1b4cfc83e68c55c91c973f9e82460b7317f2bd683dea39b0b33ea1ca0881e613

Sharing

Copy URL Twitter E-mail

General

Target

1b4cfc83e68c55c91c973f9e82460b7317f2bd683dea39b0b33ea1ca0881e613
Size

2.3MB
MD5

54e1a225f4d6f26f7c405127615a8566
SHA1

ea60a97581b4aee835a0e3bde6cf260caaf62b4c
SHA256

1b4cfc83e68c55c91c973f9e82460b7317f2bd683dea39b0b33ea1ca0881e613
SHA512

fe7ddc03abba1e2020df0152b198f14ec93ea1037c0800f025f64d02fa257133625b59526981df10101310b187ef44baebff81feef885ffe629218a606242e2d
SSDEEP

49152:yQzzIxNcOb35QWawaxco2Gw0bNOrZ4uK2eSQT20u62P:F25b6WawaBtuZ432eSQT2B

Score

N/A

Malware Config

Signatures

Files

1b4cfc83e68c55c91c973f9e82460b7317f2bd683dea39b0b33ea1ca0881e613
.rar
文本编辑器/!)导入注册码添加删除右键菜单项.bat
文本编辑器/ANSI.CTL
文本编辑器/EditPlus.chm
.chm
文本编辑器/EditPlus.exe
.exe windows x86

5acb0375e30b956ece0f5e9c5f60cae8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowLongW
IntersectRect
CopyRect
WindowFromPoint
SetCursor
AdjustWindowRectEx
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
ModifyMenuW
EnableMenuItem
CreatePopupMenu
GetMenuState
GetMenu
GetSystemMetrics
TranslateAcceleratorW
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
IsWindowUnicode
keybd_event
GetDlgCtrlID
IsWindowVisible
GetWindowPlacement
SetLayeredWindowAttributes
IsChild
GetMessagePos
GetKeyboardLayout
LoadStringW
InvertRect
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
CreateCaret
LoadImageW
GetSysColorBrush
GetSysColor
SetActiveWindow
IsWindowEnabled
GetActiveWindow
IsCharLowerW
IsCharUpperW
OpenClipboard
DrawTextW
FindWindowW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsCharAlphaNumericW
DrawFocusRect
SetParent
GetKeyNameTextW
EqualRect
GetClassNameW
CharUpperW
AppendMenuW
CheckMenuItem
ClientToScreen
GetTabbedTextExtentW
SystemParametersInfoW
GetDesktopWindow
SetWindowLongW
MessageBeep
SetForegroundWindow
TrackPopupMenuEx
DeleteMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
DestroyMenu
MapVirtualKeyW
LoadMenuW
GetFocus
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
CallWindowProcW
DdeFreeStringHandle
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
GetWindow
InvalidateRgn
ReleaseDC
GetMenuStringW
DestroyIcon
SendDlgItemMessageA
RemoveMenu
DrawTextExW
GrayStringW
GetWindowDC
SendMessageW
BeginPaint
EndPaint
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
DispatchMessageW
PeekMessageW
RegisterClassW
GetClassInfoW
LoadCursorW
CreateWindowExW
TranslateMDISysAccel
WinHelpW
SystemParametersInfoA
UnpackDDElParam
ReuseDDElParam
SetRectEmpty
GetMessageTime
DefWindowProcW
GetDoubleClickTime
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
InflateRect
OffsetRect
PtInRect
GetParent
RegisterWindowMessageW
IsWindow
IsIconic
IsZoomed
SetClipboardViewer
ChangeClipboardChain
IsClipboardFormatAvailable
CharLowerW
GetKeyState
GetClassLongW
SetClassLongW
GetCapture
SetTimer
KillTimer
GetDC
GetTopWindow
GetLastActivePopup
IsMenu
DestroyWindow
SetWindowPlacement
GetNextDlgGroupItem
SetWindowContextHelpId
CharNextW
CreateMenu
GetDCEx
PostThreadMessageW
MapDialogRect
SetWindowRgn
DrawIcon
RealChildWindowFromPoint
IsRectEmpty
GetSystemMenu
MonitorFromPoint
WaitMessage
ShowOwnedPopups
DestroyCursor
SetCursorPos
TranslateMessage
GetMessageW
DefMDIChildProcW
DefFrameProcW
InsertMenuItemW
LoadAcceleratorsW
GetWindowThreadProcessId
GetNextDlgTabItem
CreateDialogIndirectParamW
IsDialogMessageW
ScrollWindowEx
SetDlgItemTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
DeferWindowPos
SetFocus
SetMenu
TrackPopupMenu
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
SetRect
FillRect
ScreenToClient
GetCursorPos
InvalidateRect
UpdateWindow
TabbedTextOutW
ReleaseCapture
SetCapture
PostMessageW
TrackMouseEvent
GetWindowRect
GetClientRect
EnableWindow
EmptyClipboard
CharNextExA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
BringWindowToTop
LockWindowUpdate
PostQuitMessage
GetClassInfoExW
UnregisterClassW
MessageBoxW
DrawMenuBar
MapWindowPoints

