Sample details: 9040ba73eca86d61f88e1935d4134114 --

Hashes
MD5: 9040ba73eca86d61f88e1935d4134114
SHA1: ab6515ed4b161e14f6aac65fa7d11a60a81d2e4d
SHA256: 795fe82fba35ee15eeb70cfe999ce8881e8ba1cc7b1734413b38259847ece8bf
SSDEEP: 12288:R1je66lGKcAbbyjGv0nHQNeG/RpYx1PWV+H7lKGvfugNG5et/zwLsbNcUexbqpT0:veZlGQbrht/TSWqJNG4WLsRDespTWz
Details
File Type: PE32+
Added: 2018-11-10 00:55:32
Yara Hits
YRP/Microsoft_Visual_Cpp_80 | YRP/Microsoft_Visual_Cpp_80_DLL | YRP/IsPE64 | YRP/IsWindowsGUI | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/System_Tools | YRP/Browsers | YRP/Dropper_Strings | YRP/WMI_strings | YRP/Misc_Suspicious_Strings | YRP/DebuggerCheck__QueryInfo | YRP/anti_dbg | YRP/disable_dep | YRP/network_tcp_socket | YRP/escalate_priv | YRP/screenshot | YRP/keylogger | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/Big_Numbers0 | YRP/Big_Numbers1 | YRP/Big_Numbers3 | YRP/Advapi_Hash_API | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Http_API |
Source
http://185.5.248.205/p.exe
http://52.50.24.225/procexp64.exe
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
@SUVWH
|$ ATAVAWH
 A_A^A\
@VWAVH
UATAUAVAWH
A_A^A]A\]
@WAVAWH
@A_A^_
UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
 A_A^_
@UVWATAUAVAWH
A_A^A]A\_^]
@UWATAVAWH
A_A^A\_]
@UVWATAUAVAWH
@A_A^A]A\_^]
SUVWATAVAWH
@A_A^A\_^][
UAVAWH
@UVWATAUAVAWH
A_A^A]A\_^]
@VWATAVAWH
@A_A^A\_^
UVWAVAWH
@A_A^_^]
WATAUAVAWH
A_A^A]A\_
SUVWAVH
@A^_^][
@VWATAVAWH
L9c0uYH
\tZD8c
0A_A^A\_^
|$ AVH
UWATAVAWH
A_A^A\_]
WATAUAVAWH
H9k uYH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
ATAVAWH
@A_A^A\
USVWATAUAVAWH
xA_A^A]A\_^[]
@VWAVH
@USVWH
@SUVWAVH
f9(t2H
0A^_^][
@UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
0A_A^_
SUVWAVH
0A^_^][
WAVAWH
 A_A^_
@VWAVH
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
@A_A^A]A\_
@VWAVH
@UVWATAUAVAWH
A_A^A]A\_^]
VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
@USVWATAUAVAWH
HA_A^A]A\_^[]
USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
`A_A^A]A\_^]
SVWAVAWH
0A_A^_^[
@VWAVH
@VWATAVAWH
@A_A^A\_^
D$@L;D$Hu
UVWAVAWH
 A_A^_^]
ATAVAWH
A_A^A\
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
fA9,Gu
l$0f9/t;
A_A^A]A\_
WAVAWH
pA_A^_
VAVAWH
@A_A^^
@UVWATAUAVAWH
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@VWAVH
UATAUAVAWH
A_A^A]A\]
@VWAVH
UVWATAUAVAWH
A_A^A]A\_^]
@VWAVH
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@WAVAWH
PA_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
ATAVAWH
A_A^A\
UATAUAVAWH
A_A^A]A\]
@VWAVH
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
WAVAWH
PA_A^_
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
fD9,Pu
fD9,Pu
fD9,Pu
fD9,Bu
fD9,Ju
@A_A^A]A\_
UATAUAVAWH
A_A^A]A\]
@VWAVH
UATAUAVAWH
A_A^A]A\]
fD;L$(t
@UVWATAUAVAWH
2333333
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
A_A^A]A\_^[]
WAVAWH
PA_A^_
VWATAVAWH
A_A^A\_^
UATAUAVAWH
P(fD;m
A_A^A]A\]
@USVWAVH
A^_^[]
UVWAVAWH
0A_A^_^]
TUUUUUU
SVWATAUAVAWH
pA_A^A]A\_^[
UVWATAUAVAWH
A_A^A]A\_^]
D$@L;D$Hu
@UVWATAUAVAWH
A_A^A]A\_^]
@VWAVH
UATAUAVAWH
A_A^A]A\]
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
TUUUUUU
I9q sEI
I;q s?I
I9q sEI
I;q s?I
H9C s(H
UVWAVAWH
@A_A^_^]
k(H9k(
k H9k(
UVWAVAWH
`A_A^_^]
UVWATAUAVAWH
H;K s@H
G0H+G(H
A_A^A]A\_^]
H UATAUAVAWH
 H;C8u
A_A^A]A\]
SVWAVH
8A^_^[
D$@L;D$Hu
D$@L;D$Hu
WAVAWH
0A_A^_
@WATAUAVAWH
0A_A^A]A\_
@USVWATAUAVAWH
A_A^A]A\_^[]
t$ UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
fE9a:u
A_A^A]A\_
@USVWATAUAVAWH
D$4;D$h
t HcD$4;E
D$4;D$h
A_A^A]A\_^[]
WAVAWH
@USVWH
UWATAVAWH
A_A^A\_]
@SWATAUAVH
A^A]A\_[
UVWATAUAVAWH
A_A^A]A\_^]
USAUAWI
A_A][]
@USVWATAUAVAWH
A_A^A]A\_^[]
t5H9J(u
|$ AVH
@USVWATAUH
D$XL;c
|$8H;{
D$0L;c
A]A\_^[]
@USVWAUAWH
EX9EP}
E\9ET}
A_A]_^[]
@SATAVH
@A^A\[
@A^A\[
l$ VWATAVAWH
T$@+T$8E
A_A^A\_^
UVWAVAWH
D+t$$A
pA_A^_^]
