0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.70
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:VB-AAVL [Trj] | 20191210 | 18.4.3895.0 |
| Baidu | Win32.Worm.Pronny.d | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191210 | 2013.8.14.323 |
| McAfee | VBObfus.cu | 20191210 | 6.0.6.653 |
| Tencent | Worm.Win32.Vobfus.n | 20191210 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Gen:Variant.Chinky.7 |
| APEX | Malicious |
| AVG | Win32:VB-AAVL [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Chinky.7 |
| AhnLab-V3 | Trojan/Win32.VB.R19758 |
| Antiy-AVL | Worm/Win32.WBNA.gen |
| Arcabit | Trojan.Chinky.7 |
| Avast | Win32:VB-AAVL [Trj] |
| Avira | WORM/Vobfus.lvbzx |
| Baidu | Win32.Worm.Pronny.d |
| BitDefender | Gen:Variant.Chinky.7 |
| BitDefenderTheta | Gen:NN.ZevbaF.32519.nm2@aapicThi |
| CAT-QuickHeal | Worm.Vobfus.Gen |
| CMC | Heur.Win32.VBKrypt.2!O |
| ClamAV | Win.Packer.VBCrypt-5731517-0 |
| Comodo | TrojWare.Win32.VB.AVA@4paxk7 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d3e70a |
| Cylance | Unsafe |
| Cyren | W32/Vobfus.AI.gen!Eldorado |
| DrWeb | Trojan.VbCrypt.60 |
| ESET-NOD32 | Win32/AutoRun.VB.AQW |
| Emsisoft | Gen:Variant.Chinky.7 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Vobfus.AI.gen!Eldorado |
| F-Secure | Worm.WORM/Vobfus.lvbzx |
| FireEye | Generic.mg.413bf78d3e70abbd |
| Fortinet | W32/VBObfus.CM!tr |
| GData | Gen:Variant.Chinky.7 |
| Ikarus | Worm.Win32.Vobfus |
| Invincea | heuristic |
| Jiangmin | Worm.Vobfus.imcv |
| K7AntiVirus | EmailWorm ( 0054d10f1 ) |
| K7GW | EmailWorm ( 0054d10f1 ) |
| Kaspersky | Worm.Win32.Vobfus.dfhj |
| MAX | malware (ai score=81) |
| Malwarebytes | Worm.Obfuscator |
| McAfee | VBObfus.cu |
| McAfee-GW-Edition | BehavesLike.Win32.VBObfus.dm |
| MicroWorld-eScan | Gen:Variant.Chinky.7 |
| Microsoft | Worm:Win32/Vobfus.gen!P |
| NANO-Antivirus | Trojan.Win32.WBNA.cfdsnm |
| Panda | Generic Malware |
| Qihoo-360 | HEUR/QVM03.0.C931.Malware.Gen |
| Rising | Worm.VobfusEx!1.99DB (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Remnat[VB] |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/ZboCheMan-B |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2012-01-22 01:58:45
PE Imphash
aa476f5cce5ee021105bff56578d8f84
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00025518 | 0x00026000 | 5.713357596608009 |
| .data | 0x00027000 | 0x00000e9c | 0x00001000 | 0.0 |
| .rsrc | 0x00028000 | 0x00016000 | 0x00005000 | 5.627409047792135 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0002c138 | 0x00000128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0002c288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0002c288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0002c288 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0002c2b8 | 0x000001ec | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 __vbaVarSub
• 0x401004 __vbaStrI2
• 0x401008 _CIcos
• 0x40100c _adj_fptan
• 0x401010 __vbaVarMove
• 0x401014 __vbaStrI4
• 0x401018 __vbaVarVargNofree
• 0x40101c None
• 0x401020 __vbaFreeVar