comctl32

ImageList_GetIcon
ImageList_DrawEx
ImageList_Draw
ImageList_DrawIndirect
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_AddMasked
ImageList_ReplaceIcon

wsock32

WSACleanup
WSAStartup
shutdown
setsockopt
select
recv
ntohs
listen
getsockname
connect
closesocket
bind
accept
WSAGetLastError
socket
send

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmGetCompositionStringW
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext
ImmGetConversionStatus
ImmGetProperty
ImmGetCompositionStringA
ImmEscapeW
ImmSetCompositionFontW
ImmEscapeA
ImmSetCompositionWindow

uxtheme

OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
EnableThemeDialogTexture
GetThemeBackgroundContentRect
IsAppThemed
DrawThemeParentBackground
SetWindowTheme
GetThemePartSize

mpr

WNetCloseEnum
WNetEnumResourceW
WNetAddConnection2W
WNetOpenEnumW
WNetGetConnectionW

usp10

ScriptStringFree
ScriptStringAnalyse
ScriptStringOut
ScriptString_pLogAttr
ScriptStringCPtoX

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipDeleteGraphics

crypt32

CryptBinaryToStringA
CryptStringToBinaryW
CryptBinaryToStringW
CertFreeCertificateContext
CryptFindCertificateKeyProvInfo
CertStrToNameW
CertCreateSelfSignCertificate

secur32

AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
ApplyControlToken
QueryContextAttributesW
FreeContextBuffer
EncryptMessage
DecryptMessage

