1.1
低危
62 个模型检测该样本为恶意!
重新分析
更多

17046698f33a1ea1274d2fec5d1d750f5a2dde8ffd5506b886c46aec052f5388

17046698f33a1ea1274d2fec5d1d750f5a2dde8ffd5506b886c46aec052f5388.exe

分析耗时

193s

最近分析

366天前

文件大小

152.0KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN DROPPER ULISE
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.75
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Malware-gen 20200307 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
Kingsoft None 20200307 2013.8.14.323
McAfee Generic-FAWM!2C6484E1B03E 20200304 6.0.6.653
Tencent Malware.Win32.Gencirc.10b089d0 20200307 1.0.0.1
静态指标
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.rsrc', 'virtual_address': '0x00015000', 'virtual_size': '0x00010774', 'size_of_data': '0x00011000', 'entropy': 7.637660172521253} entropy 7.637660172521253 description 发现高熵的节
entropy 0.4594594594594595 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Gen:Variant.Ulise.7953
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Gen:Variant.Ulise.7953
AhnLab-V3 Trojan/Win32.MDA.C817255
Antiy-AVL Trojan[Spy]/Win32.Zbot
Arcabit Trojan.Ulise.D1F11
Avast Win32:Malware-gen
Avira TR/Dropper.Gen
BitDefender Gen:Variant.Ulise.7953
BitDefenderTheta Gen:NN.ZexaF.34098.jqW@aqtuhulK
Bkav W32.AIDetectVM.malware2
CAT-QuickHeal Trojan.Mauvaise.SL1
ClamAV Win.Trojan.DustySky-22
Comodo TrojWare.Win32.Bulta.BHKG@7svbnd
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.1b03e3
Cylance Unsafe
Cyren W32/S-b46c7e86!Eldorado
DrWeb Trojan.DownLoader11.32458
ESET-NOD32 a variant of Win32/Injector.BHKG
Emsisoft Gen:Variant.Ulise.7953 (B)
Endgame malicious (high confidence)
F-Prot W32/S-b46c7e86!Eldorado
F-Secure Trojan.TR/Dropper.Gen
FireEye Generic.mg.2c6484e1b03e3485
Fortinet W32/Injector.BHKG!tr
GData Gen:Variant.Ulise.7953
Ikarus Trojan.Win32.Injector
Invincea heuristic
Jiangmin Backdoor/Androm.heg
K7AntiVirus Trojan ( 004e37eb1 )
K7GW Trojan ( 004e37eb1 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=83)
Malwarebytes Trojan.Injector.PFD
MaxSecure Win.MxResIcn.Heur.Gen
McAfee Generic-FAWM!2C6484E1B03E
McAfee-GW-Edition BehavesLike.Win32.Generic.ch
MicroWorld-eScan Gen:Variant.Ulise.7953
Microsoft Trojan:Win32/DllCheck.A!MSR
NANO-Antivirus Trojan.Win32.Zbot.dtacfs
Qihoo-360 Generic/Trojan.34b
Rising Dropper.Generic!8.35E (TFE:dGZlOgUaH7tTMk86Zw)
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Sangfor Malware
SentinelOne DFI - Suspicious PE
Sophos Troj/Fondu-FH
Symantec ML.Attribute.HighConfidence
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2014-03-05 02:10:13

PE Imphash

baf2a9d2a20815a2d08f6e8c9f57516c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000d6b9 0x0000e000 5.670703070348607
.rdata 0x0000f000 0x00002a64 0x00003000 4.52907881567398
.data 0x00012000 0x00002b48 0x00003000 5.733687815797844
.rsrc 0x00015000 0x00010774 0x00011000 7.637660172521253

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00015220 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_DIALOG 0x00018b2c 0x0000007e LANG_FRENCH SUBLANG_FRENCH None
RT_GROUP_ICON 0x00018bac 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library imagehlp.dll:
0x40f3b0 CheckSumMappedFile
Library MFC42.DLL:
0x40f0a8 None
0x40f0ac None
0x40f0b0 None
0x40f0b4 None
0x40f0b8 None
0x40f0bc None
0x40f0c0 None
0x40f0c4 None
0x40f0c8 None
0x40f0cc None
0x40f0d0 None
0x40f0d4 None
0x40f0d8 None
0x40f0dc None
0x40f0e0 None
0x40f0e4 None
0x40f0e8 None
0x40f0ec None
0x40f0f0 None
0x40f0f4 None
0x40f0f8 None
0x40f0fc None
0x40f100 None
0x40f104 None
0x40f108 None
0x40f10c None
0x40f110 None
0x40f114 None
0x40f118 None
0x40f11c None
0x40f120 None
0x40f124 None
0x40f128 None
0x40f12c None
0x40f130 None
0x40f134 None
0x40f138 None
0x40f13c None
0x40f140 None
0x40f144 None
0x40f148 None
0x40f14c None
0x40f150 None
0x40f154 None
0x40f158 None
0x40f15c None
0x40f160 None
0x40f164 None
0x40f168 None
0x40f16c None
0x40f170 None
0x40f174 None
0x40f178 None
0x40f17c None
0x40f180 None
0x40f184 None
0x40f188 None
0x40f18c None
0x40f190 None
0x40f194 None
0x40f198 None
0x40f19c None