\$ UVWATAUAVAWH
l$8+D$`+
\$(+t$L
A_A^A]A\_^]
|$ ATAVAWH
A_A^A\
|$ AVH
D$,+D$$H
@USVATAUAVAWH
A_A^A]A\^[]
@SUVWATAVH
7;\$H}
l$$D;l$L}
D;l$T|
;\$@|	
|$D+|$<D;
xA^A\_^][
@USVWATH
H;sHu,H
H;sHu,H
H;sHu[I
A\_^[]
UVWATAVH
 A^A\_^]
UVATAVI
A^A\^]
D$D+D$L
@USVWH
t.HcG H
|$ UATAVH
@SUVWATAUAVAWH
xA_A^A]A\_^][
\$xtTH
@SVWAUAVH
\$H+\$@
+|$DA+
pA^A]_^[
T$H+T$@
L$L+L$DD
@USVWATAUAVAWH
D9|$hv,
D;|$hr
|$lD+|$hD
|$lD+|$hD
N<@E9~8u
A_A^A]A\_^[]
SVWATAUAVAWH
L;(u4H
A_A^A]A\_^[
VWATAVAWH
A_A^A\_^
UWATAVAWH
A_A^A\_]
UVWATAUAVAWH
@A_A^A]A\_^]
USVWATAUAVAWH
A_A^A]A\_^[]
USVWATAUAVAWH
?I;} t
A_A^A]A\_^[]
L$`f9t$`t33
@VWATAVAWH
PA_A^A\_^
UVWATAUAVAWH
pA_A^A]A\_^]
f90tOH
UVWAVAWH
@A_A^_^]
WATAUAVAWH
A_A^A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
@VAVAWH
PA_A^^
PA_A^^
USVWATAUAVAWH
A_A^A]A\_^[]
@SVAVH
T$`t#H
D$@L;D$Hu
UVWAVAWH
 A_A^_^]
@VWAVAWH
8A_A^_^
@UWATAVAWH
 A_A^A\_]
 A_A^A\_]
9t$0tWL
WATAUAVAWH
 A_A^A]A\_
@SUVWH
F+D$<D+L$8A
WATAUAVAWH
A_A^A]A\_
@VWAVH
UATAUAVAWH
D$PHcH
D$PHcH
D$@HcH
D$@HcH
D$@HcH
D$@HcH
t$(tTH
A_A^A]A\]
t$ AVH
\$ UVWATAWH
@A_A\_^]
@SUVWAWH
@A__^][
l$@fE;
CXHc8H
M9Hhv"I9Hhs
|$ AVH
TUUUUUU
WATAUAVAWH
H;0u8H
@A_A^A]A\_
|$ AVH
@USVWAVH
A^_^[]
t$ ATAVAWH
 Hcl$`Ic
 A_A^A\
|$ AVH
@UVWATAUAVAWH
0A_A^A]A\_^]
UVWATAUAVAWH
L;0t8I
A_A^A]A\_^]
UATAWH
 A_A\]
@UWAVAWH
(A_A^_]
ATAVAWH
 A_A^A\
 A_A^A\
WAVAWH
 A_A^_
WATAUAVAWH
 A_A^A]A\_
WAVAWH
0A_A^_
UVWAVAWH
H;\$hI
0A_A^_^]
s L;p 
f9{(u3H
s@H;sH
l$ VWAWH
D$(+D$ 
D$,+D$$
@UVWATAUAVAWH
A_A^A]A\_^]
|$ AVH
H0H91t1
EPHcEXH
@VWAVH
UVWAVAWH
A_A^_^]
@VWAVH
@UVWATAUAVAWH
H+D$@H
f97t	H
f91t	H
G8I9G0u
A_A^A]A\_^]
@USVATH
D9|$@}
D9|$H}
D9t$D}
D9t$L}
N0H91t
C0+C(D
nG +C 
C0+C(D
nG(+C 
C4+C,D
nG$+C$
W,+W$A
nG,+C$
T$,D+G4
D$8+D$0H
l$ VWATAVAWH
A_A^A\_^
@SUVWAVAWH
T$8+L$4+T$0;V 
LV ;N$
A_A^_^][
UVWATAUAVAWH
@A_A^A]A\_^]
\$ VWAVH
t.HcK(H
H9l$pt
t	HcC(
SATAUAWH
(A_A]A\[
[ ;},|
d$TA;{,A
;T$P}tH
\$ UVWATAUAVAWH
A_A^A]A\_^]
SUWATAWH
A_A\_][
@SWAWH
\$ UVWH
|$ AVH
\$ UVWH
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
D9H,~,A
t$ UWATH
|$ AVH
@SUATAVAWH
@A_A^A\][
tn9l$ 
@A_A^A\][
@VWATAVAWH
0A_A^A\_^
HcT$`L
HcT$`fI
VWATAVAWH
 A_A^A\_^
@T9D$(
USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWAVH
A^_^][
@SUVWAVH
A^_^][
KT9H`u H
\$ UVATAVAWH
A_A^A\^]
|$ AVH
\$ UVWATAUAVAWH
A_A^A]A\_^]
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
A_A^A]A\_^[]
@SUVWAVH
T$ 9:t
A^_^][
f+D$$E3
D$(f+D$ A
@USVWAVH
\$0+\$ 
^8+_8D85
^<+_<D85
^(+_(D85
\$$+\$(
t'H9^(t!H
J,;N,u)
A^_^[]
444444444444444444444
444444444444
 !"#$%444&'(4)444444444444444444444444444444444444444444444444444444444444*+,44444-44.
4014423my
@USVWATAUAWH
A_A]A\_^[]
USWAVI
@USAVH
|$h0u 
444444444444444444444
444444444444
 !"#$%444&'(4)444444444444444444444444444444444444444444444444444444444444*+,44444-44.4/44014423
%%%%%%%%%%%
% %%%%%%%%%%!%%"%%#$
|$ AVH
9D$$}nf
LcD$$H
@USVWATAUAVH
A^A]A\_^[]
|$ UATAUAVAWH
A_A^A]A\]
@SUVWAVH
A^_^][
@SUAVH
@SUAVH
@SUAVAWH
A_A^][
UWATAVAWH
A_A^A\_]
fB94@u
\$ HcT$pL
@UVWATAUAVAWH
A_A^A]A\_^]
t$ AVH
\$ UAVAWH
l$ VWAVH
fD9?tmL
D$L+D$D
@USWATAUAWH
A_A]A\_[]
VWATAVAWH
 A_A^A\_^
 A_A^A\_^
UVWAVAWH
`A_A^_^]
t%HcT$PL
HcT$PL
trH9:tmH
@USVATAVAWH
A_A^A\^[]
L$8+T$4D+L$0E3
f9+tlH
VWATAVAWH
tsH9)t\I
A_A^A\_^
@SUVWAVAW
A_A^_^][
@SUVWH
@SUVWH
@WAUAVH
fD9,Au
@A^A]_
|$ UATAUAVAWH
A_A^A]A\]
@UATAVH
PA^A\]
PA^A\]
09\$xv5
@VWAVH
@VWATAVAWH
0A_A^A\_^
D8l$1t
R8D9l$4
@VAVAWH
0A_A^^
9\$Xv+
0A_A^^
@UWAVH
9|$(t<H
SVWATAUAVAWH
0A_A^A]A\_^[
u#9t$Pt
@UVWATAUAVAWH
A_A^A]A\_^]
SUVWATAVAWH
9D$xuNL
A_A^A\_^][
UVWATAVH
9D$(uTI
A^A\_^]
UVWATAUAVAWH
PA_A^A]A\_^]
f98t[H
@SVWATAUAVAWH
A_A^A]A\_^[
@UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
@A_A^A]A\_
@USVWATAUAVAWH
LcD$DH
A_A^A]A\_^[]
effffff
SVWAUH
\$XusH
@UVWATAUAVAWH
I;\$ tG
A_A^A]A\_^]
@UVWATAUAVAWH
I;\$ tG
A_A^A]A\_^]
UWATAUH
XA]A\_]
XA]A\_]