dbghelp

MiniDumpWriteDump

kernel32

GetStringTypeW
WriteConsoleW
LCMapStringW
RtlUnwind
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapQueryInformation
GetSystemInfo
OutputDebugStringW
VirtualQuery
GetFileType
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
VirtualAlloc
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
VirtualProtect
GetSystemDefaultUILanguage
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
GlobalMemoryStatusEx
LoadResource
LockResource
SizeofResource
FindResourceW
GetACP
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
SetCurrentDirectoryW
GetCurrentDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetTempFileNameW
ReadFile
SetFilePointer
GetTempPathW
CloseHandle
SetUnhandledExceptionFilter
GetSystemTime
GetLocalTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiW
lstrlenW
CopyFileW
GetStringTypeExW
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetSystemDefaultLCID
SetThreadUILanguage
MulDiv
GetLastError
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryW
lstrlenA
CreateFileMappingA
SystemTimeToFileTime
SetEvent
CreateEventW
FileTimeToSystemTime
GetCurrentThread
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
FlushFileBuffers
GetFileAttributesW
GetFileTime
SetEndOfFile
SetFileAttributesW
WriteFile
Sleep
GetCurrentProcess
GetCurrentProcessId
ExitProcess
CreateProcessW
GetVersionExW
FreeResource
LocalFree
FormatMessageW
GetVersionExA
GetModuleHandleW
GlobalAddAtomW
GlobalGetAtomNameW
GetPrivateProfileStringW
GetLocaleInfoW
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetExitCodeProcess
GlobalMemoryStatus
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetProcessHeap
lstrcmpW
EnumSystemCodePagesW
CreatePipe
GetVolumeInformationW
SuspendThread
ResumeThread
DecodePointer
RaiseException
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
InitializeCriticalSectionEx
GetDriveTypeW
LocalAlloc
LocalReAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
OutputDebugStringA
SetLastError
GetModuleHandleA
GlobalSize
EncodePointer
GetSystemDirectoryW
LoadLibraryExW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringW
lstrcmpA
SetThreadPriority
CompareStringA
GetPrivateProfileIntW
WritePrivateProfileStringW
SetErrorMode
LockFile
UnlockFile
DuplicateHandle
MoveFileW
GetDiskFreeSpaceW
SetFileTime
ReplaceFileW
GetUserDefaultLCID
GlobalFlags
GetProfileIntW
InitializeCriticalSection
TlsAlloc

gdi32

GetCharABCWidthsW
EnumFontFamiliesExW
DeleteDC
GetTextMetricsW
GetTextExtentPointW
SetTextColor
SetBkColor
CreateRectRgnIndirect
ExtTextOutW
MoveToEx
GetObjectW
SetBkMode
SelectObject
LineTo
GetTextExtentPoint32W
GetTextColor
GetStockObject
GetCurrentObject
GetTextFaceW
GetWindowOrgEx
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetCharWidthW
LPtoDP
Ellipse
CreateEllipticRgn
SetRectRgn
GetMapMode
GetViewportOrgEx
DPtoLP
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
TextOutW
StartDocW
SetWorldTransform
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetCurrentPositionEx
ExcludeClipRect
Escape
CreateBitmap
CopyMetaFileW
Polyline
ExtCreatePen
CreatePolygonRgn
DeleteObject
CreateSolidBrush
CreatePen
CreateFontIndirectW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetROP2
SetTextAlign
PatBlt
GetRgnBox
CreateRectRgn
CombineRgn
Polygon
GetClipBox
GetBkColor
CreatePatternBrush
CreateDIBitmap
ExtTextOutA
SelectClipRgn
CreateDIBSection
GetDeviceCaps
Rectangle
GetOutlineTextMetricsW
CreateICW

winspool.drv

GetJobW
OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegSetValueW
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptVerifySignatureW
RegOpenKeyW
GetUserNameW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetFileSecurityW
SetFileSecurityW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegQueryValueW
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptGenRandom

shell32

SHBindToParent
ord16
DragFinish
SHGetSettings
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
ExtractIconExW
DragQueryFileW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHAddToRecentDocs
SHGetPathFromIDListW
SHChangeNotify
Shell_NotifyIconW
ExtractIconW
DragAcceptFiles
ord62

shlwapi

PathFileExistsW
PathFindExtensionW
UrlUnescapeW
UrlEscapeW
StrCmpLogicalW
SHAutoComplete
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
CoGetClassObject
OleDraw
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
StringFromCLSID
CoInitialize
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
SysAllocStringLen
VariantCopy
LoadTypeLi
VariantClear
VariantInit
SafeArrayPutElement
SafeArrayCreate
SysStringLen
SysFreeString
SysAllocString
OleCreateFontIndirect

oledlg

OleUIBusyW

urlmon

CoInternetSetFeatureEnabled

ws2_32

InetNtopW
freeaddrinfo
getaddrinfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 731KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/Tips.txt
文本编辑器/WebView2Loader.dll
.dll windows x86

a64b009ff2c9503726050a45e231f4c9

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:9f:a3:4e:a6:16:c4:a6:86:31:78:a0:2e:9c:cf:1d:f6:c4:3a:12:43:3a:a6:ff:f1:cd:02:23:dd:3f:a9:cc
Signer