0x40f1a0 None
0x40f1a4 None
0x40f1a8 None
0x40f1ac None
0x40f1b0 None
0x40f1b4 None
0x40f1b8 None
0x40f1bc None
0x40f1c0 None
0x40f1c4 None
0x40f1c8 None
0x40f1cc None
0x40f1d0 None
0x40f1d4 None
0x40f1d8 None
0x40f1dc None
0x40f1e0 None
0x40f1e4 None
0x40f1e8 None
0x40f1ec None
0x40f1f0 None
0x40f1f4 None
0x40f1f8 None
0x40f1fc None
0x40f200 None
0x40f204 None
0x40f208 None
0x40f20c None
0x40f210 None
0x40f214 None
0x40f218 None
0x40f21c None
0x40f220 None
0x40f224 None
0x40f228 None
0x40f22c None
0x40f230 None
0x40f234 None
0x40f238 None
0x40f23c None
0x40f240 None
0x40f244 None
0x40f248 None
0x40f24c None
0x40f250 None
0x40f254 None
0x40f258 None
0x40f25c None
0x40f260 None
0x40f264 None
0x40f268 None
0x40f26c None
0x40f270 None
0x40f274 None
0x40f278 None
0x40f27c None
0x40f280 None
0x40f284 None
0x40f288 None
0x40f28c None
0x40f290 None
0x40f294 None
0x40f298 None
0x40f29c None
Library MSVCRT.dll:
0x40f2a4 _controlfp
0x40f2a8 _except_handler3
0x40f2ac __set_app_type
0x40f2b0 __p__fmode
0x40f2b4 __p__commode
0x40f2b8 _adjust_fdiv
0x40f2bc __setusermatherr
0x40f2c0 _initterm
0x40f2c4 __getmainargs
0x40f2c8 _acmdln
0x40f2cc exit
0x40f2d0 _XcptFilter
0x40f2d4 _exit
0x40f2d8 _onexit
0x40f2dc __dllonexit
0x40f2e0 memcpy
0x40f2e4 fwrite
0x40f2e8 fprintf
0x40f2ec fopen
0x40f2f0 fseek
0x40f2f4 ftell
0x40f2f8 fread
0x40f2fc fclose
0x40f300 strcpy
0x40f304 strrchr
0x40f308 memset
0x40f30c strlen
0x40f310 sscanf
0x40f314 _setmbcp
0x40f318 __CxxFrameHandler
0x40f31c sprintf
0x40f320 strncpy
Library KERNEL32.dll:
0x40f014 GetLocalTime
0x40f018 HeapSize
0x40f01c HeapFree
0x40f020 IsBadReadPtr
0x40f028 GlobalLock
0x40f02c WaitForSingleObject
0x40f030 GetTimeFormatA
0x40f034 SetCommState
0x40f038 LoadLibraryA
0x40f03c GetProcAddress
0x40f040 GetModuleHandleW
0x40f044 GetLastError
0x40f048 MultiByteToWideChar
0x40f04c GetThreadTimes
0x40f050 SetCommBreak
0x40f058 TerminateProcess
0x40f05c ReadFile
0x40f060 DeleteFileA
0x40f064 SetStdHandle
0x40f068 GetCommandLineW
0x40f06c GetCommandLineA
0x40f074 FreeLibrary
0x40f078 CloseHandle
0x40f07c OpenProcess
0x40f080 CompareStringA
0x40f084 ReadProcessMemory
0x40f088 GetModuleHandleA
0x40f08c GetStartupInfoA
0x40f090 CreateFileA
0x40f094 GetDateFormatW
0x40f09c GetSystemDirectoryW
Library USER32.dll:
0x40f330 CallWindowProcA
0x40f334 DestroyWindow
0x40f338 MessageBoxIndirectW
0x40f33c GetCapture
0x40f340 CreateDialogParamW
0x40f344 SetDlgItemTextW
0x40f348 GetWindowRect
0x40f34c SetWindowTextA
0x40f350 CreateWindowExA
0x40f354 GetDlgItemTextA
0x40f358 GetSystemMetrics
0x40f35c GetMessageA
0x40f360 TrackPopupMenuEx
0x40f364 InsertMenuA
0x40f368 GetMessagePos
0x40f36c CreatePopupMenu
0x40f370 DrawIcon
0x40f374 IsIconic
0x40f378 GetClientRect
0x40f37c SetForegroundWindow
0x40f380 LoadIconA
0x40f384 AppendMenuW
0x40f388 DeleteMenu
0x40f38c MessageBoxA
0x40f390 SendMessageA
0x40f394 SetWindowLongA
0x40f398 EnableWindow
0x40f39c DispatchMessageA
Library GDI32.dll:
0x40f000 SelectPalette
0x40f004 SetPaletteEntries
0x40f008 GetCharWidthW
Library comdlg32.dll:
0x40f3a4 GetOpenFileNameA
0x40f3a8 GetSaveFileNameA
Library SHELL32.dll:
0x40f328 DragQueryFileA
L!This program cannot be run in DOS mode.
`.rdata
@.data
]UQMM!
UQM]UQM]
PMM`Qh
]UQMEM
MQh(!A
EPh,!A
MQh4!A
EPh8!A
MQh@!A
EPhD!A
MQhL!A
EPhP!A
MQhX!A
EPh\!A
MQhd!A
EPhh!A
MQhp!A
EPht!A
MQh|!A
MQh$"A
EPh("A
MQh0"A
EPh4"A
MQh<"A
EPh@"A
MQhH"A
EPhL"A
MQhT"A
EPhX"A
]Ujh,@
]UjhB@
MQh`"A
EPhd"A
]UjhX@
MQhl"A
EPhp"A
]Ujhn@
MQhx"A
EPh|"A
Q Rh"A
B$Ph"A
H(Qh"A
Q,Rh"A
B0Ph"A
QDRh$#A
BHPh,#A
HLQh4#A
QPRh<#A
BTPhD#A
HXQhL#A
Q\RhT#A
B`Ph\#A
HdQhd#A
$Y]UQMM
]Ujh:@
UQMMnM
]UjhP@
]Ujhf@
]UQMM!
]Ujhi@
EH ME]UQMM
E]UQMMM
E]UQMM~
PM~M`Qh!
]UQM8@
]UQMEM
PMQh%A
PMQh%A
MCUP0y
UQMMOy
E]UQMM
R`2h&A
]UQMEM
P`hh8JA
Q`h<JA
UQMMaE
]UQMEM
]UQMMgk
]UQMM!
]UjhV@
9EsNMk(U
UREPPe
Q Rhd.A
B$Phx.A
3fH(Qh.A
3fQ*Rh.A
3fB,Ph.A
3fH.Qh.A
3fQ0Rh.A
3fB2Ph.A
B<Ph(/A
H@Qh</A
3fQDRhL/A
3fBFPh`/A
HHQhp/A
QLRh/A
BPPh/A
HTQh/A
QXRh/A
B\Ph/A
$REk(M
"QUk(E
PMk(U
PMQh0A
UREP]
MEPMQj
9E}GMk(U,
r-Ek(M,
|-Mk(U,
tAEH<QUR
]UQM`@
PV_m_@
PE@W!@
8@B @O
_^[]UQMM!
