra.com https://apis.rovalra.com/process_servers https://apis.rovalra.com/v1/datacenters/list https://apis.rovalra.com/v1/geolocation?ip https://apis.rovalra.com/v1/server_details?place_id https://archive.mozilla.org https://archive.mozilla.org/pub/devedition/releases https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central https://archive.mozilla.org/pub/firefox/releases https://assetgame.roblox.com https://assetgame.roblox.com/game/PlaceLauncher.ashx?request https://auth.roblox.com https://auth.roblox.com/v1/authentication-ticket/ https://auth.roblox.com/v2/login https://auth.roblox.com/v2/logout https://bloxstraplabs.com https://clientsettings.roblox.com https://clientsettings.roblox.com/v2/user-channel?binaryType https://clientsettingscdn.roblox.com https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer/channel/ https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64 https://crowdin.com https://devblogs.microsoft.com https://devblogs.microsoft.com/directx/demystifying-full-screen-optimizations/ https://develop.roblox.com https://develop.roblox.com/v1/universes/ https://developer.chrome.com https://developer.chrome.com/apps/runtime#method-connect https://developer.microsoft.com https://developer.microsoft.com/en-us/windows/uwp-community-toolkit https://developer.mozilla.org https://developer.mozilla.org/en-US/docs/Web/API/WebGL2RenderingContext#Browser_compatibility https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/defineProperty https://devforum.roblox.com https://devforum.roblox.com/t/new-in-experience-text-chat-system-public-release/1848837 https://discord.com https://discord.gg https://docs.microsoft.com https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation https://friends.roblox.com https://friends.roblox.com/v1/users/ https://gamejoin.roblox.com https://gamejoin.roblox.com/v1/join-game-instance https://games.roblox.com https://games.roblox.com/v1/games/ https://games.roblox.com/v1/games/multiget-place-details?placeIds https://games.roblox.com/v1/games?universeIds https://games.roblox.com/v2/users/ https://github.com https://gitlab.com https://googlechromelabs.github.io https://googlechromelabs.github.io/chrome-for-testing/last-known-good-versions.json https://invra.net https://ipinfo.io https://music.yandex.ru https://music.yandex.ru/iframe/#track/ https://ok.ru https://player.vimeo.com https://player.vimeo.com/video/ https://presence.roblox.com https://presence.roblox.com/v1/presence/users https://product-details.mozilla.org https://product-details.mozilla.org/1.0/firefox_versions.json https://raw.githubusercontent.com https://raw.githubusercontent.com/RealMeddsam/config/main/BuilderIcons-Filled.ttf https://raw.githubusercontent.com/RealMeddsam/config/main/BuilderIcons-Regular.ttf https://raw.githubusercontent.com/RealMeddsam/config/refs/heads/main/Channels.json https://raw.githubusercontent.com/RealMeddsam/config/refs/heads/main/Data.json https://raw.githubusercontent.com/bloxstraplabs/config/main/assets/ https://raw.githubusercontent.com/bloxstraplabs/config/main/supporters.json https://roblox-setup.cachefly.net https://roblox.com https://s3.amazonaws.com https://s3.amazonaws.com/setup.roblox.com https://scripts.sil.org https://scripts.sil.org/OFLRubik-LightVersion https://scripts.sil.org/OFLThis https://scripts.sil.org/OFLhttp https://setup-ak.rbxcdn.com https://setup-aws.rbxcdn.com https://setup.rbxcdn.com https://setup.rbxcdn.com/version- https://source.chromium.org https://source.chromium.org/chromium/chromium/src/+/master https://status.roblox.com https://storage.googleapis.com https://storage.googleapis.com/chrome-for-testing-public https://storage.googleapis.com/chromium-browser-snapshots https://storage.googleapis.com/chromium-browser-snapshots/ https://support.microsoft.com https://support.microsoft.com/en-us/topic/media-feature-pack-list-for-windows-n-editions-c1c6fffa-d052-8338-7a79-a4bb980a700a https://thumbnails.roblox.com https://thumbnails.roblox.com/v1/batch https://thumbnails.roblox.com/v1/games/icons?universeIds https://thumbnails.roblox.com/v1/places/gameicons?placeIds https://thumbnails.roblox.com/v1/users/avatar-headshot?userIds https://tonsky.meThis https://tonsky.mehttps https://users.roblox.com https://users.roblox.com/v1/users/ https://users.roblox.com/v1/users/authenticated https://www.mnot.net https://www.mnot.net/blog/2016/03/09/alt-svc https://www.newtonsoft.com https://www.newtonsoft.com/json https://www.newtonsoft.com/jsonschema https://www.nuget.org https://www.nuget.org/packages/Newtonsoft.Json.Bson https://www.nvidia.com https://www.nvidia.com/en-us/geforce/technologies/ansel/supported-gpus/ https://www.roblox.com https://www.roblox.com' https://www.roblox.com/ https://www.roblox.com//a$ https://www.roblox.com/crossdevicelogin/ConfirmCode https://www.roblox.com/games/ https://www.roblox.com/games/start?placeId https://www.roblox.com/login https://www.roblox.com/users/1484207733/profile https://www.rovalra.com https://www.youtube.com https://www.youtube.com/embed/ icsharpcode.net invra.net james.newtonking.com microsoft.com monotype.com mozilla.org music.yandex.ru newtonking.com newtonsoft.com nuget.org nvidia.com offsets.top openxmlformats.org paint.net player.vimeo.com presence.roblox.com product-details.mozilla.org raw.githubusercontent.com rbxcdn.com recaptcha.net roblox-setup.cachefly.net roblox.com rovalra.com s3.amazonaws.com schemas.microsoft.com schemas.openxmlformats.org scripts.sil.org setup-ak.rbxcdn.com setup-aws.rbxcdn.com setup.cachefly.net setup.rbxcdn.com setup.roblox.com source.chromium.org status.roblox.com storage.googleapis.com support.microsoft.com thumbnails.roblox.com users.roblox.com vimeo.com window.top wpfanimatedgif.codeplex.com www.digicert.com www.google.com www.microsoft.com www.mnot.net www.monotype.com www.newtonsoft.com www.nuget.org www.nvidia.com www.recaptcha.net www.roblox.com www.rovalra.com www.w3.org www.youtube.com yandex.ru youtube.com
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryA` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Can access the registry: RegCloseKey RegOpenKeyExW RegGetValueW` `Possibly launches other programs: ShellExecuteW`
Suspicious	The file contains overlay data.	`18333484 bytes of data starting at offset 0xbf400.` `Overlay data amounts for 95.9023% of the executable.`
Safe	VirusTotal score: 0/71 (Scanned on 2026-02-09 19:12:37)	`All the AVs think this file is safe.`