Actual PE Digest

41:9f:a3:4e:a6:16:c4:a6:86:31:78:a0:2e:9c:cf:1d:f6:c4:3a:12:43:3a:a6:ff:f1:cd:02:23:dd:3f:a9:cc

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:58
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/codepage.txt
文本编辑器/control.ctl
文本编辑器/correct.tlx
文本编辑器/cpp.acp
.js
文本编辑器/cpp.stx
文本编辑器/cs.acp
.js
文本编辑器/cs.stx
.vbs
文本编辑器/css.ctl
文本编辑器/css.stx
文本编辑器/css2.ctl
文本编辑器/editplus_u.ini
文本编辑器/emmet_epp.js
.js
文本编辑器/entities_u.txt
文本编辑器/eppcon.exe
.exe windows x86

97203132a14647a41f0dab88c57c2a16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

26/02/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:7a:88:fb:1c:0e:a1:fc:bd:2c:56:c5:95:3f:8f:14:89:6e:d9:e1:26:e4:ba:cc:5c:2e:f9:59:ef:2d:bd:89
Signer

Actual PE Digest

72:7a:88:fb:1c:0e:a1:fc:bd:2c:56:c5:95:3f:8f:14:89:6e:d9:e1:26:e4:ba:cc:5c:2e:f9:59:ef:2d:bd:89

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

14/08/2020, 09:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
OpenFileMappingW
UnmapViewOfFile
CloseHandle
CreateProcessW
MapViewOfFile
GenerateConsoleCtrlEvent
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppie.exe
.exe windows x86

f570dfc77bd4ef694a222d21b42844a7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/02/2019, 00:00

Not After

15/05/2020, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:9b:d0:1b:58:98:fd:2f:b8:ae:c1:b7:57:43:8d:4a:dd:68:3e:39:76:18:2b:51:92:91:ef:bf:d4:5b:e7:fa
Signer

Actual PE Digest

7e:9b:d0:1b:58:98:fd:2f:b8:ae:c1:b7:57:43:8d:4a:dd:68:3e:39:76:18:2b:51:92:91:ef:bf:d4:5b:e7:fa

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

02/01/2020, 01:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

WriteConsoleW
GetModuleFileNameW
CloseHandle
CreateProcessA
GetModuleFileNameA
lstrcpyA
lstrcatA
lstrlenA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
DecodePointer
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppshell.dll
.dll regsvr32 windows x86

75c5562f4eb49ec41ec28ef3163c928c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

26/02/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:e4:32:5f:a7:34:79:09:e7:9e:35:80:db:2f:6e:dc:2f:a2:50:e6:95:72:f6:51:ea:85:12:b8:fa:2d:e2:73
Signer

Actual PE Digest

59:e4:32:5f:a7:34:79:09:e7:9e:35:80:db:2f:6e:dc:2f:a2:50:e6:95:72:f6:51:ea:85:12:b8:fa:2d:e2:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

14/08/2020, 09:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
InsertMenuW
GetMenuInfo
SetMenuInfo
SetMenuItemInfoW
SetForegroundWindow
MessageBoxW
ReleaseDC
LoadImageW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdeClientTransaction
SendMessageW
GetDC
DdeGetLastError
DdeFreeStringHandle
DdeCreateStringHandleW
wsprintfW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW

ole32

ReleaseStgMedium

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
GetObjectW
CreateCompatibleDC

gdiplus

GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode

kernel32

GetStringTypeW
GetFileType
GetStdHandle
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringW
SetFilePointerEx
CreateFileW
WriteConsoleW
GetProcessHeap
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetLastError
GetModuleFileNameW
LocalFree
FormatMessageW
lstrcpyW
lstrcatW
lstrlenW
CloseHandle
Sleep
CreateProcessW
GetVersionExW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
lstrcpynA
lstrcpynW
UnhandledExceptionFilter
DecodePointer
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FindNextFileW
RaiseException
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppshell64.dll
.dll regsvr32 windows x64

d3263b02fe99795119d40e7c19b6c67d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

