filenameWindows Update package - antimalware definitions July 16 2020 - AM_Delta_Patch_1.319.1488.0.exe
size1234864 (0x12d7b0)
md58c02e06fff79eed1012d40e2610d70fa
typePE32+ executable (GUI) x86-64, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xe0

Rich Header

lib idversiontimes used
2602741229
2592741215
26127412207
257262139
10258
2652741271
255274121
258274121

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x8664
NumberOfSections6
TimeDateStamp0x5f0fae16
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xf0
Characteristics0x22
Magic0x20b
LinkerVersion14.20
SizeOfCode0x27800
SizeOfInitializedData0x103a00
SizeOfUninitializedData0
AddressOfEntryPoint0x13b30
BaseOfCode0x1000
ImageBase0x140000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion10.0
ImageVersion10.0
SubsystemVersion6.0
Reserved10
SizeOfImage0x131000
SizeOfHeaders0x400
CheckSum0x1383ec
Subsystem2
DllCharacteristics0xc160
SizeOfStackReserve0x80000
SizeOfStackCommit0x2000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ 8.0

Sections

namevavsizeraw sizeflags
.text0x10000x277120x27800R-X CODE
.rdata0x290000xd18c0xd200R-- IDATA
.data0x370000x23a00xe00RW- IDATA
.pdata0x3a0000x1eb40x2000R-- IDATA
.rsrc0x3c0000xf32dc0xf3400R-- IDATA
.reloc0x1300000x5e40x600R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT00
IMPORT0x353ac0x64
RESOURCE0x3c0000xf32dc
EXCEPTION0x3a0000x1eb4
SECURITY0x12b6000x21b0
BASERELOC0x1300000x5e4
DEBUG0x31f200x54
ARCHITECTURE00
GLOBALPTR00
TLS0x2b3a80x28
LOAD_CONFIG0x2b2a00x108
Bound_IAT00
IAT0x2b3d00x408
Delay_IAT00
CLR_Header00