]Ujh>@
33E(4A
EkzELEEr
EEEeEE
EcTEqiEmE
EE3EEFEEEEk"EeCE
EJEE{E96E3E)E
E:OE-E'EFE-
EE\EwEvEEtE_E
EEEjE^LE:PEEExE`gE
~E^EvEh'EqEEE
EE0E|[E
ER@E3EfE:
E/EEEE
EzE+EJE3Ez0EtE3E}EE
E~4E2E[&EuE9ExE
EEwEE8EEE}E_Ee:ETEE-DEx
EeEUE1E1sEVVEE^Ex&E
^EEEqE>EtEEyEMEENEUEME
ErE6gE}+EYqE*EEfEE
EBE'EMEjxEeUE)EE+E
E'EkEEtaECEwECEE.
E*~EE-CE
EEfE8ECEPE8EEk7EVE&
qEOEkEtEE
E|EjmEF
E.EEPE/1EgnEzfEkUEEE
EQE?EqE`}EEEELE\`E_E
E9$ErE':E=EyqEE3EwETE
wEQ<E,IEnEE
[EFEXE[E)
_^[]UjhQ@
PMQURM7;
]UQME`
H Qh$AA
<PhLAA
8RhTAA
@Qh\AA
$PhdAA
RhlAA
y]UQMEd
]Ujh%@
Q@Rh`BA
]Ujh;@
]UjhN@
uyRhPCA
uvRh`CA
=)hpCA
UREPMQj
wDM$k@
ll\P E
M;MtkUREPh<GA
EPhtGA
EPhxGA
EPh|GA
M]Ujh@
M;Mt[UREPhHHA
UREk(M
2WMk(U
EMP=Md
MQN=E]
]UQME]UQMEM@
]UQMEM@
ME]UQME
UQMEH Q
UQMEH Q
]UQMM/
E]UQMM
MQ^;E]
hSVWe3
EEP5(KA
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
CheckSumMappedFile
imagehlp.dll
MFC42.DLL
__CxxFrameHandler
sprintf
sscanf
strncpy
strlen
memset
strrchr
strcpy
fclose
fprintf
fwrite
memcpy
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
IsBadReadPtr
HeapFree
HeapSize
GetLocalTime
SetCommBreak
CreateFileA
GetDateFormatW
GetWindowsDirectoryA
GetSystemDirectoryW
GetEnvironmentVariableA
GlobalLock
WaitForSingleObject
GetTimeFormatA
SetCommState
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetLastError
MultiByteToWideChar
GetThreadTimes
GetEnvironmentVariableW
FreeEnvironmentStringsA
TerminateProcess
ReadFile
DeleteFileA
SetStdHandle
GetCommandLineW
GetCommandLineA
WritePrivateProfileStringA
FreeLibrary
CloseHandle
OpenProcess
CompareStringA
ReadProcessMemory
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
EnableWindow
SetWindowLongA
SendMessageA
MessageBoxA
DispatchMessageA
DeleteMenu
AppendMenuW
CallWindowProcA
DestroyWindow
MessageBoxIndirectW
GetCapture
CreateDialogParamW
SetDlgItemTextW
GetWindowRect
SetWindowTextA
CreateWindowExA
GetDlgItemTextA
GetSystemMetrics
GetMessageA
TrackPopupMenuEx
InsertMenuA
GetMessagePos
CreatePopupMenu
DrawIcon
IsIconic
GetClientRect
SetForegroundWindow
LoadIconA
USER32.dll
GetCharWidthW
SetPaletteEntries
GetTextExtentExPointA
SelectPalette
GDI32.dll
GetSaveFileNameA
GetOpenFileNameA
comdlg32.dll
DragQueryFileA
SHELL32.dll
_setmbcp
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Section
Virtual Size
Virtual Offset
Raw Size
Raw Offset
Characteristics
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Missing exe!
No executable to view exports!
OK Section found. index : %X
-------------------------------------------------------------------------------
Argh! No section found.
!! export directory is not accessible !!
Function:#%X - Address:%X - Name:%s
Function:#%X - Address:%X - Name: -
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Missing exe!
No executable to view imports!
OK Section found. index : %X
-------------------------------------------------------------------------------
Argh! No section found.
** from "%s":
** name table at %#lx, address table at %#lx
** AddrName - FChain - 1stThunk - OriginalFT - TimeDS - Chars
%08X - %08X - %08X - %08X - %08X - %08X
View with Original First Thunk
View with First Thunk
%08X - - %08X <direct pointer>
** rva - offset - hint - name
- - %08X <ordinal>
%08X - %08X - %04X - %s
-------------------------------------------------------------------------------
!! import directory ended unexpectedly !!
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Dump error
No attached executable!
PE files (*.exe, *.dll)-*.exe;*.dll-All files (*.*)-*.*-
Oh Yeah
Task dumped successfully! ;-)
Invalid range. Limits are [start=%08X ; length=%08X]
Dump error!
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Open error
Can't open for reading the file
Open error
Can't read the whole file
Open error
Open a file before!!
Format error
Not a windows executable
Format error
Not a PE format executable
Open error
Open a file before!!
Open error
Can't open for writing the file
---==== PE Infos ====---
dosStubSize 0x%x
PEHeader
cpuType 0x%x
numSections 0x%x
dateStamp 0x%x
symbolTable 0x%x
numSymbols 0x%x
optionalHeaderSize 0x%x
flags 0x%x
NTOptionalHeader
magic 0x%x
linkerMajor 0x%x
linkerMinor 0x%x
codeSize 0x%x
initDataSize 0x%x
uninitDataSize 0x%x
entryPoint 0x%x
codeBase 0x%x
dataBase 0x%x
imageBase 0x%x
sectionAlign 0x%x
fileAlign 0x%x
osMajor 0x%x
osMinor 0x%x
imageMajor 0x%x
imageMinor 0x%x
subsystemMajor 0x%x
subsystemMinor 0x%x
reserved 0x%x
imageSize 0x%x
headersSize 0x%x
checksum 0x%x
subsystem 0x%x
dllFlags 0x%x
stackReserveSize 0x%x
stackCommitSize 0x%x
heapReserveSize 0x%x
heapCommitSize 0x%x
loaderFlags 0x%x
numDataDirectories 0x%x
DataDirectories
; !!!UNKNOWN DIRECTORY!!!
Sections
Offset
Open error
Open a file before!!