26/02/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:d6:4b:b2:99:00:91:a2:31:2d:07:8c:96:0d:bd:d3:23:45:ef:94:75:fe:32:2b:9f:eb:08:50:c7:f5:45:a8
Signer

Actual PE Digest

74:d6:4b:b2:99:00:91:a2:31:2d:07:8c:96:0d:bd:d3:23:45:ef:94:75:fe:32:2b:9f:eb:08:50:c7:f5:45:a8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

14/08/2020, 09:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

IsWindow
InsertMenuW
GetMenuInfo
SetMenuInfo
SetMenuItemInfoW
SetForegroundWindow
MessageBoxW
ReleaseDC
LoadImageW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdeClientTransaction
SendMessageW
GetDC
DdeGetLastError
DdeFreeStringHandle
DdeCreateStringHandleW
wsprintfW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW

ole32

ReleaseStgMedium

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
GetObjectW
CreateCompatibleDC

gdiplus

GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipDisposeImage
GdipDrawImageRectRectI
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode

kernel32

GetStringTypeW
GetFileType
GetStdHandle
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringW
SetFilePointerEx
CreateFileW
WriteConsoleW
GetProcessHeap
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetLastError
GetModuleFileNameW
LocalFree
FormatMessageW
lstrcpyW
lstrcatW
lstrlenW
CloseHandle
Sleep
CreateProcessW
GetVersionExW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
lstrcpynA
lstrcpynW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FindNextFileW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppshellreg.exe
.exe windows x64

a1db25d9e2a25718d6c4dd06398cd76f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/02/2019, 00:00

Not After

15/05/2020, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:fc:68:2d:45:7e:91:4b:83:d5:5f:32:db:fc:bb:14:56:49:3f:7c:47:02:b6:98:2b:ea:ec:2c:3f:98:7a:23
Signer

Actual PE Digest

6e:fc:68:2d:45:7e:91:4b:83:d5:5f:32:db:fc:bb:14:56:49:3f:7c:47:02:b6:98:2b:ea:ec:2c:3f:98:7a:23

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

02/01/2020, 01:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppshellreg32.exe
.exe windows x86

46a271cf7388834c23df604fdcc5a6f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/02/2019, 00:00

Not After

15/05/2020, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:ba:dd:1c:f8:f8:3e:d1:2a:a0:de:41:a9:59:dc:56:32:fb:c0:52:34:fd:d6:f2:35:4f:62:d9:b3:60:28:48
Signer

Actual PE Digest

6c:ba:dd:1c:f8:f8:3e:d1:2a:a0:de:41:a9:59:dc:56:32:fb:c0:52:34:fd:d6:f2:35:4f:62:d9:b3:60:28:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

02/01/2020, 01:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
lstrcpyA
lstrlenA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/eppwinrt.dll
.dll windows x86

954c3d62fd12da99900d313f2a4d3f2d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

26/02/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:88:46:98:ec:77:e8:0c:22:83:c3:95:d0:1f:b2:d1:7e:d8:72:9e:f2:c0:4d:04:78:11:31:2a:9c:93:18:5b
Signer

Actual PE Digest

cf:88:46:98:ec:77:e8:0c:22:83:c3:95:d0:1f:b2:d1:7e:d8:72:9e:f2:c0:4d:04:78:11:31:2a:9c:93:18:5b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