TLS

raw
start		raw
end		indexcallbkszero
fill		flags
0x1400336300x1400336380x1400390380x14002b88800x300000
typenamesizecp
BINARYMPSIGSTUB11252
CABINETUPDATEPAYLOAD9932001252
VERSION#115381252
MANIFEST#19311252
module_namehintordfunction_name
ADVAPI32.dll821UnregisterTraceGuids
ADVAPI32.dll693RegisterTraceGuidsW
ADVAPI32.dll370GetTraceEnableLevel
ADVAPI32.dll369GetTraceEnableFlags
ADVAPI32.dll371GetTraceLoggerHandle
ADVAPI32.dll808TraceMessage
ADVAPI32.dll431LookupPrivilegeValueW
ADVAPI32.dll744SetSecurityDescriptorDacl
ADVAPI32.dll31AdjustTokenPrivileges
ADVAPI32.dll32AllocateAndInitializeSid
ADVAPI32.dll133CopySid
ADVAPI32.dll308FreeSid
ADVAPI32.dll603RegCloseKey
ADVAPI32.dll533OpenProcessToken
ADVAPI32.dll665RegQueryValueExW
ADVAPI32.dll652RegOpenKeyExW
ADVAPI32.dll681RegSetValueExW
ADVAPI32.dll612RegCreateKeyExW
ADVAPI32.dll368GetTokenInformation
ADVAPI32.dll331GetLengthSid
ADVAPI32.dll398InitializeAcl
ADVAPI32.dll399InitializeSecurityDescriptor
ADVAPI32.dll95CheckTokenMembership
ADVAPI32.dll16AddAccessAllowedAce
KERNEL32.dll542GetCurrentProcessId
KERNEL32.dll134CloseHandle
KERNEL32.dll1419Sleep
KERNEL32.dll701GetProcessId
KERNEL32.dll898IsDebuggerPresent
KERNEL32.dll1468UnhandledExceptionFilter
KERNEL32.dll1403SetUnhandledExceptionFilter
KERNEL32.dll541GetCurrentProcess
KERNEL32.dll1434TerminateProcess
KERNEL32.dll905IsProcessorFeaturePresent
KERNEL32.dll615GetLastError
KERNEL32.dll1343SetLastError
KERNEL32.dll545GetCurrentThread
KERNEL32.dll546GetCurrentThreadId
KERNEL32.dll846HeapAlloc
KERNEL32.dll850HeapFree
KERNEL32.dll309EnterCriticalSection
KERNEL32.dll960LeaveCriticalSection
KERNEL32.dll273DeleteCriticalSection
KERNEL32.dll872InitializeCriticalSectionAndSpinCount
KERNEL32.dll1452TlsAlloc
KERNEL32.dll1454TlsGetValue
KERNEL32.dll1455TlsSetValue
KERNEL32.dll1453TlsFree
KERNEL32.dll752GetSystemTimeAsFileTime
KERNEL32.dll433FreeLibrary
KERNEL32.dll693GetProcAddress
KERNEL32.dll966LoadLibraryExW
KERNEL32.dll155CompareStringW
KERNEL32.dll948LCMapStringW
KERNEL32.dll910IsValidCodePage
KERNEL32.dll440GetACP
KERNEL32.dll670GetOEMCP
KERNEL32.dll455GetCPInfo
KERNEL32.dll734GetStringTypeW
KERNEL32.dll1010MultiByteToWideChar
KERNEL32.dll356ExitProcess
KERNEL32.dll638GetModuleHandleW
KERNEL32.dll637GetModuleHandleExW
KERNEL32.dll699GetProcessHeap
KERNEL32.dll1549WideCharToMultiByte
KERNEL32.dll855HeapSize
KERNEL32.dll853HeapReAlloc
KERNEL32.dll727GetStartupInfoW
KERNEL32.dll1104QueryPerformanceCounter
KERNEL32.dll876InitializeSListHead
KERNEL32.dll305EncodePointer
KERNEL32.dll1126RaiseException
KERNEL32.dll1143ReadFile
KERNEL32.dll186CreateDirectoryW
KERNEL32.dll780GetThreadTimes
KERNEL32.dll110CallNamedPipeW
KERNEL32.dll379FindClose
KERNEL32.dll278DeleteFileW
KERNEL32.dll1501VirtualQuery
KERNEL32.dll421FlushFileBuffers
KERNEL32.dll251CreateToolhelp32Snapshot
KERNEL32.dll1073Process32NextW
KERNEL32.dll1071Process32FirstW
KERNEL32.dll709GetProcessTimes
KERNEL32.dll477GetCommandLineW
KERNEL32.dll634GetModuleFileNameW
KERNEL32.dll1314SetEnvironmentVariableW
KERNEL32.dll576GetEnvironmentVariableW
KERNEL32.dll743GetSystemDirectoryW
KERNEL32.dll1040OpenProcess
KERNEL32.dll854HeapSetInformation
KERNEL32.dll229CreateProcessW
KERNEL32.dll579GetExitCodeProcess
KERNEL32.dll595GetFileSizeEx
KERNEL32.dll402FindNextFileW
KERNEL32.dll1569WriteFile
KERNEL32.dll1510WaitForSingleObject
KERNEL32.dll203CreateFileW
KERNEL32.dll588GetFileAttributesW
KERNEL32.dll191CreateEventW
KERNEL32.dll1316SetEvent
KERNEL32.dll1226ResetEvent
KERNEL32.dll1329SetFilePointerEx
KERNEL32.dll1498VirtualLock
KERNEL32.dll729GetStdHandle
KERNEL32.dll476GetCommandLineA
KERNEL32.dll385FindFirstFileExW
KERNEL32.dll574GetEnvironmentStringsW
KERNEL32.dll432FreeEnvironmentStringsW
KERNEL32.dll1367SetStdHandle
KERNEL32.dll597GetFileType
KERNEL32.dll496GetConsoleCP
KERNEL32.dll514GetConsoleMode
KERNEL32.dll1568WriteConsoleW
KERNEL32.dll1511WaitForSingleObjectEx
KERNEL32.dll266DecodePointer
RPCRT4.dll539UuidCreate
ntdll.dll469NtQueryInformationProcess
ntdll.dll1245RtlNtStatusToDosError
ntdll.dll1496RtlUnwindEx
ntdll.dll1521RtlVirtualUnwind
ntdll.dll1226RtlLookupFunctionEntry
ntdll.dll746RtlCaptureContext
ntdll.dll1077RtlGetVersion
ntdll.dll1261RtlPcToFileHeader