Open error
Can't open for writing the file
Open error
Can't write the whole executable
Open error
Open a file before!!
Open error
Can't open for writing the file
Open error
Can't write a part of this executable
Open error
Open a file before!!
Open error
Can't open for writing the file
Open error
Can't write the whole headers
Open error
Open a file before!!
Open error
Open a file before!!
%X %X %X
Import error
Argh! No section found.!!
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
GetModuleFileNameW
CreateFileW
kernel32.dll
~QT0~1
P3M[@Tk$
}YJ,WK>t
_Q5QSV
U|vSBV
WFQd=5
OX>3o6f
lUKKQSuR3
3h/8E?
@LZ[kYn]z
|k3#p"i|
s{z{|Q
uR\Vj0
_^[^KUtN >A
E8kQEde%
ESr&VEndEeEl
]L:>EG
E.-eIUE
tEU`ME<o#E
Ee_ltE(Ye-E!FE
e2EoNh
E5Wsa]qEV;CUE
r:EeECa
iEelOE5e`EW
r<EEtEu
ElE7A[E7lE\
i\E&lziEef
E%SNfE?i
RExeEEfa0Esd
EE{iP:EP
Ep-eq E HH
$)EVPe
lTE:PE
+PU7PdU~!E
P'E oP-UdPYU_
E^EUPs?E,QPU7CPNU"
`P\SBSSj
(8`tEh
Ah?eSQVAPWE
Wf2U%"W
?OF]7{Sf!
VU7,3f;
<:q#eu2
:,s_>t
p}@5;j
0'57p*F}8w
P(e[FXa
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
psapi.dll
Process
Address
Module
Address
LastDir
PETool32
PE files (*.exe, *.dll)-*.exe;*.dll-All files (*.*)-*.*-
Compute Checksum
Can't compute the checksum!
Checksum correction?
The current checksum is not correct. Do you want to correct it by this new one:
Compute Checksum
The checksum seems to be correct
unknown
THelp32 Error
Can't take a snapshot of the task!
THelp32 Error
Can't take a snapshot of the module!
00000000
00000000
THelp32 Error
Can't take a snapshot of the module!
GUI Error!
Can't create a popup menu
Dump Full
GUI Error!
Can't create a popup menu
Dump Real
GUI Error!
Can't create a popup menu
Dump Partial
GUI Error!
Can't create a popup menu
GUI Error!
Can't create a popup menu
Process Infos
GUI Error!
Can't create a popup menu
GUI Error!
Can't create a popup menu
Refresh
GUI Error!
Can't create a popup menu
GUI Error!
Can't create a popup menu
GUI Error!
Can't create a popup menu
GUI Error!
Can't track popup menu
PE files (*.exe, *.dll)-*.exe;*.dll-All files (*.*)-*.*-
Oh Yeah
Task dumped successfully! ;-)
PE files (*.exe, *.dll)-*.exe;*.dll-All files (*.*)-*.*-
Oh Yeah
Task dumped successfully! ;-)
Process Error!
Can't open this process!
Process Error!
Can't read memory of this process!
Process Error!
Can't read the whole process!
Process Error!
Can't open this process!
Process Error!
Can't terminate this process!
Process Error!
Can't open this process!
Process Error!
Can't read memory of this process!
Process Error!
Can't read the whole process!
Process Error!
Can't read memory of this process!
Process Error!
Can't read one whole section!
PE files (*.exe, *.dll)-*.exe;*.dll-All files (*.*)-*.*-
EnumProcesses
EnumProcessModules
GetModuleInformation
GetModuleFileNameExA
kernel32.dll
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
Module32Next
Impressive error
Can't load kernel32.dll!!!! Unknown system!!
!%/6).=W(-<Y(-<Y%0?Y%0?Y%0?Y%0AY%0AY%0AY%0AY%0AY%0AY%0DY%0DY%0DY%0AY%0AY%0AY%0AY%0AY"-AY!*>Z!*>Z%-?Y%-<Y%-9Y(-<Y(-<Y(-<Y(-<Y(-9Y(-9Y(.7R
(7'8'9&;%=#>"?"@!C!D E F GG G F E!D!C"@#?$=$<&<':'9(7*7,7*5)2)2/89Cbj
%$46G7I6L6M5O4P3Q3S2T2U2V1V1V1U2T3S3R6R>WAW=R9L<LAN=I<F@H?E06
# ';Frx
)pwUY8>;Frx
111`f;Frx
mmm000
+++Z^;Fsw
)))DDDVVVnnn
dddqqqV[<Erv
OOOfff
:::nnn
===FFFx{NT:Esu
"""nnn
lll...
!!!{~LR:Esu
___ppp
BBC_b.5:Cqu
omfddba_nlV];Drt
(~vyNS:Crr
(~~~yzuV\>Gtr
(~{{vwqsmoipjX^@Ivr
'~}wxstnpjlfhbe^a[|wSY:Crr
jeicf`b\_Y\UYRWP~^d<Epq
[U\UZSWPTMQJOHWPU\;Dop
}QKNGOHMFKCIAG?f_x|Z_?Htp
RLG@LDLDIAF>D<
zW]=Fqp
&mp{lfmgpjZT_XhaicichahoBJ9Cqn
%CD^XYS[U\Vrme`gbql}x{
/6!)8Apm
%;<NHNHSLXQc\mfrlsmwp{rnplso|.5(8Apm
%::[V{v
{xs|wytyv}y.5(8Apm
.5(8Apm
&qu.5(6@pk
%pt,4(6@pk
%mq+3(6@pk
+3(6@pk
%|+4(7@nj
%|-5)5?mi
%|-6)5?mi
%{-6)5?mi
#x{<E=ICLf9
#x{biP
#wzZ_c;
#+06<7>6?4A3B3E2F1H0I0K/M.N-O-Q,S,S+T+T,S,R-Q*K+Fq
nxf000
"#*$,$-#."0"1!4 67
4?!)!)!)!* +-
>2QvX^d+
>IVaHUbHUbHUbFUbFXbFXbHXbF[bF[bC[bC]bC]bC]bC`bA`bA`bAbbAbbAbbAbbA`bAbbC_[Si:KZZ
AutoDec19fix.exe}}|T
nmYmclv]+ob
2FO5k,U
^{5:22|
co}}yf57>{
}voba%cy)8lxpLwK21o#|I
+61z`I&Ih
FoOl$@TH@4{|gpi
vu!}j8Z
L'r_g%U)
i+z6V]o
Jco3yAzI&
9r|#s:5F
cPqgfh1g
>JD#yx
Q&z,[XYpbm0k"!Cvk
@r,hT%8\
[xfbs[
oL puz(g
K0`ZEBm
41P3U{;
u[:^UI
,wDsk@
0!H>uO)
% a,\Z&
!@.j)q
x@059O
'*8-/Cb|~@McM
EBvNmx5
R11kkk
h7cd}Xn
MOwr^V0P^=OH@
S.%{<FKIT'a
~A|78JDgT
_V6:VpI<
*_]PE5
tw+3pVWf|
^new:Cr
(,UU+z[
zQ+p'9+8a
@w/+!O%
mo~B{;zH
^^U>pG,m
8o{+yXZ7?t$#17okm
Hi~!Dh&F
Vs<m=SVY>1 &I:P
>|X`-laQ
bD0{@V:(]8b(n<
DOK!Jp#u%r
$pK#M(L yi=7
8 {j\e< 5
zy$87u
q+`PigeZ+\O
8Sqv].