|$ AVH
@VWAVH
@VWAVH
@VWAVH
l$ VWAUAVAWH
A_A^A]_^
\$ UVWH
\$ UWAUAVAWH
A_A^A]_]
@USATH
+LcD$$H
d$ UAVAWH
@8t$ t
LcD$DH
f+D$4E3
D$8f+D$0A
f+D$4E3
|$`f+D$0A
f93uZH
|$ AVH
D$L+D$DH
D$,f+D$$H
f+D$ A
f+D$,E3
D$0f+D$(A
																			
																																														
																																																																														
																
|$ UATAUAVAWH
tcD9l$pt\H
fD9,Au
A_A^A]A\]
@USVWAVH
A^_^[]
D$0+D$(
D$4+D$,
UVWAVAWH
fD9=TM
fD9<Bu
A_A^_^]
f9|$pt
|$X@8-
t$PuJH9-7
L$@9HTt
A9HTtPM
TUUUUUU
t	9P A
9C s(H
t	9P A
@USVWATAUAVAWH
D9k,u5H
A_A^A]A\_^[]
LcD$dH
LcD$dH
@SUVWAVH
A^_^][
@USVWATAVAWH
A_A^A\_^[]
@UVATAUAVAWH
HTH9OPt
F(D8n(u+H
D9l$Dt
A_A^A]A\^]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
|$ AVH
@VWAVH
t$ WE3
@USVATAUH
A]A\^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@UVWATAUAVAWH
fE9,^u
FT9D$HuvA
A_A^A]A\_^]
@SVATAUAWH
A_A]A\^[
@UVWATAUAVAWH
~1:u$I
~5:u?I
A_A^A]A\_^]
VWATAVAWH
C H9A u
A_A^A\_^
WAVAWH
fD940u9fD
UVWATAUAVAWH
Lcd$pMi
A_A^A]A\_^]
WAVAWH
t@L9;u3H
@USVWATAUAVAWH
A_A^A]A\_^[]
UWATAVAWH
A_A^A\_]
@SUVWAWH
fD9<Pu
A__^][
fD9<Qu
WATAUAVAWH
 A_A^A]A\_
@UVAWH
DOBf;DJ
DO@fA;DM
DOBfA;DM
D9t$XH
D9t$\H
fE9p8t&E
D8t$UH
DJ@fA;
DJBfA;DH
@USVWAUAVAWH
A_A^A]_^[]
@UVWATAUAVAWH
H9|$h@
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
M+D$`H
M+D$hH
M+D$pH
A_A^A]A\_^]
UVWAVAWH
A_A^_^]
@UVWATAUAVAWH
@( taIc
A_A^A]A\_^]
WATAUAVAWH
fD9d$P
fD9d$P
@USVWATAUAVAWH
 t:fD9
 tIfD9
A_A^A]A\_^[]
@USVWATAUAVAWH
fD9d$8u
LcD$TE3
A_A^A]A\_^[]
@USVWATAUAVAWH
L$pD8t$xt
D;HTurD
D;@TupH
HTA9L$
D;HTuyD
;PTuwH
D;@Tu|H
D9p(u(D9
D8t$pu	E
A_A^A]A\_^[]
@USVWATAUAVAWH
HTI9MPt
N8;ATt
G89xTA
G89xTA
G89xTu
PTA9UPt
F09B0t
A_A^A]A\_^[]
[ UVWATAVI
HTI9MPt
G09A0t
|$`;D$du
A^A\_^]
@UATAVAWH
|$hD8g$tR
A_A^A\]
@USVWATAVAWH
A_A^A\_^[]
ATAUAWH
A_A]A\
UWATAVAWH
D9E#u0
A_A^A\_]
@USVWATAUAVAWH
L$8;Q s
WT9P s
L$8;Q s
A_A^A]A\_^[]
@UATAUAVAWH
D$HH9E
D$@H9C(u!H9{Hu
@4H;D$H
D$HH9A0t
A_A^A]A\]
k VWAVH
D$,+D$$f
VWATAUH
A]A\_^
A]A\_^
UVWATAUAVAWH
t$d95.
A_A^A]A\_^]
@SUVWAVH
A^_^][
@UVWAVAWH
A_A^_^]
WATAUAVAWH
A_A^A]A\_
@SUVAVH
8A^^][
@UVWATAUAVAWH
A_A^A]A\_^]
@WATAUAVAW
A_A^A]A\_
9|$ ubH
D$@L;D$Hu
|$ ATAVAWH
A_A^A\
@USVWATAVAWH
H;=G<	
3H;=:<	
t H;=9<	
H;=6<	
A_A^A\_^[]
zh9zTt/D
@UVAUAVAWH
\$0I9v(tCH
fD9,Bu
D$@M9n(H
A_A^A]^]
fD9|$@
fD9|$@u
@USVWATAVAWH
9HTt0H
LcD$4H
@85`#	
u5@852#	
LcD$4H
LcD$4H
fB94wu
A_A^A\_^[]
D$@H+D$H
@USVWATAUAVAWH
D9d$Pt
D8d$@uqH
A_A^A]A\_^[]
UATAUAVAWH
A_A^A]A\]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
L9%gX	
D8d$Mt
D;d$Pt
A_A^A]A\_^]
D8d$Lt
F H9CHu
\$ UWATAUAWH
t	D8-	
H9Q0u	I
H9A(tFH
A_A]A\_]
|$ UATAUAVAWH
\$ t(I
G(@tTI
I9^Xu"
t#@8t$`u
A_A^A]A\]
@USVWH
fA9p8t(E
u;D8%Bi
9Xd~&ff
d$ D;d$8
D9L$@t&H
|$$;|$8
@USATAVH
A^A\[]
H	|$ H
VWATAVAWH
t-E9'u/H
 A_A^A\_^
@USVWAVAWH
A_A^_^[]
D$0tcL
SWAVAWH
D9L$XD
A_A^_[
D$0tcL
@USVWAVH
A^_^[]
TUUUUUU
SVWATAUAVAWH
pA_A^A]A\_^[
@SVWAVAWH
9\$@v-
A_A^_^[
UVWATAUAVAWH
A_A^A]A\_^]
UVWAVAWH
@A_A^_^]
UATAUAVAWH
H+L$(H
A_A^A]A\]
L$8u8H
@VAVAWH
@A_A^^
@SUVAVAWH
QLcL$ A
A_A^^][
VWATAUAWH
uj9D$8td3
D9t$8u
?ds-E3
PA_A]A\_^
PA_A]A\_^
@UWAWH
t|H9\$X
t:H9\$pt3H9\$xt,
@UVWAVH
e A^_]
UVWAVAWH
D8:u2H
A_A^_^]
D9>tXA
x	;^Xu&H
VWATAVAWH
 A_A^A\_^
x ATAVAWH
 A_A^A\
fffffff
WAVAWH
0A_A^_
SVWAVH
8A^_^[
ATAVAWH
 A_A^A\
fA;8utI
fA;0t)fA98t
@8l$8t
D8t$8t
@UAVAWH
@UAVAWH
WAVAWH
0A_A^_
H SVWH
L$ USWH
l$ VWAVH
9\$ ~>L
WATAUAVAWH
A_A^A]A\_
t$ WAVAWH
0A_A^_
t$ WAVAWH
\$Xt/I
0A_A^_
WAVAWH
fD9>u"
0A_A^_
WAVAWH
0A_A^_
UAVAWH
ATAVAWH
@A_A^A\
AUAVAWH
0A_A^A]
WATAUAVAWH
@A_A^A]A\_
t5f9t$(u
WATAUAVAWH
 A_A^A]A\_
@UATAVH
l$ VAVAWH
 A_A^^
@UAVAWH
UAVAWH
UVWATAUAVAWH
 A_A^A]A\_^]
UVWATAUAVAWH
 A_A^A]A\_^]
VWATAVAWH
A_A^A\_^
UVWATAUAVAWH
G0Hc	H
A_A^A]A\_^]
D8eoupH
UVWATAUAVAWH
pA_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
AUAVAWH
0A_A^A]
@SVWATAUAVAWH
L!|$@L!