StringTable 040904b0

CompanyNameMicrosoft Corporation
FileDescriptionMicrosoft Antimalware WU Stub
InternalNameAM_Delta_Patch_1.319.1488.0.exe
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameAM_Delta_Patch_1.319.1488.0.exe
ProductNameMicrosoft Malware Protection
FileVersion1.319.1562.0
ProductVersion1.319.1562.0
StubNameWuStubFinal
StubVersion1.1.16900.5

VS_FIXEDFILEINFO

FileVersion1.319.1562.0
ProductVersion1.319.1562.0
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0

Signers (1)

issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Code Signing PCA 2010
serial: 330000031947492DEABA4888AC000000000319

Certificates (2)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:00:00:03:19:47:49:2d:ea:ba:48:88:ac:00:00:00:00:03:19
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Validity
            Not Before: Mar  4 18:29:20 2020 GMT
            Not After : Mar  3 18:29:20 2021 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:81:45:87:49:19:95:7d:2f:a5:5f:79:28:
                    81:52:ee:2b:20:d1:71:09:f6:18:fa:9d:0c:ce:04:
                    b4:da:c7:73:61:f9:51:ba:22:0f:01:1d:8b:3b:86:
                    2f:97:cf:fa:f9:0e:85:ba:de:70:97:19:b1:d1:21:
                    2c:b9:ef:67:0c:1e:bf:eb:db:2a:21:2e:b9:89:bf:
                    95:73:a7:6e:ca:3e:a0:41:6f:bd:5d:53:79:d1:40:
                    66:bd:2e:41:c8:7d:b5:55:c2:e5:f2:7c:88:82:3a:
                    d0:4c:de:05:5b:31:f4:c0:f4:ab:88:7e:38:4e:cd:
                    f6:bf:23:51:4c:d8:89:bb:1e:7a:39:1f:e0:55:d1:
                    7b:b3:36:8e:e3:f5:17:67:fa:8f:3e:6a:61:78:71:
                    96:ae:3a:ce:02:47:ea:39:ee:23:6f:4f:2f:7e:ff:
                    59:d6:79:27:2b:0c:8b:65:8f:45:75:eb:13:b9:d6:
                    ef:86:8d:c8:23:57:72:83:61:cb:b8:ea:9f:ae:cf:
                    5b:23:5d:c8:25:19:59:fc:00:3d:61:29:0f:b0:5b:
                    73:1b:43:31:5e:c2:cd:1e:a8:96:00:bd:07:f5:33:
                    90:e5:c9:d6:3c:c8:59:26:e9:ae:80:0b:ad:d1:86:
                    4e:b1:f5:bf:98:de:59:94:91:97:59:2a:a8:b2:d0:
                    46:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                1.3.6.1.4.1.311.10.3.21, Code Signing
            X509v3 Subject Key Identifier: 
                7A:0E:1D:87:85:FB:9D:7F:C1:2E:02:3B:FD:75:AC:5C:27:68:FF:C5
            X509v3 Subject Alternative Name: 
                DirName:/OU=Microsoft Operations Puerto Rico/serialNumber=229861+458358
            X509v3 Authority Key Identifier: 
                keyid:E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
