Sample details: 417aac1ac34c02942a296aef865bfa72 --

Hashes
MD5: 417aac1ac34c02942a296aef865bfa72
SHA1: 0c1fec4680eb0b903ece845cf80131bffa6b114f
SHA256: 5f06f80464aa22e909deb16d1a679783563ae4a97659ca142f2950ed284e4dbd
SSDEEP: 6144:VT2UrmAf+NSDSpLByOsBPEsbJnMlRvmrdxdD0brGVdZVNYYed7Qvs3Wy3s6Bf2Z2:LkSDQvs3dwrU2YedLGyc6wZDdDrAdsI
Details
File Type: PE32+
Added: 2018-03-06 19:47:57
Yara Hits
YRP/IsPE64 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/HasOverlay | YRP/HasDebugData | YRP/HasRichSignature | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Antivirus | YRP/Dropper_Strings | YRP/Misc_Suspicious_Strings | YRP/anti_dbg | YRP/create_service | YRP/win_registry | YRP/win_files_operation | YRP/Advapi_Hash_API | YRP/CRC32_poly_Constant | YRP/CRC32_table |
Parent Files
9cf06b8902e9b91e11c1d6eeb5ad5b8d
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.gfids
@.reloc
@SUVWAVH
D$@0000H+
A^_^][
@USVWATAUAVAWH
A_A^A]A\_^[]
@UVWAVAWH
L+L$`L
A_A^_^]
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWATAUAVAWH
gfffffff
gfffffffH
gfffffffH
A_A^A]A\_^]
UVWATAUAVAWH
L$HH+L$@H
L$HH+L$@H
L$HH+L$@H
L$HH+L$@H
A_A^A]A\_^]
UWATAVAWH
A_A^A\_]
UATAUAVAWH
A_A^A]A\]
@USVWATAVAWH
A_A^A\_^[]
@UVWATAUAVAWH
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
gfffffffL+
gfffffffH
t$ AVH
|$ AVH
gfffffffL
SVWATAVAWH
8A_A^A\_^[
|$ fA98u
fB9<@u
\$ UVATH
@SUVAVH
(A^^][
t$ AWH
L$ SVWH
t$ UWAWH
fB94Cu
@USVWH
}@f9;u
fB9<Cu
D$PH+E
@USVWAWH
fB9<Cu
fB9<@u
A__^[]
@USVWH
@USVWATAUAVAWH
fB94Cu
fB94Ou
fA94_u
fB94Gu
fA94_u
fB94Ou
A_A^A]A\_^[]
@UVWATAUAVAWH
A_A^A]A\_^]
@USVWH
D$XH+E
D$XH+E
D$XH+E
@USVWH
D$HH+E
D$HH+E
D$HH+E
D$HH+E
D$PH+E
D$PH+E
D$PH+E
fA9	u/I
@VWAVH
|$ AVH
\$ UVWAVAWH
fB9<@u
fB9<Cu
A_A^_^]
L$ SUVWAVH
@A^_^][
@SUVWAVH
t*f9/u
PA^_^][
@USVWATAUAVAWH
D$xH+D$pH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
@A_A^A\_^
@SUAVH
@UWAVAWH
A_A^_]
UAVAWH
UATAUAVAWH
\$XH;\$`
T$HH+T$@H
L$HH+L$@H
A_A^A]A\]
VWATAVAWH
PA_A^A\_^
UAVAWH
|$ AVH
UATAUAVAWH
fA9<\u
A_A^A]A\]
@USVWATAVAWH
A_A^A\_^[]
@UVWATAUAVAWH
C(H+C H
C(H+C H
A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
USWATI
UAVAWH
fB9<Bu
fB9<@u
fB9<Bu
UVWAVAWH
A_A^_^]
@USAWH
@USVWATAVAWH
A_A^A\_^[]
@UVWATAUAVAWH
N(H+N H
N(H+N H
L;F0u	H
,L;F0u	H
N(H+N H
A_A^A]A\_^]
@UVWAVAWH