D$HHcH
A_A^A]A\_^[
SVWATAUAVAWH
0A_A^A]A\_^[
WATAVH
@A^A\_
s WATAUAVAWH
9t$P~.8\$vt(H
9t$P~98\$vt3H
A_A^A]A\_
@UATAUAVAWH
!t$(H!t$ I
A_A^A]A\]
WAVAWH
 A_A^_
x ATAUAWH
@A_A]A\
@USVWATAUAVAWH
eHA_A^A]A\_^[]
t$ WAVAWH
l$ VWATAVAWH
T$&@8t$&t9@8r
A81t@@8r
A_A^A\_^
WAVAWH
fE98t'
0A_A^_
@USVWATAUAVAWH
A_A^A]A\_^[]
;Cu1f9K
f93t$M;
L$ SUVWH
|$ ATAVAWH
0A_A^A\
WATAUAVAWH
0A_A^A]A\_
\$ UVWATAUAVAWH
^fD9+t
A_A^A]A\_^]
\$ UVWATAUAVAWH
A_A^A]A\_^]
fD9|$bu
H9L$Ht8H
UVWATAUAVAWH
9D$LupE
A_A^A]A\_^]
WAVAWH
 A_A^_
|$ ATAVAWH
 A_A^A\
UVWATAUAVAWH
T$`fE;"
|$DfD;
T$`fA;
T$`fD;
T$@uxE
|$<9L$Pt
8T$4u]E
|$DfD;
\$x9D$Pt
D8\$Ht
D8\$5t
A_A^A]A\_^]
` AUAVAWH
t$8Hc0I
\$0D9=^#	
A_A^A]
@UATAUAVAWH
A_A^A]A\]
LcA<E3
t$ WATAUAVAWH
0A_A^A]A\_
@SUVWATAVAWH
zu|D!t$ E3
A_A^A\_^][
UVWATAUAVAWH
9D$XumE
A_A^A]A\_^]
VWATAVAWH
 A_A^A\_^
\$ UVWATAUAVAWH
D9l$dtXH
HcD$PH;
HcD$PH;
A_A^A]A\_^]
WATAUAVAWH
gfffffffH
D8L$Ht
A_A^A]A\_
x AUAVAWH
A_A^A]
@SUVWH
@SUVWH
@SUVWAVH
A^_^][
t$ WATAUAVAWH
D!l$h3
0A_A^A]A\_
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
UVWATAUAVAWH
D$DD9T$X
|$h+t$D+
A_A^A]A\_^]
WAVAWH
 A_A^_
wY+M0H
gffffE
Hct$PH
seHcD$XH
fD9!u:A
fD93tSH
CfD93u
H3E H3E
x ATAVAWH
D8&t4H
D8d$Ht
A_A^A\
ATAVAWH
D8d$8t
@A_A^A\
\$ UVWATAUAVAWH
fD9 t	H
A_A^A]A\_^]
p WAVAWH
SVWATAUAVAWH
PA_A^A]A\_^[
uAiD$P
@SUVWATAVAWH
PA_A^A\_^][
UATAUAVAWH
A_A^A]A\]
WATAUAVAWH
A_A^A]A\_
f9.uVH
f9.u"H
tVf91tQH
@SUVWATAVAWH
3fD9 t
A_A^A\_^][
|$ AVH
tSf91tNH
D;|$0t9
x ATAVAWH
 A_A^A\
@USVWATAVAWH
tyfD9 tsH
tHfD9 tB
@A_A^A\_^[]
D82u&H
D8t$Ht
VWATAVAWH
 A_A^A\_^
l$ VWAUAVAWH
L$(fA;
u$HcG$H;
t5f9(t
A_A^A]_^
UVWATAUAVAWH
A_A^A]A\_^]
` AUAVAWH
0A_A^A]
@UATAUAVAWH
A_A^A]A\]
@USVWH
VWATAVAWH
A_A^A\_^
|$ UATAUAVAWH
A_A^A]A\]
|$ UATAUAVAWH
A_A^A]A\]
UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
USVWATAUAVAWH
8UXt$@
XA_A^A]A\_^[]
x AUAVAWH
 A_A^A]
UVWATAUAVAWH
A_A^A]A\_^]
WATAVH
WATAUAVAWH
0A_A^A]A\_
0L95v!
D9t$htrH
@8t$8t
H(H9J(u
@USVWH
RegDeleteKeyExW
RtlNtStatusToDosError
map/set<T> too long
Wow64EnableWow64FsRedirection
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
NtDeleteKey
NtOpenKey
NtCreateKey
IsWow64Process
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
GetLongPathNameW
vector<T> too long
string too long
invalid string position
RegLoadMUIStringW
QueryServiceConfig2W
SHGetFolderPathW
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
gadget
description
author
version
height
SHCreateItemFromParsingName
list<T> too long
generic
unknown error
iostream
iostream stream error
system
_?@$()
!#$%&'()-@^_`{}~+,.;=[]
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.5
1.3.6.1.5.5.7.3.6
1.3.6.1.5.5.7.3.7
1.3.6.1.5.5.7.3.8
1.3.6.1.5.5.7.3.9
1.3.6.1.4.1.311.10.3.1
1.3.6.1.4.1.311.10.3.2
1.3.6.1.4.1.311.10.3.3
1.3.6.1.4.1.311.10.3.5
1.3.6.1.4.1.311.10.3.6
1.3.6.1.4.1.311.10.3.7
1.3.6.1.4.1.311.10.3.8
1.3.6.1.4.1.311.10.3.9
1.3.6.1.4.1.311.10.3.10
1.3.6.1.4.1.311.10.3.11
1.3.6.1.4.1.311.10.3.12
1.3.6.1.4.1.311.10.3.13
1.3.6.1.4.1.311.10.3.14
1.3.6.1.4.1.311.10.3.15
1.3.6.1.4.1.311.10.3.16
1.3.6.1.4.1.311.10.3.4
1.3.6.1.4.1.311.10.3.4.1
1.3.6.1.5.5.8.2.2
2.16.840.1.113730.4.1
2.16.840.1.113733.1.8.1
1.3.6.1.4.1.311.20.2.2
1.3.6.1.4.1.311.20.2.1
1.3.6.1.4.1.311.76.3.1
1.3.6.1.4.1.311.76.8.1
1.3.6.1.4.1.311.76.5.1
1.3.6.1.4.1.311.47.1.1
1.3.6.1.4.1.311.64.1.1
1.3.6.1.4.1.311.65.1.1
1.3.6.1.4.1.311.21.8.7587021.751874.11030412.6202749.3702260.207.7978603.10909953
1.3.6.1.4.1.311.21.8.7587021.751874.11030412.6202749.3702260.207.3678074.13254096
1.3.6.1.4.1.311.21.5
1.3.6.1.5.2.3.5
1.3.6.1.5.5.7.3.14
1.3.6.1.4.1.311.10.3.22
1.3.6.1.4.1.311.10.3.23
1.3.6.1.4.1.311.10.3.27
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminRemoveCatalog
IsCatalogFile
CertNameToStrW
IsThemeActive
OpenThemeData
DrawThemeBackground
CloseThemeData
4e3202fdbe953d628f650229af5b3eb49cd46b2d3bfe5546ae3c5fa48b554e0c
apikey=
&resource=
"autostart_location": "
"autostart_entry": "
"hash": "
"image_path": "
"creation_datetime": "
result
message
{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Calibri;}}
{\colortbl ;\red0\green0\blue255;\red0\green0\blue0;}
{\*\generator Riched20 10.0.10240}\viewkind4\uc1 
\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120\b\f0\fs24 SYSINTERNALS SOFTWARE LICENSE TERMS\fs28\par
\pard\sb120\sa120\b0\fs19 These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you.  Please read them.  They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any.  The terms also apply to any Sysinternals\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab updates,\par
\pard\fi-363\li720\sb120\sa120\'b7\tab supplements,\par
\'b7\tab Internet-based services, and \par
\'b7\tab support services\par
\pard\sb120\sa120 for this software, unless other terms accompany those items.  If so, those terms apply.\par
\b BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS.  IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.\par
\pard\brdrt\brdrs\brdrw10\brsp20 \sb120\sa120 If you comply with these license terms, you have the rights below.\par
\pard\fi-357\li357\sb120\sa120\tx360\fs20 1.\tab\fs19 INSTALLATION AND USE RIGHTS.  \b0 You may install and use any number of copies of the software on your devices.\b\par
\caps\fs20 2.\tab\fs19 Scope of License\caps0 .\b0   The software is licensed, not sold. This agreement only gives you some rights to use the software.  Sysinternals reserves all other rights.  Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement.  In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways.    You may not\b\par
\pard\fi-363\li720\sb120\sa120\tx720\b0\'b7\tab work around any technical limitations in the binary versions of the software;\par
\pard\fi-363\li720\sb120\sa120\'b7\tab reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that applicable law expressly permits, despite this limitation;\par
\'b7\tab make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;\par