Hashes

MD5	`889cf2efc9c33af8758e238de8318c86`
SHA1	`b0f232cf6f2b9e6088fff1226e1642012abb9630`
SHA256	`cb28d4cb667c6078ceb272b6e892c0b8fc69581d6ab9024375a3b10e215ec0ba`
SHA3	`930d8c9a0161c595627a617a3c2b4bacd1d5c765cdb282c7705c97f129c69464`
SSDeep	`196608:YjJVgTw/jJE4+OcOBgsnjJ/0sojJVnxyFJ2U0NUG7UabzObAbN0B:YJVRrJE4/gsjJ/0sQJTyFJ30hIAOB`
Imports Hash	`53e4e12437621212a425d294842d0a96`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Nov-18 23:23:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x18400`
SizeOfInitializedData	`0xa7c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000013B80 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc4000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x180000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`542bbb6189c731190df7d68ac07232c5`
SHA1	`a534ee9585f711d3268a09598c23402954d58f33`
SHA256	`4620f2521a9f2a779dfcd034db28db6c17a01e72aa10d41330eb910000472773`
SHA3	`b3b350f38831c1834a54887174a675e6ccd1d7fe6029328950e31bbcf48f59b1`
VirtualSize	`0x1839c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36301`

.rdata

MD5	`f96090fa2345fc4dfa8aea378a934f09`
SHA1	`8356de6327cce0f208b07ea9c8a20d874c416efc`
SHA256	`ef0bb9373f5e19393c5e48d663f6194ad229c5de9f6717f2688f554d73168b5d`
SHA3	`63a85c42efd6d357a6506aa41ad1174dc061a58026d6a04da38d4753ed897ef5`
VirtualSize	`0xc5fe`
VirtualAddress	`0x1a000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x18800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84699`

.data

MD5	`3694298b40a3798cc419fd6130b1c21d`
SHA1	`250ff8db17b233d2206fbbdd1da24989b807c599`
SHA256	`004a77b93e8ac4ec513a655a77ba0be79e9d83ed012fa07d36cfed9a29b1d62a`
SHA3	`a3529a172bb237efd2ed33c0a939271d1f7ef79497f194ae09dac5d0ddb35ab3`
VirtualSize	`0x1a40`
VirtualAddress	`0x27000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x24e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.23817`

.pdata

MD5	`145209890bbc2ecbc84762fcd08efd0b`
SHA1	`b977d1f04a2d16147d86562124dde273386113bc`
SHA256	`5fd25e8acfaad5694cf25ea9676bd7e8569b1d9689e1c363afbba3e2f5180860`
SHA3	`8f915a320403176e49869b53edef17d54c34f98d1f3d35ed9e055ac17e6cfd7b`
VirtualSize	`0x14c4`
VirtualAddress	`0x29000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x25a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.92549`

.reloc

MD5	`013117ac819f8cbe20d402f784ee2731`
SHA1	`2f089ff04f134328ae06b14119155796239226aa`
SHA256	`f6bfd84f8de960552694e3ba178d8b40ea4a0ea893f4dfe14706415288487e4a`
SHA3	`a31b80535fd6738c1909a024a81da7b26e3dcca70b1f62a8a3c9ef72b219e1c9`
VirtualSize	`0x33c`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x27000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80647`

.rsrc

MD5	`a1ce0a70a6c0f2c547136dabfabe3ea7`
SHA1	`b2d24c38a585a21b3f927a8bff82fb64c9c06a10`
SHA256	`43ac7b1a8cd2f270115967ed5bca60e8d079f302ebab0d9bfe20463dfad59209`
SHA3	`0ae8f175ac5de0cccb40cc8b8b115a77deb437551902f8351636bee88f7b57c7`
VirtualSize	`0x97e7c`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x98000`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.6071`