• 0x401024 __vbaAryMove
• 0x401028 __vbaStrVarMove
• 0x40102c __vbaLenBstr
• 0x401030 __vbaFreeVarList
• 0x401034 __vbaPut3
• 0x401038 __vbaEnd
• 0x40103c _adj_fdiv_m64
• 0x401040 __vbaPut4
• 0x401044 None
• 0x401048 __vbaStrErrVarCopy
• 0x40104c _adj_fprem1
• 0x401050 __vbaRecAnsiToUni
• 0x401054 None
• 0x401058 None
• 0x40105c __vbaResume
• 0x401060 __vbaStrCat
• 0x401064 __vbaSetSystemError
• 0x401068 __vbaRecDestruct
• 0x40106c __vbaHresultCheckObj
• 0x401070 __vbaLenBstrB
• 0x401074 None
• 0x401078 _adj_fdiv_m32
• 0x40107c __vbaAryVar
• 0x401080 __vbaAryDestruct
• 0x401084 None
• 0x401088 __vbaVarIndexLoadRefLock
• 0x40108c __vbaExitProc
• 0x401090 __vbaObjSet
• 0x401094 None
• 0x401098 __vbaOnError
• 0x40109c _adj_fdiv_m16i
• 0x4010a0 _adj_fdivr_m16i
• 0x4010a4 __vbaVarIndexLoad
• 0x4010a8 __vbaStrFixstr
• 0x4010ac None
• 0x4010b0 __vbaBoolVarNull
• 0x4010b4 __vbaFpR8
• 0x4010b8 _CIsin
• 0x4010bc __vbaErase
• 0x4010c0 None
• 0x4010c4 None
• 0x4010c8 None
• 0x4010cc __vbaVarZero
• 0x4010d0 __vbaChkstk
• 0x4010d4 None
• 0x4010d8 __vbaFileClose
• 0x4010dc EVENT_SINK_AddRef
• 0x4010e0 None
• 0x4010e4 __vbaStrCmp
• 0x4010e8 __vbaGet3
• 0x4010ec __vbaAryConstruct2
• 0x4010f0 __vbaVarTstEq
• 0x4010f4 __vbaPutOwner3
• 0x4010f8 DllFunctionCall
• 0x4010fc __vbaVarOr
• 0x401100 __vbaFpUI1
• 0x401104 __vbaRedimPreserve
• 0x401108 _adj_fpatan
• 0x40110c __vbaFixstrConstruct
• 0x401110 __vbaRedim
• 0x401114 __vbaRecUniToAnsi
• 0x401118 __vbaUI1ErrVar
• 0x40111c EVENT_SINK_Release
• 0x401120 _CIsqrt
• 0x401124 EVENT_SINK_QueryInterface
• 0x401128 __vbaFpCmpCy
• 0x40112c __vbaVarMul
• 0x401130 __vbaExceptHandler
• 0x401134 None
• 0x401138 __vbaStrToUnicode
• 0x40113c None
• 0x401140 _adj_fprem
• 0x401144 _adj_fdivr_m64
• 0x401148 None
• 0x40114c None
• 0x401150 None
• 0x401154 __vbaFPException
• 0x401158 None
• 0x40115c __vbaInStrVar
• 0x401160 __vbaStrVarVal
• 0x401164 __vbaUbound
• 0x401168 __vbaVarCat
• 0x40116c __vbaGetOwner4
• 0x401170 None
• 0x401174 __vbaI2Var
• 0x401178 None
• 0x40117c None
• 0x401180 _CIlog
• 0x401184 __vbaFileOpen
• 0x401188 __vbaVar2Vec
• 0x40118c __vbaInStr
• 0x401190 __vbaNew2
• 0x401194 None
• 0x401198 __vbaVarInt
• 0x40119c _adj_fdiv_m32i
• 0x4011a0 _adj_fdivr_m32i
• 0x4011a4 __vbaStrCopy
• 0x4011a8 __vbaI4Str
• 0x4011ac None
• 0x4011b0 __vbaFreeStrList
• 0x4011b4 _adj_fdivr_m32
• 0x4011b8 __vbaPowerR8
• 0x4011bc _adj_fdiv_r
• 0x4011c0 None
• 0x4011c4 None
• 0x4011c8 None
• 0x4011cc __vbaVarTstNe
• 0x4011d0 __vbaI4Var
• 0x4011d4 __vbaAryLock
• 0x4011d8 __vbaVarAdd
• 0x4011dc __vbaStrToAnsi
• 0x4011e0 __vbaVarDup
• 0x4011e4 __vbaFpI2
• 0x4011e8 None
• 0x4011ec __vbaFpI4
• 0x4011f0 __vbaVarCopy
• 0x4011f4 __vbaRecDestructAnsi
• 0x4011f8 None
• 0x4011fc _CIatan
• 0x401200 __vbaCastObj
• 0x401204 __vbaStrMove
• 0x401208 __vbaAryCopy
• 0x40120c __vbaStrVarCopy
• 0x401210 None
• 0x401214 _allmul
• 0x401218 _CItan
• 0x40121c __vbaAryUnlock
• 0x401220 _CIexp
• 0x401224 __vbaMidStmtBstr
• 0x401228 __vbaFreeStr
• 0x40122c __vbaFreeObj
• 0x401230 __vbaI4ErrVar
L!This program cannot be run in DOS mode.