\'b7\tab publish the software for others to copy;\par
\'b7\tab rent, lease or lend the software;\par
\'b7\tab transfer the software or this agreement to any third party; or\par
\'b7\tab use the software for commercial software hosting services.\par
\pard\fi-357\li357\sb120\sa120\tx360\b\fs20 3.\tab SENSITIVE INFORMATION. \b0  Please be aware that, similar to other debug tools that capture \ldblquote process state\rdblquote  information, files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames, passwords, paths to files accessed, and paths to registry accessed). By using this software, you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.\b\par
5. \tab\fs19 DOCUMENTATION.\b0   Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.\b\par
\caps\fs20 6.\tab\fs19 Export Restrictions\caps0 .\b0   The software is subject to United States export laws and regulations.  You must comply with all domestic and international export laws and regulations that apply to the software.  These laws include restrictions on destinations, end users and end use.  For additional information, see {\cf1\ul{\field{\*\fldinst{HYPERLINK www.microsoft.com/exporting }}{\fldrslt{www.microsoft.com/exporting}}}}\cf1\ul\f0\fs19  <{{\field{\*\fldinst{HYPERLINK "http://www.microsoft.com/exporting"}}{\fldrslt{http://www.microsoft.com/exporting}}}}\f0\fs19 >\cf0\ulnone .\b\par
\caps\fs20 7.\tab\fs19 SUPPORT SERVICES.\caps0  \b0 Because this software is "as is, " we may not provide support services for it.\b\par
\caps\fs20 8.\tab\fs19 Entire Agreement.\b0\caps0   This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.\par
\pard\keepn\fi-360\li360\sb120\sa120\tx360\cf2\b\caps\fs20 9.\tab\fs19 Applicable Law\caps0 .\par
\pard\fi-363\li720\sb120\sa120\tx720\cf0\fs20 a.\tab\fs19 United States.\b0   If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles.  The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.\b\par
\pard\fi-363\li720\sb120\sa120\fs20 b.\tab\fs19 Outside the United States.\b0   If you acquired the software in any other country, the laws of that country apply.\b\par
\pard\fi-357\li357\sb120\sa120\tx360\caps\fs20 10.\tab\fs19 Legal Effect.\b0\caps0   This agreement describes certain legal rights.  You may have other rights under the laws of your country.  You may also have rights with respect to the party from whom you acquired the software.  This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.\b\caps\par
\fs20 11.\tab\fs19 Disclaimer of Warranty.\caps0    \caps The software is licensed "as - is."  You bear the risk of using it.  SYSINTERNALS gives no express warranties, guarantees or conditions.  You may have additional consumer rights under your local laws which this agreement cannot change.  To the extent permitted under your local laws, SYSINTERNALS excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.\par
\pard\fi-360\li360\sb120\sa120\tx360\fs20 12.\tab\fs19 Limitation on and Exclusion of Remedies and Damages.  You can recover from SYSINTERNALS and its suppliers only direct damages up to U.S. $5.00.  You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.\par
\pard\li357\sb120\sa120\b0\caps0 This limitation applies to\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and\par
\pard\fi-363\li720\sb120\sa120\'b7\tab claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.\par
\pard\li360\sb120\sa120 It also applies even if Sysinternals knew or should have known about the possibility of the damages.  The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.\par
\pard\b Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.\par
\pard\sb240\lang1036 Remarque : Ce logiciel \'e9tant distribu\'e9 au Qu\'e9bec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en fran\'e7ais.\par
\pard\sb120\sa120 EXON\'c9RATION DE GARANTIE.\b0  Le logiciel vis\'e9 par une licence est offert \'ab tel quel \'bb. Toute utilisation de ce logiciel est \'e0 votre seule risque et p\'e9ril. Sysinternals n'accorde aucune autre garantie expresse. Vous pouvez b\'e9n\'e9ficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualit\'e9 marchande, d'ad\'e9quation \'e0 un usage particulier et d'absence de contrefa\'e7on sont exclues.\par
\pard\keepn\sb120\sa120\b LIMITATION DES DOMMAGES-INT\'c9R\'caTS ET EXCLUSION DE RESPONSABILIT\'c9 POUR LES DOMMAGES.\b0   Vous pouvez obtenir de Sysinternals et de ses fournisseurs une indemnisation en cas de dommages directs uniquement \'e0 hauteur de 5,00 $ US. Vous ne pouvez pr\'e9tendre \'e0 aucune indemnisation pour les autres dommages, y compris les dommages sp\'e9ciaux, indirects ou accessoires et pertes de b\'e9n\'e9fices.\par
\lang1033 Cette limitation concerne :\par
\pard\keepn\fi-360\li720\sb120\sa120\tx720\lang1036\'b7\tab tout  ce qui est reli\'e9 au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et\par
\pard\fi-363\li720\sb120\sa120\tx720\'b7\tab les r\'e9clamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit\'e9 stricte, de n\'e9gligence ou d'une autre faute dans la limite autoris\'e9e par la loi en vigueur.\par
\pard\sb120\sa120 Elle s'applique \'e9galement, m\'eame si Sysinternals connaissait ou devrait conna\'eetre l'\'e9ventualit\'e9 d'un tel dommage.  Si votre pays n'autorise pas l'exclusion ou la limitation de responsabilit\'e9 pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l'exclusion ci-dessus ne s'appliquera pas \'e0 votre \'e9gard.\par
\b EFFET JURIDIQUE.\b0   Le pr\'e9sent contrat d\'e9crit certains droits juridiques. Vous pourriez avoir d'autres droits pr\'e9vus par les lois de votre pays.  Le pr\'e9sent contrat ne modifie pas les droits que vous conf\'e8rent les lois de votre pays si celles-ci ne le permettent pas.\b\par
\pard\b0\fs20\lang1033\par
\pard\sa200\sl276\slmult1\f1\fs22\lang9\par
CommandLineToArgvW
Accept Eula (Y/N)?