Imports

SHELL32.dll	`ShellExecuteW`
ADVAPI32.dll	`RegCloseKey` `ReportEventW` `RegisterEventSourceW` `RegOpenKeyExW` `RegGetValueW` `DeregisterEventSource`
KERNEL32.dll	`TlsFree` `CreateActCtxW` `ActivateActCtx` `GetLastError` `FindResourceW` `GetWindowsDirectoryW` `GetProcAddress` `GetModuleHandleW` `FreeLibrary` `LoadLibraryExW` `FindFirstFileExW` `EnterCriticalSection` `GetFullPathNameW` `FindNextFileW` `GetCurrentProcess` `GetStdHandle` `GetModuleHandleExW` `GetModuleFileNameW` `LeaveCriticalSection` `GetEnvironmentVariableW` `FindClose` `GetFileAttributesW` `MultiByteToWideChar` `GetConsoleMode` `GetFileAttributesExW` `LoadLibraryA` `WriteConsoleW` `DeleteCriticalSection` `WideCharToMultiByte` `IsWow64Process` `OutputDebugStringW` `GetCurrentProcessId` `TlsSetValue` `TlsGetValue` `TlsAlloc` `InitializeCriticalSectionAndSpinCount` `SetLastError` `RaiseException` `RtlPcToFileHeader` `RtlUnwindEx` `InitializeSListHead` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetStringTypeW` `SwitchToThread` `GetCurrentThreadId` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `QueryPerformanceCounter` `GetSystemTimeAsFileTime`
USER32.dll	`MessageBoxW`
api-ms-win-crt-runtime-l1-1-0.dll	`terminate` `_register_thread_local_exe_atexit_callback` `_c_exit` `__p___wargv` `__p___argc` `_exit` `exit` `_initterm_e` `_errno` `_initterm` `_get_initial_wide_environment` `_initialize_wide_environment` `_configure_wide_argv` `_set_app_type` `_seh_filter_exe` `_cexit` `_crt_atexit` `_register_onexit_function` `_initialize_onexit_table` `abort` `_invoke_watson`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `malloc` `_callnewh` `free`
api-ms-win-crt-time-l1-1-0.dll	`_time64` `_gmtime64_s` `wcsftime`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfwprintf` `__p__commode` `fputwc` `__acrt_iob_func` `__stdio_common_vswprintf` `_set_fmode` `_wfsopen` `fflush` `setvbuf` `__stdio_common_vsnwprintf_s`
api-ms-win-crt-locale-l1-1-0.dll	`_create_locale` `___mb_cur_max_func` `___lc_codepage_func` `___lc_locale_name_func` `__pctype_func` `_configthreadlocale` `setlocale` `_lock_locales` `_free_locale` `_unlock_locales`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `strcmp` `wcsncmp` `toupper` `strcpy_s` `_wcsdup` `wcsnlen`
api-ms-win-crt-convert-l1-1-0.dll	`_wtoi` `wcstoul`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42283`
MD5	`c9deb74c987d3fab325cf32f9121a6c5`
SHA1	`5d6cab07d7cd6c94e724c1b0b58baefd7c648d9b`
SHA256	`fe36fabee70087f153fc2f5c706f75efa05bd34c5b7f01f3764fe6fc0a806005`
SHA3	`3f8a9716250b5ee81b2d78833960bc60518615f85fae68463200fa0f2713e580`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08051`
MD5	`29eab3f378cfc27828253a22f0b9f990`
SHA1	`503c127d6791894ab935a9a8763010a4d30879c1`
SHA256	`52690c8f9c01dd587b2ae1bd06ffe41015dd4ec6f1227179664749820ccd795f`
SHA3	`e6bccacd06487196ab4569e495cea3c52331920055e7d82b631a5134c5615504`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12261`
MD5	`efead42598fdd16eb2cfb02334a4ca05`
SHA1	`7b4bc616f4ce1f785a49fe0fdc18a16c929e572a`
SHA256	`71d9ce878a14445576991da61504b4a5c2b0876e208c31e9e78363414c9e9958`