14/08/2020, 09:25
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

webview2loader

CreateCoreWebView2EnvironmentWithOptions

kernel32

CreateSemaphoreExW
InitializeSListHead
CloseHandle
ReleaseMutex
GetLastError
ReleaseSemaphore
WaitForSingleObjectEx
FormatMessageW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
SetLastError
WaitForSingleObject
OpenSemaphoreW
GetCurrentProcessId
CreateMutexExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime

user32

GetClientRect
SendMessageW

vcruntime140

_except_handler4_common
memcpy
_purecall
__std_type_info_destroy_list
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
wcschr
_CxxThrowException
__std_exception_copy
memset

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_register_onexit_function
_initterm
_initterm_e
_initialize_onexit_table
_seh_filter_dll
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_invalid_parameter_noinfo
_errno

api-ms-win-crt-string-l1-1-0

wcscat_s
wcscpy_s

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Exports

Exports

CompleteDeferral
CreateWebView
DeleteWebView
GetCanGoBack
GetCanGoForward
GetDocumentTitle
GetSource
GetZoomFactor
GoBack
GoForward
MoveFocus
Navigate
PutZoomFactor
Refresh
SizeWebView
Stop

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/html.acp
文本编辑器/html.ctl
文本编辑器/html.stx
文本编辑器/html.tlx
文本编辑器/html4.ctl
文本编辑器/html5.ctl
文本编辑器/htmlbar.acp
文本编辑器/java.acp
.js
文本编辑器/java.stx
文本编辑器/js.stx
文本编辑器/jsp.stx
文本编辑器/launcher.exe
.exe windows x86

37313e2fae3fb944bd16238fe501079f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

14/02/2019, 00:00

Not After

15/05/2020, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:b5:ed:80:08:d6:3d:64:a9:26:4e:25:ec:04:1e:6a:bb:4f:a5:a5:3e:55:5b:19:3f:bf:6c:59:d6:3b:53:36
Signer

Actual PE Digest

16:b5:ed:80:08:d6:3d:64:a9:26:4e:25:ec:04:1e:6a:bb:4f:a5:a5:3e:55:5b:19:3f:bf:6c:59:d6:3b:53:36

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

02/01/2020, 01:21
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
ExitProcess
CreateProcessA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GenerateConsoleCtrlEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/license.txt
文本编辑器/lua51.stx
文本编辑器/md.stx
文本编辑器/perl.acp
文本编辑器/perl.stx
文本编辑器/php.stx
文本编辑器/python.acp
.js
文本编辑器/python.stx
.js
文本编辑器/python_extd.stx
.js
文本编辑器/readme.txt
文本编辑器/reg_u.ini
文本编辑器/remove.exe
.exe windows x86

0d4cf5860ee5db95e9750ddbf6a1fcdf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

26/02/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:ee:22:51:3f:d2:aa:08:29:22:04:f0:7e:f2:45:b4:88:2b:53:89:6f:0c:cd:d3:e5:a7:08:a9:e0:a6:db:39
Signer

Actual PE Digest

98:ee:22:51:3f:d2:aa:08:29:22:04:f0:7e:f2:45:b4:88:2b:53:89:6f:0c:cd:d3:e5:a7:08:a9:e0:a6:db:39

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ES-Computing,OU=IT Team,O=ES-Computing,L=Jinju-si,ST=Gyeongsangnam-do,C=KR

14/08/2020, 09:26
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueA

user32

SetWindowTextA
LoadStringA
SystemParametersInfoA
GetDesktopWindow
MessageBoxA
GetWindowRect
wsprintfA
GetWindowTextA
SetForegroundWindow
GetSystemMetrics
GetDlgItem
EndDialog
DialogBoxParamA
SetWindowPos
PostMessageA
SendMessageA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA

ole32

CoTaskMemFree

kernel32

ReadFile
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
LCMapStringW
SetFilePointerEx
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
CreateFileW
GetStringTypeW
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
RemoveDirectoryA
WriteFile
GetTempPathA
CloseHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
CreateThread
GetCurrentThread
SetThreadPriority
SuspendThread
ResumeThread
CreateProcessA
SetPriorityClass
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetShortPathNameA
MulDiv
lstrcmpA
lstrcpyA
lstrcatA
lstrlenA
MoveFileExA
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetStdHandle
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetCommandLineA
GetCommandLineW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
GetFileType
HeapAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/restore_u.ini
文本编辑器/ruby.acp
文本编辑器/ruby.stx
.vbs
文本编辑器/smali.stx
文本编辑器/snippets.json
文本编辑器/sql.stx
文本编辑器/ssce5232.dll
.dll windows x86