bad locale name
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
bad cast
EnableTraceEx
RtlInitUnicodeString
NtLoadDriver
D3DKMTOpenAdapterFromDeviceName
D3DKMTCloseAdapter
D3DKMTQueryStatistics
Package:
?333333
EnableThemeDialogTexture
DllGetVersion
EndTask
VerSetConditionMask
VerifyVersionInfoA
%d.%d.%d.%d
[%x:%x:%x:%x:%x:%x:%x:%x]
ConvertStringSidToSidA
ld_o=8u
CLRCreateInstance
[Native Frame: IL Method without Metadata]
^[Unmanaged to Managed Transition]
[Managed to Unmanaged Transition]
[AppDomain Transition]
[Lightweight function]
[Func Eval]
[Class Init]
[Exception]
[Security]
[JIT Compilation]
StartTraceW
ControlTraceW
OpenTraceW
ProcessTrace
.textbss
rt_bss
CreateRestrictedToken
SetSuspendState
IsPwrHibernateAllowed
IsPwrSuspendAllowed
LockWorkStation
GetMonitorInfoA
MonitorFromPoint
SHAutoComplete
SetLayeredWindowAttributes
EndMenu
EnumDirTreeW
GetProcessMitigationPolicy
GetProcessDEPPolicy
Network
SymInitialize
EnumerateLoadedModulesW64
SymEnumerateModulesW64
SymRegisterCallback64
SymGetModuleInfoW64
SymCleanup
SymFromAddrW
SymGetSymFromName
MiniDumpWriteDump
SymSetOptions
SymGetOptions
SymLoadModuleExW
SymLoadModule64
SymUnloadModule64
ImageNtHeader
StackWalk64
SymGetModuleBase64
SymFunctionTableAccess64
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32FirstW
Module32NextW
IsHungThread
NtQuerySystemInformation
NtQuerySymbolicLinkObject
NtQueryDirectoryObject
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
NtQueryObject
NtQueryInformationProcess
NtSetInformationProcess
NtQuerySemaphore
NtQuerySection
NtQueryEvent
NtQueryMutant
NtResumeThread
NtSuspendThread
NtOpenThread
NtQueryInformationThread
NtQueryVirtualMemory
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
RtlTimeToTimeFields
CreateSecurityPage
SedDiscretionaryAclEditor
SedSystemAclEditor
SedTakeOwnership
GetProcessDpiAwareness
GetTcpTable
GetUdpTable
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
GetExtendedTcpTable
GetExtendedUdpTable
AllocateAndGetTcpExTable2FromStack
AllocateAndGetUdpExTable2FromStack
GetGuiResources
QueryWorkingSet
GetMappedFileNameW
EnumProcessModulesEx
GlobalMemoryStatusEx
IsHungAppWindow
HungWindowFromGhostWindow
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
SetThreadGroupAffinity
WTSEnumerateSessionsW
WTSDisconnectSession
WinStationConnectW
WinStationShadow
WTSLogoffSession
WTSSendMessageW
WTSFreeMemory
WTSQuerySessionInformationW
WTSGetActiveConsoleSessionId
SetMenuInfo
GetMenuInfo
FindExecutableImageExW
FindExecutableImage
NtSuspendProcess
NtResumeProcess
QueryProcessCycleTime
QueryIdleProcessorCycleTime
QueryThreadCycleTime
SHGetStockIconInfo
CreateJobObjectW
ChangeWindowMessageFilter
I_QueryTagInformation
CpuGetContext
GetProcessorSystemCycleTime
GetThreadIdealProcessorEx
IsImmersiveProcess
GetPackageFullName
EnumServicesStatusExW
ProcessIdToSessionId
WinStationGetProcessSid
IsProcessInJob
QueryInformationJobObject
SetProcessAffinityMask
MmMaximumNonPagedPoolInBytes
MmSizeOfPagedPoolInBytes
GetNativeSystemInfo
hhctrl.ocx
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
NKagj(h
bad allocation
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefABCDEF
RoInitialize
RoUninitialize
CorExitProcess
Unknown exception
_hypot
bad exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
`h`hhh
xppwpp
_nextafter
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
CreateFile2
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
 delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
 new[]
 delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
 Type Descriptor'
 Base Class Descriptor at (
 Base Class Array'
 Class Hierarchy Descriptor'
 Complete Object Locator'
1#SNAN
1#QNAN
C:\Builds\13810\Tools\procexp_master\bin\x64\Release\procexp64.pdb
-t{	-dz	-4y	-
UrlUnescapeW
ColorRGBToHLS
ColorHLSToRGB
SHLWAPI.dll
WS2_32.dll
WNetGetConnectionW
MPR.dll
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_Create
PropertySheetW
CreateStatusWindowW
CreatePropertySheetPageW
COMCTL32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
CredUIPromptForCredentialsW
credui.dll
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SETUPAPI.dll
CertDuplicateCertificateContext
CertGetNameStringW
CRYPT32.dll
TlsGetValue
GetProcAddress
GetVersion
LocalFree
OpenProcess
GetCurrentProcess
ExitThread
GetLastError
SetErrorMode
InitializeCriticalSection
GetFileSize
GetStdHandle
WriteFile
GetFileTime
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
MapViewOfFile
UnmapViewOfFile
lstrlenW
TlsAlloc
TlsSetValue
CreateFileMappingW
LoadLibraryW
GetModuleFileNameW
CreateProcessW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GetFullPathNameW
CreateFileW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
FindFirstFileW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
ReadFile
GetModuleHandleW
MultiByteToWideChar
FindClose
FindNextFileW
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
GetFileSizeEx
MulDiv
GetTickCount
GlobalAddAtomW
FormatMessageW
LocalAlloc
GetFileType
GetCommandLineW
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
TerminateThread
Module32FirstW
Module32NextW
DeleteCriticalSection
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
SetLastError
OpenEventW
ReadProcessMemory
lstrcmpW
lstrcmpiW
GetEnvironmentVariableW
VirtualQueryEx
GetCurrentProcessId
SetFilePointer
GetSystemDirectoryW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GlobalMemoryStatus
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
DeleteFileW
SetPriorityClass
GetComputerNameW
VirtualAlloc
VirtualFree
GetProcessAffinityMask
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
IsWow64Process
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemInfo
LoadLibraryA
ExpandEnvironmentStringsA
KERNEL32.dll
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
SetForegroundWindow
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
DestroyIcon
LoadImageW
EnumDisplaySettingsW
ReleaseDC
LoadStringW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowPos
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
SetTimer
DrawTextW
UpdateWindow
BeginPaint
EndPaint
GetUpdateRect
GetUpdateRgn
InvalidateRect
ValidateRect
ScrollWindowEx
SetPropW
GetPropW
GetClientRect
GetWindowRect
GetCursorPos
MapWindowPoints
GetSysColor
GetSysColorBrush
FillRect
InflateRect
IntersectRect
OffsetRect
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
GetParent
SetScrollInfo
GetScrollInfo
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
MoveWindow
DialogBoxParamW
SetDlgItemTextW
ChildWindowFromPoint
DrawFrameControl
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
ScreenToClient
CopyRect
UnionRect
PtInRect
GetWindowLongW
SetWindowLongW
EnumChildWindows
GetClassNameW
DestroyWindow
IsWindowVisible
ClientToScreen
FrameRect
CreateIconIndirect
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
RegisterClassW
SetWindowPlacement
LoadIconW
GetWindowPlacement