A_A^_^]
I(I+I H
I(I+I I
N(H+N I
@UVWATAUAVAWH
gfffffffD
gfffffffH
|$@t?H
A_A^A]A\_^]
@USVWAUAVAWH
A_A^A]_^[]
@USWATAUAVAWH
fD9<pu
fF9<hu
A_A^A]A\_[]
\$ UVWAVAWH
A_A^_^]
UVWAUI
@USVWATAUAVAWH
gfffffffI+
gfffffffI+
A_A^A]A\_^[]
@USVWATAVAWH
A_A^A\_^[]
|$ UATAUAVAWH
gfffffffL
|$hfff
gfffffffH+
gfffffff
gfffffffI+
fD9$Xu
A_A^A]A\]
t$ UWATAUAWH
gfffffffH+
gfffffff
A_A]A\_]
\$@f9]
|$ UAVAWH
UATAUAVAWH
A_A^A]A\]
@USVWATAVAWH
A_A^A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
t$ UWAVH
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@USVWATAUAVAWH
A_A^A]A\_^[]
@UVWATAUAVAWH
fB94Bu
A_A^A]A\_^]
@UVWATAUAVAWH
fB94@u
fB94@u
u'L9A s
H;K s=H
A_A^A]A\_^]
@USVWAVH
fB9<Fu
fB9<@u
A^_^[]
|$ UATAUAVAWH
fB9<`u
A_A^A]A\]
@USVWATAUAVAWH
fD9$pu
A_A^A]A\_^[]
@USVWATAUAVAWH
gfffffffH
A_A^A]A\_^[]
UATAUAVAWH
A_A^A]A\]
@UVWATAVH
fB9<Fu
A^A\_^]
UWATAVAWH
A_A^A\_]
UATAUAVAWH
fB94Ju
fB94Au
fA94~u
A_A^A]A\]
UATAUAVAWH
fB94Ju
fB94pu
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
A_A^A]A\]
\$ UVWH
@USVWATAUAVAWH
fB9<Cu
A_A^A]A\_^[]
@UATAVH
0A^A\]
0A^A\]
gfffffffI
@SATAVH
|$8t?H
@A^A\[
@A^A\[
|$ AVH
L90u H
UWATAVAWH
A_A^A\_]
D$`L;D$hu
D$`L;D$hu
|$ ATAVAWH
0A_A^A\
@VWAVH
SVWAVH
8A^_^[
@UVAUAVH
\$htGH
8A^A]^]
8A^A]^]
9I9x vaL
H9y sEL
I;y s:I
ATAVAWH
1H;>ucI
A_A^A\
ATAVAWH
1H;>uaI
A_A^A\
TUUUUUU
H9C s#H
WATAUAVAWH
L;0u8H
@A_A^A]A\_
WATAUAVAWH
@A_A^A]A\_
@SUVWATAVAWH
A_A^A\_^][
@UVWATAUAVAWH
A_A^A]A\_^]
@USVWH
UWATAVAWH
CL$8E3
A_A^A\_]
@USVWATAUAVAWH
A_A^A]A\_^[]
@UVWAVAWH
A_A^_^]
@USVWAVH
A^_^[]
@UVWATAUAVAWH
A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
@USVWH
CL$pE3
t$ AVH
t$ AVH
@UVWATAUAVAWH
t$0Hcn
t$0Lcv
fD9<xu
fD9<xu
fD9<Ku
A_A^A]A\_^]
@UVWAVAWH
A_A^_^]
@USVWATAUAVAWH
fF9,Bu
A_A^A]A\_^[]
L$ SUVWH
fB94Bu
@UVWATAUAVAWH
|$@t1L
A_A^A]A\_^]
D$@L;D$Hu
>f9|$@t
UAVAWH
tDH9D$`s
WAVAWH
0A_A^_
@VWAVH
f9+uJH
@SUVAVAWH
0A_A^^][
@SUVWAVH
0A^_^][
@SUVWAVH
PA^_^][
@SUVWAVH
0A^_^][
L$ SUVWH
@SVAVH
Q< s>D
@UVWAVAWH
@A_A^_^]
H;M0u0H
L$ SVWH
@UVWATAUAVAWH
L$X8T$@t
A_A^A]A\_^]
SVWAVAWH
0A_A^_^[
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
@SVWATAUAVAWH
H;t$hI
A_A^A]A\_^[
VWATAVAWH
A_A^A\_^
VWATAVAWH
@A_A^A\_^
SVWATAUAVAWH
@A_A^A]A\_^[
fB9,Bu
@USVWATAUAVAWH
A_A^A]A\_^[]
@VWATAVAWH
A_A^A\_^
@USVWATAVAWH
A_A^A\_^[]
@VWAVH