SHA3	`11cafbf482f909328b115fc5b286453295ef06cb1e6ce2fc3ef8891ca675d59d`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39757`
MD5	`50d15e030be5df58338f4333d01dcdf2`
SHA1	`b94adedc7e87ff32b88970823cd5b930d9385e83`
SHA256	`8917c7a30c775ab5bb447d0e00ca605170c9381f16f37a99b60fe96e973d594e`
SHA3	`981bef424c71c70e0b79ff60e99f88fc298895c4bf3ad383631744772eaab857`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10324`
MD5	`5c606c8d2d552329899c3a5887fd9a31`
SHA1	`8900d11fb6a59bd7d94264e868ec2416748b52b3`
SHA256	`363627d54af8754233fb76fe2208f55663549adcef0ddb68544be49c8b5a2e6e`
SHA3	`1dbf569362a4ff85c037f82316a357ddb21ae0a364e1d1f639fb4026ef49a345`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x235ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92503`
Detected Filetype	PNG graphic file
MD5	`064bf56e053d274868e08aaceb511602`
SHA1	`1055508b55e655a80e49968e5904eebc591d58c2`
SHA256	`73f9f80a4a32ffe7ea97adc41d80d5d6dae1468cc31ac4f5176671e487890381`
SHA3	`9d6dd89456a6d861f3c16d8db885b71ee23e1cfa346dfc811673b8fc19f73236`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x172a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.96609`
Detected Filetype	PNG graphic file
MD5	`c238898c6db024edabfdda128736c7fb`
SHA1	`acc962c59355a315f6d1b6dd26b502d449ce88b3`
SHA256	`ae60ea437b2eaff65acec7d0ec94493eb27ccb66b474b29957321a5ee2d58d74`
SHA3	`27445510ebeea4c70bf4eec5f51fc18d962df4e17e06a84ae278f28bf4588a96`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xc1a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97216`
Detected Filetype	PNG graphic file
MD5	`ed2c19be8795558a9778959177ae4c95`
SHA1	`34ed3b60fe53a312f408c9ee3daecba96292d915`
SHA256	`53b4eb6bf07b2bab361d37b9ff5f6d6f4aa8470b174611f155a77bff3e6f9208`
SHA3	`22304f0de337e69968031d6f41d1d44624a62b450f289c5692b125591b59f0aa`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x47a5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.97105`
Detected Filetype	PNG graphic file
MD5	`dcae962c7e9b17eed8093d9e19619871`
SHA1	`edb5a861139e0f6a79ba5d193420b267c11a559f`
SHA256	`c5444d1d372f750eb68e3da404f1774496bff076f57abc7ead288e32b105f5bb`
SHA3	`464d23848bec700924a56815aa0487d66c486189d4df1b248e2509505fae65d0`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1638`
MD5	`6f9113d9daaaf1a43ca75d2aa0169684`
SHA1	`36bd7ce1332078944330ff68888a26d1a82d8257`
SHA256	`f3635fcc66e950d744544cb651871e73e26c47d15a6bed691182e2cd3a1adfde`
SHA3	`348688ee501ecdf84634ddafbff72b607f86a74e028aec0586abeba517b8cef8`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28914`
MD5	`7c6dcdfc856e1f69047b626555e485f7`
SHA1	`4fa3a6d03a5b442fda28ec4f97bcf770838431c5`
SHA256	`f1c2c12d3a22365819d9719766436b7606264643ad971ceda5693fd7ed47f16f`
SHA3	`147d78fcfffbb0e3c9207439d31bec1dcdd545842a5fa57969e294c9f154ba30`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40633`
MD5	`1306423379a5ef9a5602d6f9e789dfb3`
SHA1	`a54c7a9a7e4e93c20901527f0a71e7ca2298f9af`
SHA256	`f33e2939ad819c94f96391e7ee508167b803cc3ee5af196255391f8810421a09`
SHA3	`0f72763f9c1722dd4d93933e0e8a0a017ce989b5e8106b0849ee70109a023838`