CheckDlgButton
IsDlgButtonChecked
EnableWindow
CreatePopupMenu
EnableMenuItem
GetMenuItemID
GetMenuItemCount
AppendMenuW
ModifyMenuW
TrackPopupMenuEx
InvalidateRgn
GetWindowTextW
SetClassLongW
EnumWindows
SystemParametersInfoW
ShowWindowAsync
IsIconic
SetMenuItemInfoW
GetWindowDC
RegisterWindowMessageW
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
PostQuitMessage
IsWindow
CreateDialogParamW
GetDlgItemTextW
IsWindowEnabled
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
DrawMenuBar
CreateMenu
RemoveMenu
TrackPopupMenu
RedrawWindow
WindowFromPoint
CheckMenuRadioItem
DrawIconEx
IsDialogMessageW
SetUserObjectSecurity
GetUserObjectSecurity
PeekMessageW
SendMessageTimeoutW
CheckRadioButton
GetDlgCtrlID
MsgWaitForMultipleObjects
KillTimer
GetDesktopWindow
GetWindow
CopyImage
USER32.dll
CreateDIBSection
GetObjectW
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
GetBkColor
GetBkMode
GetDeviceCaps
GetStockObject
RectInRegion
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
Polyline
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
SetTextAlign
ExtTextOutW
LineTo
Rectangle
RestoreDC
SaveDC
SetROP2
MoveToEx
GDI32.dll
PrintDlgW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
FindTextW
COMDLG32.dll
RegCloseKey
RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegDeleteValueW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
ControlService
QueryServiceStatus
StartServiceW
RegCreateKeyW
MapGenericMask
QueryServiceObjectSecurity
SetServiceObjectSecurity
StartTraceW
ControlTraceW
OpenTraceW
ProcessTrace
CloseTrace
GetLengthSid
CopySid
QueryServiceConfigW
SetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
AddAce
GetAce
AddAccessAllowedAce
GetSecurityInfo
SetSecurityInfo
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
IsValidSecurityDescriptor
SetKernelObjectSecurity
LookupPrivilegeNameW
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
ShellExecuteW
SHGetFileInfoW
ShellExecuteExW
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHELL32.dll
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoSetProxyBlanket
ole32.dll
OLEAUT32.dll
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WINHTTP.dll
GetModuleFileNameExW
PSAPI.DLL
lstrlenA
GetStringTypeW
EncodePointer
IsDebuggerPresent
RtlLookupFunctionEntry
RtlUnwindEx
IsProcessorFeaturePresent
RtlPcToFileHeader
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
SetFilePointerEx
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableA
*invalid*
@]mA@R
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVEventConsumerDescBase@@
.?AVCommandLineEventConsumer@@
.?AVActiveScriptEventConsumer@@
.?AVCThemedWindow@@
.?AVCTreeList@@
.?AVCTreeListData@@
.?AVCListViewData@@
.?AVexception@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVbad_cast@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ios@GU?$char_traits@G@std@@@std@@
.?AV?$basic_streambuf@GU?$char_traits@G@std@@@std@@
.?AV?$basic_istream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_ostream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_iostream@GU?$char_traits@G@std@@@std@@
.?AV?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@
.?AV?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AV?$ctype@G@std@@
.?AUIUnknown@@
.?AUISecurityInformation@@
.?AVCObjSecurity@@
.?AVCAtlException@ATL@@
.?AVCWin32Heap@ATL@@
.?AUIAtlMemMgr@ATL@@
.?AUIAtlStringMgr@ATL@@
.?AVCAtlStringMgr@ATL@@
.?AVCResizer@@
.?AVProcess@@
.?AVTreeItemBase@@
.?AVRuntime@@
.?AVAppdomain@@
.?AVAssembly@@
.?AUICorDebugDataTarget@@
.?AUICLRDebuggingLibraryProvider@@
.?AVSymbolInfo@@
.?AVNativeFrame@@
.?AVCCorDebugDataTarget@@
.?AVCCLRDebuggingLibraryProvider@@
.?AVMixedModeStackWalker@@
.?AV_com_error@@
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
!This program cannot be run in DOS mode.
h.rdata
H.data
.pdata
B.reloc
L$8H;K
WAVAWH
WATAUAVAWH
0A_A^A]A\_
@SVWATAUAVAWH
L$HH;O
L$HH;O
A_A^A]A\_^[
@USVWATAUAVAWH
A_A^A]A\_^[]
@SVWAVH
8A^_^[
8A^_^[
C:\Builds\13810\Tools\procexp_master\bin\x64\Release\ProcExpDriver.pdb
VATAUAVAWH
A_A^A]A\^
UVWATAUAVAWH
A_A^A]A\_^]
UVWATAUAVAWH
@A_A^A]A\_^]
WATAUAVAWH
 A_A^A]A\_
WATAUH
 A]A\_
WATAUH
 A]A\_
@SUVWATAUAVAWH
XA_A^A]A\_^][
l$ VWATH
fD9 t,
\$x!|$pfD	\$*L
fF9$Iu	
T$ H9\$ 
WATAUH
0A]A\_
strncpy
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
KeWaitForSingleObject
ExAllocatePoolWithTag
ExFreePoolWithTag
ExGetPreviousMode
MmGetSystemRoutineAddress
SeCaptureSubjectContext
SeReleaseSubjectContext
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
MmIsAddressValid
ZwOpenProcess
KeStackAttachProcess
KeUnstackDetachProcess
SePrivilegeCheck
PsLookupProcessByProcessId
ObOpenObjectByPointer
ObQueryNameString
ZwQueryObject
ZwDuplicateObject
ZwOpenProcessToken
ZwQueryInformationProcess
ZwQuerySystemInformation
ObCloseHandle
ObOpenObjectByName
__C_specific_handler
IoFileObjectType
PsProcessType
PsThreadType
NtBuildNumber
ntoskrnl.exe
IoCreateDevice
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
_wcsnicmp
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwOpenKey
ZwCreateKey
ZwQueryValueKey
ZwSetValueKey
RtlFreeUnicodeString
KeBugCheckEx
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
160907175856Z
180907175856Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:148C-C4B9-20661%0#
Microsoft Time-Stamp Service0
-x_\4qc
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1503
,Microsoft Windows Hardware Compatibility PCA0
161012203253Z
180105203253Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1;09
2Microsoft Windows Hardware Compatibility Publisher0
MOPR1402
+230001+6ea7603c-e3b5-41d7-8573-104ddfbdca4b0
ehttp://www.microsoft.com/pki/CRL/products/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crl0z
^http://www.microsoft.com/pki/certs/Microsoft%20Windows%20Hardware%20Compatibility%20PCA(1).crt0
	microsoft1-0+
$Microsoft Root Certificate Authority0
120604210546Z
200604211546Z0
Washington1
Redmond1
Microsoft Corporation1503
,Microsoft Windows Hardware Compatibility PCA0
=&l@T$
DhnPQn
ylj-E>
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
rPG/VK
	microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
	microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1503
,Microsoft Windows Hardware Compatibility PCA
http://www.sysinternals.com 0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
170430232330Z0#
>.UNOr
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
170118182501Z
180412182501Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1;09
2Microsoft Windows Hardware Compatibility Publisher0
MOPR1402
+230153+6c0e3a58-c111-465f-9691-bfc28f8381cb0
chttp://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl0
ehttp://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
120418234838Z
270418235838Z0
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 20120
-g<'<V
}PH.=C
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
p%|Yi1$