MSVBVM60.DLL
rrrr1hrD
rjrbrrVrr
r3Wrpr|
vrIrvjr:
r@9rrr
rHJrr2
rRr!vrqrur
rrr}r/prnrbr}r}Artr
rrlWrrr4ur9
r]rMrrrr2vr`vrGr}r
r}irWr]
=r:rr7r
rr}rar5r
rmrYurmrpurkr
rmrr]r0lr
rnrrDr
r"|rkrr(Nr
<4h0AB"
yyyyyyldIoQdYw
yyyyyyy
VB5!6&*
RvyjgQbRDl
IghlEZmD
buGrALdR
uM#U@GM
KODG6<
)PAbLbz
BackColor
Enabled
TextRTF
RICHTX32.OCX
RichTextLib.RichTextBox
RichTextBox
,5FH:T
zPaqGSl1
cBrowse
buGrALdR
avifil32
AVIFileExit
AVIFileInit
User32
CallWindowProcW
+3q"=h
VBA6.DLL
__vbaFpUI1
__vbaFpI2
RichTextBox1
__vbaPutOwner3
__vbaVarIndexLoad
__vbaVarIndexLoadRefLock
__vbaFpR8
__vbaFixstrConstruct
__vbaUI1ErrVar
__vbaAryVar
__vbaEnd
__vbaStrI2
__vbaLenBstrB
__vbaPowerR8
__vbaGetOwner4
__vbaVarMul
__vbaVarAdd
SendMessageA
__vbaI2Var
MSVBVM60.DLL
__vbaVarVargNofree
__vbaI4ErrVar
__vbaAryUnlock
__vbaAryLock
__vbaVarTstNe
__vbaPut4
__vbaPut3
__vbaFileClose
__vbaGet3
__vbaFileOpen
__vbaAryCopy
__vbaRedimPreserve
__vbaUbound
__vbaI4Var
__vbaStrCmp
__vbaInStrVar
__vbaVarOr
__vbaBoolVarNull
__vbaStrFixstr
C:\Windows\system32\msvbvm60.dll\3
__vbaStrErrVarCopy
__vbaStrVarVal
__vbaRecDestruct
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaFpCmpCy
__vbaVarTstEq
__vbaVarDup
__vbaVarCat
__vbaVarCopy
__vbaStrVarCopy
__vbaInStr
__vbaLenBstr
__vbaVarSub
__vbaVar2Vec
__vbaAryMove
__vbaAryConstruct2
__vbaStrI4
__vbaVarZero
__vbaVarInt
__vbaFpI4
__vbaAryDestruct
__vbaStrCopy
__vbaErase
__vbaRedim
__vbaFreeVar
__vbaFreeStrList
__vbaStrCat
__vbaVarMove
__vbaFreeStr
__vbaMidStmtBstr
__vbaFreeVarList
+3qClass
__vbaStrVarMove
__vbaStrMove
__vbaSetSystemError
__vbaOnError
+3q> q]wL,\z *=h
+3qnGg
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
CoTaskMemFree
shlwapi.dll
PathCompactPathExA
Kernel32
lstrlenW
BrowseForFolder
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
ShrinkToFit
SetPBarForegroundColor
SetPBarBackgroundColor
AIhR6__vbaExitProc
__vbaResume
__vbaI4Str
__vbaObjSet
bC:1__vbaStrToUnicode
__vbaStrToAnsi
__vbaRecDestructAnsi
__vbaRecAnsiToUni
__vbaRecUniToAnsi
C:\Windows\system32\RICHTX32.oca
RichTextLib
GetFilenameExt
__vbaCastObj
usImKj
:7 ]P6j
97k\rM Z
[.1/,C
1D ;-V (%<K
G-~Fhrf
zQ_Mkr
`<IV@\~u
.{2gc$#
q.Uc_qXQ
e#KZde
,BAa@u1
jTh[;;/
K2]b -)hF
NYb;dz
]`~|O/]"
%Xq4)gp
7GrqL?
ff>b[U
fp153"
DH2`1;gH^.|fC93fW1N
J1t2gd^:;IF
xJJmFsWm8_TR
iG- wU)Cj#r}3f3~c(+
Q;py3`
rkx1"}&"
'0)Mj:<_
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyydf4546
RichTextBox1
RichTextLib.RichTextBox
{\rtf1\ansi\deff0{\fonttbl{\f0\fnil\fcharset0 MS Sans Serif;}}
\viewkind4\uc1\pard\lang1033\f0\fs17 RichTextBox1
\par }
Browse for a folder
strTitle
Shutdown the operating system.