13

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62168`
MD5	`c387519bd6d080cd9b7ea1e949c12c9e`
SHA1	`e5ae46c9b975ba6b03f623226cec05d5226c25eb`
SHA256	`73a0073971763721afad6f7e70711e7d4d7f7abb7dbc0235eac6e155223cec5d`
SHA3	`001e7b92c547333da579c42a7fb58a60970537b400d826ba192949427c9a0dbb`

14

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.75224`
MD5	`e80fb5e1dc5346b01cfed90799ec4dc0`
SHA1	`cd4f0c38debc39dd2bc9ea6afa733752b9f8d592`
SHA256	`5536cd545a0a3db7627de71446beb1a84582ec21819c1a9233ef44c98c713a50`
SHA3	`f70c3512dc6a7736d0e27b6262a50b372a25489856897de9f94ff49aab10f77c`

15

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86552`
MD5	`1590d6447f78925221b83da37095b0d1`
SHA1	`b860d1a2c44504e4a63e915abdb01c13187ecb4f`
SHA256	`4d43ae452bb9fa2fc304ffacdde24762ba532a455ef9aafb8fc7417c9fce4738`
SHA3	`290a1c2a61dd1b4dfd2a3dd8757578fff968f5b550a77437cb271386191a179a`

16

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.10648`
MD5	`d75eea04715a050d03ae4a58bf7942b0`
SHA1	`21127bcc95a415e275be3a98e02ec6fc3976a357`
SHA256	`587c5dfce01a83552ad8d823fa44cfc791a498188bafc630d74de31c9dd9dc65`
SHA3	`15b2f5eb0fded82945c5f51014a61f33c9ff0caf13bc550f9f5ed996fdd91cc1`