eo0so}\
sDOU1IQ<
C)2BeU/
*\*,Q{
yu|[`O0
3Q}h8!`8WCXI#
/6a~C;1
}\^*ia
)S]CR}
DvlRqI24
HjyZiY
hU_'(
- ZjUPFw]a"p$$
ud9R!b?&RO
&>[~OOw:a
-3;(~;zg;+
~<Qv:}p=lZ
B5v8}s>n
JN4|$$
Y[MgtCo|
Mj:N-Wo
kZhspb
e+r'++b
-0:da(Zd'
9"50fF)
]-2M#l,,&
EM|}qkV4$7yLih
e$yK9 5
-u&[Sk\O4
).IU`OG"Z
7dLl_%?9P
k4"0k1
1"*x|>b;+H
eh|aRQo
'RBUnc'&v
fS%Fykw
-*QDQ
b]IMho"gWvmNCp
${j2b s
472pH42r+|
-Y.OO4cX2|i
[3Y=3b~
4gbSLp
}-0H$&
T5Z6PQV]G
IObDZ8zsnIZ
S65EwiT'?fU
uEbw>Q
k<%._)5@Yy
y) xA<X&B
P:?].;
VG{&;$.
(}l*@B
Ku4LNXcjYs
2xJd>IW0zGC_ ^x
O%&Z|X
[_$uh<8
*WcmE[@6r
<Pkr>N
XXKyZV+U,S
NP@~f[jlRN
V\(eY
*-2{VRn
_[hE,1b
}u[:d@EBG%]5NHu)Z+
)@qT<_
b[V}/y$kVERt
iFsVV_AZ
6UZ:<|/Cl
,SS!MzWy0-
x7c$N3=
|bJ!K'<
$z#pT&Qx
"QHVD5
e4?lriLsW5=
Bl'Ns5_
o%]8cG
+%neh_ag
J;iP2-!m
ZeVx></I
|WyXe7zS;CIut!r
7NlD}UsF
w@t'Qwn6 M
Y}7s?p5"1y&~
\[n(~-}d
7Sm(X}FHen
9F6>I-
/2f}j=
Mr}8g:uFeeq:
?0zr:!P3ww4]~t
;\7]\(6
Sd( Kk|
u]T?2,Swl:;Z
VNy7n;R<
L\}'k-q/`|Ww9^
)qs34&P
%vDTF
j8TiuuDBL
{WtXMp
M/;{]U
k]{R/lS
8Vvk0I#
*V>tXVl+%m@ =
Oo(.<g5
z92gZqD93
`T}Ww"zWnA6Ih
y{C?W"H
@4ypdj
)8|?6<
"kFWL)b
2DBvL_j
q1#hvS 5!95`H
]Y[TP+&J
RKa=;"?u@{
sQ,O]r
%x0toRI=k+
!s_rxm\I0
2|i.r.B{0,Z2|
C2RahF
0Z$Ge(_t
9Ef%e&kV%LST)v
|l>V)Da<
crB-;Bf_P6
VBcKA68q,l<1w,7
E-f"S|c
XeJT$$;\
B,:pa.ki1k:/U
d(h:Cw
*pp4]-V@
FuN+vEA=/hpa$~D?1.L&J
^#^-T.IDq
cE@zi&
|WP.`-ZY3
2}wcD?
t1+a/K~I"AU1
`u5E+rL^}
wfpI?gA2C
i,`yM
Ls^%*[
L;&!9=
SST8Ryn
^Ul@xp*
~$(BB?
49;%NWhSj/J7S&
mFQ!.C
[UNFm,
qeX-d}A
7.+]p90M]&
0TC}A=or?
C+dicB
mvLYK!tfB9
cYK<w{7Qgc
Qe&huQ
vF"MX3cWl
!,/VF9GnR{
[rE_i,
%]M{.5
aFHV:%ys*D!^
B)u#xS
t7v_Br"H
k$'RW2k
@fZ".EZ
$F!bJ\i_
.*P:vs
*"x#YaUHlC
1A;,1Cq
k]</,mb3
B;8x+)W>?
6Ryr{H
z+ck32`;F
v`&_/|5#h
wRi;0~p
ndGliFIO
%+GxY1jbMs
k&-km5
-=04tsB3s{
Nx]p_Y*q
QV[Hu+&
wrj?n'!@9s
.k<f&x
p3Vm%
z%!DAO@
Czjrj]
jbFjYEu93Qd5
=ApKXx%_^*hnn=K>
LCj01+Xz
8".PAR"DD;1-^
t@ TV'w
RA.*fr
ZRW<:{H
dDkMZo
1YByL"
/nr5s`
2OqrIW-qm#G
-pSrG
G&,seV6f
kG\7sm't
1=AV>k|
`Xe=Zi
jPmCu(
pA7u}/\
|du0'(mXJ'n
8e2QHnR;
x&'+D3o
7_[*n:
V??B'8?