@VWAVH
WATAUAVAWH
 A_A^A]A\_
\$ VWAVH
|$`<'u>
WAVAWH
0A_A^_
UATAUAVAWH
A_A^A]A\]
WAVAWH
L9~(u4
PA_A^_
UVWATAUAVAWH
@A_A^A]A\_^]
@UVWAVAWH
@A_A^_^]
;<unE3
t><>t?A
UVWATAUAVAWH
 A_A^A]A\_^]
WATAUAVAWH
A_A^A]A\_
l$ VWAVD
l$8A^_^
@WATAUAVAWH
0A_A^A]A\_
USVWAVH
A^_^[]
|$ AVH
@VWAVH
VWATAVAWH
A_A^A\_^
@UVWATAUAVAWH
A_A^A]A\_^]
@UVWAVAWH
@A_A^_^]
@UVWATAUAVAWH
0A_A^A]A\_^]
VWATAVAWH
@A_A^A\_^
@UVWAVAWH
H92vi3
`A_A^_^]
WAVAWH
 A_A^_
\$ VWAVH
WAVAWH
 A_A^_
l$ AVH
0u;fff
L$ SVWH
SVWAVH
8A^_^[
WAVAWH
|$ AVH
 H3E H3E
gfffffffH
WTHelperProvDataFromStateData() failed, GetLastError=
WTHelperGetProvSignerFromChain() failed, GetLastError=
CRYPT_PROVIDER_CERT.pCert is invalid!
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
,wstrItemName =
open  HKEY_LOCAL_MACHINE  fail!
&#x%02X;
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
<?xml 
version="%s" 
version="
encoding="%s" 
encoding="
standalone="%s" 
standalone="
<![CDATA[
4ACD00D1-D80B-4a1f-934D-9BEF7E113F84
Error during CryptAcquireContext!
A hash object has been created.
Error during CryptCreateHash!
The password has been added to the hash.
Error during CryptHashData.
An encryption key is derived from the password hash.
Error during CryptDeriveKey!
Error during CryptDestroyHash
Memory has been allocated for the buffer.
Out of memory.
Memory has been allocated for output buffer.
Error during CryptEncrypt - count crypto size.
Error during CryptEncrypt.
Error during CryptDecrypt.
Output buffer is not enough.
Error during CryptDestroyKey
Error during CryptReleaseContext
//product
//feature
//component
region
optional
New xml = 
, xpath=[
SysConfigManager
&quot;
&apos;
version
encoding
standalone
primary number
axis specifier is at
axis specifier is empty
axis is a name
axis is a keyword
ceiling
concat
contains
normalize-space
position
starts-with
string-length
substring
translate
count result
last()
position()
unary -
No error
Failed to open file
Memory allocation failed.
Error parsing Element.
Failed to read Element name
Error reading Element value.
Error reading Attributes.
Error: empty tag.
Error reading end tag.
Error parsing Unknown.
Error parsing Comment.
Error parsing Declaration.
Error document empty.
Error null (0) or unexpected EOF found in input stream.
