!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
h.reloc
STeI<x
\G1e Y!\%
9oZh~g]
H!D$@E3
!V)G\@
4rFJ/_$
W*`^pK
l ED_x
a&mGW?tz'
>'_Nn4
,eQ711
fffffff
xxx????xxx????x
NtCreateThreadEx
NtProtectVirtualMemory
/T'H@~
c*69rS
$AtU (
dSO0t?
;},]Y!
wpf&vh
AD+1Xd
CE3L0J#f=
L8xsI|=
xV'kQ+'
QKxRf0L"
1!)D.O
K ^pBO
*E},}v
=Db)1>"
#5w_,"S
|sW;B:
Q-:<X$Z
d1\NCT
~K6<>$
C0~3>P
Hhu.BW
T)HaS4
^%XN^;FI
yy}hs*
Yk"Zfp
Cr&&k4
m!M`zcb
;vhLae
..8aso
|fy1#i
Gn'aeJ
j.hq h0
"YeD_8
iSw4TKEY
Y#H$Ak
,6tVo[
mr/QFC
s|fA!2
yzu7"*N,
(w>rfV
dke`0@
Eho%:d
=P+F`"
\FB."a!
Jg.xkND^m
w^#*a=
N.Q6LN`w
<A@!S
+4LF}Q
!vEUMM
eo^O8F
WTjvd=
4lZ]Y/
Eb|rBQ
|z*0o
00(@ j
?.NlF]
#K<6M@
ip87/WZ?8c
KU Ev*
\Ve0r6
7eT3?6
#qs_M;0
Yj~/p}
+G%"h`
hBel>,
pal t({
>\:"vG
)-R%Q.
@1!GpH1
?E'o#*%
XZb"\s
hmsGp;
\T3!&_U=:O
v(ebEV
HC/.Nm?
L)]48,
_^Lw!r
&& )Aa
u9Fg2i
;#Y!~Lx
$=M }w
j6QA#/1
U,[l][Z
j6QA#/1
j6QA#/1
z_Q6H!
fubywo]m
WG<v'a
%LhW M_
P_08xc
"Er=0#
<Qi*#}
[#AH6\
D(cah4
w3Zw0%
3bf)_a
n pqk(a
.V,Xib1
<EWHxD\M
{wu$iy
l+{6N1h
|t$e#k
&E>foA
L'rs#gl
bh,2>XY7)RXR
BNh4#5
=Z(#NdNR
:2HTKF
7]7p3~
*}LrF
C{g[=f
R'X'Eu
C'[ a-
(teAV1
K }7iq
_M_$)Hv
JFw}@Q
vOZCs~
Z#=/"jm}
-znBA*
Cn^uMh'
OWI|!|
xDC@^"
qx"bRT
zc^vf5
H{|5(Ol
xbjZ$5{
fT- #l
J{w*4f
c8F5Gm
gK%6$
O*K^;l`
v miOA
@/PU>hJ
`pV4D7
&AypGZ
XkFhB-
q~SQ>]\~
'~Ry,z
;pz/uM
n]jcht{
@+F,-{
M8J}bSg
at )7\
oghkN>z{
#AtiV+o
o+T7 :Q
GmI`o"1
<4~9wE
}O%KUc
{ tKg}
k;=,a"
p_[4'x
*WhQ%\
&Nlp9a
%gu#A2z
[+D {i
S6K)G)
pRg{nDy
f]4m>O
f5nJ-Y
2|d.zk
K.xHd&p
9n`!duK-
}x,B!u
!spAN/gW
1Wc2@7lC9BL
h"n>~E
yd9#/k;y32?
;gwPh~
'd|z:T
c;px+v
sS3w15
H(_c7 T.
PV!}`rO
~3ca<P
g"h{K
'C(P66
|=i~K ^
%E[.[x~
$SzIu
5[$CS}
:'J@>7
s?KN-8
+eC]D
[03VIv6=)}3
ck^Py!
j=RVp|
zFCKr
9!0A7g
e}UAU>{
~,& X}EZ
}Q9{`:b
r'B,iv
a>t^1u
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptDestroyKey
cng.sys
RtlInitUnicodeString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
MmAllocatePagesForMdlEx
PsCreateSystemThread
ObReferenceObjectByHandle
ObReferenceObjectByHandleWithTag
ObCloseHandle
ObfDereferenceObject
ZwCreateFile
ZwReadFile
ZwWriteFile
ZwClose
MmIsAddressValid
IoCreateFileEx
MmFlushImageSection
ZwDeleteFile
IoFileObjectType
RtlGetVersion
ZwQueryInformationFile
MmGetVirtualForPhysical
KeBugCheckEx
ntoskrnl.exe
Hcy<fA
A^A]fD
CMqYfA
pA]A\_
6VWAVH
L+M0D:
D$ FILE
S;AVAWf
WATAU@:
H!D$@E+
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
210525000000Z
281231235959Z0V1
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
H/(@Bp 6
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
211110000000Z
241109235959Z0W1
Seoul1
Hangil IT Co., Ltd1
Hangil IT Co., Ltd0
https://sectigo.com/CPS0
8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://ocsp.sectigo.com0
y3S^fl
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
210322000000Z
360321235959Z0T1
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
FFlCx@
H/(@Bp 6
:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{
:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://ocsp.sectigo.com0
ts7!:o
n0PPd}
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R36
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
210525000000Z
281231235959Z0V1
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
H/(@Bp 6
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
211110000000Z
241109235959Z0W1
Seoul1
Hangil IT Co., Ltd1
Hangil IT Co., Ltd0
https://sectigo.com/CPS0
8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://ocsp.sectigo.com0
y3S^fl
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
210322000000Z
360321235959Z0T1
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
FFlCx@
H/(@Bp 6
:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{
:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://ocsp.sectigo.com0
ts7!:o
n0PPd}
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R36
h ^#RN
ZwQuerySystemInformation
RtlImageNtHeader
RtlImageDirectoryEntryToData
Microsoft Primitive Provider
ChainingModeECB
ChainingMode
\SystemRoot\System32\GSDrv.bin
\SystemRoot\System32\ntdll.dll
NtOpenFile