Z(P9llkI$0
Bqx]$R
ou({Fn
A3^qepk zO
XV\p";
R/cS'W
LfD"TI`HOh
ih(?kQ=H
z#uF5Tjq
r;Y]:nW'+
Ao'LSs
p`&^/vt
bZ&awBD'^
]E{m!lao09hQ
Jg.IdLQ"<'%Z9V:A
k[XX94@(
>E?1y"
6~,XDM`
4k0*<d2</d&
Bvr[7ASu|
}cnd]\
$?JpD!s@3$-SQ|
5h"P^']oAc{Gp
Yy/z~g
J+M#'{
v#ymPc[^k
tB$LIO
5tC$J`f
v4Y)z2
S7~=u["DpFT
PG'sO_
dGmfmnhX
\Yvsjn*
y.dT5O(MN#%|eAp
zD]{zA0V@
iFV|/GM
^;f%'uRcO
ym|k^|6|2
MZ6vq6
u4-hK'
ojKjm9kyz%
;^0K0}(u
D'jg;7`;H!
8%~ g-.D
~i/riu
Kx0rX !!
a[o[w0OA_cr
,QbbNL
|5wr\B
4QXt7K
LGX=s4_sNc
|A4Rw
x74zNq
'>skC;
\]AN6
{!>}|
TAnHH+1J:y+-t
N{MX19
(XXM5
7.MtL8blMu@Y
CfV<E%
'wjS:[)M
0 ]v8h
WACZq?
@L1+[%B{T/^q]<[1brMmoUksVnk/W
m?U2/R'NL-
1GGDX&
4GLIC9X
b7od;1
s[v4Dn,L
,6?S= ~f
/mc|3E(WYb_?
r:!4Ya
ALbc#.
SpMgGq
{:>HG0R48f
hM\\0
h@5T9fQ
L{w2lS&C$
*^sYA<j1
sBoq@J)
+@gY:J<kBM04y
T)"d}j64?|M/o
ADZbzc)
IX,<4UyCa?
jcf_jWj
x1q{vM^nr
7(u,o8
w+/Ar)
$X$`fnw
t/h2[~
(<o5m7u#(Q3
+|Z+AIp+.
;]&!hk
t=qvT`S
IB\F`n G
8?%/\aBb
0!c }&9,<
]yknHem
'@[U4uf|
i?&2m;85jEB-
Lg?|W$({~CeP
b[RyT)!3
nW_.rG5
a%jl^E
ZVcM>FI;;E=22w,x
&O7j07HCuy}
Q5GI1.R>
BP,=kL\
/~E?e6.%
h$J?g]
Ip)%FSU
]5Yfs8(8T
+JG5:(a}ki
oQju,L{ P
2uB W>6U@
&N6CZ@
0,e5@Hln
D?OqTC3_
v/.P'uxYWMf7i%
CQ5Z?8
~SvPgj&*,j*
p5n_%N
D\&:`ag!#9ha
s`uxzc#LX
6n)S@F8px*"oo[&Z4K@
JGw9n%%
v085%>
jk{\tG%7
bzls0M
)B[c\RK
Aig1v%j+G6"m
(,;oLjMS$9
*e@BA7{
olmaTH:
~i^}wER^d]6dZ<WPi
#OMeVc
{A6:|?T
\cf0]]^3
bG9`ICeqC}Q,;bbrF
w ?kyf?
P8PHj6m
))Waw?R/$
DOS-Xl=
tY4o+5
&rB#%%x
*c+v"-W-s=G
4o,i>HH:7u>I=
x;{<?
B]Bi7IcC
M|wh1w+|u<
AZy( w#bmQ/
xFJ5Ei
1J1g,7
O?I>jPZv?5Z9>
)JK22#Z
<;o@/ta!AMp+qO
Yf)!\:H@nC
VE6,_H
D*#:Tqa-j/?f
ma1G5$
ff|TBw-v
&Ku7hL^5
<4''x$,P+4[4
k~6'e-90
Vq/. Or8e/
39yS"x?
YZ({w{30
R!i'ynrtt
}(%`aP
M.qm,z
;;BI~<s)
tyMu[''yrk=V
~`9~LznsY
7|hf|zJvHm
sv$NB/([}
q/HC.Z10
`)?0iso%uLkq--T'0
,!7Ax6:
jxZj\X[wI
bG{4vQ~q
b=nl%/@
TG$ckw
VH,osOq
r/UX!T537~G
XSK.K,A
iWL'+JD.Oesthz|
dD3I]D
G|}%_We-
1-B$X,
w;MNS7uy
DLlj\wJ
p^&SHF
d1(K:2Fp(
]|NyR:
`rQ*:ud'wCl,r,#;JUA
-&;6Ty2':
jwuVUz
+wu/t:A
XNxM)3V!
c+nI;Oy
8tf`!4
%/+!(!
%FEA9Hw},S]
]&]_'_u>
g^J*H
BG,1ue*
Sf.KG'
hMtz
o0AkX.O|
Z71qAe?
N@tdyNyN
0fAp$/p
6-MdA2"~T%
P'g}l4DYnUZ
0&Fr&{!ZF
^WSh-E`
qrw)"@1g
Dw16;y
,+c%+VwU[
25Mb:K
r?:q';wO0d
US|to-3Yuc
pM1+8r;$
L+WS`XT,
A.aRrjZ
td7`=j);`
42aDP|
8c;Z1y^R;-)
jy@4xWGe
bi$\5sl
j6vg[.4j,
%T$bAFQ&risEd
4^E}$6GzupOI
HyQS;`
S8Pa)x
oWX_mA-
g6fq:K
:sr4>=+?sd
8E8&;y
D(A$?$VuA
&<E;jT
C>mCfPi
s5Ca{e
mC,Eyg]
|S'Sdnf
8~<CJ-f
]ZzBX#D~Y
=KpC(.