Error parsing CDATA.
Error when TiXmlDocument added to document, because TiXmlDocument can only be at the root.
<small>none</small>
base char
extender
semi colon
double quote
simple quote
dollar
opening parenthesis
closing parenthesis
less than
greater than
opening bracket
closing bracket
or character (|)
exclamation (!)
NCName
Number
literal
ancestor
ancestor-or-self
attribute
descendant
descendant-or-self
following
following-sibling
namespace
parent
preceding
preceding-sibling
processing-instruction
comment
main level
InitializeConditionVariable
SleepConditionVariableCS
WakeAllConditionVariable
bad allocation
bad array new length
Plugin_Interface_EnumerateDriversInfo
Plugin_Interface_DriversDoAction
Plugin_Interface_GetHelperOwnerModuleID
Plugin_Interface_GetModuleVersion
vector<T> too long
string too long
invalid string position
bRetRd = 
bRet = 
Unknown exception
bad cast
invalid stoull argument
stoull argument out of range
Truncated
Fail to get full path of 
CheckTokenMembership
serviceControlObj.StopNTService(AMSP_SERVICE_NAME)) fail!
//Component
//Element
//Name
//Type
//Value
//AMSP
map/set<T> too long
(NULL)
RSDShD
D:\AMSP_5.5\src\framework\utility\utilInstallation\x64\Release\utilInstallation.pdb
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.gfids$y
.tls$ZZZ
.rsrc$01
.rsrc$02
utilInstallation.dll
??0DriverWrapper@InstallComm@@QEAA@AEBV01@@Z
??0DriverWrapper@InstallComm@@QEAA@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBVCComponentInfo@@UCOMPONENT_INFO@@PEBUAMSP_INST_USER_CALLBACL_DATA@@@Z
??1DriverWrapper@InstallComm@@UEAA@XZ
??4DriverWrapper@InstallComm@@QEAAAEAV01@AEBV01@@Z
??_7DriverWrapper@InstallComm@@6B@
?CleanLib@DriverWrapper@InstallComm@@AEAAXXZ
?DoAction@DriverWrapper@InstallComm@@QEAAHW4INSTALL_ACTION@@_N@Z
?DriverNotify@DriverWrapper@InstallComm@@SAHAEBUDriverInfo@@PEAX@Z
?GetDriverSourcePath@DriverWrapper@InstallComm@@AEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV34@@Z
?GetHelpModuleName@DriverWrapper@InstallComm@@AEAAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV34@@Z
?GetHelperPath@DriverWrapper@InstallComm@@AEAAHAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Initialize@DriverWrapper@InstallComm@@QEAAHXZ
?IsDriverNeedReboot@DriverWrapper@InstallComm@@QEAA_NXZ
?IsDriverVersionEqual@DriverWrapper@InstallComm@@AEAA_NAEBUDriverInfo@@AEAW4IAU_VersionStatus@@@Z
?IsNeedUpdate@DriverWrapper@InstallComm@@QEAA_NAEAW4IAU_VersionStatus@@@Z
?LoadHelperLib@DriverWrapper@InstallComm@@AEAAHXZ
?QueryDrivers@DriverWrapper@InstallComm@@QEAAHV?$vector@UCOMPONENT_INFO@@V?$allocator@UCOMPONENT_INFO@@@std@@@std@@AEAV34@@Z
?StartAction@DriverWrapper@InstallComm@@AEAAHUDriverInfo@@W4INSTALL_ACTION@@@Z
?StartAction@DriverWrapper@InstallComm@@AEAAHUDriverInfo@@W4INSTALL_ACTION@@AEAW4IAU_VersionStatus@@@Z
?Uninitialize@DriverWrapper@InstallComm@@QEAAHXZ
ChangeDescription
CheckIfNeedToSetOtherDriverStartType
CheckOsType
CheckTokenMembership
CleanUpPluginWorkFolders
CleanUpUnusedAmspComponents
CoordinateBackSlash
CopyDirectory
CopyDirectoryByHardLink
CreateDirectoryTree
CreateDirectoryTreeWithEveryoneReadWrite
CreateRunOnceItem
ExeRollback
ExportRegistry
ExtractProductIDFeatureList
GenerateTempFolder
GetAmspDriverSrcPathByAUID
