3.8
中危
48 个模型检测该样本为恶意!
重新分析
更多

0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f

0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f.exe

分析耗时

134s

最近分析

375天前

文件大小

112.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN EMOTET
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.76
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Kingsoft None 20191010 2013.8.14.323
McAfee Emotet-FMD!586882908464 20191010 6.0.6.653
Tencent None 20191010 1.0.0.1
静态指标
查询计算机名称 (1 个事件)
Time & API Arguments Status Return Repeated
1727545348.9215
GetComputerNameW
computer_name: TU-PC
success 1 0
行为判定
动态指标
分配可读-可写-可执行内存(通常用于自解压) (8 个事件)
Time & API Arguments Status Return Repeated
1727545340.688375
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x003a0000
region_size: 69632
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 616
success 0 0
1727545341.688375
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x003c0000
region_size: 65536
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 616
success 0 0
1727545341.688375
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x003d0000
region_size: 81920
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 616
success 0 0
1727545341.688375
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00400000
region_size: 81920
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 616
success 0 0
1727545342.1405
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x006f0000
region_size: 69632
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2708
success 0 0
1727545343.1715
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00710000
region_size: 65536
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2708
success 0 0
1727545343.1715
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00720000
region_size: 81920
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2708
success 0 0
1727545343.1715
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00400000
region_size: 81920
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 2708
success 0 0
检查是否有任何人类活动正在进行,通过不断检查前景窗口是否发生变化
创建一个服务 (1 个事件)
Time & API Arguments Status Return Repeated
1727545349.4055
CreateServiceW
service_manager_handle: 0x008a4aa8
service_name: typtexture
display_name: typtexture
desired_access: 18
service_type: 16
start_type: 2
error_control: 0
service_start_name:
password:
service_handle: 0x008cab20
filepath: C:\Users\Administrator\AppData\Local\Temp\"C:\Windows\SysWOW64\typtexture.exe"
filepath_r: "C:\Windows\SysWOW64\typtexture.exe"
success 9218848 0
将原始可执行文件移动到新位置 (1 个事件)
Time & API Arguments Status Return Repeated
1727545349.1555
MoveFileWithProgressW
flags: 3
oldfilepath: C:\Users\Administrator\AppData\Local\Temp\0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f.exe
oldfilepath_r: C:\Users\Administrator\AppData\Local\Temp\0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f.exe
newfilepath: C:\Windows\SysWOW64\typtexture.exe
newfilepath_r: C:\Windows\SysWOW64\typtexture.exe
success 1 0
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.data', 'virtual_address': '0x00008000', 'virtual_size': '0x00013ffc', 'size_of_data': '0x00014000', 'entropy': 7.460674880692598} entropy 7.460674880692598 description 发现高熵的节
entropy 0.7441860465116279 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (6 个事件)
host 114.114.114.114
host 8.8.8.8
host 181.164.227.212
host 219.74.237.49
host 134.101.222.153
host 217.113.27.158
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
service_name typtexture service_path C:\Users\Administrator\AppData\Local\Temp\"C:\Windows\SysWOW64\typtexture.exe"
尝试删除文件从互联网下载的证据 (1 个事件)
file C:\Windows\SysWOW64\typtexture.exe:Zone.Identifier
生成一些 ICMP 流量
文件已被 VirusTotal 上 48 个反病毒引擎识别为恶意 (48 个事件)
ALYac Trojan.Emotet.ZT
APEX Malicious
Acronis suspicious
Ad-Aware Trojan.Emotet.ZT
AhnLab-V3 Malware/Win32.RL_Generic.R270888
Antiy-AVL Trojan/Win32.Fuerboos
Avira TR/AD.Emotet.lwzss
BitDefender Trojan.Emotet.ZT
CAT-QuickHeal Trojan.Emotet
ClamAV Win.Malware.Emotet-6971483-0
Comodo TrojWare.Win32.TrojanProxy.Bunitu.TIK@8ctkfs
CrowdStrike win/malicious_confidence_90% (W)
Cybereason malicious.08464a
Cylance Unsafe
Cyren W32/Emotet.TG.gen!Eldorado
DrWeb Trojan.DownLoader28.17088
ESET-NOD32 a variant of Win32/Kryptik.GTED
Emsisoft Trojan.Emotet.ZT (B)
Endgame malicious (high confidence)
F-Prot W32/Emotet.TG.gen!Eldorado
F-Secure Trojan.TR/AD.Emotet.lwzss
FireEye Generic.mg.586882908464ae94
GData Trojan.Emotet.ZT
Ikarus Trojan-Banker.Emotet
Invincea heuristic
Jiangmin Trojan.Banker.Emotet.ipw
K7AntiVirus Trojan ( 0054ea211 )
K7GW Trojan ( 0054ea211 )
MAX malware (ai score=84)
McAfee Emotet-FMD!586882908464
MicroWorld-eScan Trojan.Emotet.ZT
Microsoft Trojan:Win32/Emotet.PA!MTB
NANO-Antivirus Trojan.Win32.Kryptik.fqhdmv
Panda Trj/CI.A
Qihoo-360 HEUR/QVM07.1.752F.Malware.Gen
Rising Trojan.Kryptik!1.B8D2 (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-Emotet
SentinelOne DFI - Malicious PE
Sophos Mal/Emotet-Q
Symantec Trojan.Emotet
Trapmine malicious.high.ml.score
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.SM
VBA32 BScope.Malware-Cryptor.Emotet
VIPRE Trojan.Win32.Generic!BT
ViRobot Trojan.Win32.Emotet.116800
Webroot W32.Trojan.Emotet
Yandex Trojan.PWS.Emotet!
Zillya Trojan.Emotet.Win32.17105
连接到不再响应请求的 IP 地址(合法服务通常会保持运行) (4 个事件)
dead_host 181.164.227.212:80
dead_host 219.74.237.49:443
dead_host 134.101.222.153:80
dead_host 217.113.27.158:443
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-05-17 09:17:00

PE Imphash

75393fcb8b4add4dee94442a09e6847f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001d9a 0x00001e00 5.608642815871056
.rdata 0x00003000 0x00004ecc 0x00005000 5.0276464196711945
.data 0x00008000 0x00013ffc 0x00014000 7.460674880692598

Imports

Library KERNEL32.dll:
0x419280 GetModuleHandleA
0x419284 VirtualAllocEx
0x419288 CloseHandle
0x41928c CreateSemaphoreA
0x419290 ExitProcess
0x419294 FindClose
0x419298 FindFirstFileA
0x41929c FindNextFileA
0x4192a4 GetCurrentProcessId
0x4192a8 GetCurrentThreadId
0x4192ac GetFileAttributesA
0x4192b0 GetFullPathNameA
0x4192b4 GetLastError
0x4192b8 GetModuleFileNameA
0x4192bc GetProcAddress
0x4192c4 GetVersionExW
0x4192d0 LoadLibraryA
0x4192d4 ReleaseSemaphore
0x4192d8 SetLastError
0x4192e0 Sleep
0x4192e4 TlsAlloc
0x4192e8 TlsFree
0x4192ec TlsGetValue
0x4192f0 TlsSetValue
0x4192f4 WaitForSingleObject
0x4192f8 GetLocaleInfoW
0x4192fc GetConsoleAliasW
0x419304 lstrcpynA
0x419308 GetStdHandle
0x41930c CopyFileExA
0x419314 DuplicateHandle
0x419318 GetCurrentProcess
0x41931c CreateThread
0x419320 SetThreadPriority
0x419324 TerminateThread
0x419328 ResumeThread
0x41932c GetSystemInfo
0x419334 CreateFileW
0x419338 FlushFileBuffers
0x41933c GetFileType
0x419340 GetLogicalDrives
0x419344 ReadFile
0x419348 SetEndOfFile
0x41934c SetFilePointerEx
0x419350 WriteFile
0x419354 SetErrorMode
0x419358 CreateFileMappingW
0x41935c MapViewOfFile
0x419360 UnmapViewOfFile
0x419364 MoveFileExW
0x41936c CreateDirectoryW
0x419370 FindFirstFileW
0x41937c GetFullPathNameW
0x419380 GetLongPathNameW
0x419384 RemoveDirectoryW
0x419388 GetTempPathW
0x41938c DeviceIoControl
0x419390 MoveFileW
0x4193a0 GetCurrencyFormatW
0x4193a4 GetTickCount
0x4193a8 FindFirstFileExW
0x4193ac GetTimeFormatW
0x4193b0 GetStartupInfoW
0x4193b4 GetModuleFileNameW
0x4193b8 MultiByteToWideChar
0x4193bc WideCharToMultiByte
0x4193c0 FreeLibrary
0x4193c8 GetGeoInfoW
0x4193cc GetUserGeoID
0x4193d0 GetModuleHandleExW
0x4193d8 lstrcmpW
0x4193dc ReleaseMutex
0x4193e0 CreateMutexW
0x4193e4 VirtualAlloc
0x4193e8 VirtualFree
0x419400 TerminateProcess
0x419408 IsDebuggerPresent
0x419410 InitializeSListHead
0x419414 RtlUnwind
0x419418 EncodePointer
0x41941c RaiseException
0x419424 LoadLibraryExW
0x419428 GetCommandLineA
0x41942c ExitThread
0x419434 SetStdHandle
0x419438 GetConsoleMode
0x41943c ReadConsoleW
0x419440 GetConsoleCP
0x419444 GetACP
0x419448 HeapFree
0x41944c HeapAlloc
0x419450 LCMapStringW
0x419454 EnumSystemLocalesW
0x419458 DecodePointer
0x41945c HeapReAlloc
0x419460 GetCPInfo
0x419468 WriteConsoleW
0x41946c GetStringTypeW
0x419470 IsValidCodePage
0x419474 GetOEMCP
0x419480 GetProcessHeap
0x419484 FindFirstFileExA
0x419488 HeapSize
0x41948c GetDateFormatW
0x419490 GetThreadPriority
0x419494 GetCurrentThread
0x419498 ResetEvent
0x41949c LoadLibraryW
0x4194a0 GetSystemDirectoryW
0x4194a4 CreateEventW
0x4194ac SetEvent
0x4194b0 GetConsoleWindow
0x4194b4 OutputDebugStringW
0x4194bc GetLocalTime
0x4194c0 GetSystemTime
0x4194c4 GetUserDefaultLCID
0x4194c8 CompareStringW
0x4194cc GlobalSize
0x4194d0 GlobalUnlock
0x4194d4 GlobalLock
0x4194d8 GlobalAlloc
0x4194dc OpenProcess
0x4194e8 CreateProcessW
0x4194f0 IsValidLocale
0x4194f8 FormatMessageW
0x4194fc GetModuleHandleW
0x419500 FindNextFileW
0x41950c LocalFree
0x419510 GetCommandLineW
0x419514 CopyFileW
0x419518 SetFileAttributesW
0x41951c GetFileAttributesW
0x419520 GetDriveTypeW
0x419528 DeleteFileW
0x41952c WriteProcessMemory
0x419530 VirtualProtect
0x419534 MulDiv
0x419538 IsBadReadPtr
0x41953c HeapDestroy
0x419540 HeapCreate
0x41954c InterlockedExchange
0x419558 GetVersion
0x41955c OutputDebugStringA
0x419560 GetVersionExA
0x419564 GetExitCodeProcess
0x419568 GetConsoleOutputCP
0x41956c WriteConsoleA
0x419570 LCMapStringA
0x419574 CreateFileA
0x419578 GetLocaleInfoA
0x41957c SetFilePointer
0x419580 GetStartupInfoA
0x419584 SetHandleCount
0x419588 GetFileSizeEx
0x41958c GetStringTypeA
0x419598 lstrcpyW
0x41959c LocalReAlloc
0x4195a0 LocalAlloc
0x4195a4 lstrlenW
0x4195a8 lstrcmpiW
0x4195b4 OpenEventW
0x4195bc VirtualQuery
0x4195c0 lstrcpynW
0x4195c4 GetThreadLocale
0x4195c8 GetFileSize
0x4195cc lstrcmpA
0x4195d4 VirtualQueryEx
0x4195d8 SuspendThread
0x4195dc SizeofResource
0x4195e0 SignalObjectAndWait
0x4195e4 SetFileAttributesA
0x4195e8 RemoveDirectoryA
0x4195ec ReadProcessMemory
0x4195f0 OpenFileMappingA
0x4195f4 OpenFileMappingW
0x4195f8 LockResource
0x4195fc LocalSize
0x419600 LoadResource
0x419604 LoadLibraryExA
0x419608 GlobalReAlloc
0x41960c GlobalMemoryStatus
0x419610 GlobalHandle
0x419614 GlobalFree
0x41961c GetThreadContext
0x419620 GetTempPathA
0x419628 GetPriorityClass
0x41962c GetFileTime
0x419630 GetDiskFreeSpaceA
0x419634 GetDiskFreeSpaceW
0x419638 GetComputerNameA
0x41963c FreeResource
0x419640 FormatMessageA
0x419644 FindResourceA
0x419648 FindResourceW
0x419658 EnumCalendarInfoA
0x41965c DeleteFileA
0x419660 CreateRemoteThread
0x419664 CreateProcessA
0x419668 CreatePipe
0x41966c CreateMutexA
0x419670 CreateFileMappingA
0x419674 CreateDirectoryA
0x419678 CopyFileA
0x41967c Beep
0x419680 CreateEventA
0x419684 GetVolumePathNameW
0x419688 SetThreadUILanguage
0x41968c FindResourceExW
0x419690 CreateSemaphoreW
0x419694 OpenSemaphoreW
0x419698 GetComputerNameW
Library USER32.dll:
0x4196a4 GetDesktopWindow
0x4196a8 GetClipboardOwner
0x4196ac GetThreadDesktop
0x4196b0 GetCaretBlinkTime
0x4196b4 DestroyWindow
0x4196b8 GetKeyState
0x4196bc IsIconic
0x4196c0 GetTopWindow
0x4196c4 GetSysColor
0x4196c8 GetListBoxInfo
0x4196cc IsWindowVisible
0x4196d0 ToUnicode
0x4196d4 MapVirtualKeyW
0x4196d8 GetMenu
0x4196dc TrackPopupMenuEx
0x4196e0 SetMenuItemInfoW
0x4196e4 NotifyWinEvent
0x4196e8 SetCursorPos
0x4196ec GetCursor
0x4196f0 LoadCursorW
0x4196f4 CreateCursor
0x4196f8 CreateIconIndirect
0x4196fc GetCursorInfo
0x419700 RegisterClassW
0x419708 TrackMouseEvent
0x41970c GetMessageExtraInfo
0x419710 GetWindowTextW
0x419714 EnumWindows
0x419718 RealGetWindowClassW
0x41971c TranslateMessage
0x419720 DispatchMessageW
0x419724 GetQueueStatus
0x41972c SetTimer
0x419730 KillTimer
0x419734 SetWindowsHookExW
0x419738 UnhookWindowsHookEx
0x41973c CallNextHookEx
0x419740 CharNextExA
0x419744 MessageBoxW
0x419748 ToAscii
0x41974c GetKeyboardState
0x419750 IsZoomed
0x419754 PeekMessageW
0x419758 SetCaretPos
0x41975c GetDC
0x419760 ReleaseDC
0x419764 DestroyIcon
0x419768 DrawIconEx
0x41976c GetIconInfo
0x419770 HideCaret
0x419774 DestroyCaret
0x419778 CreateCaret
0x419780 GetKeyboardLayout
0x419784 GetAsyncKeyState
0x419790 SetClipboardViewer
0x419794 LoadIconW
0x419798 RegisterClassExW
0x41979c GetClassInfoW
0x4197a0 UnregisterClassW
0x4197a8 GetAncestor
0x4197ac DestroyCursor
0x4197b4 SetParent
0x4197b8 GetParent
0x4197bc SetWindowLongW
0x4197c0 GetWindowLongW
0x4197c4 ScreenToClient
0x4197c8 ClientToScreen
0x4197cc SetCursor
0x4197d0 AdjustWindowRectEx
0x4197d4 GetWindowRect
0x4197d8 SetWindowTextW
0x4197dc InvalidateRect
0x4197e0 EnumDisplayMonitors
0x4197e4 GetMonitorInfoW
0x4197e8 LoadImageW
0x4197ec GetSysColorBrush
0x4197f0 SetWindowRgn
0x4197f4 GetUpdateRect
0x4197f8 EndPaint
0x4197fc BeginPaint
0x419800 SetForegroundWindow
0x419804 GetForegroundWindow
0x419808 EnableMenuItem
0x41980c GetSystemMenu
0x419810 GetSystemMetrics
0x419814 ReleaseCapture
0x419818 SetCapture
0x41981c GetCapture
0x419820 SetFocus
0x419824 SetWindowPlacement
0x419828 GetWindowPlacement
0x41982c SetWindowPos
0x419830 MoveWindow
0x419834 FlashWindowEx
0x419838 IsChild
0x41983c CreateWindowExW
0x419840 DefWindowProcW
0x419844 AttachThreadInput
0x419848 PostMessageW
0x41984c SendMessageW
0x419854 MessageBeep
0x419858 GetDoubleClickTime
0x419860 GetCursorPos
0x419864 GetClientRect
0x419868 GetFocus
0x41986c ShowWindow
Library GDI32.dll:
0x419874 GetTextAlign
0x419878 GetDCPenColor
0x41987c CloseMetaFile
0x419880 CreateMetaFileA
0x419884 FillPath
0x419888 GetFontLanguageInfo
0x41988c GetSystemPaletteUse
0x419890 GetLayout
0x419894 GetDeviceCaps
0x419898 GetCharABCWidthsI
0x4198a4 SelectClipRgn
0x4198a8 GetRegionData
0x4198ac CreateBitmap
0x4198b0 ExtTextOutW
0x4198b4 SetWorldTransform
0x4198b8 CreateCompatibleDC
0x4198bc DeleteDC
0x4198c0 DeleteObject
0x4198c4 GetDIBits
0x4198c8 SelectObject
0x4198cc CreateDIBSection
0x4198d0 SetTextAlign
0x4198d4 SetTextColor
0x4198d8 SetGraphicsMode
0x4198dc GetGlyphOutlineW
0x4198e4 GetCharABCWidthsW
0x4198e8 GetBitmapBits
0x4198ec BitBlt
0x4198f0 CombineRgn
0x4198f4 CreateRectRgn
0x4198f8 OffsetRgn
0x4198fc SetBkMode
0x419904 CreateDCW
0x419908 EnumFontFamiliesExW
0x41990c CreateFontIndirectW
0x419910 GetFontData
0x419914 GetStockObject
0x419918 AddFontResourceExW
0x419928 GetTextMetricsW
0x41992c GetObjectW
0x419930 GetTextFaceW
0x419934 ChoosePixelFormat
0x419938 DescribePixelFormat
0x41993c GetPixelFormat
0x419940 SetPixelFormat
0x419944 SwapBuffers
0x419948 GdiFlush
Library ADVAPI32.dll:
0x419950 RegOpenKeyA
0x419954 RegQueryValueExA
0x419958 RegCloseKey
0x41995c RegQueryValueExW
0x419960 OpenProcessToken
0x419964 CopySid
0x419968 FreeSid
0x41996c GetLengthSid
0x419970 GetTokenInformation
0x419974 RegCreateKeyExW
0x419978 RegDeleteKeyW
0x41997c RegDeleteValueW
0x419980 RegEnumKeyExW
0x419984 RegEnumValueW
0x419988 RegFlushKey
0x41998c RegQueryInfoKeyW
0x419990 RegSetValueExW
0x419994 SystemFunction036
0x419998 RegOpenKeyExW
Library SHELL32.dll:
0x4199a8 SHChangeNotify
0x4199ac SHGetFolderPathW
0x4199b0 CommandLineToArgvW
0x4199b4 SHGetStockIconInfo
0x4199bc SHBrowseForFolderW
0x4199c4 SHGetMalloc
0x4199c8 ShellExecuteW
0x4199cc SHGetFileInfoW
Library ole32.dll:
0x4199d4 StringFromGUID2
0x4199d8 CoTaskMemAlloc
0x4199dc CoGetMalloc
0x4199e0 CoUninitialize
0x4199e4 CoTaskMemFree
0x4199e8 DoDragDrop
0x4199f0 OleFlushClipboard
0x4199f4 OleGetClipboard
0x4199f8 OleSetClipboard
0x4199fc CoCreateGuid
0x419a00 OleUninitialize
0x419a04 OleInitialize
0x419a08 RevokeDragDrop
0x419a0c CoCreateInstance
0x419a10 ReleaseStgMedium
0x419a14 RegisterDragDrop
0x419a1c CoInitialize
Library SHLWAPI.dll:
0x419a24 StrChrA
Library MSVCRT.dll:
0x419a2c _except_handler3
0x419a30 __set_app_type
0x419a34 __p__fmode
0x419a38 __p__commode
0x419a3c _adjust_fdiv
0x419a40 __setusermatherr
0x419a44 _initterm
0x419a48 __getmainargs
0x419a4c _acmdln
0x419a50 exit
0x419a54 _XcptFilter
0x419a58 _exit
0x419a5c _onexit
0x419a60 __dllonexit
0x419a64 _controlfp
Library IMM32.dll:
0x419a74 ImmGetVirtualKey
0x419a78 ImmGetDefaultIMEWnd
0x419a7c ImmGetContext
0x419a80 ImmReleaseContext
0x419a84 ImmAssociateContext
0x419a88 ImmNotifyIME
L!This program cannot be run in DOS mode.
`.rdata
@.data
$MQ(REPj
7BvVS99+
B)?~1\'
oYIPMKcC@
#@Zy;/
fOP4n~r~He:
?F2KyR7 gS}
.B5Ly|<
0%Y.GT
"TLeg\
d+3`}]U
EEMQj}
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
EaKPC>~#
.R1:(2I-K
l{JzZo}T
pGb~P<
<E'<>%
/]&6q%s
b an~{T
wyZx3o
uz~'A ?
x:k;Qk=
q^Q9l~tr
%"9tq`R
11sYTO
#k&'GM3.
TH-sr7N
Jm fb6S&
8,*yj[}9H
HQtdJZ
BmFVem
QwiBbl
1/EABO+
3(!)y_
k~]7OzR
I0>_nY
GK-+;
:aSyY?
/Lw:r4
6PN-#B
{yjJEs
[vR-I/
IDv?XVW
=M5dzNwz2d*
dubr0 %
.[TX1:YY5?
V&r^h(#
K]ul&/~yg
W2wo@-
pSW-8'{V_)C
osV$JZ
["(5%k
JPpT+^
rydqlp
phfnB1
:6m:7;
zRAZ?2p*
~lLToIjK
!MY+5W
<mi;TC<
VFVA0;g@
l`[-Vl**{*
/GOj3x
Mj#fT}x}%
R~eq%H
Y$td-:
Gu-27iW
[UZEw
L1M3:#
2(2^}s
8OqhCs)
V^-MgW+{N
RbE 3F
<!he1`AFp
7{g-G{k
lEeO /u
iSZ>[Z
AkcF#[=
-Wc-KX&M:BR
FT^O9x8,r
eP.)%V
9-W")^
hvO?(p
cxqr"@)~2I
GG,=zbC
|6N`YO
9=8g0h
9b[GlQ]1
\@1WC9L0D
&GRZ{`
<i*/M!|1
(f07#B~
53-3uH;
HG+I;r
y>=IAu2N
rQoY~S8
(+l4>x[nb
L?x"PzD
U"^\k<I
QI'/bR
km^nN2-b~
I}_3x5w[y
x$\.bX
axF`;y=2
SVQ{0g/=G
o;R01]
=6asQ1}t
3:-Ttx
(='*oE
ZT4Eq;
o@q2C>:
|j[F~^3
*+>7AI
0lFI~X
l@<wdNh
]d-TXN=,D
}_huq8mh
un,$j>
Mr"iar1
G5Og/3y|
9X}7|b1
ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
cFoCOkLxG
gnjx34jsehgf=11=2chdrh=1
mnh=22z44~o
nlfk1n1awjExX
wjgg`eP>ent<~
`st+`enX
tu`Prxec
bmaZieAfF`e
IetadugHahleX
WrxeFp`e
C}aseQkndmg
gcrtLklFKge
IetMgmpIkth
Crktecle
L5*Thw prcgrae cQfno<,bevunan BS Ucde6
@VMat!
,VWjEfj;
ptS6.tgKf^c
r.!f}t-fArsZc
9M(h@x
tENMfUP
;tAut$
3uO^3S
G8Q^[]
}7Vj=VVO
dtRVcj
tautBMP+ e
t#%y\3
q^_VOe]_
3`E.=VV `u?
\7j0WEo
SVNU8AW
.~kSf/
GD}FsW3>D=F2W3>?'D
=~*'V^
<~;-|;.;_
BM;r_^[
UE@23!
E|(9AB
<z~$<Ar
<~ <-|;.;_
JF;[+^qO
0d9Ch@
GON3QPC
^[;]V[+]]
RV9ryA
G2-lHS0
{_[+]3
BSV/UCM
YmN~J3900
QFfzv0
RAJM;s
AItEEpg
I)SSnI@
2UC`PjhIG
EOmVju
WI^[I]4D4
3CE.I@
;h]W{U
;NBE5NPZ
w3#RSRh
yZY<Vj
ARUIf^V_A
3o?^[?
]@Uy;]X
_^K]3Hl
8ELj|Qn4E9]
9F[5_&5]
F:tv3F$}xF
lEt\uUC
tz\u$U
ftF$@?
]S^3pW%
1PuDW`%
^o+]dt
EZWjO{v
t\utUs
EK||3{P
4apm^x
^Hf7Ny
DBJ_E~gsI
C^[m]t
E3~I<+
%azPu&`
}{U\3)~
au&u5#
ZN-3}Z~
AVWkZE\j
3<vM&EMp
CkK!EECp
9JDq"5#
KHquF01
ChN,!E=u
A-#FDp
CfNEx
~A"FD3
r N03sFH8
FpnHFD
nFg~r|k
GqrF01
mN<$3e
K>0;vr
:FHmF0
r&P03s
@@hH@DxD
BHl@01G
CoDADF
s;;xI;;
@HJs@0qG
RVkxUE
0N8I0~
KHqqF0A
JHpF0G
~@AFDCu
HHqpF01G
V~0C-yuE
JH1sF0qG
MHqrF0G
@Au9;v
@AFDsp
FnHFD~DBk;r_!p}E
vF(^DO
F8N0B4s
KH1tF0qG
JGuF0G
jNltT_
jIHF012H
]_Il'H^[
;MbFDp
q7RPy{
F'^\&E%M
kG\_CK
+~YD7DP
f;(0fF
G<2(oW
G<2(bwH
U+vHqE
G<y/(OP
G<K0(wlw
W @,_&4
UL3_^7[{]
ESVkWM
EXHi&%
uEo]fl
OUDT('E8
f;s/f{O
u"MUtbE
B^`])0
E+"(]7uF(E+@E7
.!F4IF
pNPEP@
FE( Nu
+E@wMx
^+]<)U]
\=w;K~h{1h
0'FlVG
+8YTU]w
~ F(Fl
GPV8J#o
/e@0#o?
LK!Mu8T
M(D} t>r#=
\9D;1]
@|K'#Mt
6En0L}
;K+}"ET
fqb+wU|
UL&~$J
@uA0s|F
CGl$[#;
|Fx\ ;
UqGU8D
VSw5-8
wjF`~G
wE?kFP
{<2i;;rNC
$@@8W=A
MIMdyA
+~U9;Wr
Ew'Q:S*;]
%Ut'reE7P
|OGOZU
@X@M)[:;1\";
(HC~Aq{
A\%s!G2
"+Tm*UD
CDWv[]s
P `
@RV/%B`H
;LVZ@3.#
N/Qot;
C^^]C_Vg%
f9BvtS^f9][\
$MO'*?
5DV_`Q|
92#A-`'
HQHP!#AP
@?I%#A
\OE5E
x2N/{-P
p K%oDS
tv>ZJv
*Cs?'
L;9w\{
DwBC?V.
TuD0doUCQnO=GE!v
D1d,?U<r}ufGEqM)QD
@?P%_#A0=g
p?<\Fn
PavRts'
po{`'f
<s6U?#
Xj9Q?;
LpJ?7'wR
D%`Jpa~
+D/s},~EH^
%KE|4,D
[_N{q}_
vD[H?N
@Jq#AKl
gJg>+_
DK6Bcjm|"O3E0'^D
(ldE8BD3r
Eu=^Ei~DvT?E@q
%E V4Dv
j'Uc.D4
lqo4%%
xx3|iw@
XA8Q?Z
P'lo3#ny
8't{;#:_/6
0'G$?C"
x'B5ZK
S'"]+7
'!c?["KX
x%+h| .x5
p$^So
ZU"4?#
LRN@Zm
;W?NE=
&!EL C{&zoMX
E8'jCAN~m
C&BT?N
[ua"uI
X")/k[m@8
P;|eZjc
X)99/Zr
XN ozo(L
fi-/mY
PDjbiI
p@l-r.
X'Jozp
xlFE&wL5L4>
p]}|cSZEhQzWC
LR E(j
4$}a*E
+p%EF>
H?V*X6s
80JyF5m+,E
CCE*$?JYK
#CrIq'q-EuWE
J;<}QsE
Yk]JmX
AdgAjk]S
2}"'E]5
hI%?J+
hL^4?z
a@Aof F
|$f?"'%
hc&3?*
,??{BLr
lz{B"'B
;?;{HT
rR*0stY
rm.2os
@qeR5/
i/pkFt
?*p'<@
2p[~i(
Ts.t^sh
lrNx{?vrd%Vo
LQ_yV}F
E8\vCg]
NE{;C/
Lh=h_Ec
AC5;/C_}Q
SE8j8C(
g-f0dE
EXnlC+
Vlwt38.J
;k[4D4
fE&w@pwl
_EYj@ b
Aa3<nO
dG8D3b@
}xNm`Nh8
eu$F!|B+}
D}+#Ap.$
"Tx}vG
Gp}w'B
0!Dp}v
Cp}w&D?U
rPZF<r
Er90qu${7 \Ho,
q2s7vt%
soWWc:Wj
Kq2scptB
eK3}M|
jbDW[ps
m#fIZ[
sJ=, b[
Zru$;<
ZrGem}+
rvYp!HU-T'{Y
LYox%o
Hvkl5s
pj>UC!
xEdgqC
cEdvsC0tJt n
G0TiEo_
=Ev);C'r/K|);}T
C:M/XL-xEK.sp
/}{UMX
-'=7Ci
)eMrU0$P$d
?S8D`\2S@+
9&RxthY
v^}GCT
bNTC%F}
Vn}[HB
3aI}D]
o@Ie[J
PK0&{o\
`Z,M8zuTcpbM@m9
w0ZMHa?}D
]q=lRR
sN=Y=cT(
>8UpQWMJ|@ 6
]E$5[-CE
D<)n_E%C+oD
=GsE:@GpvE
Mw3u9O
p@fr"w?$0
1c->:#w>
|@f3s"hB$Xt
h8nHipe+
A0\=VM'
fB$$j^
di@di0di
Ntd$f*t!g
Is3]fi
^[k[s3h$
Vh'A^i`
0qIHCH"Apd)1
(pag+A
KUzLw~
;5Sj_i_
jmTjXh%KP
<A$l:Z
8Q~9\IEG
UW CNWt
j@ZDSy\
yf}Njsi<
ApCr(RQzPj
|ms;;h
?UQeydP
HP<g(H
=sXwuF
E%Atu@
Ap_]C%
03w9U
02f1w-?
:f?pbipE
NOY_[S]
A0u-VE
^Tj|Cj
}NmNjAiAipAipC'
6TW(#(A
E9E 9h
A@R\Dt#
AM\[;[4D4
:T;@sn
@:K`Tj
?"Atw?
1SUx~~;
1>AFA1
*Ku?k
ZB9a11Y
&I`^"1;
w$ksp9v6
%765o#`o+L"
{rGRAa.iREZ
6TM5+92`
{!%xWc
yq6Z_ws<
5.ctiP
mVXW.E#
{QS}?
9ww!e[x
,C-$]&k
-'@{{O}
s6HCNC/|
v>Oip3gJ#P>
6-sGd=Q
_F=E4F
D_8(&K
!i_#5M
Vf5d9+
r3uC~u
gw*j**
}*rgic
hrd'nN*:* h(s
sqofg_~
*cg`g|g/*"|$**-e.t
~jiaeh
cpcockuao_
u$tq*a
(S#7K]g:Dp
XKr&mg
E$c%R<3v
`$+.c%b}
[NYZ%H6{q
\G-#s7{0'[
Ut;Q[H
Q$F3YSJ
gsa,p
aRj'6Ny/o\
{c"Yj5?
8upyq]_J
6k`oULn!#12&
1W={42rc
KM.?MSE8P*DAf
32*9pd
rL7f$x=
LJTf[G=Q$w%C]
BP$w2N
O$wyBS
/fW9;}V}G%)aX
|F$wi*G
}F$wyF
3PYz*H@X
qU1hQm\
n^N1\Okx@
lI|m\O1hKze\
jh{Ir\{
ygHs1D|1>hyTo<3Nq(kD1+fQ1
rQqErHs
3Qre>1
^Kx2D|[Js5rDsLl
y<{D~-3Cr#r
|dHszTt1@kpy@okU|yDyj@ntk>1pq@n`
zhEnuwCmu]E|1RzY2Mt4i
t7jDek
S1\QtUlDn1E|1Etf
i,lKx-2Kx
zO|+N|+Nrq>xKokM1tuHyu+Hy+?|rtE1cxBu]+>
-O|O1cB1jOyE1$U|>K14nTn,Hm3nQ1tLpt
wnNxX-UujF1o?nq7r
'uEtRX
4T%gP[
p}82*De<
Dp0;L!}??
rJcI`oXLH~cj
Nrm}JkErn}^oOxmsx3pHr7Goh7Pl
M@6@hj
zdD1xlQqnDedOxpDqmDywDdlHnv@sn
toJmu}Yx5Roi
p@nOtY6Eh4j
nHs5QtkDy5vH~R6?t-6Ts!y>vxEioDmqJ
+@~+UtkD1vTs}+DkluUnc@o~tUnj>ow
qsDnuiOriU1uGh2e
e(K1"|O1
h>q,OxwNi5xUnU
Mq}Mr,u
{5rR1.lHy=|
C1qJq-Q|tKi~D|n
opsErt-?hv
t}t?h~-StljDoumU|e@1rLpsU1tM12qTo2{
u6dNm6d
mmU|+Nt
u@1zMq5mMtz
nFrH~B
l}8r<RT
|lz8q'y
CIoJw,
h6:M8E@
<"0C=N0
4<>4^<4
5;D5u;a
5,;5=5C>5=18191':32p:
/:.:#0;(5<4
5=]6>S3'?B3M?83d?
3u?s3?
]3?73?"3?2?+H
08g0(;0O;0<;0/;0b8
1O8181481818
2K9,2M
9m292927;35h3
636363
4>5N<5<
6:7g08.:N1Y<^5:
8s08)2v6
5s:6;7;708q3=91R9[392>>5@J
_:0b8%2E8919C08:/E;61g;5I>'4'?Y
88080:2w7{8
282G9/29
39/_:'/:/M>
?W43?pi@
=4=4=4=4=4=4=4=4
6>?6>n6Y>
7==7~=N7=v7
7O;8e8o8oy8
8+9[9jp9
:^ :3:5E:W:
i:3x:~:g>
1Lo9Z}9?9_9
:j-:?<:
8ce;1<*@<P<0o
R=b=W==
>1>k>e>G>
?)?eB?P?\??
000u0001
1R/1;T1$
111112
x9%:::G:z:
;(<D<X<&j<
|<<<Z<T<<
=A=V=L
=N==+=
?U1?f?!
07+0-z000d0
1716T1
1;2!2M2
K3[_31
5T?55f5
6*6FM6%j6R}6
6>7t_777
9w09XJ9[9
99R-:I:#
L;ELEnE
tEhEJEyiExiE{
EzjE}EtE
EC"Rh,
US"Ja
[l;EOErElEgEOEtEmE}ElE
}EEHE}EtLE
EqvEhE
ErsEmhEDqE?>E6?EI3E(iE+qE*qE%
B{ZEA@#K_K$r"W't
?'xSM(l"GY3?T
ApUB+=CK1L
BlkE@6KWN5L
@Ma?:S_KDS"JIc
AxU1BG
CWMHi"RQ
[,E\M]UB
^]ZMlE
uEyEwExElEoELEo
EoEnEjE
SS Hjt
WEsEzExEwEkEpEFEzEgEgE
Eq\I}]
E\U1]Z
C"[Ld#
Me]QVQ
m0EC"G
Q}S"O!
P]Z- d
m%EC"B
K"^Plj@q
\EHThS
B<iC"A
hS"N$P
KplVSC
KHS"O4P"@
DBI\MZUB
Eu]Ze]
GTM%K"WLEKT<
RlRTPdO
GetModuleHandleA
VirtualAllocEx
CloseHandle
CreateSemaphoreA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetProcAddress
GetSystemWindowsDirectoryA
GetVersionExW
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
GetLocaleInfoW
GetConsoleAliasW
WriteProfileSectionA
lstrcpynA
GetStdHandle
CopyFileExA
GetUserDefaultUILanguage
DuplicateHandle
GetCurrentProcess
CreateThread
SetThreadPriority
TerminateThread
ResumeThread
GetSystemInfo
WaitForMultipleObjects
CreateFileW
FlushFileBuffers
GetFileType
GetLogicalDrives
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
SetErrorMode
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
DeviceIoControl
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryPerformanceCounter
GetCurrencyFormatW
GetTickCount
FindFirstFileExW
GetTimeFormatW
GetStartupInfoW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetModuleHandleExW
GetVolumeInformationW
lstrcmpW
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetACP
HeapFree
HeapAlloc
LCMapStringW
EnumSystemLocalesW
DecodePointer
HeapReAlloc
GetCPInfo
SetEnvironmentVariableA
WriteConsoleW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FindFirstFileExA
HeapSize
GetDateFormatW
GetThreadPriority
GetCurrentThread
ResetEvent
LoadLibraryW
GetSystemDirectoryW
CreateEventW
WaitForSingleObjectEx
SetEvent
GetConsoleWindow
OutputDebugStringW
FindNextChangeNotification
GetLocalTime
GetSystemTime
GetUserDefaultLCID
CompareStringW
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
GetUserDefaultLangID
CreateProcessW
ExpandEnvironmentStringsW
IsValidLocale
IsValidLanguageGroup
FormatMessageW
GetModuleHandleW
FindNextFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
LocalFree
GetCommandLineW
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
QueryPerformanceFrequency
DeleteFileW
WriteProcessMemory
VirtualProtect
MulDiv
IsBadReadPtr
HeapDestroy
HeapCreate
GetWindowsDirectoryW
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
GetVersion
OutputDebugStringA
GetVersionExA
GetExitCodeProcess
GetConsoleOutputCP
WriteConsoleA
LCMapStringA
CreateFileA
GetLocaleInfoA
SetFilePointer
GetStartupInfoA
SetHandleCount
GetFileSizeEx
GetStringTypeA
SystemTimeToFileTime
GetEnvironmentStrings
lstrcpyW
LocalReAlloc
LocalAlloc
lstrlenW
lstrcmpiW
GetEnvironmentVariableW
SetProcessShutdownParameters
OpenEventW
FreeEnvironmentStringsA
VirtualQuery
lstrcpynW
GetThreadLocale
GetFileSize
lstrcmpA
WritePrivateProfileStringW
VirtualQueryEx
SuspendThread
SizeofResource
SignalObjectAndWait
SetFileAttributesA
RemoveDirectoryA
ReadProcessMemory
OpenFileMappingA
OpenFileMappingW
LockResource
LocalSize
LoadResource
LoadLibraryExA
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalFree
GetWindowsDirectoryA
GetThreadContext
GetTempPathA
GetPrivateProfileStringW
GetPriorityClass
GetFileTime
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetComputerNameA
FreeResource
FormatMessageA
FindResourceA
FindResourceW
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
DeleteFileA
CreateRemoteThread
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateDirectoryA
CopyFileA
CreateEventA
GetVolumePathNameW
SetThreadUILanguage
FindResourceExW
CreateSemaphoreW
OpenSemaphoreW
GetComputerNameW
ProcessIdToSessionId
KERNEL32.dll
GetDesktopWindow
GetClipboardOwner
GetThreadDesktop
GetCaretBlinkTime
DestroyWindow
GetKeyState
IsIconic
GetTopWindow
GetSysColor
GetListBoxInfo
IsWindowVisible
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetCursorInfo
RegisterClassW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
EnumWindows
RealGetWindowClassW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
MessageBoxW
ToAscii
GetKeyboardState
IsZoomed
PeekMessageW
SetCaretPos
ReleaseDC
DestroyIcon
DrawIconEx
GetIconInfo
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
GetKeyboardLayout
GetAsyncKeyState
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
LoadIconW
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyCursor
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
PostMessageW
SendMessageW
SystemParametersInfoW
MessageBeep
GetDoubleClickTime
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
ShowWindow
USER32.dll
GetTextAlign
GetDCPenColor
CloseMetaFile
CreateMetaFileA
FillPath
GetFontLanguageInfo
GetSystemPaletteUse
GetLayout
GetDeviceCaps
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
SelectClipRgn
GetRegionData
CreateBitmap
ExtTextOutW
SetWorldTransform
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CreateDIBSection
SetTextAlign
SetTextColor
SetGraphicsMode
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetBitmapBits
BitBlt
CombineRgn
CreateRectRgn
OffsetRgn
SetBkMode
CreateCompatibleBitmap
CreateDCW
EnumFontFamiliesExW
CreateFontIndirectW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetObjectW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GdiFlush
GDI32.dll
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
OpenProcessToken
CopySid
FreeSid
GetLengthSid
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
SystemFunction036
RegOpenKeyExW
ADVAPI32.dll
SHInvokePrinterCommandW
SHCreateDirectoryExW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
SHGetStockIconInfo
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHELL32.dll
StringFromGUID2
CoTaskMemAlloc
CoGetMalloc
CoUninitialize
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoCreateGuid
OleUninitialize
OleInitialize
RevokeDragDrop
CoCreateInstance
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
CoInitialize
ole32.dll
StrChrA
SHLWAPI.dll
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
MSVCRT.dll
_onexit
__dllonexit
_controlfp
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME
ImmGetCompositionStringW
IMM32.dll
E$8o]t+
QTPFKBNEZJCUUDRGTM0
190516115005Z
391231235959Z0
QTPFKBNEZJCUUDRGTM00
;"!~sXV
QTPFKBNEZJCUUDRGTM
k3}0~I`e]
&UnrienaO(_CC
+Gu3,Gak/1
QTPFKBNEZJCUUDRGTM
18991230000000Z0/
-I$EwD%
1S0Q0O0M
050!0
QTPFKBNEZJCUUDRGTM
@j\>@wH
*Wq2H2
<d\iP6e`4
LG&f:.BF~s
UM[CEfm)}
20190517011850Z
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
190502000000Z
300801235959Z01
Greater Manchester1
Salford1
Sectigo Limited1,0*
#Sectigo RSA Time Stamping Signer #10
QPVxcp
T9X[/E1
+L,K(":f
&kody\Sk+
yU\Iq7kblY[
y]|K]
8jQ:kL
)r\J/{
-oA5$cY
1%5oj[
AwE(5_
https://sectigo.com/CPS0D
=0;09753http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.sectigo.com0
;$z7E,
~KJtCe
%B/TEl
ctu6E{
oft|F6x-0
New Jersey1
Jersey City1
The USERTRUST Network1.0,
%USERTrust RSA Certification Authority0
190502000000Z
380118235959Z0}1
Greater Manchester1
Salford1
Sectigo Limited1%0#
Sectigo RSA Time Stamping CA0
GI4Eed
yF*Z]IMrV
VF `~M
&S `iX
0g+F5L`
0t!bV!s
U9T-&E
@WsqJ}E6
S}9X2o
SyZ+JT
AwE(5_
I0G0ECA?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
;'ZIY)la
XxHvDgmC
rRj;B7|
mAmgo=
K^+B!oZ%pbsc^J=
AAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAA
AAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAAAAAAAAAAAA
AAAAAAAAA
AAAAAAAA
AAAAAAAAA
AAAAAAA
AAAAAAA
AAAAAA
AAAAAA
AAAAAAAAA
AAAAAAA
AAAAAAA
AAAAAAA
AAAAAAAA
<<<Obsolete>>

Process Tree

0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f.exe, PID: 616, Parent PID: 2224

default registry file network process services synchronisation iexplore office pdf

0d7029590eb38ce9f0e8e0f23fcec352133cdc9904ac346b81c2cdd663b6305f.exe, PID: 2708, Parent PID: 616

default registry file network process services synchronisation iexplore office pdf

explorer.exe, PID: 1412, Parent PID: 1304

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 58485 8.8.8.8 53
192.168.56.101 57665 114.114.114.114 53
192.168.56.101 52215 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

Source Destination ICMP Type Data
134.101.222.153 192.168.56.101 3

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.