c0]'B(
f1T>4H&
P\2!E2[h85Pq<LQe#zs
y"_#HH
7|tu+a]c@D.4Q m@
vJo0-bUUf
]TRDI1-Nq
A)zRxBx0Z]PlO9DB#eF
vhDKaot
$}m /=$=N3?`
ZM8k-_
(_OG.?D
+-b\I?1XS$389
z{@%`
+HH1p*hCJ
Bl8TI% 0aj
<^P;;;/Y
+0u9gGz
l>z*4
i[1Ms9o}#f$%k50N_E.nvj1A%}J`F06)k
mV,1EbpIm'
~~N'|CBon
t?2{_QV
4JO#4)
cQ?{r^
2P+Je8,
}~8*K5uA
`IAK?0lY!{c
+p>o`RC6:K
}>7 S|-\
Y#eqcrU
NB4S~x
];]iX0p
H1\E^bC
G1-`Wc
*SnJf:~B1c
b[m]b7~
\@1W#9
%GCZ#j
KEsRH<q<Cku%< #
j*t&_9
sEvnl0!O(
ACZl3rFqP
>2N9@
qFO=,S
sR\]a.`D
A70g>f
A}O',lp
w'KyZ0
~+Z]@3"K
Er,Y+,
)_,iWNgzvd
z[:=8n
sMq\?>p
9GKii&/HZ"
Ur8Igkk
rjtEJ~
)Kh2-Z
fDrg+/lE
Wu$(e9
|bM58
ydIg 6>'bGH53QX
a^Pq.+d'pMZ
hD&zTbb-D(MJ?z1*k}>$8
\nZb]0
GsFqEw@<'P
r{e/n&/
WsVcPZbv
<:cU7eF@@E
H8lIf/
NYm`;
5-Si!.Z05
~^GWO[
[D?=9/VRRun)zNfQ#H
#Mw&#x
h#.4gM+
?g{tV7?5hW}gbYQ
N~-wjo
]XhUvv
8{.HhN
#Zr3Hh
n*3(sO
=+doxs
GS[@A82
^uxd8O*
<e"*:~D)jY/p
03,*#<f;5<d
MwC?>2TX,+}8
=,X"ipAmW&
.a2)x!ml&rer(<K
S:87ysE]
3cwpM5
P}&h/<@#)g.
E]__-|A6r=
%"LK9DI
sqlcYq1>_?l
|&@Z5T
:wd,#@f5{?;]E0u>
"s+*PC6n
U:\.eC0I
K$AYX&W1pJ
8Nkcs*
]a!2k2
sw-Yr^}u<^H
Vs}n 8F8T
(?s*x/{'
Zg1id9iD7Yz)Q;Ba)!
N9i=n/
(^}NzWoWU
2RWG5Nt$<0-:buqOg{'9v|& ~f+m7zfZ
A=~pdB
lLgMSD@x*OZmAtw
gv<.<e
k]wDy3pcozZ
T'nc=)A*-OhBep
nkcT^Ui4
OICcGKI]
advhf]
>n)e:siOP9"g~SRxXW
KGgR1`cbQ
}}D89=
IrF>P]
5kh{}%$A:WXRL
x5F0)Oo^
8n,VXj#x
4_:sj9SZ
s+\u,1
V$0a?ZY
AD|XpBv
u#U4Q7?x
5V(9evk
fRESnB%=0 Y
|+<s!K,o%2*
nGS8oo
PizDl?
US*6J!bh
;d8t6R2k2Bp+:xM>fO
Ugv=p@v
C"d@0\ORHQ
|'jdvS
~;jh0]Ifye<
pv-^Q<ck/ATdZF
]0K`qFTEcfqCUs1X(J
@DXl!7|
HmBQQJisN_
eD3qFGW3]T~,[
@VX9>B#+,W7l@R
M*.bP]~BVcMW\
wNIw$FT
d!Np(Z
8pmGHN
\a9p[J,
yD^e|<
6yBpo7
{*cRY~W{!zJxm"
8R/AC)u
NIi2.`
OBRbjT8yy
\<1q<8sQie
70cd@Zj
[pOSn0X
~M"ZC"3,
K2g`HD
RA?e0~1M
rk%k+
G~uOFif
)EWWQbZ
oomaecu
TLj|so3CL
cuQCpmD4
<V>M)"
jdl-A"~
ut%DL"
>~$19L
J,rUWZ3T
4XN`E
nKV$+
qnI\N'-
p!zjw$K'<>R\
n~N|W`WG
_hF<(:?`G
Q,/+ica,'
QyIkL[}~Y]a:[%KWH;<
#8-~+K9j
AAl(qQ
.EZ23$,
`H,%tz
!ilDYU#v#
Kd_;fT
aGo=8l
\8VsM/
-+#XKr
%KhDz+
:!.(]L
55 $pJ
z'KmX|bWw
h{<w]s
PYEE{d[_
"1Fzbx}#I
0`+1GBehJ
0_.7$9p=Lp"NW]8D.qsl|zp!\
Or5F'-Q@
ytJx%<L:(
2/WPy#
sIO%5P2%
7.#K-9
c2skF[Q
S;-OXq
[}k!^$qSt
_ G!du
NSuUPr
T=$YK6Lcp
{431ivl$S
mmjo,']
@u83=vX1e
u!%ld&
#VC6bmWP
NKwY2ODcn{<Ox
cvt<&AP
N8R=d"[
eH~kpYs2
`JZ0,xoi6E,lB:fd Z[
'<l3x:l
QZx@Gp!
#JX@g"
@DM]%Y9
%d;%Rz
szWb3H#
3TmkZ@
C~4^Nr6
,zw]bl
GsQdRG<
F}!-r0A
o>AO{&uF6kSuJv<a(c[
Nt0ySI_5/)j
Eh~X1c
d/{b4)I
W#p>?B&
kJoO~
&#y"=MnK
#NuOi2V..0
iE1F+.
7e.,&?m
K+jEnRcs#P+RW
-_ oqZ$_
&EmR+i
Kr5cRTJC+p
5_BX2I;K
+g'O|;
\h!\bG)#DSq
T2mGFNkiQ2Jm0,
)_O b~3r(>
M6*q:D
HoE%F3]G
3sMe!R#pQ@l
/T<H)|'RZ"g|Q
t`Srn<h3
N~HE.^G(buh,z:X
O1={ =F:=
k2M5u5V^$=+q
D.F>WKi
ddy_b-7)9&02 %Y7vS62>92
,ByW^@GhK0
cCT %q
}QLe~x%
'^*q%_-d@
rw;_;
&q_F:h
_Uk>:ca
;0\Nn;Bm7t
8A#:U/F
tgyXkS
VwDlghR
!bePh7H
hmaJ:dz6WI
wR )#}PL;&
B@^b8jx*&J
<kTN"xJ0EF4
h0s!r{
KBa}40+-iOU
h,2o%`cvna|(|
_7dPq
c]qO"s!*7A
/_$Vd2Zwyt
M9Dq3R
RMpM)%uf*71]jO"
{H4-8I'!S+
"jA<-<
)lhbRP
6$Eif={`tE
Fmu8[b2frS^Wr
KFZM+h
)<wK!b
Q?.cWL
S+V+$
pG[NxTxONC<^
$E$@w~;.