GetAutoDetectCPUMode
GetDelayLoadTimeout
GetDirInWinDir
GetDirNamesInAFolder
GetDisableOnAccessModeTimeout
GetFullPath
GetInstalledFolder
GetInstalledFolderW
GetMsOfficeServiceId
GetOsType
GetServiceDependency
GetServiceName
GetServiceStartupMode
GetTMFBE_GUID
GetWindowTempDir
GetWindowsDrvDir
Install
InstallAdapterDrivers
InstallService
IsAdministrator
IsAppV_Drive
IsHasSubFolder
IsInstalledAMSP
IsLaunchTscAfterReboot
IsMatchSpecFileExtension
IsReboot
IsStarted
IsStopSetupAMSP
IsStopped
IsUpdateAdapterDrivers
IsVistaorLater
IsXPSp2orLater
LoadFeatureComponentList
ManageAdapterDrivers
QueryDriversByAdaptor
QueryStatus
ReadPatchConfig
ReadProductFeatureListFromXML
RecoveryDriverFileToWindowsDrvDirByAUID
RecoveryPatternFromResourceByAUID
RemoveAttributeInTree
RemoveRegistriesForSetup
RemoveServiceDependency
Replace
RollbackNewInstalledDrivers
SaveFeatureComponent
SendEvent_COPY_FILE
SendEvent_CreateRegistry
SendEvent_DELETE_FILE
SendEvent_DeleteRegistry
SendEvent_INSTALL_DRIVER
SendEvent_INSTALL_SERVICE
SendEvent_PROGRESS_NOTIFY
SendEvent_UNINSTALL_DRIVER
SendEvent_UNINSTALL_SERVICE
SendEvent_UPDATE_DRIVER
SetAutoDetectCPUMode
SetDelayLoadTimeout
SetDisableOnAccessModeTimeout
SetServiceDependency
SetServiceStartupMode
SignalAMSPStartComplete
StartAmspService
StartSrervice
StopAmspService
StrToInt
TiXmlLoadFile
TiXmlSaveFile
TrimLeft
TrimRight
UnInstall
UninstallAdapterDrivers
UninstallAllDrivers
UninstallService
UpdateAdapterDrivers
UpgradeDrivers
ValidateOSType
WaitUntilAsmpStartComplete
WritePatchConfig
WriteRegistriesForSetup
WriteRegistriesFromXML
deleteTree
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
CreateDirectoryW
RemoveDirectoryW
LocalAlloc
GetFileAttributesW
SetFileAttributesW
DeleteFileW
LocalFree
MoveFileExW
CopyFileW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
GetVersionExW
GetWindowsDirectoryW
SetLastError
GetTickCount
GetStartupInfoW
ReadFile
WriteFile
GetModuleFileNameW
Thread32Next
Thread32First
WaitForSingleObject
CreateFileW
OpenEventW
CreateToolhelp32Snapshot
SetEvent
CloseHandle
CreateProcessW
OpenThread
GetExitCodeProcess
DisableThreadLibraryCalls
KERNEL32.dll
wsprintfW
USER32.dll
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
OpenServiceW
DeleteService
LockServiceDatabase
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
UnlockServiceDatabase
QueryServiceStatus
CreateServiceW
StartServiceW
ControlService
ADVAPI32.dll
Log_GetDefaultHandle
Log_GetLogLevel
utilDebugLog.dll
?GetUniqueString@CComponentInfo@@SAXAEBUCOMPONENT_INFO@@AEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SearchComponentByUniqueString@CComponentInfo@@QEAA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAUCOMPONENT_INFO@@@Z
?SearchDriverByAUID@CComponentInfo@@QEAA_NIAEAUCOMPONENT_INFO@@@Z
??1CComponentInfo@@UEAA@XZ
??0CComponentInfo@@QEAA@XZ
??4CComponentInfo@@QEAAAEAV0@AEBV0@@Z
??0CComponentInfo@@QEAA@AEBV0@@Z
?GetComponents@CComponentInfo@@QEAAAEAV?$vector@UCOMPONENT_INFO@@V?$allocator@UCOMPONENT_INFO@@@std@@@std@@XZ
?SetComponents@CComponentInfo@@QEAAXAEAV?$vector@UCOMPONENT_INFO@@V?$allocator@UCOMPONENT_INFO@@@std@@@std@@@Z