strPath
intMaxLength
lngPBarHwnd
lngColor
strPathFile
jpXSVWeE8
PEPEP@EP=
M9EPEPj
PEPEPu
M{PhH@
UM7EPEPj
%EPEPj
TMKhTrB
EP5lrB
EP5pB
vSVWeE
DMXTPXP\P`Pj
`9Ph4I@
\!Ph@I@
`QPh`I@
\9PhhI@
Dd\P`Pj
DMe``E-
EPEPDP
`0PhI@
TPXP\P`Pj
MbMZMRMJMBd7
jpX[SVWeE
M[PhI@
MFPhI@
UMdEPEPEPj
*EPEPEPj
SVWeE
jEP5 pB
EP5$pB
SVWeEh
PPBPP5P8P(eE
`Ph(J@
HPh0J@
}PhHJ@
;PhhJ@
#PhpJ@
xPh,K@
uPhXK@
^Mn|clX\MLB<78Pj
?SVWeEH
MjPhK@
MUEPEPEPEPj
\EPu5HqB
MCPhK@
M.PhK@
UMEPEPEPEPj
MyPhK@
HPdPEP
EPEPEPEPj
\PEPLPeP
P<PQPP,P=P
M,P<PLP\Pj
\PEPLP
P<PPP,PP
x`,P<PLP\Pj
\PEPLPP
Mk,P<PLP\Pj
x"PhHL@
pPhXL@
lPpPtPxPj
\PEPLP
P<PPP,PP
xd,P<PLP\Pj
\PEPLP
MMx$,P<PLP\Pj
xPh|L@
\M|pPtPxPj
\PEPLPP<P,PP
P,P<PLP\Pj
\PEPLP
P,P<PLP\Pj
\PEPLPpP<P,P\P
P,P<PLP\Pj
\PEPLP(P<P,P
P,P<PLP\Pj
\PEPLPP<P,P
P,P<PLP\Pj
\PEPLP
P<P,P~P
P,P<PLP\Pj
\PEPLPJP<P,P6P
P,P<PLP\Pj
xkPhH@
tSPhL@
p;Ph@I@
\|pPtPxPj
\PEPLPdP<P,PPP
P,P<PLP\Pj
\PEPLPP<P,PP
P,P<PLP\Pj
lPpPtPxPj
MMlPpPtPxPj
P,P<PLP\Pj
SVWeE8
M@8P<P@Pj
`30P4P8P<P@Pj
@yPhJ@
D/8P<P@Pj
4oPhL@
M"4P8P<P@Pj
(P,P0P4P8P<P@Pj
@}Ph|M@
<}PhtM@
8}Ph|L@
4}PhM@
M^}4P8P<P@Pj
b(P,P0P4P8P<P@Pj
M0|M(|M |M
|`{T{D{
ySVWeE
yxSVWeE@
MzPhL@
MzPhH@
MzPhL@
pM]zEPEPEPj
xlP5qB
MxPhH@
MsxPhlM@
pM&xEPEPj
8EPEPEPj
M/wpwlPj
MwEPhC@
vMwMwfEMd
tSVWeE
MJwPhM@
sEP5qB
HsEMrE
rEP5rB
MrPhI@
M{rPhpJ@
UM7rEPEPEPj
rPh N@
UMqEPEPj
2EPEPEPj
MpMnqEPj
MrqMRqMJqMBq
vnSVWeE
n0P5pB
TnPhE@
PnPh8N@
LnPhDN@
4MQnLPPPTPj
P4PPmj
mTm4mE
TlPh`N@
PlPhlN@
4MXlPPTPj
k0P5pB
TkPhN@
PkPh I@
LkPhL@
HykPhL@
DakPhJ@
kDPHPLPPPTPj
TjPhE@
PjPhE@
4McjPPTPj
P/jPhN@
4MiPPTPj
P4Phj
u4PTPhPE
iTei4BiE
TUiPhN@
4hhPPTPj
lg0P5pB
T*gPhN@
4xfPPTPj
TfPhtM@
PnfPhPL@
H>fPhH@
4XeHPLPPPTPj
P4Pdj
u4PTPdPE
eTce4@eE!
c0P5pB
GDPHPLPPPTPj
MbMbMbMbMbMbMbxbhbXb
_SVWeE
DaPhK@
@aPhDN@
M~a@PDPj
0e`P5`
XR`0P4P8P<P@PDPj
0X_P(_
_(P,P0P4P8P<P@PDPj
D^PhJ@
@^PhN@
H5^@PDPj
Xv]0P4P8P<P@PDPj
0|\PL\
(O\P \
X<\(P,P0P4P8P<P@PDPj
D[PhhI@
@[PhpO@
<[Ph|O@
8[Ph(J@
M=[8P<P@PDPj
0zZPJZ
X:Z(P,P0P4P8P<P@PDPj
@YPh|L@
<YPhpI@
4pYPhO@
0XYPhO@
Y0P4P8P<P@PDPj
8dXP4X
XW(P,P0P4P8P<P@PDPj
XV(P,P0P4P8P<P@PDPj
XU8P<P@PDPj
DUPhtM@
@rUPh@J@
<ZUPhH@
8BUPhO@
MT8P<P@PDPj
8cTP3T
X#T0P4P8P<P@PDPj
DSPhN@
@SPhpI@
<SPhJ@
8SPhI@
M7S8P<P@PDPj
MRDRE#
@rRPBR
XQ(P,P0P4P8P<P@PDPj
DsQPh`J@
@[QPhO@
<CQPhI@
\P<P@PDPj
XP(P,P0P4P8P<P@PDPj
MPPMHPM@PM8PM0P|%Pl
MSVWeEX
zNEP5pB
+NEP5pB
JSVWeE
EPRLEP?M
M;MMLE
xLuKEE
LEP5$qB
MKMKEPj
MKMKEPj
HSVWeE
PP|PEPFJ\PEPEPIP2J
M.JEPEPEPj
MIPhL@
MIPhO@
UMmIEPEPEPj
MDIEPEPEPj
EPEPEPj
+FSVWeE0
|PlP5GlPG
MGMGlP|Pj
FhPuEPE
M"FPh P@
MEPhK@
|MEEPEPEPEPj
DhPuEPEPCPu
uD4EMDE
M5DPh8P@
|MCMCh
AEPEPEPEPj
MCMyCMCMCMyCMYC
@SVWeE
1BuAEE
gAEP@H
@EP5HrB
?EPuup
>EP5PrB
?M>M>M>fE
<SVWeE
P P; PY<
<'<PhDP@
<PhPP@
|;8P<Pj
Pg8PP`8P`8fP
y7P5pB
6P5<rB
<5PhpI@
M5<5E
P P4 P<P#4P}4
p4E<4 ]4E
<h1PhL@
8P1Ph`I@
481PhtP@
0 1PhP@
H00P4P8P<Pj
0P5DrB
/P5DrB
</PhP@
MZ/<U/E*
.P5DrB
$.P5DrB
b0P4P8P<Pj
M-M-M-M-M-M-|-H-
*SVWeE
M+PhP@
UM+EPEPj
&EPEPj
M]+EPj
(SVWeE
M*PhP@
M*PhP@
dM*EPEPj
j[dP\)f
PdPTPD)PDP4P0)PP$P
P$P4PDPTPdPj
M(PhL@
|(PhE@
xy(PhN@
ta(PhJ@
(tPxP|PEPEPj
M'Ph L@
PdPTPy&PPDPe&PP4PQ&PP$P=&PP
P$P4PDPTPdPj
M%M|%E
M&%EPdP
TPdPDP4$P
P4P $P$
M$M$4PDPdPTPj
PdPTP"PPDP"PP4P"P\#
MX#4PDPTPdPj
M"PhLN@
dM_"M]"E
PdPTPn!PPDPZ!P
M!DPTPdPj
M!M[!E
fuhTQ@
| PhP@
x Ph L@
M xP|PEPEPj
M tPxP|PEPEPj
P$P4PDPTPdPj
Mk Mc M[ MS Mc MC
EPEPdPtP
tPEPEPdPj
tPEPEPj
SVWeE@
HPTPxP/
|P5TpB
EPEPEPEPj
EPEPEPj
1EPEPEPEPj
f|f\EF
MPPPPj
jXX\SVWeEX @
SVWeE @
0Ph@J@
,PPPPj
McPPPPj
=PfXpB
KP5 rB
PPTPPPPj
PLPE
<P5 rB
LPhDK@
LPil+H
xPhPM@
PPP&}PPPj
-P5lrB
PPP*zPPPj
PPPLvPPPj
>P5 rB
LPPPPj
P5 rB
-PPPPj
PP_1PPj
PP.PPj
JPhHL@
PPy-PPj
(P5 rB
6PPPPj
]P5 rB
D PP$*PPj
PP)PPj
PP(PPj
6P5 rB
YPPPPPj
MMMMMMpd`PaLPj
2SVWeE
UMhMfE
TPEPEP`PEPEPP
MEPEPEPj
EPEPEPj
SVWeE`!@
M&PPPj
MMfEMd
SVWeE!@
M%PhJ@
MPh4U@
UMxEPEPEPEPEPEPj
1EP5qB
5XEhrgA
6EPEPEPEPEPEPj
'SVWeE
xNPhJ@
t6PhLU@
`MpPtPxPj
|P:|3+H
xfPhxU@
HXYYYHP
LYPLP=Hj
`MtPxPj
PPHHPDj
|PP|3+H
HDDEhmA
7|PpPtPxPj
SVWeE"@
tPEPEPX
MKPhU@
AEP5rB
cEP5rB
>EP5rB
uEPE3+H
PytEPttEE
EP^E3+H
P8tEP3tEE
MlPhH@
MWPhtM@
EPEPEPEPj
EP&Eh>uA
/EP%EPEPEPEPj
2MZMREPj
jxX]SVWeEp#@
EPEPEPEP
SVWeE#@
EPEPEPP|PEPPEP*PfE
EPEPEPEPj
OSVWeE#@
0*PPPEPE
MZPhHL@
M0PhL@
UMEPEPEPj
EPTPlfLM
5tP5lrB
dPEP_EP
EPTP=fLM
tP5lrB
StP5pB
dPEP EP\
EPTPfLM~
tP5lrB
MPh<V@
UM{EPEPEPj
EPEM+H
dPEPpEP
EPTPNfLM
tP5lrB
dtP5pB
dPEP0EPmtqB
tP5lrB
$tP5pB
tP5lrB
CEPCEPEPEPj
9MIEPj
eSVWeE$@
UMqEPEPEPj
M[Pujh
hM*EPdxP
MPh|V@
M"PhV@
,EPEPEPj
M?M7MGM'
jXX`SVWeE %@
MjPhJ@
UM&EPEPj
SVWeE%@
o`P5qB
MtPh|O@
|\PhV@
xDPhpJ@
dMxP|PEPj
EPEPP`Pj
P`P5prB
MiPhJ@
|QPhI@
x9PhV@
t!PhL@
tPxP|PEPj
=tPxP|PEPj
MSMcMCM;
j8XqSVWeE%@
ISVWeE8&@
hcPhL@
dKPh(W@
HMdPhPj
fEfEf;
fEfEf;
dPh4W@
PHP6$PHP
hPhLW@
hdPhI@
dLPhdW@
XP\P`PdPhPj
hfPhW@
dNPhLU@
PHPvHP
HP$P8PAP
M8PHPj
`zPhdM@
HM-`PdPhPj
XP\P`PdPhPj
0SVWeE&@
AEP5HrB
EP5LrB
UMXEPEPEPEPj
EP5PrB
.EPEPEPEPj
SVWeE@'@
+VHPXPj
MdPDPE
@PEPEPEPEPEPEPEPj
XPhPj
MlPhK@
MWPhL@
MBPhX@
x*PhW@
M}Ph$X@
MhPhL@
MSPhL@
M>PhK@
M)Ph0X@
MPhhI@
MPhPX@
MPh\X@
MlPhxX@
|TP@PJxP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
xP|PEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPj
lXPhPj
5SVWeE'@
} jhhM@
} j`hM@
} jdhM@
} jXhM@
D\PhPM@
@DPhL@
$l@PDPj
@VPhN@
<>PhLN@
$\<P@PDPj
$PDP1P
O@PDPj
D0Ph0J@
<P@PDPj
} jPhM@
PP~f(4X
f<<P6EE
~P5DrB
G~P5pB
~PhHQ@
@}Ph Y@
$L}@PDPj
D}Ph,Y@
@z}PhL@
<b}Ph<Y@
8J}PhHY@
$M|8P<P@PDPj
PP{f8DM|
f<<P2u
D{PhH@
@{PhL@
<{PhhY@
8{PhtY@
$M4{8P<P@PDPj
tzP5pB
xP5lrB
DxPhY@
@xPhdM@
<qxPhY@
$M$x<P@PDPj
m8P<P@PDPj
MkwMcwM[wMSwMKw|@wl5w\*wL wH,w
MtSVWeE(@
Nu P5trB
s P5xrB
<4sPhK@
$Mr<rE
<rPhN@
8rPhN@
$DPr8P<Pj
(q P5|rB
<pPhY@
8{pPhH@
4cpPhY@
p4P8P<Pj
@Pan@h+H
P1o@P)n
n P5rB
<nPhY@
8nPhY@
$lUn8P<Pj
m P5qB
$|Om8P<Pj
l P5qB
EPEPSkE"
<lPh0J@
$T0l<+lh
k@Pj4P8P<Pj
pkMkMxk|mklbkTWkDLk
jDXhSVWeEX)@
MWiPEPiPIjEE
jEP5qB
Mbjh6A
MSjEPj
bgSVWeE)@
iPh`Z@
iPhlZ@
jiPhH@
iPhLN@
hPh|L@
hPhhI@
gPhpB
PgPhN@
8gPhJ@
gPhH@
gPh I@
mdPPdPPj
dPhH@
}d xdE
bPh0J@
bPh0J@
aPhHL@
uaPhZ@
]aPh I@
i`Ph0J@
Q`PhJ@
;_Ph`I@
^Ph`J@
]Ph@I@
y]PhI@
a]PhN@
\PhI@
ZPh[@
nZ iZE=
XPh[@
,XPhPL@
$j4Y+H
$j5Y+H
9bpSEl
$j6Y+H
OPh[@
NPhlM@
AMPhH@
)MPhI@
KPh$\@
lKPh4\@
rHPhxqB
LIPhT\@
HPhK@
HPhl\@
HPh@J@
FPhDK@
FPhDK@
|FPhx\@
dFPh\@
LFPh\@
~EPh\@
fEPh\@
DPh(J@
PPBP]C
PPAPdB
APhpJ@
TAPhtM@
@Ph$]@
g@Ph|O@
O@PhtM@
?Ph0]@
?Ph<]@
PPP=PPP=PPP=P>>
8>PPPPPPj
= PPPPPPj
M@=MP=M0=M(=M =M
=\<L<HPj
<<<<{<p<e<Pj
?<L<|A<l6<\+<L <H-<8
X:9SVWeE,@
8SVWeE
6EPE@T
$EP4EPj
jtX-3SVWeEH-@
EPEP3EPEPj
EPEP|4EPEPj
D4EPu5rB
BeEEPj
0SVWeE-@
@a1Phd]@
@/Php]@
</PhK@
MQ/<P@Pj
.P5DrB
P P+-j(
PC-PI-fP P
9-P5qB
',P5qB
)+VP P)j
P@P)P)
<*P5\rB
@8*Ph]@
< *Ph|L@
4)PhN@
X)4P8P<P@Pj
](P5lrB
@'PhJ@
<'Ph]@
8'Ph0J@
M8'8P<P@Pj
@&Ph]@
h@&@;&E!
@6&PhE@
4%Ph]@
0%PhJ@
x%0P4P8P<P@Pj
#P5DrB
0P4P8P<P@Pj
MG#M?#MO#x,#h!#X
9 SVWeE`.@
pPtPbflE
lPEPEP!xPEPEP8!P!
M!EPEPEPj
M!EPEPEPj
SVWeE.@
M PhL@
M Ph]@
M PhDN@
UMi EPEPEPj
EPQ d
EP5dqB
EP5hqB
EP5PrB
upOEPj
EPEPEPj
*EPEPEPj
SVWeE.@
EPu`PEP
@PEPpP
pPEPEPEPj
EPu`PEPC
@PEPpPw
pPEPEPEPj
pPEPEPEPj
SVWeEP/@
pPtPxPj
9pPtPxPj
SVWeE/@
EfEfEf;E
EPEPQPu
EPEPEPj
EPEPEPj
SVWeE@0@
} jPhM@
fEfEf;
hPlPpPtPj
} jPhM@
TP"flPpPtPj
} jPhM@
uU9PPj
hPlPpPtPj
} jPhM@
} jPhM@
ui4PPj
KhPlPpPtPj
dTqPPj
MZMjMbMBMRM2M*x
XSVWeE(1@
0XPXPh
PEP"X1E
xPHP8P P(PxP
jP(PtPZP
P(P8PHPXPj
xPHP8P
jP(PtPP
P(P8PHPXPj
pPh@J@
lPhHM@
XM`lPpPtPj
HPXP8PJPP(P6P
tPujh
kt(P8PXPHPj
t$PhdM@
hPhx_@
XMhPlPpPtPj
t[Ph@I@
pCPh_@
l+PhJ@
XMhPlPpPtPj
HPXP8P.PP(P
yt(P8PXPHPj
uxPhPlPpPtPj
P(P8PHPXPj
QMyEPj
>MNMFMVM6M.|#
j|X\SVWeE1@
j"EEPj
MJPh_@
M5Ph_@
M Ph_@
UMEPEPEPEPj
EfEfEf;E
MwPh`J@
MbPh_@
EPEPEPj
.EPEPEPEPj
SVWeE 2@
MOPh_@
M#PhL@
UMEPEPEPEPj
MPh(`@
M~Ph4`@
MiPhHM@
MTPh8J@
M?PhL@
UMEPEPEPEPEPj
'EPEPEPEPEPj
SVWeEx2@
EPEPEP
HPtPEPEPx
MtMNM.hMB
MELLPj
SVWeE2@
+EP5qB
j@EPEPTuEPEP2EP
MEPmMEPEPj
&MCEPEPj
%SVWeE(3@
} jXhh@
PEPhb@
MuEPPu
8uEP38
4t/EPuE
'PEP#4EP4
\MplP|PEPhh@
>PEP:M
lP|PEPEPj
MMMlP|PEPEPj
j X;SVWeEP3@
PuEPPuEPP=
EPhEPEPj
MEPEPj
SVWeE`3@
EPEPAhEPh
UMEPEPEPh$i@
tPEPpMTEPEPEPEPj
EPEPEPEPj
SVWeE3@
wPEPshEPh
UMEPEPEPhXi@
PEPMEPEPEPEPj
MDEPEPEPEPj
UQQh3@
SVWeE3@
j,XeSVWeE3@
j4h,k@
PEPh[[B
MSVBVM60.DLL
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
__vbaPut3
__vbaEnd
_adj_fdiv_m64
__vbaPut4
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaStrCat
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
DllFunctionCall
__vbaVarOr
__vbaFpUI1
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaGetOwner4
__vbaI2Var
_CIlog
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
__vbaI4ErrVar
%yrY2
)yysssWG<+!
)zzzzzzzx[XG=-#
'zq\ZSY9*"
'|x\UH8,$
D{tVuP/
LLLLLL
L LLLLLLL(
DIcmqt
#ccccC
CEbklpstppss
#mkkkB
AGnlnprsmmk
;Hnooh
#snnnf
<Ziwhw~
#siii:
:@gvvvw~~~hom
:vvzzzz{{wvhq
?zzzeVdux{
zxxedgk
:788JJNSUVVeVWUUUR[
?66888JKNSUUUTSSNOY
?MMJ8JJKNTVVVVTSSOY
:XXexTMMSdx{{{zeVUR[
>Xeexz
QXeexz
XWRPXXeexz
XXURUWXexz
]WWXWXXexzz
}|}||}||x
$$$$$$$$$$$$$$$$IIII$$$$$$$$$$$$$$$
J<<J<J<<<<<<<::<PPPPPP<<<<<<<<<<<<:$
vsNsv<$
;;@Nx<$
3FWWY9(
2?E{{||YY9
?Cq|* @v<$
>-998Z
tC3136CCO
O=1/..//16C
OC3/./-----Cuhcc
~G63//..-/3C~[sd_^
HDGC====CO~qa]\
~~ZUUUZ~qa]]
'[Zkkk
lge%v$
}oonE$
}}}onE
IJWJKe
yxmv{e
{cWIIFFC
T!,sr5lY0~`"s_qL
).U[='
b4%((\
B L?LLL(
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADMG
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKkJ
mlNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
d:d:d:d:d:d:d:d::;:dU
?KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKd
{{onat
{{{{{{{{{{
mlNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
dUddddd:d:
d:d:==
u&&&&'( -akMk
Mu:d:=ljl/
ppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�
A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�A�A�A�A�A�
A�A�A�A�A�A�
A�A�+�B�7�B�F�B�R�B�
F� �q�h�j� �Z�t�u�Q�h�a�;�j�d�f�n�[�i�a�e�t�r� �
b�u�G�r�A�L�d�R�
z�P�a�q�G�S�l�
R�v�y�j�g�Q�b�R�D�l�
u�s�I�m�K�j�
n�s�V�i�R�S�i�Y�x�d�U�g�z�m�B�G�E�L�
c�l�s�B�r�o�w�s�e�
B�r�o�w�s�e� �f�o�r� �a� �f�o�l�d�e�r�
1�z�w�1�d�J�
y�U�X�K�L�H�D�
i�0�f�8�L�7�
x�P�b�I�b�T�
o�w�s�U�p�d�a�
U�p�d�a�t�e�
b�X�b�E�g�2�j�
P�U�m�R�x�7�
f�1�6�J�8�B�
B�r�o�w�s�e�F�o�r�F�o�l�d�e�r�
S�e�t�P�B�a�r�F�o�r�e�g�r�o�u�n�d�C�o�l�o�r�
S�e�t�P�B�a�r�B�a�c�k�g�r�o�u�n�d�C�o�l�o�r�
l�h�d�`�X�T�D�@�<�4�
e�Z�g�D�9�F�;�
I�C�O�N�4�(�
!�3�$�.�*�,�+�.�3�9�1�6�;�D�J�
8�0�8�4�:�!�)�!�(�)�9�:�<�>�!�)�:�1�1�I�C�N�O�^�I�C�F�B�B�D�K�^�R�X�o�@�E�D�H�H�S�R�Y�Z�J�|�B�J�B�Y�Z�P�S�X�Z�K�P�R�V�Z�^�b�k�b�c�i�q�z�r�~�n�k�n�c�p�u�u�|�x�s�{�b�c�c�a�c�k�n�c�k�j�i�k�s�x�z�~�r�{�s�q�t�r�u�s�
2�>�2�?�Y�}�t�r�
T�J�[�D�J�W�
y�n�|�}�}�k�z�<�;�]�I�X�Y�g�p�k�w�e�d�q�}�k�t�y�A�J�U�A�T�F�T�j�r�[�L�T�[�f�h�v�a�|�d�y�{�h�t�n�{�z�
<�;�\�T�q�f�j�w�r�x�w�m�}�
w�t�2�-�3�C�A�_�Q�v�
0�%�R�n�~�2�
q�}�~�N�J�[�d�m�j�i�z�t�}�p�^�i�y�}�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
P�r�o�d�u�c�t�N�a�m�e�
I�g�h�l�E�Z�m�D�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
R�v�y�j�g�Q�b�R�D�l�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
R�v�y�j�g�Q�b�R�D�l�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.