c(H{[k60C
S.AMg 4kl
eW|qQ].a0ky
.p)dOpE: A?G7a}
7C[&)J=
!|F2>i1`(
+wB1=]l%U
u*[{+T
V_on3eE`
QbqMk8
r|xF^$^
]y9x.sL
1+@!yo6LR
KYg)bqd7i)rE
q:n]5N-l
9);gJ4ZE2c!A\:+
OE6);@
urL4*+
O1K;4@%
{o&N})
{(UdkQ{y\u
XTt>JV
EZ_qiRI',+;'qa^
kR4_]]k-K<}
%^hfv)lK$r{F_~Ax3W{dA
l*,Q1CyG
oCzy^{
7!zO{G
n,~sC fOY[{
|QK@f]:
O%*I0.
|)N(!(%`[3cJ),
xU(4X|!
R?;sV
\WyyfvAHx3i(!
eKTZ{1z
4:AZ^\
x,V[)L9)
So1{93"upn?Ra:
i>x]V"!&gt!0
}Hmp^u
t3h'x'
h~eA_p;,)'('@eD#
>/QdCKK
fqpz|#
t,W&?i)q
YiEILWU[V_j'K
3P~Q+U
*&.E/rn8<!
f)f38p
7!uy;"B
#N'*e5
E|67m
lw=Zt|
@R((_mj
QmHi|M%}!
7NIR5hD\
}4;IKg
:b4m;Uz=
:GEI3I4N\
o2/!,8#7
V/!TFF
-MRGdUfT-
pyCs13*
gH+SwZ
_I*=J #
(_.WON
Q>Mf\z[
;o(#^(^e%
vlh6Au
IHxD/w%EX
H<?oW'f
+|mVn?E
jg:LZWTA19EGEH<K
%YxLuy*W,
Gmpc*DM<D
kQn~O]Z
(uA8;kvv
y>?Jr#m
>CDSpVDm
xG=V>kx8$}AQ
|vjCc&
1AZ8L3dC
>;ooP2
0?>ATS
j9/R$^yfP:
W;30a-BK
8~)gB}%#]b9U1
yT^ZR?
}52s(l
bFoI,s
\l)/,n
7y/>Lh
_!Nl$
:^t\c9_o6X
4GYqZJ9
,'}M08
lmemLv
CUc3FIk
G\toz$'
\5rs*aI5
\~@/WQ
cv1w+L
m8e'I[(|l3d_L
B+qw#V3>
c$#=h8@}
&xx@7NF
.X=oN&.
BGlu($
91q,~2@
c%eq+7xc+H
l2l`JQ6/_f
KG?7~>
-VCuT~Bm|*X,
$kiFa~
;9\gX%,?^hF95
25LC<W'
ostt[B
dvj&.
4;<#tKw
Yk$kjT4h&5J
w"ZL6S2
mu*ec
?$xy,B
)GzBXEr38
Hg`/lV
11mTrf.
Ej\nwJ4XH
MG+7%/Lh
kRFed%G
hHqO)3
vR1ok?
:\NP8Q>
['fDB}=CM
zA=1fin
;dA<FPpZ'
eA2L.tED|
2u4suCoi68Bh\Lo1
qW:\N_
=$fh-=5"m
WJxw]Y
QzrY>m87=
Q/3y*!+
o2az}M}
+-sTLdn
"%U1G{~"(Pg
}Q== 8.
,0r]w'
Gp72_7
RQ]f{M
FZXDBBG@
EDd{&[D
v{N ('
RFb@PE1DB
SBC[v
R@#ty[
K@f3QH7
VFSB@vA
u~ iVZ
^.D(ag
HJVTNN
V"*^QHH
ol /w)"
8uT2)T*
GTcV&Dk
@!E)DO2
Vl/ HV!
bw_SV$:
VnwcVb}fRVr
VvVX*UhV
V(vV@z])V
VwgVkvcV
V6zv:VH_a
fV5rJVWN
TIV`vLV]gVZUM%VTz$
v@\Vm@!GVpKz
vIVWWrtVA
wZaVBUVL
V7zTC!VfC"
4VvNzV2
Vsb|NmV`
VrTNV+
v&N+uJnrV
VC%F)C_GFZ4K4
VtC\bFC?F
\CtF0C)F2QVTSVC>V^CFF
uNs!4>{
JMsPC@52
6cz@dD
@/BuECCD
(clc?-f
f7 c_>+p
)'`)gT
]*(gcS(
aVKI9 u
&YaU<p
J#xM&cgU
(c/EC +
C&tl>'
_E@aF'4
ZYenU%T&Nb`PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
@jjjjjj
@jjjjjj
@jjjjjjj
@jjjjjjj
@jjjjjjjjjjjj
@jjjjj
@jjjjj
@jjjjj
@jjjjjj
@@@@@@@@
@@@@@@@@
@@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@
@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@
@@@@@@
@@@@@@
@@@@@@@@
@@@@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@
@@@@@@
@@@@@@@
@@@@@@@@
@@@@@@@@
@@@@@@@@@
@@@@@@@
kernel32.dll
PETool32 v0.45 beta - (C) 2000 MackT/uCF2000
MS Sans Serif
Browse PE File
Entry Point
Image Base
Size Of Image
Size of PE Header
Base of Code
Section Alignment
File Alignment
Checksum
PE Infos
Base of Data
SysListView32
SysListView32
Save Changes
Edit Directories - Sections
Current File
Save PE Header
Checksum
Directories - Sections Editor
MS Sans Serif
Cancel
Export
Import
Resource
Exception
Security
BaseReloc
Copyright
GlobalPtr
TlsData
LoadConfig
BoundImport
Directories
SysListView32
Sections
Virtual Size
Virtual Offset
Raw Size
Raw Offset
Characteristics
View Imports
View Exports
Partial Dump
MS Sans Serif
Cancel
Length
MS Sans Serif
PETool32 v0.45 beta
Coded by MackT/uCF2000
Greetz to all uCF members && all crackers in the World!
Imports
MS Sans Serif
Exports
MS Sans Serif

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.