?EnumerateAdapter@CComponentInfo@@QEAAXAEAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UCOMPONENT_INFO@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UCOMPONENT_INFO@@@std@@@2@@std@@@Z
?SearchComponentByTypeAndAUID@CComponentInfo@@QEAA_NIIAEAUCOMPONENT_INFO@@@Z
?Initialize@CComponentInfo@@QEAAHXZ
??0CComponentInfo@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0CComponentInfo@@QEAA@AEAV?$vector@UCOMPONENT_INFO@@V?$allocator@UCOMPONENT_INFO@@@std@@@std@@@Z
??0CComponentInfo@@QEAA@AEAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UCOMPONENT_INFO@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UCOMPONENT_INFO@@@std@@@2@@std@@@Z
utilComponentInfo.dll
??1CCriticalSection@OS@@QEAA@XZ
??0CCriticalSection@OS@@QEAA@XZ
??1CCriticalSectionSentry@OS@@QEAA@XZ
??0CCriticalSectionSentry@OS@@QEAA@AEAVCCriticalSection@1@@Z
utilThread.dll
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
MSVCP140.dll
RpcStringFreeA
UuidCreate
UuidToStringA
RPCRT4.dll
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WINTRUST.dll
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CRYPT32.dll
memmove
__std_terminate
_purecall
__std_type_info_compare
__std_exception_destroy
__std_exception_copy
wcsstr
strstr
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
memcpy
memset
wcschr
strchr
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
VCRUNTIME140.dll
strncpy
isdigit
_invalid_parameter_noinfo_noreturn
wcsncpy_s
_wfindfirst64i32
_findclose
__acrt_iob_func
__stdio_common_vfwprintf
_wfindnext64i32
_wrename
_wcsnicmp
wcsncmp
calloc
_recalloc
__stdio_common_vsnwprintf_s
terminate
iswspace
strtok
_wcsicmp
fflush
_wfopen_s
fclose
wcstoull
_itow_s
_invalid_parameter_noinfo
wcsncpy
wcstok
_unlock_file
_lock_file
fwrite
_errno
fgetpos
setvbuf
ungetc
__p__wpgmptr
fsetpos
_fseeki64
_get_stream_buffer_pointers
towupper
_ui64tow_s
_wsplitpath
_time64
wcsnlen
__stdio_common_vswprintf_s
ferror
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
malloc
_stricmp
_waccess
isalpha
isspace
isalnum
tolower
strncmp
strcmp
__stdio_common_vsprintf
_callnewh
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
MultiByteToWideChar
GetFileSize
CopyFileExW
CreateHardLinkW
GetACP
ExpandEnvironmentStringsW
GetFullPathNameW
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
CreateEventW
GetModuleHandleW
Process32FirstW
Process32NextW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
SHGetFolderPathW
SHELL32.dll
Log_Flush
Qkkbal
.?AVTiXmlDocument@@
.?AVTiXmlNode@@
.?AVTiXmlBase@@
.?AVTiXmlElement@@
.?AVTiXmlComment@@
.?AVTiXmlUnknown@@
.?AVTiXmlAttribute@@
.?AVTiXmlText@@
.?AVTiXmlDeclaration@@
.?AUCryptoBuffDeleter@@
.?AV?$sp_counted_impl_pd@PEADUCryptoBuffDeleter@@@detail@boost@@
.?AVxpath_stream@TinyXPath@@
.?AVbyte_stream@TinyXPath@@
.?AVxpath_processor@TinyXPath@@
.?AVexecution_error@TinyXPath@@
.?AVsyntax_error@TinyXPath@@
.?AVsyntax_overflow@TinyXPath@@
.?AVerror_not_yet@TinyXPath@@
.?AVtoken_list@TinyXPath@@
.?AVtoken_syntax_decoder@TinyXPath@@
.?AVtoken_redef@TinyXPath@@
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVbad_array_new_length@std@@
.?AVDriverWrapper@InstallComm@@
.?AVsp_counted_base@detail@boost@@
.?AV?$sp_counted_impl_p@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@detail@boost@@
.?AVCAtlException@ATL@@
.?AVBase@Service@InstallComm@@
.?AUSCharAdapter@NS_StringUtils@@
.?AUSWordsAdapter@NS_StringUtils@@
.?AV?$sp_counted_impl_pd@PEA_WU?$checked_array_deleter@_W@boost@@@detail@boost@@
.?AU?$checked_array_deleter@_W@boost@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AU?$checked_array_deleter@D@boost@@
.?AVios_base@std@@
.?AV?$sp_counted_impl_pd@PEADU?$checked_array_deleter@D@boost@@@detail@boost@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVbad_cast@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AVexception@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
Western Cape1
Durbanville1
Thawte1
Thawte Certification1
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
170427000000Z
180716235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
http://sf.symcb.com/sf.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sf.symcd.com0&
http://sf.symcb.com/sf.crt0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
100208000000Z
200207235959Z0
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA0
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
VeriSignMPKI-2-80
VeriSign, Inc.1
VeriSign Trust Network1;09
2Terms of use at https://www.verisign.com/rpa (c)101.0,
%VeriSign Class 3 Code Signing 2010 CA
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
170814061349Z0#
fyZ9CO
ceA#x/u`
pG5]F}
)jo[)b
k_#H2oC
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
170427000000Z
180716235959Z0g1
Taiwan1
Taipei1
Trend Micro, Inc.1
Trend Micro, Inc.0
http://sv.symcb.com/sv.crl0a
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
http://sv.symcd.com0&
http://sv.symcb.com/sv.crt0
VeriSign, Inc.1705
.Class 3 Public Primary Certification Authority0
061108000000Z
211107235959Z0
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
 http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
[0Y0W0U
	image/gif0!0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2006 VeriSign, Inc. - For authorized use only1E0C
<VeriSign Class 3 Public Primary Certification Authority - G50
131210000000Z
231209235959Z0
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA0
+ojr\`
http://s2.symcb.com0
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
http://s1.symcb.com/pca3-g5.crl0
SymantecPKI-1-5670
Symantec Corporation1
Symantec Trust Network100.
'Symantec Class 3 SHA256 Code Signing CA
20170814061350Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G2
VeriSign, Inc.1
VeriSign Trust Network1:08
1(c) 2008 VeriSign, Inc. - For authorized use only1806
/VeriSign Universal Root Certification Authority0
160112000000Z
310111235959Z0w1
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0.
http://s.symcd.com06
%http://s.symcb.com/universal-root.crl0
TimeStamp-2048-30
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA0
170102000000Z
280401235959Z0
Symantec Corporation1
Symantec Trust Network110/
(Symantec SHA256 TimeStamping Signer - G20
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0@
/http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
http://ts-ocsp.ws.symantec.com0;
/http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
TimeStamp-2048-50
\Z^ k;
Symantec Corporation1
Symantec Trust Network1(0&
Symantec SHA256 TimeStamping CA
170814061350Z0/
/1(0&0$0"