334c07576d54230e419c60e80dab70b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
lstrcmpiA
GetPrivateProfileStringA
GetModuleFileNameA
_llseek
_lread
GetCurrentProcessId
lstrcpyA
_lopen
_lwrite
_lclose
CloseHandle
CreateMutexA
OpenMutexA
WritePrivateProfileStringA
_lcreat
GetProfileStringA
lstrlenA
GetVersion
GetLastError
GetCurrentThreadId
VirtualAlloc
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetLocaleInfoW
HeapReAlloc
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetFilePointer
GetCurrentDirectoryA
GetFullPathNameA
TlsSetValue
SetStdHandle
SetEndOfFile
GetEnvironmentStringsW
GetEnvironmentStrings
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
WaitForSingleObject
MoveFileA
DeleteFileA
InterlockedDecrement
InterlockedIncrement
GetFileAttributesA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
ReadFile
GetCurrentProcess
WriteFile
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetFileType
CreateFileA
WideCharToMultiByte
TerminateProcess
GetStdHandle
GetStartupInfoA
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
FreeEnvironmentStringsA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsW

user32

ShowCursor
SendMessageA
MessageBoxA
SetCursor
LoadCursorA
GetWindowTextA
wsprintfA
EnumChildWindows
DialogBoxParamA
GetWindowTextLengthA
WinHelpA
EndDialog
GetDlgItem
GetClassNameA
KillTimer
ShowWindow
SetTimer
SetDlgItemTextA
GetDlgItemTextA
GetDesktopWindow
MoveWindow
ClientToScreen
PtInRect
GetSystemMetrics
OffsetRect
SetFocus
GetWindowRect
EnableWindow
GetSysColor
SetWindowTextA

gdi32

CreateSolidBrush
SetBkColor
GetObjectA
CreateFontIndirectA
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

Exports

Exports

EditLexDlgProc
NewLexDlgProc
OptionsDlgProc
SSCE_AddToLex
SSCE_CheckBlock
SSCE_CheckBlockDlg
SSCE_CheckBlockDlgTmplt
SSCE_CheckCtrlDlg
SSCE_CheckCtrlDlgTmplt
SSCE_CheckWord
SSCE_ClearLex
SSCE_CloseBlock
SSCE_CloseLex
SSCE_CloseSession
SSCE_CompressLexAbort
SSCE_CompressLexEnd
SSCE_CompressLexFile
SSCE_CompressLexInit
SSCE_CreateLex
SSCE_DelBlockText
SSCE_DelBlockWord
SSCE_DelFromLex
SSCE_EditLexDlg
SSCE_EditLexDlgTmplt
SSCE_FindLexWord
SSCE_GetAutoCorrect
SSCE_GetBlock
SSCE_GetBlockInfo
SSCE_GetBlockWord
SSCE_GetHelpFile
SSCE_GetLex
SSCE_GetLexId
SSCE_GetLexInfo
SSCE_GetMainLexFiles
SSCE_GetMainLexPath
SSCE_GetMinSuggestDepth
SSCE_GetOption
SSCE_GetRegTreeName
SSCE_GetSelUserLexFile
SSCE_GetSid
SSCE_GetStatistics
SSCE_GetStringTableName
SSCE_GetUserLexFiles
SSCE_GetUserLexPath
SSCE_InsertBlockText
SSCE_NextBlockWord
SSCE_OpenBlock
SSCE_OpenLex
SSCE_OpenSession
SSCE_OptionsDlg
SSCE_OptionsDlgTmplt
SSCE_ReplaceBlockWord
SSCE_ResetLex
SSCE_SetAutoCorrect
SSCE_SetBlockCursor
SSCE_SetDebugFile
SSCE_SetDialogOrigin
SSCE_SetHelpFile
SSCE_SetIniFile
SSCE_SetMainLexFiles
SSCE_SetMainLexPath
SSCE_SetMinSuggestDepth
SSCE_SetOption
SSCE_SetRegTreeName
SSCE_SetSelUserLexFile
SSCE_SetStringTableName
SSCE_SetUserLexFiles
SSCE_SetUserLexPath
SSCE_Suggest
SSCE_Version
SndMsgEnumCb
SpellCheckDlgProc