         4f:8e:48:e3:97:20:11:5e:01:48:d7:1f:8e:03:cd:a2:3d:95:
         b1:d4:f8:a0:70:b6:bb:fc:26:f9:2f:29:c3:a9:04:9b:76:fc:
         1c:bc:64:73:63:a9:90:99:9b:69:36:0d:19:e3:9b:92:d0:12:
         2f:76:bb:0b:09:7e:23:d2:17:d1:90:e5:51:5f:25:10:c3:45:
         8b:dd:39:b2:4a:6d:83:53:21:dd:5c:d4:b4:29:04:09:0c:d7:
         d1:ab:23:c0:03:aa:78:85:55:63:42:8e:52:3d:0d:d9:4e:ef:
         83:3e:9d:d8:fc:de:f2:49:20:c1:74:3d:38:5e:d6:61:e6:6c:
         a0:18:57:7c:90:92:4f:af:fb:2e:67:48:22:6a:c4:ae:99:74:
         92:f2:1a:c7:e7:82:26:03:71:91:b6:83:c4:97:f5:c4:88:d5:
         69:6b:27:bd:06:48:26:7a:d0:c0:13:d3:f5:1d:c7:b0:cb:49:
         52:28:c0:de:2c:0b:32:91:d4:da:95:74:29:49:93:ec:28:ec:
         44:d7:04:c2:70:8e:a2:0f:81:20:b4:95:a3:2b:38:e5:6f:73:
         d8:c7:91:03:99:df:5f:d2:a5:ce:7d:9f:f1:09:03:75:3b:ff:
         b0:14:97:31:89:e7:75:74:19:86:cf:3d:3c:d0:40:5f:d7:39:
         da:e7:b5:d9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:0c:52:4c:00:00:00:00:00:03
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
        Validity
            Not Before: Jul  6 20:40:17 2010 GMT
            Not After : Jul  6 20:50:17 2025 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:0e:64:50:79:67:b5:c4:e3:fd:09:00:4c:9e:
                    94:ac:f7:56:68:ea:44:d8:cf:c5:58:4f:a9:a5:76:
                    7c:6d:45:ba:d3:39:92:b4:a4:1e:f9:f9:65:82:e4:
                    17:d2:8f:fd:44:9c:08:e8:65:93:ce:2c:55:84:bf:
                    7d:08:e3:2e:2b:a8:41:2b:18:b7:a2:4b:6e:49:4c:
                    6b:15:07:de:d1:d2:c2:89:1e:71:94:cd:b5:7f:4b:
                    b4:af:08:d8:cc:88:d6:6b:17:94:3a:93:ce:26:3f:
                    ec:e6:fe:34:98:57:d5:1d:5d:49:f6:b2:2a:2e:d5:
                    85:bb:59:3f:f8:90:b4:2b:83:74:ca:2b:b3:3b:46:
                    e3:f0:46:49:c1:17:66:54:c9:1c:bd:1d:c4:55:62:
                    57:72:f8:67:b9:25:20:34:de:5d:a6:a5:95:5e:ab:
                    28:80:cd:d5:b2:9e:e5:03:b5:63:d3:b2:14:c8:c1:
                    c8:8a:26:0a:59:7f:07:ec:ff:0e:ed:80:12:35:4c:
                    12:a6:be:52:5b:f5:a6:da:e0:8b:0b:48:77:d6:85:
                    47:d5:10:b9:c6:e8:aa:ee:8b:6a:2d:05:5c:60:c6:
                    b4:2a:5b:9c:23:1c:5f:45:e3:1a:14:1e:6f:37:cb:
                    19:33:80:6a:89:4d:a3:6a:66:63:78:93:d5:30:cf:
                    95:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                E6:FC:5F:7B:BB:22:00:58:E4:72:4E:B5:F4:21:74:23:32:E6:EF:AC
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt

            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.311.46.3
                  CPS: http://www.microsoft.com/PKI/docs/CPS/default.htm
                  User Notice:
                    Explicit Text:  

    Signature Algorithm: sha256WithRSAEncryption
         1a:74:ef:57:4f:29:7b:c4:16:85:78:b8:50:d3:22:fc:09:9d:
         ac:82:97:f8:34:ff:2a:2c:97:95:12:e5:e4:bf:cf:bf:93:c8:
         e3:34:a9:db:81:b8:dc:1e:00:be:d2:35:6f:af:e5:7f:79:95:
         77:e5:02:d4:f1:eb:d8:cd:4e:1e:1b:61:a2:c2:5a:23:1a:f0:
         8c:a8:62:51:45:67:08:e3:3f:3c:1e:93:f8:30:85:17:c8:39:
         40:a6:d7:0e:b3:21:29:e5:a5:a1:69:8c:22:93:cc:74:98:e7:
         a1:47:43:f2:53:ac:c0:0f:30:69:7f:fe:d2:25:20:6d:6f:61:
         d3:df:07:d5:d9:72:00:2c:69:86:76:3d:51:db:a6:39:48:c9:
         37:61:6d:07:dd:53:19:cb:a7:d6:61:c2:bf:e2:83:ab:0f:e0:
         6b:9b:95:d6:7d:28:51:b0:89:4a:51:a4:9a:6c:c8:b7:1f:4a:
         1a:0e:69:a9:d7:dc:c1:7e:d1:49:70:aa:b6:ad:bb:72:47:63:
         17:fa:a6:d6:a2:a6:86:ec:a8:10:44:9b:63:b6:b2:69:89:06:
         c7:46:86:7a:18:3f:e8:c5:1d:21:d5:7b:f9:02:23:2d:c5:41:
         cb:bf:1d:4c:c8:16:ef:b1:9c:7f:fc:22:4b:49:8a:6e:15:e3:
         a6:7f:76:5b:d1:53:79:91:85:9d:d5:d2:db:3d:73:35:f3:3c:
         ae:54:b2:52:47:6a:c0:aa:13:95:d2:8e:11:da:99:67:5e:32:
         8c:fb:37:85:d1:dc:75:85:9c:87:c6:5a:57:85:c2:bf:dd:0d:
         8f:8c:9b:2d:eb:b4:ee:cf:27:d3:b5:5e:69:fa:a4:16:04:01:
         a7:24:67:73:cf:4d:4f:b6:de:05:56:97:7a:f7:e9:52:4d:f4:
         77:05:4f:85:c6:d8:0b:f1:8e:ed:42:09:d1:0d:76:e3:23:56:
         78:22:26:36:be:ca:b1:8c:6e:aa:1d:e4:85:da:47:33:62:8f:
         a4:c9:91:33:5f:71:1e:40:af:98:65:c9:22:e8:42:21:25:8a:
         1c:2d:60:d9:37:89:41:89:2a:16:0f:d7:61:3c:94:68:60:52:
         ef:d6:47:99:a0:80:40:ee:15:81:77:3e:9c:e0:53:18:1a:50:
         1d:38:95:9b:1e:66:33:13:27:39:17:78:87:36:ce:4e:c3:5f:
         b2:f5:3d:47:53:b6:e0:e5:db:0b:61:3d:2a:d7:92:2c:ce:37:
         5a:3e:40:42:31:a4:1f:10:08:c2:56:9c:bf:24:5d:51:02:9d:
         6a:79:d2:17:d3:da:c1:94:8e:07:7b:25:71:44:ab:06:6a:e6:
         d4:c6:df:23:9a:96:75:c5

undefined method `first' for #

offsetsizetypecomment
15c115HTM#
15d01229280BINoverlay data past EOF#
Scanning the drive for archives:
1 file, 1234864 bytes (1206 KiB)


--
Type = PE
Physical Size = 1234864
CPU = x64
64-bit = +
Characteristics = Executable LargeAddress
Created = 2020-07-16 01:32:06
Headers Size = 1024
Checksum = 1278956
Name = AM_Delta_Patch_1.319.1488.0.exe
Image Size = 1249280
Section Alignment = 4096
File Alignment = 512
Code Size = 161792
Initialized Data Size = 1063424
Uninitialized Data Size = 0
Linker Version = 14.20
OS Version = 10.0
Image Version = 10.0
Subsystem Version = 6.0
Subsystem = Windows GUI
DLL Characteristics = Relocated NX-Compatible TerminalServerAware 0x4020
Stack Reserve = 524288
Stack Commit = 8192
Heap Reserve = 1048576
Heap Commit = 4096
Image Base = 5368709120
Comment = FileVersion: 1.319.1562.0
ProductVersion: 1.319.1562.0
CompanyName: Microsoft Corporation
FileDescription: Microsoft Antimalware WU Stub
InternalName: AM_Delta_Patch_1.319.1488.0.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: AM_Delta_Patch_1.319.1488.0.exe
ProductName: Microsoft Malware Protection
StubName: WuStubFinal
StubVersion: 1.1.16900.5
----
Path = .rsrc/0/CABINET/UPDATEPAYLOAD
Size = 993200
Packed Size = 993200
--
Path = .rsrc/0/CABINET/UPDATEPAYLOAD
Type = Cab
Physical Size = 993200
Method = None
Blocks = 1
Volumes = 1
Volume Index = 0
ID = 6393

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2020-07-16 01:32:02 ....A       920175               1.319.1488.0_to_1.319.1562.0_mpasdlta.vdm._p
2020-07-16 01:32:02 ....A        72611               1.319.1488.0_to_1.319.1562.0_mpavdlta.vdm._p
------------------- ----- ------------ ------------  ------------------------
2020-07-16 01:32:02             992786      1234864  2 files
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] can't find file_offset of VA 0x39038