Washington1
Redmond1
Microsoft Corporation1806
/Microsoft Windows Third Party Component CA 2012
http://www.sysinternals.com 0
aFox19
20170430232337.794Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B8EC-30A4-71441%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160907175647Z
180907175647Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B8EC-30A4-71441%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:B8EC-30A4-71441%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:57F6-C1E0-554C1+0)
"Microsoft Time Source Master Clock0
20170430165803Z
20170501165803Z0t0:
Mk|mu7
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
 YD;a+
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
_^_^^^
"X^XX^XX^XX
X^X^"X^XX^XX^XX
-----------
YYYXYXX
!+++++
-----------
+-------------X
+-------------X-
-----------
-----------
"+-------------X"+-------------X-
------
!+++++
+-------------^
+-------------^-
------
"+-------------X"+-------------X-
!++++++
++++++++++++++X
+-------------X-
-----------
!++++++#
--------
&X#+-------------X-
``Y`66
+-------------X
+-------------X-
-B-B-B-B---
--------
$+-------------X$+-------------X-
B--B---
++++**
+-------------^
+-------------^-
--B---B----
+++++**
------
$+-------------X$+-------------X-
---BBB----
++++++**`
$++++++
++++++++++++++^
+++-------++++^-
--------
+++++++*ZX}
++++++
---------
```a``
```a``-
--------
++++++++`
++++++
---------
`g`a`-
---------------(
zFYH&"
aGE%PVI
/%PX\Zg
9V[]Z8
j#R^SJK
:oqh'(5
TOL,*!64}
~NM-+)
GDA0,,,/)&#%
q<;;;<< =
146h}~
4368}~
w168}}
a^][YYP
^^]YYJ
_^][YX
_^][YY
Gy}~}dLO
r99999339
]RA*-4477))*BEC=&
UQQEHSWIDC=:
c`^WIDC=;7
c`[G@<<
851221/579r
XXYYYZ
XXXYYZ
Ttzwwn
XXXYYZ
UMOsz{ywwe
}||{yyxwd
XXXYYZ
}||{{yyww6
||{{yxwwn
|{{yywwd
|||{{yywd
||{{yxwx
wwwwwwwwwwwwwww 
wwwwwwwww
wwwwwwwwwwwwwww
wwwwww
wwwwwwwwww
00000000000000000000000000000000
/6666666666666666666666666666,
r?O^^^^^^^^^^^^^^^^^^_
?@5ssssssssssssssssm^
nXQLG0
000000
R?55555555555555555:[]
wYVSNJE0
g????????????????????D
~yuqjhp
00000000
																													
zZWUPMKHC0
#+$$$$$$$$$$$$$$$$$$$$$$$$'(
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]%%%%%%%%%%%%%%%%%%%%%]]]]]]]]]]
%&]]]]]]]]]
;FFFFFFFFFFFFFFFFFF>
%]]]]]B6]] 3UUUUUUUUUUUUUUUUUUU
%]]]]]@@?]]
UUUUUUUUUUUUUUUUUUU2
%]]]]]]]]]
IU________________UN
%]]]]]]]]] $UTMMMMMMMMMMMMMM_VU
%]]]]5.*]]]
UU=(_<Q________MX_U2
%]]]EE??]]
IU=(_8<________RM_UN
%]]]]]]]]] $UO=(["SZ______\M_WU
%]]]]]]]]]]
UU=(_4SS_______M_YU2
%]]90-*']]
IU=(((((((((((((M_UN
%]]KKHCD?] $UP==============MUU
%]]]]]]]]]
UUUUUUUUUUUUUUUUUUU2	%]]]]]]]]]
IUUUUUUUUUUUUUUUUUUN
%]:1/,+)]]#
%LLJGCA?]]
%]]]]]]]]]
]]]]]]]]]]]!
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
 !.........-
lbcccccccdf
sssssssutw
,SVUTTTTTTUYWX[Z96
5=DBCCCCCCJHI
:>OMMMMMMLLNKKK
(((((((((((((((((((((((((((((((((((((((((((((((((((
(	#########
((((	 
))))'!$
((((	#
((((	#########
(((((((((((((((((((((((((((((((((((((((((((((((((
\D2"J7/
\JB~k*
=(!"G*
ZIB~p0
ZIB}p0
[JE~u4
wwwwwwx
wwwwwx
wwwwwwwwwwww
wwwwwwwppxp
wwwwww
wwwwwwwwwwww
wwwwwwwwwwww
w"wwww
wwwwwwwwwwww
wwwwwwwwwwww
wwwwwt
DDDDDD
wwwwwwwwwwwwwwwwwp
wwwwwwwwwwww
wwwwwp
##""""""""""""""""""""""""""""""!!!
y}wccb{{n
nom/-/
,OM=DGG4
UQ7OOML4477
H@SUSQQOMLL=749H
LUSQQOML=774-
<LOUTSQ
,3334--@
,--22-J
,,--42-t
=7744J
=7741s
jnxxZs^m
U6,OM/8F^
ITSQOMC74H
,/TSQPF764,,
`?,tQ1!/U3"
dC0sP0 0Z-
bA1uP5 0`@0
T9(:UG+
N. HY7!
O3$dS7"%U9
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="Process Explorer" type="win32" version="1.0.0.0" processorArchitecture="amd64"></assemblyIdentity><description>Process handle and DLL viewer</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application><ms_compatibility:compatibility xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" xmlns="urn:schemas-microsoft-com:compatibility.v1"><ms_compatibility:application xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1"><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></ms_compatibility:supportedOS></ms_compatibility:application></ms_compatibility:compatibility></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
160907175856Z
180907175856Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:148C-C4B9-20661%0#
Microsoft Time-Stamp Service0
-x_\4qc
Chttp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
<http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
160818201717Z
171102201717Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1402
+229803+f785b1c0-5d9f-4316-8d6a-74ae642dde1c0
Ehttp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
>http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
	microsoft1-0+
$Microsoft Root Certificate Authority0
100831221932Z
200831222932Z0y1
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA0
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
`Ge`@N
	microsoft1-0+
$Microsoft Root Certificate Authority0
070403125309Z
210403130309Z0w1
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA0
	microsoft1-0+
$Microsoft Root Certificate Authority
?http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
8http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
1Jv1=+r
L&*H$_Z
Washington1
Redmond1
Microsoft Corporation1#0!
Microsoft Code Signing PCA
http://www.sysinternals.com 0
Washington1
Redmond1
Microsoft Corporation1!0
Microsoft Time-Stamp PCA
170430232511Z0#
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
161117220921Z
180217220921Z0
Washington1
Redmond1
Microsoft Corporation1
Microsoft Corporation0
MOPR1402
+230012+b050c6e7-7641-441f-bc4a-43481e415d080
Chttp://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20110
110708205909Z
260708210909Z0~1
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 20110
Ihttp://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
Bhttp://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
3http://www.microsoft.com/pkiops/docs/primarycps.htm0@
*?*kXIc
QEX82q'
WqVNHE
Washington1
Redmond1
Microsoft Corporation1(0&
Microsoft Code Signing PCA 2011
http://www.sysinternals.com 0
_{+O e
20170430232511.919Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:148C-C4B9-20661%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
100701213655Z
250701214655Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
$`2X`F
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
1http://www.microsoft.com/PKI/docs/CPS/default.htm0@
oK0D$"<
r~akow
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
160907175658Z
180907175658Z0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:148C-C4B9-20661%0#
Microsoft Time-Stamp Service0
Ehttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z
>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher DSE ESN:148C-C4B9-20661%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1
MOPR1'0%
nCipher NTS ESN:4DE9-0C5E-3E091+0)
"Microsoft Time Source Master Clock0
20170430165645Z
20170501165645Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010