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
文本编辑器/ssceam.tlx
.vbs
文本编辑器/ssceam2.clx
文本编辑器/template.cpp
文本编辑器/template.html
.html
文本编辑器/template.java
文本编辑器/template.pl
.pl .sh linux
文本编辑器/template.py
.py .sh linux
文本编辑器/templatex.html
文本编辑器/vb.stx
.vbs
文本编辑器/workspace01.ini
文本编辑器/workspace_u.ini
文本编辑器/xhtml.ctl
文本编辑器/xhtmlbar.acp
文本编辑器/xml.stx
文本编辑器/zen_coding_epp.js
.js

Sharing

General

Malware Config

Signatures

Files

5acb0375e30b956ece0f5e9c5f60cae8

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

wsock32

version

imm32

uxtheme

mpr

usp10

gdiplus

crypt32

secur32

dbghelp

kernel32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

oledlg

urlmon

ws2_32

oleacc

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 359KB - Virtual size: 358KB

.data Size: 31KB - Virtual size: 166KB

.rsrc Size: 731KB - Virtual size: 732KB

.reloc Size: 125KB - Virtual size: 124KB

a64b009ff2c9503726050a45e231f4c9

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

41:9f:a3:4e:a6:16:c4:a6:86:31:78:a0:2e:9c:cf:1d:f6:c4:3a:12:43:3a:a6:ff:f1:cd:02:23:dd:3f:a9:ccSigner

Signature Validations

Verification

09/09/2022, 12:58 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 4B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 72B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

97203132a14647a41f0dab88c57c2a16

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bdCertificate

Extended Key Usages

Key Usages

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 359KB - Virtual size: 358KB

.data
Size: 31KB - Virtual size: 166KB

.rsrc
Size: 731KB - Virtual size: 732KB

.reloc
Size: 125KB - Virtual size: 124KB

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

41:9f:a3:4e:a6:16:c4:a6:86:31:78:a0:2e:9c:cf:1d:f6:c4:3a:12:43:3a:a6:ff:f1:cd:02:23:dd:3f:a9:cc
Signer

09/09/2022, 12:58
Valid: false

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 4B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 72B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

72:7a:88:fb:1c:0e:a1:fc:bd:2c:56:c5:95:3f:8f:14:89:6e:d9:e1:26:e4:ba:cc:5c:2e:f9:59:ef:2d:bd:89
Signer

14/08/2020, 09:25
Valid: false

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:f8:f4:3f:fa:fe:ad:5f:5e:a8:c0:d2:59:c2:d0:e6
Certificate

7e:9b:d0:1b:58:98:fd:2f:b8:ae:c1:b7:57:43:8d:4a:dd:68:3e:39:76:18:2b:51:92:91:ef:bf:d4:5b:e7:fa
Signer

02/01/2020, 01:21
Valid: false

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:32:37:d2:24:05:6d:2e:c4:70:3a:eb:5f:3d:10:bd
Certificate

59:e4:32:5f:a7:34:79:09:e7:9e:35:80:db:2f:6e:dc:2f:a2:50:e6:95:72:f6:51:ea:85:12:b8:fa:2d:e2:73
Signer

14/08/2020, 09:25
Valid: false