17

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.32127`
MD5	`a4157544e69c0ad594299f9413c1dbe6`
SHA1	`ae15e01a2ac9e37f8ff3674325d04ef226dfc6ca`
SHA256	`b0af96325688be0a474ff0be8fe0ea1ff9e1fa2a402fb50f9937749e1a8c491e`
SHA3	`9906ff0e77a891858979192123fd9781c32b22e77eeb632f8dcda16586ee86bb`

18

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53559`
MD5	`ef69e0c46bb0fa675bef9bda5bfaf02b`
SHA1	`cd33e234c138121bcfb6ed001070be75236bec8e`
SHA256	`43965a4a1f24215b8515bc6af21b88fd8d7d28988a41d5ba2b5e7a2fd87ee1b1`
SHA3	`12fd9885ab769eb3ef634a52cb4c744e27129de17c155465186ffa19555ab2fa`

19

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68481`
MD5	`16e5563a96aa59e5364cb7de97f13b02`
SHA1	`c3a1aeaf814ec82f820e2ecc6fa86f5f818a32c7`
SHA256	`62e86da8e91ebbef101c0c9a399a85e3574c99b74d21c8722ac8041e90cbaeb2`
SHA3	`1d139da507089abc171c4d77faac99d164629d30627e87ab17db2f00be08a64a`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x110`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26168`
Detected Filetype	Icon file
MD5	`bd35dbd7e271da7da464351f0d701b06`
SHA1	`d1fd09ba8992698499b5319c759bb2e16dd0ae4c`
SHA256	`25f3649e282c07d3e2ff64f687cd5546ce82a1236a7c3a23fc2944f5b9afa99e`
SHA3	`725681e98179cb9c90ef6ace45bc4423bab9e19b3ca05fdacec2d38a24ff3fad`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2d8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22495`
MD5	`2a4f1d382d39eb23e6268347bd0c5f96`
SHA1	`63d6a6868b519f82594232f7835196909167832b`
SHA256	`dbaf95ac29c97b959059db3f93c17dbdb2d010932aeb639757b71ed8c0afb2a7`
SHA3	`f86b0b791e20e5589447117529587beb392c20dd0de2a4573333740d3ea9072c`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xce1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00175`
MD5	`73f60e86e7ab2b7a73a1f1a18e93b7ad`
SHA1	`549a55e09318ff6829abdfdf624955abb4cd6776`
SHA256	`742f6de330674fa9308385d4dfa408bac8f7498de822176671fc77804db6b75e`
SHA3	`7b08b0ba07bf513724d536c406b5f81453e57a52142dad8addabfad1914c50e6`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.4.1.0
ProductVersion	1.4.1.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	Froststrap
FileDescription	Froststrap
FileVersion (#2)	1.4.1.0
InternalName	Froststrap.dll
LegalCopyright
OriginalFilename	Froststrap.dll
ProductName	Froststrap
ProductVersion (#2)	1.4.1.0
Assembly Version	1.4.1.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Nov-19 15:20:10
Version	`0.0`
SizeofData	`121`
AddressOfRawData	`0x22e2c`
PointerToRawData	`0x2162c`
Referenced File	D:\a\_work\1\s\src\runtime\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Nov-19 15:20:10
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x22ea8`
PointerToRawData	`0x216a8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Nov-19 15:20:10
Version	`0.0`
SizeofData	`988`
AddressOfRawData	`0x22ebc`
PointerToRawData	`0x216bc`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2025-Nov-19 15:20:10
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x232c0`
PointerToRawData	`0x21ac0`

TLS Callbacks

StartAddressOfRawData	`0x1400232e8`
EndAddressOfRawData	`0x1400232f8`
AddressOfIndex	`0x140028a28`
AddressOfCallbacks	`0x14001a518`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0x800`
EditList	`0`
SecurityCookie	`0x1400270c0`
GuardCFCheckFunctionPointer	`5368816712`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x2c9db172`
Unmarked objects	`0`
ASM objects (35207)	`10`
C objects (35207)	`13`
C++ objects (35207)	`86`
Imports (VS2008 SP1 build 30729)	`16`
Imports (33140)	`9`
Total imports	`212`
C++ objects (LTCG) (35217)	`10`
Linker (35217)	`1`

889cf2efc9c33af8758e238de8318c86

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.reloc

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors