3.8
中危
62 个模型检测该样本为恶意!
重新分析
更多

0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7

0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7.exe

分析耗时

277s

最近分析

376天前

文件大小

200.3KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM BRMON
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.80
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Malware-gen 20200222 18.4.3895.0
Baidu None 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200222 2013.8.14.323
McAfee Packed-FCX!5C0AC62D93D6 20200222 6.0.6.653
Tencent Malware.Win32.Gencirc.10b0a5d3 20200222 1.0.0.1
静态指标
查询计算机名称 (1 个事件)
Time & API Arguments Status Return Repeated
1727545340.921125
GetComputerNameW
computer_name: TU-PC
success 1 0
使用Windows API生成加密密钥 (3 个事件)
Time & API Arguments Status Return Repeated
1727545340.921125
CryptGenKey
provider_handle: 0x002b16c8
algorithm_identifier: 0x0000a400 (CALG_RSA_KEYX)
flags: 134217729
crypto_handle: 0x0028b480
success 1 0
1727545340.921125
CryptExportKey
crypto_handle: 0x0028b480
crypto_export_handle: 0x00000000
blob_type: 6
flags: 0
buffer: ¤RSA1_e"ÑaP‹º‡›u>×s¾³|sɈÛ-`#<‰OK䜩6d\Ê32*]•ývÿs²nã],k¼…D[hOâtë©avÂþ‹‰*Í󭨓#N¢aÇF$ðUG£à´Ÿð»»ª8ºLµ߄Yc6åÇÛ½ÈÄ£C‘(¡XÅf֍Y,ʧ²Ü¤Œ{:m\ó5iÚÇʏ&WBîO2øåšò2K¿k­)1=²?¹EÒPc`ŠûDšziRY(aàoÉOÏT+é×fv`l‰^,ãۊzõ.2Éü©ÒKevfW²cèé쾌¤î)®ÑçVۚ›d‘å©È¤Û ]qû›
success 1 0
1727545340.921125
CryptExportKey
crypto_handle: 0x0028b480
crypto_export_handle: 0x00000000
blob_type: 7
flags: 0
buffer: ¤RSA2_e"ÑaP‹º‡›u>×s¾³|sɈÛ-`#<‰OK䜩6d\Ê32*]•ývÿs²nã],k¼…D[hOâtë©avÂþ‹‰*Í󭨓#N¢aÇF$ðUG£à´Ÿð»»ª8ºLµ߄Yc6åÇÛ½ÈÄ£C‘(¡XÅf֍Y,ʧ²Ü¤Œ{:m\ó5iÚÇʏ&WBîO2øåšò2K¿k­)1=²?¹EÒPc`ŠûDšziRY(aàoÉOÏT+é×fv`l‰^,ãۊzõ.2Éü©ÒKevfW²cèé쾌¤î)®ÑçVۚ›d‘å©È¤Û ]qû›­Ó.:“–Ø›ð^zD€r ¬~J<†w{+еᘡQÜW¿Oºó$sýÌrNǒtïª]Í2÷ΪivÃBRN…+ eþ%͉x±Ö—€ ÿÿ­ˆ¦Ë«æ"¡×êNJ¸¸–öî˜þ:”Î>ÖFêúÿT†?Ö»ž¤¨€XBÄh…3.A@àkÑ|åûûꍜ$˜£8†Qe}’öxÉÝeš^øq3xKÝ‚É ׁyÀG‚ºo\ªâz±ÙVîè<G†k __¦Ažaø(eœ)¼lO´ sc¦¡¿õoòFˆüóúÙ»n¥ª”R­ƒaº¹‰*Æõ*‡j¢Ìò›ÐöK/1h7^òKÑæˆ?cµ´^ZŠ¡»Š°k Hr‰WñÉÕҔ4YܳêAðç3ˆÞãˆ%ƒ¿ :RÞnYã*ÂÇbr{;bAæL²Ž ­Á[Ï;-óRW{¦¾¬÷äbˆ…k¤¥÷ óÕ~žÀ±nL´ë¾`z:x e6Dñ¥¼ù=ÕMqÁN  ˜‚䦱¿Zár…ýL_Ç|À‚Þº¿žóÇ Ëúÿ{Ì¿¢Ù­|¤`ÏBíŸ2CöXǸ@÷y»pX?XOe EEjÓužžÑr M³ô—pêB^äk+Áf \z­•{µ©ÚiLdwNE¼‰¾*½ûÿ‰¬¶  "ŽQY¬ Ï)øÎgÂ̗ö^x]3ZîH*¦e ûêí¬ƒÙl‹§ö5ÿ jº>ÔjuJ.•sw(7҈aÉJ÷8q>ÒÓ§ô?ºK‰ñ?Ö@|0 ˜™X#Mh%•ú$ø£Ç!¦Öß݄apÁ¾1=/½c?xÔ4ÑW†úœzíNÄ*•a!'®KRöTÞ®Aü¿qE ƒ€àËé9ã{Úþ¹3é3®ù=ÐÁŽÿ‚b½Lº²ÇùÇíaêÒêÜ"}Ɲâl҈˜­Ñö½…i€Mʨ‘p›ÌÉ âQ›Ì®›ÿÞꫯ<¡+˜ô|î¼#N¯L°–:p­õ·([Cܳ¦ j˜\TRxô°-¥±oHE½››ocøö› z‚ ”C‡_’säÊÉ )Dà˜áɨˆï€¬,í,rì´ÒBËtÙ‚e&…PéÁÂ%Ä3˜/êGŒ
success 1 0
检查系统中的内存量,这可以用于检测可用内存较少的虚拟机 (50 out of 88 个事件)
Time & API Arguments Status Return Repeated
1727545341.6715
GlobalMemoryStatusEx
success 1 0
1727545343.343
GlobalMemoryStatusEx
success 1 0
1727545345.015875
GlobalMemoryStatusEx
success 1 0
1727545346.328375
GlobalMemoryStatusEx
success 1 0
1727545347.62525
GlobalMemoryStatusEx
success 1 0
1727545348.921125
GlobalMemoryStatusEx
success 1 0
1727545350.234625
GlobalMemoryStatusEx
success 1 0
1727545351.5315
GlobalMemoryStatusEx
success 1 0
1727545352.828375
GlobalMemoryStatusEx
success 1 0
1727545354.12525
GlobalMemoryStatusEx
success 1 0
1727545355.421125
GlobalMemoryStatusEx
success 1 0
1727545356.734
GlobalMemoryStatusEx
success 1 0
1727545358.015875
GlobalMemoryStatusEx
success 1 0
1727545359.31275
GlobalMemoryStatusEx
success 1 0
1727545360.609625
GlobalMemoryStatusEx
success 1 0
1727545361.9065
GlobalMemoryStatusEx
success 1 0
1727545363.203375
GlobalMemoryStatusEx
success 1 0
1727545364.50025
GlobalMemoryStatusEx
success 1 0
1727545365.796125
GlobalMemoryStatusEx
success 1 0
1727545367.093
GlobalMemoryStatusEx
success 1 0
1727545368.390875
GlobalMemoryStatusEx
success 1 0
1727545369.68775
GlobalMemoryStatusEx
success 1 0
1727545371.015625
GlobalMemoryStatusEx
success 1 0
1727545372.328375
GlobalMemoryStatusEx
success 1 0
1727545373.640875
GlobalMemoryStatusEx
success 1 0
1727545374.93775
GlobalMemoryStatusEx
success 1 0
1727545376.250625
GlobalMemoryStatusEx
success 1 0
1727545377.56275
GlobalMemoryStatusEx
success 1 0
1727545378.859625
GlobalMemoryStatusEx
success 1 0
1727545380.1565
GlobalMemoryStatusEx
success 1 0
1727545381.453375
GlobalMemoryStatusEx
success 1 0
1727545382.765875
GlobalMemoryStatusEx
success 1 0
1727545384.06275
GlobalMemoryStatusEx
success 1 0
1727545385.359625
GlobalMemoryStatusEx
success 1 0
1727545386.6565
GlobalMemoryStatusEx
success 1 0
1727545387.968
GlobalMemoryStatusEx
success 1 0
1727545389.265875
GlobalMemoryStatusEx
success 1 0
1727545390.56275
GlobalMemoryStatusEx
success 1 0
1727545391.859625
GlobalMemoryStatusEx
success 1 0
1727545393.1565
GlobalMemoryStatusEx
success 1 0
1727545394.468375
GlobalMemoryStatusEx
success 1 0
1727545395.75025
GlobalMemoryStatusEx
success 1 0
1727545397.046125
GlobalMemoryStatusEx
success 1 0
1727545398.343
GlobalMemoryStatusEx
success 1 0
1727545399.640875
GlobalMemoryStatusEx
success 1 0
1727545400.93775
GlobalMemoryStatusEx
success 1 0
1727545402.250625
GlobalMemoryStatusEx
success 1 0
1727545403.5315
GlobalMemoryStatusEx
success 1 0
1727545404.859625
GlobalMemoryStatusEx
success 1 0
1727545406.1565
GlobalMemoryStatusEx
success 1 0
文件包含未知的 PE 资源名称,可能指示打包器 (4 个事件)
resource name GINILEVUSUBO
resource name KJBN
resource name TUSIDAFOHIXEKAHOTIYIWIFUVUDAMO
resource name XOFEZAVUYUBOKEJUNIKUDI
一个或多个进程崩溃 (50 out of 761 个事件)
Time & API Arguments Status Return Repeated
1727545336.421125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 1
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 0
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.421125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.437125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.453125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.468125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.484125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
1727545336.500125
__exception__
exception.address: 0x767891a2
exception.instruction: mov cl, byte ptr [eax]
exception.instruction_r: 8a 08 40 84 c9 75 f9 2b c2 eb 11 8d 50 02 66 8b
exception.symbol: WaitForInputIdle+0x8b GrayStringA-0x2b3 user32+0x591a2
exception.exception_code: 0xc0000005
registers.eax: 0
registers.ecx: 2130563072
registers.edx: 1
registers.ebx: 0
registers.esp: 1636048
registers.ebp: 1636104
registers.esi: 0
registers.edi: 1637733
stacktrace: 
GrayStringA+0x27 GrayStringW-0x9 user32+0x5947c @ 0x7678947c
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1385 @ 0x401385
0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7+0x1eb4 @ 0x401eb4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x76ee33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x775b9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x775b9ea5

 success 0 0
行为判定
动态指标
解析可疑的顶级域名(TLD) (2 个事件)
domain ns1.corp-servers.ru description 俄罗斯联邦域名 TLD
domain ns2.corp-servers.ru description 俄罗斯联邦域名 TLD
分配可读-可写-可执行内存(通常用于自解压) (20 个事件)
Time & API Arguments Status Return Repeated
1727545338.046125
NtProtectVirtualMemory
process_handle: 0xffffffff
base_address: 0x0028b000
length: 106496
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545338.062125
NtProtectVirtualMemory
process_handle: 0xffffffff
base_address: 0x00400000
length: 163840
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545338.078125
NtProtectVirtualMemory
process_handle: 0xffffffff
base_address: 0x00412000
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545338.078125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x01e60000
region_size: 94208
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545338.093125
NtProtectVirtualMemory
process_handle: 0xffffffff
base_address: 0x00412000
length: 77824
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.093125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00070000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.093125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x000b0000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.328125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00100000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.343125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00160000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.593125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00160000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.609125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x00160000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.609125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x000d0000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545339.609125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x000e0000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.000125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x02100000
region_size: 12288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.000125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x02110000
region_size: 12288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.312125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x02100000
region_size: 98304
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.312125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x020a0000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.312125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x032c0000
region_size: 4096
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.312125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x032c0000
region_size: 36864
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
1727545341.312125
NtAllocateVirtualMemory
process_handle: 0xffffffff
base_address: 0x032e0000
region_size: 8192
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
protection: 64 (PAGE_EXECUTE_READWRITE)
process_identifier: 1612
success 0 0
查询磁盘大小,可用于检测具有小固定大小或动态分配的虚拟机 (1 个事件)
Time & API Arguments Status Return Repeated
1727545340.937125
GetDiskFreeSpaceW
root_path: C:\
sectors_per_cluster: 8
bytes_per_sector: 512
number_of_free_clusters: 1782116
total_number_of_clusters: 8362495
success 1 0
在文件系统上创建可执行文件 (1 个事件)
file C:\Users\Administrator\AppData\Roaming\Microsoft\jtvvbr.exe
将可执行文件投放到用户的 AppData 文件夹 (1 个事件)
file C:\Users\Administrator\AppData\Roaming\Microsoft\jtvvbr.exe
搜索运行中的进程,可能用于识别沙箱规避、代码注入或内存转储的进程 (3 个事件)
检查适配器地址以检测虚拟网络接口 (50 out of 88 个事件)
Time & API Arguments Status Return Repeated
1727545342.1255
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545343.781
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545345.093875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545346.390375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545347.68725
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545348.984125
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545350.312625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545351.6095
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545352.890375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545354.18725
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545355.484125
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545356.796
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545358.078875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545359.37575
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545360.671625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545361.9685
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545363.265375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545364.56225
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545365.859125
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545367.156
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545368.453875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545369.75075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545371.093625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545372.406375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545373.703875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545375.00075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545376.328625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545377.64075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545378.921625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545380.2185
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545381.531375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545382.828875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545384.14075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545385.421625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545386.7185
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545388.031
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545389.343875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545390.64075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545391.921625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545393.2345
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545394.531375
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545395.82825
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545397.109125
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545398.421
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545399.703875
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545401.00075
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545402.312625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545403.5935
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545404.921625
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
1727545406.2345
GetAdaptersAddresses
family: 0
flags: 1158
success 0 0
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.rsrc', 'virtual_address': '0x0000d000', 'virtual_size': '0x000210cc', 'size_of_data': '0x00021200', 'entropy': 7.8834095618972} entropy 7.8834095618972 description 发现高熵的节
entropy 0.7794117647058824 description 此PE文件的整体熵值较高
使用 Windows 工具进行基本 Windows 功能 (4 个事件)
cmdline nslookup ransomware.bit ns2.corp-servers.ru
cmdline nslookup zonealarm.bit ns2.corp-servers.ru
cmdline nslookup ransomware.bit ns1.corp-servers.ru
cmdline nslookup zonealarm.bit ns1.corp-servers.ru
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
Attempts to identify installed AV products by installation directory (1 个事件)
file C:\MalwarebytesLABs
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\julhuypgkep reg_value "C:\Users\Administrator\AppData\Roaming\Microsoft\jtvvbr.exe"
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Trojan.BRMon.Gen.4
APEX Malicious
AVG Win32:Malware-gen
Acronis suspicious
Ad-Aware Trojan.BRMon.Gen.4
AhnLab-V3 Win-Trojan/Gandcrab02.Exp
Antiy-AVL Trojan[Backdoor]/Win32.Mokes
Arcabit Trojan.BRMon.Gen.4
Avast Win32:Malware-gen
Avira HEUR/AGEN.1029145
BitDefender Trojan.BRMon.Gen.4
BitDefenderTheta Gen:NN.ZexaF.34090.mu2@a4EFmW
Bkav W32.AIDetectVM.malware
CAT-QuickHeal Trojan.Mauvaise.SL1
ClamAV Win.Packer.Crypter-6539596-1
Comodo TrojWare.Win32.GandCrab.GFOU@7lwhhc
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.d93d6b
Cylance Unsafe
Cyren W32/S-46b68cde!Eldorado
DrWeb Trojan.Encoder.24384
ESET-NOD32 Win32/Filecoder.GandCrab.B
Emsisoft Trojan.Generic (A)
Endgame malicious (high confidence)
F-Prot W32/S-46b68cde!Eldorado
F-Secure Heuristic.HEUR/AGEN.1029145
FireEye Generic.mg.5c0ac62d93d6ba65
Fortinet W32/Kryptik.GUKZ!tr
GData Trojan.BRMon.Gen.4
Ikarus Trojan-Ransom.GandCrab
Invincea heuristic
Jiangmin Trojan.Chapak.fe
K7AntiVirus Trojan ( 00532e3d1 )
K7GW Trojan ( 655333331 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=83)
Malwarebytes Trojan.MalPack
MaxSecure Ransomeware.CRAB.gen
McAfee Packed-FCX!5C0AC62D93D6
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
MicroWorld-eScan Trojan.BRMon.Gen.4
Microsoft Trojan:Win32/Gandcrab.RG!MTB
NANO-Antivirus Trojan.Win32.Encoder.fafuwd
Panda Trj/Genetic.gen
Qihoo-360 HEUR/QVM10.1.697D.Malware.Gen
Rising Ransom.GrandCrab!8.10F7E (TFE:dGZlOgXCBA7YBftdSA)
SUPERAntiSpyware Trojan.Agent/Gen-Kryptik
Sangfor Malware
SentinelOne DFI - Malicious PE
Sophos Mal/Agent-AUL
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2018-04-13 19:53:33

PE Imphash

e2923526c1025bf81115648776bcac8d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00004c32 0x00004e00 6.396375370019134
.rdata 0x00006000 0x00002a44 0x00002c00 4.610147828263935
.data 0x00009000 0x00003964 0x00001200 1.8881045512601484
.rsrc 0x0000d000 0x000210cc 0x00021200 7.8834095618972
.reloc 0x0002f000 0x000008f0 0x00000a00 5.0639470223551655

Resources

Name Offset Size Language Sub-language File type
GINILEVUSUBO 0x0000d5f8 0x00000b52 LANG_NEUTRAL SUBLANG_NEUTRAL None
KJBN 0x0000e14c 0x000188f8 LANG_NEUTRAL SUBLANG_NEUTRAL None
TUSIDAFOHIXEKAHOTIYIWIFUVUDAMO 0x00026a44 0x00000638 LANG_NEUTRAL SUBLANG_NEUTRAL None
XOFEZAVUYUBOKEJUNIKUDI 0x0002707c 0x00001276 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_CURSOR 0x000282f4 0x00000134 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00029bc0 0x00001770 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_BITMAP 0x00029bc0 0x00001770 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x0002b330 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x0002de50 0x0000006c LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_CURSOR 0x0002debc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x0002ded0 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x0002dee4 0x000001e8 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library KERNEL32.dll:
0x406034 DebugBreakProcess
0x406038 GetFileType
0x40603c InitAtomTable
0x406044 CreateFileW
0x406048 LoadModule
0x40604c WinExec
0x406050 lstrlenA
0x406054 GetLastError
0x406058 MultiByteToWideChar
0x40605c LCMapStringW
0x406060 SetEvent
0x406064 HeapAlloc
0x406068 HeapSize
0x40606c WideCharToMultiByte
0x406070 RtlUnwind
0x406074 IsValidCodePage
0x406078 GetOEMCP
0x40607c GetACP
0x406080 GetCPInfo
0x406084 Sleep
0x406088 LoadLibraryW
0x40608c GlobalAlloc
0x406090 SetTapeParameters
0x406094 LocalLock
0x406098 LoadLibraryA
0x40609c lstrcpyA
0x4060a0 lstrcatA
0x4060a4 GetProcAddress
0x4060a8 GetDriveTypeW
0x4060b4 HeapReAlloc
0x4060b8 PeekConsoleInputA
0x4060c8 HeapFree
0x4060cc GetCommandLineW
0x4060d0 HeapSetInformation
0x4060d4 GetStartupInfoW
0x4060d8 TerminateProcess
0x4060dc GetCurrentProcess
0x4060e8 IsDebuggerPresent
0x4060ec HeapCreate
0x4060f4 GetModuleHandleW
0x4060f8 ExitProcess
0x4060fc DecodePointer
0x406100 WriteFile
0x406104 GetStdHandle
0x406108 GetModuleFileNameW
0x406114 SetHandleCount
0x406120 EncodePointer
0x406124 TlsAlloc
0x406128 TlsGetValue
0x40612c TlsSetValue
0x406130 TlsFree
0x406138 SetLastError
0x40613c GetCurrentThreadId
0x406148 GetTickCount
0x40614c GetCurrentProcessId
0x406150 GetStringTypeW
Library USER32.dll:
0x406158 InsertMenuItemA
0x40615c CreateMDIWindowW
0x406160 LoadCursorW
0x406164 GrayStringA
0x406168 AppendMenuW
0x40616c ClientToScreen
0x406170 SetPropA
0x406174 GetInputState
0x406178 GetDC
0x40617c ReplyMessage
0x406180 SetClassLongA
0x406184 DrawAnimatedRects
0x40618c CloseWindow
0x406190 SetWindowsHookW
0x406194 GetWindowTextA
Library GDI32.dll:
0x406008 GetTextExtentPointW
0x40600c Ellipse
0x406010 GetTextMetricsA
0x406014 CreateRoundRectRgn
0x406018 GetDeviceGammaRamp
0x40601c LineDDA
0x406020 GetPolyFillMode
0x406024 CheckColorsInGamut
0x406028 GetLogColorSpaceA
Library ADVAPI32.dll:
0x406000 ReportEventA
Library ole32.dll:
0x40619c CoInitialize
L!This MTm cannot be run in DOS mode.
]V N]V N]V N2 NTV N2 NeV NT.NVV N]V!N0V N2 NVV N2 N\V N2 N\V NRich]V N
`.rdata
@.data
@.reloc
EEEE4z7m{EE
E@EE;E
}%j(Yf@
t1\g6]t%Dadt
U]UWVu
DDDDDDDDDDDDDD
YY]jXh
FGIuX^_]
8csmu*x
YYuTVWh
3]j h@
uh|q@
3PPPPP
@Y<v*VN
^SSSSSyj
;tFtA3
Yu= @
S^`N`H
j$Y~\d9
QY^`[_^]
tAVWPO
3Y[_^5
3PPPPP9
UQV3W}
ft;uf t
Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33SfX@
[]YY?sJM
_[^SVWg
j@j ^V_
H3H/5@@
;rSWf9M
YYt:V5
PtYF<t
PfYF@t
PXYFDt
PJYFHt
P<YF\=q@
~lt#Wl
43_V5`@
YYt0V5
3^_h 3@
1E3PeuEEEEd
Y__^[]Q
:E_^[]E
9csmu)=,@
E3E3;u
ffffffE
SYM_3[&
3PPPPP
F$|3@_^
Y+t"+t
+tY+uC}
Uw\]Yp
u>OdMGd
uwdSUY
UQSV5`@
B(;r3_^[]
1E3PEd
tAt2t$
Eu}h0s@
3M_^3[
ft'Ou"+
jPfDJXdf
^0t_^]
YYu,9E
USV54a@
SV5@a@
3W;to=@
uVY_^[]
t4V0;t(W8jYt
Fpt"~l
lVYYYEE
WPWPWv
whu;5@
8]tEMap<u
TM_^3[j
M)}Q_hu
P|Y^hS=4a@
3SVWT$
URPQQh
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
woVW=@
Y3MW0u
6v v$v(v,v0v4v
v8v<@v@vD~vHvvLnvPfvT^vXVv\Nv`Fvd>vh6vl.vp&vt
PiYF0;
PWYv4;5@
P}YFD;
PkYFH;
PYYvL;5@
S3VW;~E
@;u+H;}
E$5X`@
39](SSu
]9]tWuu
};~Bj3X
3;t?uWuuu
t"SS9] u
EW;Yu2EYe_^[M3O
MQu(Eu$u u
ES3VW]9]
39] SSu
EYe_^[M3"
M$u$Eu
MapUSVWUj
P(RP$R
UPjhY@
t:|$,t
;t$,v-4v
UQPXY]Y[
KuZUQL$
Protect
Virtual
kernel32.dll
cecudixetixakehereseyeta
keluxepuvemira zelerinekabatigisojero jezotolupasisulimurimejozu zuyuwakocapavayifirebiguheyi ve
CorExitProcess
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
PeekConsoleInputA
WriteProfileSectionW
WritePrivateProfileStringW
GetDriveTypeW
GetProcAddress
lstrcatA
lstrcpyA
LoadLibraryA
LocalLock
SetTapeParameters
GlobalAlloc
SetEvent
FindVolumeMountPointClose
DebugBreakProcess
GetFileType
InitAtomTable
SetSystemTimeAdjustment
CreateFileW
LoadModule
WinExec
lstrlenA
GetLastError
KERNEL32.dll
InsertMenuItemA
CreateMDIWindowW
LoadCursorW
GetWindowTextA
SetWindowsHookW
CloseWindow
GetWindowTextLengthW
DrawAnimatedRects
SetClassLongA
ReplyMessage
GetInputState
SetPropA
ClientToScreen
AppendMenuW
GrayStringA
USER32.dll
CheckColorsInGamut
GetPolyFillMode
LineDDA
GetDeviceGammaRamp
CreateRoundRectRgn
GetTextMetricsA
Ellipse
GetTextExtentPointW
GetLogColorSpaceA
GDI32.dll
ReportEventA
ADVAPI32.dll
OleSetMenuDescriptor
CoInitialize
OleMetafilePictFromIconAndLabel
ole32.dll
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
8}5@ne
wyE;mXR
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Hubekopukafolo. Ze. Piyiwa yayehacu benegijugudane pikotigodi. Muwu socudi wuzemikevaso hirovacopisagi bepisatoxi. Wucatojosutuya dolezosiwa yuhumunici duladipi bawesacavawice. Wecotuwijaha rorajucozibuba jo cejedamaca. Viyeyoje lefuwaho kenono huwumipute di. Mabozodese. Yilemeje. Vuxotipufi teyiya. Pelita yazukesijavobo hisabiyoho xucojanuka zahaviwexepeni. Wanegiki cudosoyi huruyadeya fipihajabono. Rexokenevekivu baki vekesaxuluci vavuhufi. Razepibo migifuzi huhike. Bazuki lajatovitaco fugo rakojatobu. Yukoxuhiru renagepuxake nihi. Feza cesilotamomo xihulonexesoda merureladupa do. Catuzumuruyaje huzikafupode cigosa setidiyojeyu xamilode. Doneku tiguyiloyojimi. Detavugo. Sugugoze bejegikive joxe gafuvemida. Xazikelizedoxi ri vixavizozesa facanemafi. Caverenixadate bicofutiwefogu cubohexuviyica yanemoyi cehi. Je tudexi cawomutegafefo pi. Wozemogigaxuja zajiyanivoxa. Zowiwayepa xoliwuro. Piyenazizo fo. Conalese yimucayedupo xiyonicemibe hahasepawu. Dehukusidadaga. Raterisovu hihiculi coyamiyobewi jayero soro. Reroju febusuyiyofaki. Tawevile retixahawe raluzujiceho. Wodizodure mefulebitine ka tixeba lewufevujo. Kagomi haciceyeye vaxu dize rafasuma. Tevakuvokogu miwubo. Ta hutucoza. Mevijiharabe. Mebo po bozeharupuyu citefuvukuyi. Dediye. Juyiwa dutoxazepa yuwene sihuho sicefulecu. Zidato bojoseyatutala suyidofe dapobuwo nayaru. Taperarupixo yowahu. Lepokikuwucetu. Magikezacacudi cuzodaneco lolarumalivu. Zawu jukigisunu doxefese pexujerivuge lavomeju. Calo woxuwuye le penada. Rajuho joji. Nupucayirure dopo foxobani jodirivu. Femaxusu nutavece henubepuhugu. Wujejixafupa. Celunuyi funogacebo racoyenu saluwaho zepumo. Juhogorunufi. Gu natoduho kejekayi lakadoli powelileba. Xupewuri xazonanotale febuhafucayepe caxubo fo. Serogatidi fevicezakowu kewo fejave. Hebajigivihazi fuyacizogiza nugipa yacucipiwete. Wavasalogejuxo. Sidijoharuxa. Yogorayo cicene hozogolehejosa zobilonoziwo va. Zefabofavisefu notudovoza. Wesojime tasujinefe gecipano luyifozoberife zidawazugeniyo. Kuluyesepuhezi mosafodiduse pejacuda gemuvafalo miseyicu. Watitakone yepi josudota kupovetemulavi fiposoxohilu. Jusucu. Fususabohenihi deyadizeru leviyahudejita fepi jiwagekuwi. Zumedelocifuca voxilituva. Bujupexoyixu hapikosihemu kuxabikugiki jabesogutuyozu koni. Pihowusocegu tosixuxacojofo dago. Luhitokihoni. Zezigesojevi loha mocu gorozo ta. Hujamijurukuki yipucajetu tolorubewo mapebokazumi gesakukixoye. Fepuwahuje cugetutuni vileraluwafu jojoxaruku lurazapuneku. Cedola pedubo jirehebe tajedaragu luyo. Dawohuracure. Maxojose wumajamepo. Zotera mexizosima keluxepu vemira. Zeleri nekaba. Tigisojero jezo tolupasisulimu rimejozuzuyu wakocapava. Yifirebi guheyihe mesujuke. Yupo cunucipo. Ja fiyayamapino nebazahino jagohoxoga mekixitunodo. Lekoxosi zevekece cudixetixake hereseyetasoho rabenusereva. Takeneva gumege dagupegale heruwagobuki redexuvuwa. Je yowujovutu zudi posuxezoyiru. Dipufo pici
|*az/^m%JNR5
?CU){!
u<vV@U
[uLl!8
!aBu/xl(
Wc~$ @8
gUsBc[%F~z)jHub
*,Tjq+
6*#]L(}
wOi}QH
sCT3tGs~y<-{kH9Wq(4
O+F=,,lT?
4Ohb$13Z*8er
YXdx~FE
80LD`:
ScU$7'd-h-
U+!#$`
D>jayhaM
64y`^\X
?%52f{5
(52f{5l7
:Cv<*K[W
l%o/H8
a7"#7zC[UaQX
yF>Nq(YyO4
/Ifm[g*:
Kn2n$:ykR^&
`bi}K'A'd>LW:D`:
!'+{)<'Y
{~u|^c1
*~yN"_n@z
Xdi>pY
hv u7`
:waoL3k+1
jfAPsy9
|%%i\.v
anH@ro
[GNvX;
Vcss>E&
p&XuI<vV@Un[C
A\eTl\-689c.bMe
3':.gv
r1u,O+1
U^YWm`h
@k%%~+e6P:^2
b54DT<
X13lnr
[Ct=- }diQ
~`K[iD):N70
rP-J;!dB'z
[?xUqQ/s^
FCgOSq1IX
YjXq{7
wj,IOmYjHx
k5}#=9Ep
?"M?)4PBXqV u~l(>
@Lmz/d&YF
5@Vj}J}o
(P/gi9Uy[
88byV :'5fBGJC+/04
<M;Vg5w
\DK5%s
WNSjL0};
^f?bZ&
~1QPA$3G*kSI
.BiZkk
+63`-Pc[
e)oQ!WJ3
=y02s4'!Kb<d_NJ;
A4vC&`BwG
|[/TMG
BBggVl{~>
Mw,oMi>9,qj
n!4gpp5xPQ+hSe4g
wApqdA6=&-?`))6d
ki*Tf?)
9=\$Nuo]a
[Ug@FPu=6>A4
vlb;F:/5
.7XMNs
R?^c.\
%?,s_~>
z7N{=rA
C!oQ-$
56~@1=y$5^Wl'
S>x->8"t
cAyM[!Kgn
[8?6"J1
&]GVV!HD\
w1$"+{"\jw
ZZ}%$L$c
/'4"Eq
4rY@&?
H5Ph=?w;m
:Rz~;@{
+ dO ?0
|X<,5U)<KS)
[=!|XV
~|_nb:
q9|cyu#(<|C
z[dKkk
f|y=mV
5QROjESz
%eBa:M!t
Mx`@wSsr^V/
\l~fOo
1@XI|([s
2Aey>;z2l{+~
G.h#JH(
^yS2LV
.d"]TT"~q]dfT$t
[p|#*J5Gl`.
[s6V.p
#WX]P4
;SZ` JV]
h!1#e&&#T
>=;Q*M
WUT-$1
N $Pgd
9n:CLdC
mI"_[H*
ZYoIurt0Ue9
9\HBn"t
-x#jEZ,
{<Q1}qh
J[Y<'Y'l1:;
eTs4mVd_oF
}d71"?>$-
mh&1e0n$!:fI
LlJvL84$V=33RXM
pKj;Pa.L$[
bl[4KM
o;%`G 9wYoU*P
(R |A2Zf<^v',of
;E!Xn8|Ar{#)E
0|~Au{t;NgD
-mvrt$
FGX%(6Y>Gp9('h^?&/7'"
>O*& 6)6')
n) f)Ej
<[3s_#
+[KZK`[Hc
dgH;9de@
P4=2#g
e%^vwH
V={0T/v
TM^[o
dHE/|wcS1MAd=]QP
8DB3`2y#IOc5s
>pc"~}
w6FR#jITg2-
"M>mHZ$Tw&
xW>UM9\TmdeoC\
DUrldhmJ
!UIErJ
)}V[3sUWX
RYf\?p|
v4v* }Q
?,*i12pJAZE_+I72C4
[&?W,'|
j;eMkeQk
n.58lxV
"R1%cfqQDLyU5=
@YgW}v
,jLB`"AO
3vqn+n$
<4DB$K
lvd0[!f
[JC|IH
U/%'<&J\
70qf}B
l*QMWyA
=iBgK7r
w@F#CT#
<#{Q~ue
<ai5yimG
;K:".EV l&
:v{Bj}
5zsB+u
]^,=zsAgm[
inIJZ$
{ZXC1!bawOW
tn!APJZ
D%ZUl=vv
=e0u[c
>63l8<QK=
J9B/39
/a;57=-E
hET_=![%,
#l0cj1}>,EH
[hJo!i_E'u1C
&har&)~X
=LGW!L
\S;K}<W4zn
YZM8@M`A:
vrBVK-Q
l#C;R"P#
M i[dK
<zwc{/
*5Lx]@s
[><B?Q
{<3:&/FZ
4g1tr|
@F`/-k
4?.VmE
h6`r2~
jyGnm5+c!&|L
q?9oS=_6XXbw
.QT-mh
/-Urok%|uV
c?]B[Fr#>)
]Hlc>hKx
[@&)7?y
&}K/P-G8
7*?LLT
WwnwQC
+4=nJ
r!f0&!4x11h4
<\ NZh
X2%9i~v
_5Kr>I
w%ItK>
7UArc)
SbpcdzpH
uJK.XR
Ck+.\s(2o7
jHk*V=HX)LK^!
b'FOw<2=y "D
Pij`7D=H
AsX_PC
FG,49ePMJ
uLgN=5S.a~$
G#RGL
]f`dB:LVY
~a?"[b
>&T$N}_K,+fLjJ+u"
4qjn`,
N7Il=(Yw-q
:R+^_0'QOzq-K
r]+DH
N@i+b|*7A
qOHtdE
!-B^S/I)3!a
OAEy|&TRmb?Z0{qw
CCo< c^Op~
zP\SBh3Cy
(6NTtPWeWi!
AMX52'
}m#prcQ'f
y7)u8|
,j[)4w,KQ
>,bu0?
v#J5@G~^
fRljZ]Q
O$ZB>kS
|K^m~[d
FJH:T"
cT-?j-)o
U&0)C-u
w@|Ryf
_A&)jM
5I_D|wYY
o4IyrW&ws
bHH~5G3z
CesCv9
=o?h&G
OJY5@RbNF
h8Z#-P/&sLVcM
NL>Zhm
8Upg=%7
I=:!jO[a:
Q&im7#yo
b.^3`_9
DY:6LM5tW2
#B.}e[
n#Xbo3.EP(
7Mvf>!
=!_FW&4cw0o
j`!`\c2RVj_
"8fe"/!i@d%alMvD /
^Vmcy3}|v6
;27>]D:Q*
]QqN8V|Zgj-,Rx
V"c&=
R=V[z71
DQXU<i(
]r@pg]gW
&m"b4=$Wiv*fdu
V7F5v-H'
gIp3Et@
%3!QB~1
y'sKVyN:*>
Rn}La>i}+
dO!7hmJ1AT&vT
^t#tJI
[C@^]\:
}q|ITF
CGeRu?3h1e+^
b`!bYo;FL
IMs1TCj*"\q
<+&;:+
sDwaSCx[
RiQ?:pndh7H.*nJ
'8+Xim7"Gx1
MQ9B/JL[l}+Z,F
bZ>>Fnk
!k7vb,
NoxR~gXY1
+(oV+p
BG}d?U*+UN
Ah4}|G?
I"q.Ch5C
+D?#WwL
`Vmb.X=u5Ow!xKaWVG
aCr.=J
"KV!)Wo[
fE}V)nS"6p
81x8h]
Nm<cBJ^*,
b?J+'L
HE`=r>
:"j"Z*kwu
3x3qY^r
+}+5_3?
.c{3o3=
:vaj{V+c
kH/A38
Rj,<^aS
N^.?M1X
RP1=h\O
DXN94<
gcw}t,r[AzY;
u:cmeKd
RUgfI}I
JGA6TK2nV
wi\[UnN
)IgZ,(^+0y4D
%k=v:k$H|
v.g7B{
IP$Gi*X(_
@6@mRIg9
yhRYMrUXr<
[zv-Ut
C#4iNV?
KW~sbV
);R^TZ\W
e23Gx|HY&[
X$6Q&665
}Ash7y
},*@#66P
Nk{t#=6T'jQ?
0<TF50c-&-J[(+b<TM{
R"fWQi G
06Ero-E
Za<7Q
u`K/bl
3IPlan8|&3:#
V6=:=3d
}4%zo`-S$
84N}vx
)F"D}W
D(b<Hh.O
BAub(j4`o_1
P#;__Kl9uOHs
@:.%y{cxg
\m4pM\b
vZf6*3
nP-+Z]
w`]PkiJ
s0c{c?OS
TeDz|q[
$T_N?i3@
H'"9UZ_
gTx+@l
Zy/AxC\Z>j$Y
g@p$UP3
YR0K|k
o9He"OJ`
kO)`~$
`MS};0B%(
\_kA,Uq
4gm3rm
/hKVrL
\uTD(ti?l_wa[
se[[mv
sgy`S=<
6Yzr]ew/dXa
65Z-4so
'D\gLhR}?}X
dZ}8a>
ddvPW,{
.[b~j_
ax<,Nq
koa-||
[`/+0jJs
PA\^B<N3
:)b'pT+WCnt
6]hEOvT5&5K.qYw8
@741#$FSXDK
(a?6pC
3?*n^Ta
^T>Z'J.]I
\Yb]u,5:l
=&j>2r5quB?
"o@009
!Xm='
GRe.MyO&dW"
O4SoJ%_1oSRZ
Uz(8T{$0+
6BH3Cd
fa1*#sby,
%:A/+B
MO?:2'
mU4[f\+D
L!F={"
t'1Urm-o
%__;]u
t"yHE"s
=J}bZW)
vqGQ<3|
" P2x%
R+o&{1
FC#"kZA
H\j4BLT9J0z)TUHDo*(
2@ou~q
NP6/qx5x6:
! 7BpSJ}U
FY6ksw?D#(guYv%sTI
XVXFI,|
rkzBiaS
}<Z)Ka/Y!
'fQ:dg
==6"0(H
Fzd!pd
ab`>/*?
)]6P3O
l%XmKO|
bBl6&pZ=Dn
MwM\pn
)^Xqy
0`U^$o3
`DMv&N
li;k8Q
6:?Dio9R~
]$F+v%r
V=$*TD
AuGMF,rTKcQ
m3"JAa<V@
$6S7#z
]AZos<#/kcIn0
!HUTBlF
$bx5fc
:b_sSx
C+}43`
8v0vm|%W
]g=M*szwfcIn
GPxJ2\e
#ru=alpM
g>B{q&;~;/MSRuNF
_n/pDxk
j{7Ok)oIP
p/09!0,C/(
L0>^Is)
-d[ [(fyjW
ms^MrP=ZuxY2u2exv
V<E2I^m
;[6,"p
(?&0EP
Xei3a6Z8Em
WB14tglC"5E
Vh#nDu
ZTe[iGk
XRbSM`i
x&bo+FNx>
Ftu>1G#
0 \?FR
72i$we
bwY0nQX
xaw>u0
01~FD8yJ
"8[tTZ#PfR:!.#
sSGUM;B7
@3Q~~
Pv*@]V0b8
B^yi7mtZ
0]=R`P
rhfH1k
Zx{Jm'
x=oe%dlo
Aa=Pm~
"pM-{d-X
:,Lk<Qn
v\2:_HO3
/]b(FxLW@|W
vU!cqy
iF+jy_
?}S`@e8bLkOhC]
D(a&]HrM
x9vIN
l\sMPL
(Go{7f%
*tj{~T
QgJa#{N
R}>>D%
rjE{K!Y
Og`{zT
7OO]ReB-e
WO,i]kFgF
VOq*vuQJ.
B<:(Q{bN
R,>P@?
BQ<rt%EAhLs'
v$pM_/
,QHqoj
_;#L'?
;'[zxlOcBhH
->B?h9(
#l v-ejodU6Y
w_JiS#
vawzVCb
~.&&|Y
>f^j{0
1~5fj$
UUt@@C1_t/}$_95
geMJ_/O
&mku9\v
;EnbPPw0
*d?}!.yP%C
%l:U~C
fj2ghA
pciBQkBRw
%q2M$'
k|qm@1mNfZ}m.hs
48wn:5x
( 5$ys
5iVSM4>|HL
>a}Ug/R\^h
@"~b@5
n'0r![M
aOeG7{
U"pU-t$
~r.Mz4j(d
bZDvO
lR#kFB9),k
}t(+9p
0qCjg]x
]i{[Qo,#fbDR
)p2f/
d:`YF?)
hsIPCwq
mvO>[\*v9
8t)NdA
AqV^B]/ /
P@;BMIJx
>Xm-Qu9h}WW
YY4o`Dkx^1j"
rPkf4{jJ
VdQU;R~
53<TjO.
z|qW%
XMn]NZH5t
g579EA6/b+ioh3
ff]#TF
-%8ML`'3
{&x:-16mE
8kUh5/r5/I
n6tgc"^8
vp@",;ho8
Y7>gtn")H4X>h$Z{rc#
(@bJ <
-,cKtk^y0
c*AzbQ
3@#je/
fU`117dFD
D($h:r8zHVo>
\`e"3DqR
J~@I($
U8"0H`O;C[6y9
p#^kOn
sRM(>/
1!;/6u
` H3U
N~FY%^
$xPRk)0
{z")w,)f
r7rj"!
KMssNDU#e[
RjVo32
E"C}cwVh
c:esNJ
&B@jrFv
qO[_|m@p
]%fSY/
KDa/'r
~$7^Q{6h;
,G$p2x
Q('EZg@d_6~%
<b3Gpe
[Ryl!8@0t|
Ml.zu;
cb&/qUGppj/
'f64HwV9-SMz
t,q%@%/
Rq$}*ar
C#bht|2}::
T_Wx2-p
~OZThC
g'xby78:d
!#lF)?q7-
7t^^bV`_G-(t@
G](RNrcgufP-
1?Ud^q**J2
eSM^C#UAl
hrJ}C%C
<k&5>]!ma
Tsn!7JzI)
:i,k2uDQu0
4._&X.r6lCm
H< YQ/{
Dq&Te3.4
<FcLBgD
LO4"rU?o
"Rblg"
-YgZk&?lKF
:nX'c0{
wfIz.]o
vQ+*F+
dXUZALL70kx#(
Y^l<.
fU-Lu';oX,
S.M>ZK
B"HAdc
/~-\($FHL}C>JlL
H`#j{I
NZAWxf
E=gJkH
#lG/Ow
m0o8^O3SeJz
I#wQ*J-I
X5o'0K~
*t;~h+
NzqN$Pc7|
SER#6V
nk/VhbF$=
.7W9aj
*T2/.,o1dl
@4|9;u^g
UeDEQj[
d_4X:(u %
/woI651JHSZ0}1
y>S$I!{
MqlS4X=cW^wg8w
j2$GhYn
x0dvxER!$\c9
/BD[UH?
c{:2FW8i
9d&@+2wbr
d]m?_:
LV?l6)Aa XX
eGDKN{ "e$H]_#t
/Fb:LvY8j+2
og$l5dRLP}WdqY[L}I)
k)8zFWO
ScQocj
.x<3TkV
l(^YG5`
n"_M<4
1^:5rAu
,2ewV?iq3!=".Ytjy>[`
pg'nD|y
Tb$RkslT6
#1~C>[_
G;;\Q<FXRX
]H&+Nrv
C)|p58gk^VS
3]/VOLa>0N
c7kzlp~4
a;ru^Ni{Nf
N5eI{Wy
\P>m(0lEP7
mNoISg
I6Tz#`P\19
a;c!Z(FF8W@PN
$m1*J@trq
E6g4~DM"h^
y6;fF*
,Y @D7
V]=Ni=j
r=:~@!te`cDX
NIat6u
1/T%Q"wN
}/pR#@
)>{tFl
Q?f"fk#b;=q4H4dI=xd=VB)nE^
hxewp$n
F'[JVQ
bur,N.tK
j4R0QIC{
x3f=Oo#o}j
-:!c`4
Uql5)V
ch1M/Xh
I}BoS:l>a
^R?1'iK.64W+r)4!
D7Cl#,kS
eVrdEBZ
YzVpFZ
v+rb%F
Yg wGV
o/EvwX
S-#9AvV^bj.
ejnosv~
:/uL%]W:]
r'32PM
v4ePFsG
CxOm+
[hak=aO
vM=!@7
dP56v{
X\4rR0
C|m4~,n
8/0$fi8L+,xdX{6
|)^mw3}
SS~I)U&S
io\DY/J
L:16W%31-\7
>~Pr}M4*g
]jeq-9
\zq z+S<3
g.VUXj
n1t<)FlK$
[W:d]}
G7L,\,k
-FUq"t$@dz(B
=)!_XZH
jagkcq09
mv(d+sCLB_|Tn
E!%-(^,
H)(^]4Jt E
8?@%)5
/x2RJ|R;A
LhR,^l
%m%qRN
T glxQ1
f[m7X}
+^KjVj
8$c*kDHVLDU</<S
},7o2,K
eRiS%|
6!_V+Ec}
n&8S]
t@. jfO
2GY^oDc
Gj17T!
)f#"UhK c
2y``U?
szD^eGVU
*/Yfflh
Ku1>e%
B)`=GInf3
*FFoW4dMLj$S;q\0
^"v,.K"
,/g{tVV$Un
Loa4X0/)k
i:}.J
^Gi_Tl!
1,v8o%
Jj)h3:
,pbm)m
{pTQcy
Ukc&dx
_]'^%yl
!YSX(yt
~?L@B>YKQ
veX2gg_
FS\jI6
'v|pUb-R
r.;H/<
"+7M?M]ek;27
>8Gn+ =
~4,nvh$I
Y\<$hT:DKA
w,X]%xp
1Tsp@N
uRZG%P`Q
wNY?`:ds>
KkV+]f
Ex#?{Y[b5
k[CImb
b&loD:V"W95W{bd:-v
NQW8q:u3=oN
PkXKu9=hy
6-J&cb
`A&v\Zu
<CnOz6jeq_
>_x M%V
*GP~s^Uz0r6AZ];
1(9QHaP:5
HB4>fE
JIfHtFA7
s+y>(!2dV)7
[;6xsTG
T{}ev%
+;C\aa
b\0bHc;$0V"s
$&5RJ"3v%?
83FhD
tT-Wk}#C
rUnSB>$d
}'a,l6$(
Pvkx+0Qtf3`0
vS\IRR
rzY`8Hw
7[!-B b7
O,U4s*Ko]
=73C#e/@3)
*CIj'<YG
k,B0C(y/"
=V^ }^p{zA
36a-b1J
hp(jv=|N/6Iul
JD@rZC7
=;KWnv
x*}F~].|8~1&By
{2M`sp76xE
z~u:\xS)
z`XR: i=
00.v4`
$Pikae
7Hf,`Gq
9m[KL0hY2
ZYYFWGJiKzjDci4)
p4@_Zk(
5bLTxjv
|"PgY+p=<
$}onS&
VtucO(nc5z
+g <u}q]C\
W9}QB?PS
tPM59{%
Z3|h#wdM3
J+V{c^
q)gYaX'yje2A!J)~
t,(;/3y<yz1jQ|}qxL&\
R'mS{tJ3g
#_|B#kV
:&V2z
2"dA:iwCde
Q*"\}1m
J]qom@]
@g3-7,P<H-
Kwj"Vl-cU
a[l:!f&
lYu#M[
nk4?XV
(&< *+~~P
><N|&05p
f~i'}mE;Q
iY%rO5.`7
c`6d2F>
gw<_}W;Cq
`3#u6(*
|5isy2BXb
{qwTa[)
58*z,OR
N@Okss
*,(9mG1q6U
X#6&c:J'
G*C,gXG
O%C)5v3<
?'l}Z/}3 
-"S<h$;.M8
x-Gx5Y%rVi+
IZWC>&
tor&cx'&B50!<
(6c99`%.
.x",VJ#
bg1B`$
?Q{$W%KSIhl
1,0c&E4
o%%`!a(
qM~$j8gT]@z
'ic;KS
:8{AUMc(ILmuD
ir4vy_V$I
rn%5)k
l%~2(/
&gl>CH:R+]y
h]'[&>F
k5(:"I
+}P[jY+/L
d:u/V[*}lR
pKZI/!Ov
rSMbv=
hmg>eK
:Pn _H?J;Z
>>n<nr{
Ij},pX
{HRrkKL
(Al93EC
/,e&~p+,
]H[&[{M
wH>TQg-h)"
-{FW\*
)=!_5Q`)N
I-pvF$#,o7rK)&h^mP
fO:H|qOAd.0TjL,a[eo
b{"M\" FUXA
U-^Y}OB
Y uaEM?t\q
y_*{c_
rZ{^/{r]eA
T$'e1r:
AD*nzo(
c![{~ZZGb#
WVX|RI9+#
{q;RM3
^?{>>[:
h$=ERt
=:)"a=Ixjb;2
7RSMqmDxNM
I^rPn}OCqD'
1z#dc`{]
qAA_1p=G[%Q
>qeOKT?zNIAC
$g6Cqz1#
6FMsRe;Y0{_u
}IoD;=
(wpNXY
\;6zJhN@2
=EOan.9$d
XJ6,},P(UdPT
lms"k V
A%'_#N936
lo:%jR
as10[N{
j/.Aucg-0c
VhmR+Dh8Xw
|@AN<BEu@
JGZ.O)m}
r?{*b[
j}&{tP.
Vt)Xf)M
+[sl34
C5+L1bl
?30ZZBF
4 iSRD
5{%|
<C.KVR?mF&;k?3q
+7=P.Z
zN3lENE
*mQmZIB
"WGl#~Ae*wJj.
xKU{^*C"t
"Zr&7iwKk<sL5\\
[?wXT;AfA?rp
+R_cf|[
?(aM|x;^{
y_y";2(/pxR=,#(b
HuiK0n#
xA83,M>y%)(C#
GDJ]^_
6!y\#d
L'Zf%_
Thq;s=
7K2jD
EpO!F]vW$;
p/ke=Z!"m5
hdRX9K
W*)RDb3#
qa/G7k|
Qm1c"iyU ^
N~J*xL
6~meYN-{[JWncIM@]@~Z
sQX]t$
+EXti(yZpK
<8d !f_
Q`g|N,Z}yC7Dj
N~zY'.
%;Cbf?
o<bt<3
~WLe,O
LcGu1^{#7
NMZ)@$YO
[u9)32j@u0OrKz/!}
j|AfcIT*=
EO=}KiZ
,n-|vCFm
39n0J3R5
%jHD-"
nXE5wWA
f-{Lbk
w1C(<x
@_AR4_T
C)(D)_
q4a%s6
]^Z.%k
oKAz@f&
=RN'L%PYJS
lo3|AmQi
D"xhz@_oX#{)
uq3}/p1<qZo_\
H]jm/2b
=Z#O]3Yv
'I#z'cDv
Q"\O;tB[O
+8$xUnl7O"Js
f='>Em
]~Gx[t*;
"L!+TKvBvn
DT#>~RzU2
["b0hOQ
HsQ_P<,A,i
W>M,8{E^t7F
oKN/oa9O@
p:u-SQW$
ZEh]doh
.2kMdVJKX
fjL'hm@V
7AK.n^k
zq?d0Q
m&G0mc*
WO@DCY6v
{\kZAW_
WLw01o)S ?~
j^=GKr3
#!99DM
0i-2#O
+|=VORD$
-$suTN
&^; #i
b/e[K7
,"z%,DUP
H3vpDT2
V?Rz>CYTM
@+'e+O@
SGS>>\
Ts83jz
{bmzPE-e
<gWXPSn
B{0R YL
t?z\:H
ShMmwo>V
hUZaLk=B
XoFFTY
sa=V{T
1-M!;h
\L,Qv2+
my.ktC&O?_
5b03*n'
Ul[%-g<e
p4S-)<6beId.
4}7~xV6`&
ORK=z9-
k<LmRxf
`Jt<!eg
j='/_U{-z
g1<UeQ7N
JT!=4M-jU
MeqJ^nSh{|
iS0)t8p@Z
Fv~1.0
?B$eo4
czr6]_
(bx&6k
U<wW $
["iN1u`
[m%H14
OETdod2
7_BKML[^E
)J=g)|s7
]:!s>$
p{b1d(\]
;`_9Tc
(zdqp6
+Es}c#SHOdK
hE&9"w!"i}z
Fvxe+Is|?
m?Ycxn
~8'^G@
mcxN$2;
`N4456
06E7Ry-
Z?I#a`
Ztz~7J3[ YG
Y DUT]
;!7=A;=LxE\&"
wzWQrW
T_]r.q
&fGtC~(X]`A,1
~'K9ekak>
TImF`]
"qUc*Ke /j>#J/eo:bD4^9
31PB5SB
i[ESo6X
5WTsm@T
11=yS^5O
(hY[JPfO=
<L/c4$
?;Z0tiLC<
%_lFCZN
I$$y=ES>0
%p`f,_
UnUbw}
|o%X~v
gS#.@15f)
QKdle^*
z4"U^Y
o.?bvqm
86W"~_
_]a5hKXUCHd
EL$],fT+Ja^x
?OH kB
|]?IE}KV6_r9*!
D J&HPpw
O\q*Ww,[=JcF.QR_e$
%haqyseeQjb/
mQ&;V~6
*j>&c;a%
)1A8m*
7'a$lY<*~w,
7I6)xz?\r
'2OiGBIl6f@{;
{4aa}.h<
K<{!~'j=Z
>J&-'V
`tqRSdS/
>IY?z!
&I*}J^
2%wa%dG
^./wZ5
DZw8lSf.`
jVVl\(XJ<lU
"p^Yv?%_R
6~xbTVW
.`zU&s>
=fs2#%T
8Z$" '
@2}H\s
Leo6q!
!dS6Vr%
%ZB<Ds
-3n~En\[
5p]gCc(
[9BlXo
YpEp(]U/_
1o5aV&
IB'OLrYim<IPZ;2
7Vqu%shnV
3 ._&K5
D_~MuUP
0 (Swl^
^zd#)i:
#+6Kjt
VVh@o2_
&t4R^1v
j^U=HCUPt1
,wEg_%X
.7l;9|I.~]S)3
Cv0v8J:
)4.kW5Vs
`pjBdek`u=,k13
wD1y1(Z'@`
b|I_l
cmJ&soz
<J(Kfm
K&<&CMP
T7M_Rk
+]o&k'[>)
LrYn+Sb
cLucsRp
s)8B
jQ#}B&(I
RQ}bCtkI+'^cs
`P}rf4;`
^iN}*E3bq&s8DC
\r$17d
L"~N2E
ig0HLP
cFIPac?
Q]K.Stx
WoP=(
8JS`V@
+N0B,e!jSLJ'X'fOn?T^
Hvp{!9t
abHcJE
KB)7VN
B=xua$
f_^ufme@}
sCA4ir
z,A'p{}Kv^6\ORZ
U[;{XJnq
.?=f_>O;R
DO)6|kGJI
i=1uuEa
um?#Am:%6:t
ux![9Q4>!_Z
ifC[y
> H04Vy
p?"_OgJ3
OV`!ir
qou))qJ"Wty
~EtK'Q
s:Ye9*
/qfNxW8
*e>9PY-~2
r-a=xO
":4u*_
Yr}u~18A^*C1
=yq9/$
vs'~vQ#^
C2V=%n.
M\#Og@J*V[4NCr
!{jU5Q`
gCdstSJk
)S"jS4
V4w?`-o
`lq#!<
YTy:"P5}gcHR1cw\@_L
TB[@lm
obJvW
j \z<>4 a/
ZR!1W3
!)z*>n
nKgo3`
/)C4^)59
Nj+6x@
[XvAwdwwTg
IAKizDRsw?})g
C,~t0'
55;9D|_~)i1tA15$
G3C :j )&mD:){@<z3N
<aGuySCf
M1*9"/Z4
&dTiTg
#*>J}1
|S(U7E
]18N[#M
p]pS)95C3k@
q1|QoTAa
6o9:k#*tt4y
0uGz;Dqz$/
X!-ByN
61)6(0
PBO4twWT
7n[+}t1CpFz
$+MRi*
&UByxN
o>3j&nrx
<~#'Hj
S0Hfdw
aV(8y(?!q
[\e{;aZ
#y_}>7U,D-P$`?/l
^0OO&E
y)Q"kf|7
(6I'XwgCBu
)6Wp>=mkh
YU,D3q
]9*Cn\j!
u:=~Sjz^w4,
D!m5HWVUf
I4g]Jy
754^1:
)1blsE
>`}]v/q
pN> 3D]S4uo
z^u4)]SNAIGx
-asIu<y
*(k`>M^
7z98q{
h@d)~_
R'@eMm~;
2L@q+0
/Z5w]U"T#d=
K4$&=|"
<#3'{+
#)t}KYc
kv~_<4
FQ;t1]
EsjhS+ML3Q
f=~[+VX7Sr
2z!OJ-_
#r9y,u
wJ^Y=(>!Tds/wy;r
j^lt<]$8-E:Qa
_Bf(o`
2zT3&1
Jt_8$j7G0o'{qeB
hM-}2E`xdirfS
4Zu"^`$*A!
/Gx)0M
|cO-6@[r
p*rQ2
-60ng>rqG0d
FZf:MM
'8>\@&
a*(2RxDN
:<X'
`P1;_U
2Ncr=
>`2<F`_4XRrHoHd
LCXB+Eq
!k<RnfP
AA?)g=PnH
a+92]2X)w
;sNMQ'McR
ZkmF34|i~a!;y2cl]r
dGI<dE
auF~IIo
72IV??^Om
j0:cq)
6L8e zSq
n/6ll6
vz{XXx#]
)I8Xx/
8k<x9Iw
D:pLo<wDB7_
:!4?R~*
7$hD[lW3
$S3k%]g
n64uzWB\=
d8a}1vv e[S|M
r.d07kz
!};x29
K>iNzX@
5n|\ u]6
/kg<Wj
aQfQ+U
Jfs/fw
$*%q7zyY
}7t'L*D
!`YQJ~BA/_$i<;%
Fh_evo
!'GY@,W
UgAeYd
)$(fUu&m
"is:~r.#
Adnnok
?4p[5V 4@`STJ5
wZH\f&
/#H;C}F
qK}qk(c
>N<w(g\B
2@* O19w
y"PQWZ?{GKau
;XsK$r
^g$7ftm)\eyO
W5(t"?
r,<.dSkTli
m|E)>m+O+%(+
DZ.LPzoP
,Ah3u#bH46
l09W-"qd1
t0Kjd(
Z <((F[
%T{cv9FPTzSZ@
g1]hV7IeFe9ZHR
qo64KS(
{~OMgN*9
@SQ5ng9N%me.5
+Xyd"
,T'A8*
Jo{ "{!
yT}^e9nh|
w,KFg@
y>VRd4fK
t$-|t5a5
w"[S^[c
C)\Du'
i|*6l!r
kJUb"[
S{d1rBtJdX
/V`$z@Q
\[4Qz4
h{yaGL
TO9EVg
szvWJ}/&m
)=t_jOZ
2KG<>R
wv@~g/~klAI
=@i0f#oEQ2:h
\5a|;"
$u[e&l
DDa3h4$F
=4FC[E
vD)Zv4
OcFZ_*30
!d1V}]{
c0"gwBL
e%b-G'k7?
b 2hU$5Z_
_I~hKUS$
]CGP+?$tFR,
D ZF;$fkrR
b_I!9B\`}z
!~{{'y`
U^ WtISOq7oj
wI3UG:
{MI.DJSPx
>,1r6!
N&_d"]MM7:3
mP}4Yt
]z]H{+
y4iU *+
d|J;xF
DH:]T*cp
<>ruab
h3R]'5$
@R:].yF/
)CE,Zt
a4#^P
;;g'\|YcV
f5]ZCf:G
m,=?Nx#d
_mxL^j
=)xN%ZVnn!
n`O_2i
><Xl[
t9Xz=:SW
CoC]!W
_|>Cx1
qz|]#RT
P1-i/^45
,2<]en/9
q+s@G<wh
vDm#U,yN
(n[<zEH4
(<cKK]
W^u/s-B
541G</$vu%
E2J9UZ9`J#i
}:lh<7
s8/DY[%
s|,$#WLgzTa1
{<x}6c)-yYYDz
1p+B@~!m
:-=o;W=7
b^qQ`r&3}Ey
G/T9Rq|My
($i/z=*$aq.
%?&EF$5
(;BK0N+u
+M>&k{\
=.I5g7'
?K:>7v%@B(
OYFa>vQ
+~pw:e9~
|tsprNE
Z:7(V{
Zg~V_8
n_TxJd
0?"O5ti(n
y-?9~DhKe o
;QvN60/
G%u[jmY@8!rn!CQL2Ox
d`o~KJ1
XtVT=#QD~
:|;[66
Nf')t\\ M
U\opgxv
Dv^?Ph
=:xXy#O1Du
QiJ"cJ] H
{]`y>.Fv
e<IV9!
5{e{1c
5{l+nT
wnY)N6 Q{
D7[UmJYS
x<:4AYK
v hy4G|Cd''k?cqnm h.$F
7|X+>=v
BBM|C&
F=6>;7hn!
njq?*n
{TIh&L;rQ2dEe5tGo
k-Ks@U@tkmd
"\gDlEI
Nu7~C>8?BrH
NY=reC
j}#\h;T*l]
vZgRK-
BLo`FM
P5;V<e
G<H6<;cC*M
zyy!@9d`KdAj8
nJ =zYX$Vg*}-+a:|.p
>U" '%
b~5rF5
fcRgDF
M;W@Z_xYNQ+g@I
UU#IT2
z>y0+u0CF
ru-\SQO
+^wv!J
*mR%Hu
X(lwwJ2
I)u*^,50
]!_rian
p7:.n?
_xld;b
VX_")9
$ktN%qhj
MIDUVa
J!{_z6yr
*DY@g7V[
Wm%uQQx'
HULoA<
)!k~[}G"vP
B;x^IH
)/MK[*
c?JD0
=k>@>\.
4"t^n%h
{, ){y
_#85IJCA
ZU4Q@]0
8&,NCV
s<$:e@-L
+\%W\jwaw
k[)aOnJ^
klH,7{
C6bkic714'{
0*z`&kfe
1(HK28
9H/reNU
Ck+(IC
ECdifPxlWb
#>8VUj?W
K,7#bJV
@gv};4?
9 Sbj@pP9
iL;Lx<
<Kfy)$
VF'RUh
!&cQ6u^2htd
7VHB,^Jg6:
{XPXs#U
rLP5$U
0|PZ^A:Q@
r5'>~p
'I^ev:<<
vOrG>$JWbK
^\-G%r
[BBe"JiKnG7wYk
L&Jx]hzN/YW
:qCgpG[j'_R
\@~UzP
A5>"24
@_+1$[W0RE).FVS
'A,^^**
FU_&]K
|wG*)Q
zeuooC]D
O|'Q($
:`v3Vu%UY
?g;S]!_H
n3W1AS; DN
u1$=Kc
h^Ayf7
5D=c9ojG;%"y/[
V]#;;qI
2BEI36&64o(IV[
A=)BoLCWa"a
X$>0[p
U..I??
-$*rrS;
wY<amjfx
K~5Y)t
0fq:FH
??==KD
2IGT?bD}'
lGh@C)e
azcSVR:C
/GfQN6DZ
ZTy%U=
N($XaH.
gE_g`+UQ
Aa]S!kN`]Z~-kh
H0"+%&
1S@y0e
*zP1^"]
u2g[8Lh;zB!SBRsm
4o!#39bn;.
z""c#C1*g@T0q
n'7dc>U
DDuk(7
w#cW /c
A<d!nX;
@ERdET
mX+jS-
\.$%^ c
rT;dl,!dEC
Bv@$kI
kvXNYS8o=@^
\E%V.~u@
,,n >:n&-#M57#c
"G~~?$)
,g>(E%
n/nC{M~
dP$-YY
#MMjuo"C{b
]op<BYd
6Ix,q"
l{5J
g=/6`w\
N>?*c7End
@n"]f6uo
r=/K7 -N
{(cx68u
L^vj7vL
gXR5}U6+
la&``c
n~T(sZx7
7`q<"(F
4HqTi 2v
OR(ryt3M
.6\PW\zc@
KcO\plGpF
"&!9wH?0c
LnYAKr\
{OV+<?:X
$4Ltam
NWu3%qS~
Mm2V*$K)mX
I4$i'q:ZA
M*Dnn$C
4xKE4S4s
fx&`Jb=
X[%aSm<
83o~@T
D_K>8V
7if#NTkLmLOl
EfV>TR4+bs
WRoa[%
[Z~mujH8
kG!%#1
{oig4j'oD
Qx*fWLkp.}my
Q}^oK6.N
pl`s1g=4. 55
eF~PR4M\8@Of^
hTV#Xt6
E)5:Ud||*9\I7dx}H
Sap(}zG7(4
*dxx\=@vjl
6@[Rw\
VtcN3ds36
-t<kE}juz<\i>
$l`-<9
*(rtZ>GF.
E7(HUaMB
~OZ3VwI!
1\.Nk?p
%`<Eyg7!
b9"(N!f1
r@@SYng]isS
23_bDfO
B905-Y>
\,Q<MG|
F;|b~Ri>q
WR4N{]
J-iJ3.
$<*"I+
ux`y"7
]eU5Qm=:ZH
*&s2S;.Ju
D-aFR,&/8Y3PyaCGXr
Y|weFQdBH}
2+(zhU<
=-Us>k*/ '_Y
#{'/\
wDZ9Hkhv(
-p]NaH-q+|
)#e9l^
AI"FiJ
Vu\<V6PYmv N?[
-yh'~V
3]M.#mq
mv9?K(L
DBuA#L
xH@ez5B;
~Y.WcpDpg$<Bk
|S8.q;v
F2lr3n
{np'+J
_*MV-74px,
:Sj`NZ^
4@zV6t"
Yz)bJ(,<dJ
bU#l,_Jg
#,<6d
T@A4)?
cGAF?P
g4b4?^,
s;~)rY[c(#
+"WJuh@iF
+0)c!jm(P
mPN}*u
`K$=zbk
9"Km%1S8
[N8*VM
FPnG>5
3Eo1Dqf
|y*a#8^9Y=]TY~d
E3SX}>|!J#/
';N{
wlI@/96Mst-7w
yiN_o(7
<CjqMFr9
d+'S*P
}'$"R}
Milzsz1B{3^
rczqbHA
X{`e5zE\y{:
v@RC#(
Nh1V'8-
m@QJU6)g^_
GiLSEa[k
mVe>UE
6KTdDi
_Db\l.}
c|c8yd
g9).vm2`
MCjGn}
tiRJ?3rKSFz%
"HdArl|
L`2$@h(
^<AUER
X)to{R
"z5brjcBQ>S
80FL@473o
i,QSHr
5#G_["
)a(|yBVld
w^Kp7EE2
+@#F:
\Er"/W
Z"s?F?Ia)
N!`x-pR&(=
P\Ey;YBr
'Ze4K?
gZyp1Z
H>pAZ5dTtM
30nj,2B(
4{gUQG
|R_;iiW!#
RiV~_F/ Ir_.gW5
0;^Sy6D`
ikjbC'2w]B
2V*`|8
"Sn82^uO/IC@
jZ#,GA
g)K_Mw)
xS`%;0
AO\-E#
!"KRt8&&
=eNkF#
FftHF@k4]
v1m5Kc
+U5q] rwm
0A)39?B4!
J[.U?S
ceH*Q}
ytA)dp?
%fgL'\gd||Y*4
ZnFnC2T4
'O}^jIr
Uh`YJ:dk(
S?-4mm
kZD5UOQ
s%@b"b
w$k24ghs
3|TihRjo_f
.`)~*18_Tae
.1xG\r
x&X7]YN!e`
KBKqw
~o3kWN
Zg?D/i
69`4F%K@
U\|Yw!f
U?$~+f<
>K2x++})"ov3
e\UF=J;I
"ohKa.
S`;*}S@cKiu
OyTI|uRMYT
r(2`SXL
& aH@KX
U/d}c\
u-MWAw&t
#u~%;Rf1
dN9N{0P
$*@.<C@.@3j`+$l
7J]QSM
U1>^IA+CU<
.adFVc?f/
<E,k\*+j=G(#LG
$JiOAN
>P$E%Os
~8Gx=3
m}y#"Rgv&7C
]@m3at,
>"PZHiuy"&
tX|Zrq2
KC'',CZIgQoG6p<>ki'H0
JHjFCVyxWEM/<
p]ju7M:pRN
ND7|p,O7Go4
db;Vr,7
v]01uH
ym':jTx
`at)E'
&%/U'E1Fs
xFxY{]
(2[7`{3
(d~MkPjI
ahq>:T
o !}t<el^{NwN;T9~pFx?:u
4x3K*9PQ
r(8lIf%R."
;kZ.X}m
t&i/3;F#BpI-n
3$M;;s
,l($2)
RRKk'+
McrRv!"lC
pPiTdJ!
H9]h.^^Xx
%?e"_xmL9
~[$4iq
(xFD*03gwl=:
eG)lE_
BK}+eEF[
M_Lb)}e
jVS}L[|A<
t4c5J$`
C+]'J6H{f9#U
e<ZC2%K9v*.Q%
/l&<1}
pZ</xf0#mt#'
tfs8gZ
EJJ^hkFw2M
S_zJo>nKR-
@%hB?5W{,k
#D?<sD
2c}>Fd
:g{4):
%"ca?,R
HM$Z$L
/}L9uf)B
SB:Vp}
_A0Zm.xXwVj
%Hk]p=7n
cfz|X7H&7GO-gg:
k.^AbI.(
yp`2P$6z~
A~J1z@n
^-%8*GZ0=6m
+Fs7HQ
"t|WJkaR@
qgKh,n=s7
F BS\oEX5
7Sw"WB
BPTCz"]
gM,$b\1hG
!B*`iY(Nl
nXwBI+hsL?>
!$6AP5)</
+\`nx1cwrH,
S1QE%nT#
o"{:ln$5N"
M@=snY
BqpBT$
.#VFo)m,{
Y.UoK@
0hRCt$\
nj5DIZA
/5[S>[ol
+x.bMm
lFwFea
;YBQica
-f,l^_vv!LS
ExG.^I,/g:
]}71l
/ -a*X+z
47P1'S
ki:f0Z
AXMQdm]P[VZ
VQolbKa
aJi4J@-G
d)U"3DQat`]?KHa]aKJ
,[KR{e=Ouu
>[+u^0r0m{
$UNo.y
{k"]wR{{
*Zx&C(ud
L)vQT2g
wxpi_f-^i
:Ikx<?
d$ELG.-fUMV]
E:jZ_Xt$V7s'XNhf
C*ATZfCC>=
E{b $n>6Q
5/wyB0
=ZAb{*
yLm&MAe43
d8ln[J
vd)M4O
!(q;)fAx
(Tt|i#
1e(O\t 6H??4;
E9&(<yBa
"~0|@T7
J5j(3B6
7709uz
uRY|F)$
&{Cj%U#TQTIn
_Sf`^)=%`
AS.CN9u0);6xY^D{F
3\}*fE
%t!,m Z h-4[qa
qp$<a
E1wKT-FuN_
~,xWPw,
.7@KM_x^rzr5oiZR
@oTQS.}H/
23mc9<\||D
ZvJKq7
t*rsW..t
58k`XBOP
XGRA)R#
w1\G/|o9M2g~ne
l FCh`T2
D>A>KP3i
Ga0@$1/6Q
Ve=)Qd0Y[jS
1t9fu1#m
!e^H>ZHYY"
V#T,^.<e
C}W|cN[8
j~!V4 |:Rk
3,uQhUIc%-
S(BE?O4 hTtQ
IEJq#{
-~WH}cIs$%{
XRZ=&A(~#Pe^g~
A%*8E/nWWuC{BR5[&t&OR
cgW~i6-,
?4!OaY+
@93]S45<
K.Y0R3
GZR5M$b
3`5/TCzK
RO)2QXL;
bfJJ@Cy
eHTBL:%rv
^6U=]!?Qty<
C^MI-pj
`"7eg/
H/'#v$&
NK2eM(
2~4]q~
J`Mq[XNaxiwiyovizi cesehi. Zuji. Zayonizi nukisihinitufa. Toto. Vohewimipuzigo vujo. Ziluwiba duyoxitiji gudesuhanudiwu togogidifego ribiwi. Xelozopo vuzevoku bomunavepoxa. Rozuhi furajodacira rici vu. Posamizezahoma sowa kuzukaku pikikumujagu. Bolagijona vaji goyupori dukaferaho doma. Fe miro cidarejaxulada. Wimidu vita namiro gifunohabu. Zonovitekicole. Senimupezumo tibopine cesaxi kulatebu tohutejijobodu. Gorekosore cu. Sotubatariki yahavixurifi zakixuhikati. Pucaxege cavapu baxaxihibofe xemeda piposi. Jepa finarado lonumuwi witowepore jezalefewu. Xamuxetajo vowota xayulawuze juvinehi sivihohicefo. Gavohazobuguku wutikefe vasukena he wehovemariwi. Kuji. Nuce wu zazaludava kofafaho. Fecuzalo citotebo sini. Muse. Buyubepi jepapuhasovoco. Xuvazegesu cidulasabaho. Homege vulaheloyeho zojikilova. Xarujufu rodehuha movetoke tumodifejigefa sozamoluyugihe. Pipi gudisirabuzo gasojisorizose xabone ramuyokezani. Borukike kimuxurupo vo jurota vugoyiyiyugo. Se kadohajedumiya bedaseyeru xiyehoxi deceka. Jegexoza. Yago pegiyutu. Suwofobo likuhubujoju. Kalolijogagu. Lucu rukeyuroyupo hevelivudu biyuyinaxo deyadosawe. Wecarixa gevire. Huhusezoyifu wupivizi majaka. Canalu hibuzo. Lufa forafodujugi foyu nice. Kino bemi tokuwaci ti xaha. Luxulugeze loka. Xefa mo. Lali yevexefa. Ki wobekoye tepezeso kaxo vovahoteri. Bewivojohi ki noniwohela gobaji rasu. Larulegafe. Fojixejalugi vocifa. Wizaletexi rubodoxuye budamo. Zi gohaxa faze. Nevidizaho kaledeti. Cegodacegudoha komo jewehogidi. Pokafusuco jaxifogujeyi tabemojeyuzeba. Zobupuyobume telawe fibudi wuzahibeligaca kujakaco. Zazususe zebo. NMogigaxu jazajiyanivo xazowiwayepa xoliwuropi yena. Zizofoconalese yimucayedupoxi yoni cemibehahasepa wudehukusidada. Ga raterisovuhihi culico yamiyobe wijayerosoro. Rerojufebu suyiyofaki tawevile. Retixa. Haweraluzujice howo dizoduremefu lebitineka. Tixebalewufevu jokagomi haci. Ceyeyeva. Xu dizerafasuma teva kuvoko gumi. Wubotahutu. Cozamevijihara bemebopoboze ha rupuyucitefuvu. Kuyide diyejuyiwadu toxazepayuwene sihuho. Sicefulecu. Zidatobo jose ya tuta. Lasuyi. Dofedapobuwona yarutaperarupi. Xoyowahu. Le pokikuwu cetumagikezaca. Cudi cuzodaneco lolaruma. Livuzawujuki gisunu doxefesepexu jerivu gelavo. Mejucalowoxuwu yelepenada rajuhojoji nupucayirure. Dopofoxobanijo di. Rivu femaxu sunu. Tave. Cehenubepuhu. Guwu jejixa. Fupa. Celu nuyifunoga ceboraco yenu salu. Waho zepumojuhogo runufi gunato. Duhokejekayila kadolipowe. Lilebaxupewu. Rixazona notalefebuhafu cayepe. Caxubofosero gatidifevice zako wukewofe javehebajigivi. Hazifuyacizo gizanugipayacu cipi wetewavasaloge ju. Xosidijoha ruxayo gorayociceneho. Zogo lehejosazobi lono ziwova. Zefabofavisefu no tu dovo zawe. Sojimetasujine. Fegeci panoluyi fozoberifezi. Dawazugeniyo kuluyese. Puhezimosa fodiduse. Pejacudage muvafalomi. Seyicu watitakoneyepi josudotakupove. Temulavifiposo xo hilujusucufusu sabohenihide. Yadizerule viyahudejita fepijiwageku. Wizume delocifuca. Voxilituvabuju. Pexoyixuha pikosihemuku xabi kugikijabe. Sogutuyo. Zukonipihowu. Socegutosi. Xuxacojofodago luhi tokihonizezige sojeviloha. Mocugoro zotahujamiju. Ru ku. Kiyipucajetuto. Lorubewoma pebo kazumigesa kukixoyefe. Puwahujecugetu tunivilera luwafujojoxa rukuluraza punekuce. Dola. Pe. Dubojirehebe taje. Daragulu yoda wo hura curemaxojo. Sewu majamepozo teramexizosi makelu. Xepuve mirazele rinekabatigiso jero jezotolupasisu. Limurimejozuzu yu wako. Capavayifi. Rebiguheyi hemesu jukeyupo cunucipojafi. Yayamapi. Noneba zahi no. Jagoho xogamekixi. Tunodolekoxosi zeve kececudixetixa kehereseyeta. Sohora benuserevatake nevagumegedagu pegaleheru. Wagobukire dexu vuwajeyowu. Jovutuzudiposu xezoyirudipufo picivehopowegi. Goreri vekekarisarugi nilevusubo. Naxiwiyovizi cesehizujiza yo. Nizinuki sihini. Tufatotovo he. Wimipuzigo vujozilu wiba duyoxiti. Jigude suha nudiwu togogidifego ribiwixe. Lozopo. Vuze vokubo munavepoxaro. Zuhifurajodaci raricivupo samizezahoma sowakuzu kakupikiku. Mujagubo lagi. Jona vajigo yupo. Ridukafera hodomafe. Mirocida rejaxuladawimi duvitanami rogifunoha. Buzonovi tekicole seni mupezumoti. Bopinecesa. Xikulatebu. Tohutejijo bodugore kosorecusotuba. Tarikiyaha vixurifi za ki xuhikatipuca. Xegecava puba xaxi hibofexemeda piposije. Pafina radolonu muwiwitowe porejezalefewu xamu. Xeta jovowotaxayula wuzejuvinehisi vihohicefoga. Vohazobu gukuwuti kefe vasukenahe. Wehovemari wiku jinucewuzaza ludavakofafa hofecu. Zaloci totebosinimu sebuyubepije papuhasovo coxuvaze. Gesuci dulasa bahohomegevu lahelo. Yeho zojikilovaxaru ju furodehuhamove. Toketumo difeji gefasozamolu yugihepipigudi sirabuzogaso. Jisori. Zosexabonera muyokezanibo ruki ke kimuxu. Rupovoju rotavugo. Yi yiyugose kadohajedu miyabedase yeruxiye. Hoxidece kajegexo zaya gopegiyu tusuwofo. Bo. Likuhubu jojuka lolijoga gulucurukeyu royupo. Hevelivu dubiyuyinaxode yadosa weweca rixagevirehu. Husezoyifu. Wupivizimajaka canaluhibu zolufaforafo. Dujugifo yunicekinobe mito kuwacitixaha luxuluge. Zelokaxe famolaliyevexe fakiwobe koye te. Pezeso kaxovovaho teribewi. Vojohikinoniwo helago. Bajira sularule gafefo. Jixejalu givo cifawizalete xiru. Bodoxuyebudamo zigoha xafazenevi. Diza hokalede ti. Cego dacegudohako mojewe hogidi. Pokafu sucojaxifoguje yitabemo. Jeyuzeba zobupuyobu. Me te lawe fibudi wu. Za hibe. Ligacaku jakacozazu susezebonu. Lisetusi. Dafohixekaho. Tiyiwifuvudamo nixuxa. Hoto guboxisito fiji vahima. Daxucohecavu liladoxuna pibifuzidagoso sepuda hemeli. Buze vahilipe zi paxurotocomupe koferidima. Rijo ya neyevetuwipu febe dopiyocomu. Jiyezejosu. Suti me. Vuma vizase. Hapezo fogijuxo nucosego. Gilibobixayo. Gaciku yile tozoyihebe. Zobuwu ciwu docaduferojude. Wo cekodikici supizipikare begivine nasabugaku. Kucehali sozazelopu. Guyewotune dobeduhixotiwi rozacoyemibati yupihaloxu. Delihebomi waroti jaxosuhevoyeca. Mibezi. Vehudunine. Xawuvofapexa wixusu kazereraco sugoba lixiwezopizu. Sumokotucawo zibi yuhure nosuxipamenupo. Nagarozu kafoto vibibozuvema. Yuzute dorajuxeji lizuyo. Wijufebodoyi. Lubulicoki. Bageguzovewa nave. Togisadayaro jo hefajago matecawijataze. Pure duneyijomocu gaga. Hufi se nogifakeku honivasowomaza. Jitezapuvayi tolohu rejevu tusibebi cixidusawerice. Cizaxafixobamo yevetiza babagewoxodoce sapaja yeyazedexisudo. Yomuhosadegu mofipa sica. Jocoweno dipe ceciduju ciyexa wekozari. Xecufa zu kofatepaxudo cagigiyove kesodo.
jYU(U(U(U(U(n
GGGG$h
GGGG$h
GGGG$h$h$h$h$h$h
v"?v"?v"?v"?v"?n
GGGG$h$h$h$h$h$h
v"?v"?v"?v"?v"?v"?jYn
GGG$h$h$h$h$h$h$h$h
v"?v"?v"?v"?v"?v"?jYjYjYn
GGGG$h$h$h$h$h
v"?v"?v"?v"?v"?v"?v"?v"?jYjYjYn
v"?v"?v"?v"?v"?v"?v"?v"?v"?v"?jYjYn
v"?v"?v"?v"?v"?v"?v"?v"?v"?v"?$h$hn
v"?v"?v"?v"?v"?v"?v"?v"?$h$h$h$h$h$h$hn
v"?v"?v"?
$h$h$hjY{$B$h$hGGGG
jYjYjY{$B{$B{$B{$B{$BGGGG
jYjY{$B{$B{$B{$BGGGGkkk
jY{$BGGGG{$B{$B{$B{$B{$Bkkkkn
GG{$B{$B{$B{$B{$B{$Bkkkkn
{$B{$Bkkkkkn
jYkkkkk{$Bn
jYjYjY2
kkkk{$B{$B
jYjYjY22
2kkkkk{$B{$B{$B{$B
2kkkkkn
n{$B{$B{$B
2kkkkkyyyyyy{$B{$B{$B{$B{$B
2kkkkkyyyyyyyy
{$B{$B
2kkkkyyyyyyyyyyy
2ykkkyyyyyyyyyyy
--YYY2
2yyyyyyyyyyyy
--YYYYY
--YYYYYk2
---YYYY
---YYYYkkkkk2
---YYYYYYkkkkk
GCGCGCGC&&&&&&C
OGCGCGCGC&&&&&&&
OGCGCGCGCGC&&&&&&
OGCGCGCGCGC&&&&&&
UOGCGCGCGCGCGC&&&&&
UOGCGCGCGCGCGC&&&&&
UOGCGCGCGCGCGCGC&&&&
UOGCGCGCGCGCGCGC&&&&
UOGCGCGCGCGCGCGC&&&&
UOGCGCGCGCGCGCGCGC&&&
GCGCGCGCGCGCGCGC&&&
GCGCGCGCGCGCGCGCGC&&
GCGCGCGCGCGCGCGCGC&&
GCGCGCGCGCGCGCGCGCGC&
GCGCGCGCGCGCGCGCGCGCGC&
8sGCGCGCGCGCGCGCGCGCGCrSGrSG
8sGCGCGCGCGCGCGCGCGCGCrSGrSG
8s8sGCGCGCGCGCGCGCGCGCBpBp
8s8sGCGCGCGCGCGCGCGCBpBpBp
8s8s8sGCGCGCGCGCGCGCBpBpBp
8s8sGCGCGCGCGCGCGCGCBp--
GCGCGCGCGCGCGCGCGCBp--
GCGCGCGCGCGCGCGCGCBp--
rSGrSGrSGrSGrSGrSGGCGCGCBp--
rSGrSGrSGrSGrSG
cpBpBpBp
cpBpBpBp
8s8s8s8s
98s8s8s
98s8s8s8s
998s8s8s
8s----
998s8s8s8s
OGCGC8s8s8s
rSGGCGC8s8s8s8s
rSGGCGCGC8s8s8s--aaaa
GCGCGCGC8s8s8s----aa
GCGCGCGCGC8sa----aa
GCGCGCGCGC8sa----aa
GCGCGCGCGCaaa---a8s
GCGCGCGCaaaaaaaaBp
GCGCGCaaaaaaaa
GCGCGCaaaaaaa8s
aaa---a8s9
aaaa----99qBp
aaaaa----99qBp
aaaaa----9qqBp
aaaaaa&
--qqqBp
aaaaaa
cpqqqBp
cpqqq8sBp
aaa----
aac'----
aa----C
a----GCGCGC
GCGCGCGCGCGC999
GCGCGCGCGCGCGCGCGC9999
GCGCGCGCGCGCGCGCGC9999
GCGCGCGCGCGCGCGCGC9
GC----GCGCGC9
GC----GCGCGC9
GC----GCGCGC9
GC----GCGCGC9
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGCB
GCGCGCGCGCGCGCGCBB
-GCGCGCGCGCGCGCBB
---GCGCGCGCGCBB
---GCGCGCGCGCBB
---GCGCGCGCGCBB
---GCGCGCGCGCGC999B
--GCGCGCGCGCGCGC9999
GCGCGCGCGCGCGCGCGC9999
GCGCGCGCGCGCGCGCGC9999
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGC9
GCGCGCGCGCGCGCGC
GCGCGCGCGCGCGCGC
GCGCGCGCGCGCGCGC
GCGCGCGCGCGCGCGC
cpGCGC
-i]t{pt{p
t{pt{p
cpt{pt{p
t{pt{pt{p/U]
GCGCGCGCGCt{pt{p/U]
GCGCGCGCGCGCGC/U]
GCGCGCGCGCGCGC
GCGCGCGCGCGC/U]
GCGCGCGCGCGC/U]
GCGCGCGCGCGC/U]
GCGCGCGCGC/U]/U]
GCGCGCGCGC/U]/U]
#/U]/U]
#/U]/U]
/U]/U]
#/U]/U]
cp/U]/U]
cp/U]/U]
cp/U]/U]
cp/U]/U]
#/U]/U]
/U]/U]
\\/U]/U]
\t{pt{p/U]/U]
t{pt{pt{p/U]/U]
t{pt{pC
t{pt{p\
t{pt{p\
#--cRcRcR
#--cRcRcR
cRcRcRcR
#.Q.QcRcRcRlp
#.Q.Q.QcR
cp~~~~
~~~~~~
~~~~~C
cp~~~\C
cp~\\\C
cp\\\\C
Z@[AV@d9`?\7]=Z<_@];_?Y>Y8\;]=Z;\=G%7u!]<a=X<_;\7]?
N_:b7e;^:Z=`<a=`:^9Y@fAX4Z:[=^;_=_<aE^8_@Pfc@\8]@]<\8[9a:c8];_=\=a<`7];_2V8`>8o&P-e7^7_<WD\;Y;
O[9ZC]?\8Y:_=]<deeB[:Y8\<]>[;^9]=f9N4`:_9T5\:b?b<X6W4a;`=Y=`9^<`6\5Z<[B_<L/2E#^8Z:a?[7]6\<[4
ce9`>[:e3\6d=~O^9\;`5[;c>[;^A\5b9`=J3ZC[6\5a8\<e>Y9\:_9Z9`4^?`?Z?]BY<Z:[9X:B~/;{$`7^;_=a<]DY:a:
sc5W<`=b?~]|[<Y;_:[<\:^<_<X6\8\<F9\;a7a9[6^<S1\>`=]<[>`6[>Z;Y4[6X1[?^9[9Y=(F R-_7]@\A]9a:`:[7
~p[>\:a8{~NZ7cAc=]@Y7Y4Y<b<_=M8D4S;_=Mn>X;^?]7a:Z8[:Z>[8_<[@X8c?W=\=_;X9P<#J [:^7W9\>a7a5_:\<
Mb9~]_7Z7Z9_<a=X>WBV<[;Z=M6K=`:La
$wMc]7V<`@Z:Y=[@]>[=Z9Z>a8T7V4\B\9WA/l'?
+^7W>\?]:d:X6\A[9
dQU<]>[1^>\>_6]=[AX?c<C7F6:
r$z!uNe\=Y?[9]?]:d4[:_@[=a6[<_9[?^@Gc#M
T:Y7]9\=]=[>]D]:`Ab7~s
~J_3`7c@Z8`7^8a8\>[<b=C8E8-~"y#w
z"x"w^<W>a=]5_?^=\<`<XAV=]9_<\:\:c<a
N>w EaAa;`7X?d;Z6^:_>
o];\<b=]6]9b9Y6]9V:F6E5Og(z&u(~$z)2
X<`9W;^9Y7c:X:]3W9e:X9g@f@[9[6]9<vE
Ba:Y:X:X=d5\8`;
sc5^:Z;^@_B\8_:F9F:C9];Fb%tzx
z-V?^;e;_:_:`A`;]>[<\>\=]<`>e>]7a:-M
H4I~F]:[<`9`9~Nz\<^?
Fd9XE]>b8[9H@G8H=]>]6Nh'|
s!z"{&{?
\:V:a7^9`:[6\<_=\;]:b>[5]<Y>[;S06{%\^_:b6Y?a9[<^8]@_8V5
MW;`9_>X6B<@4C8X2\:]5@
}#z%u
xLe_1d6\;_:c<]>^@Y:[:S9V8`A]8]=]64t+A/`8~F^G`;b7`?Y4_Ac8
~QY8Y1N7K7B;MAYBT7T:[=2~{z!y&~'{Me`=`9];]=b6]8U<Z8^?_:X5_8[;a=U3,L
P5^6YV:KE^9X9d:\;`7^8Y=
oY9@:J:A;H8a9[;a;XD_>8#{z!u }#yMb[=_<Y=Z8\6]<\<`>^C`>ZCc8\8^=J+5{#^9^8]?
hT\9a:YB[<\>W?aA~s
gV\?]:]D_9U2]?
X8Z>f4\<`<_=\A^;c@a9_6_C[:`7[?3n#T1]8g
~L_;\;\<a6^B[Ca7f;\7~L
_3b<^8]<_=yh
$x#{"|0
^<[Aa7[<_8]4aA`>^:^<Z=g9b7[=^>a;N2)F
[?xRzQW:^>^:a=U>`5^9\=V6]>
Z@\7\7]D\=
wA`;W<`7Z6[:c8TA\<Z>Z<dG^9a@V;^>Z2\:_6@$h?h\=]<]?Z=b?Z8`7_>X<W?~~
X:Z9^@]2^=
zb^9`8[<]<\;]6[7[:\:c7_9_@\:[8R<Y>e8Y=[;b:n?^9Y3]:\>_=]7b>aAU@
]@\:[;YF`>sj
_;^8Y>a>1OcR1V:]:Z;Z=Z<a:]9W8`:X9f?^:c(P
[9Z@^9X:Y?\@]>_<
v^>[9^<d;\;\<
Y5Le!{
}"xV]_9Y7a7Y@X:^?^9Y4f=Z<xOyE
*1|"Y8^?a8[9^;yV
F>I2c<^<_4Z7\<]<Y?W;Pd#x$~#|%x+
Z<]3^A[8Y8[8\@Z<Y<{W
}S\>1v%R3[4Y?\;pR
eTH;?8L9[8`>[5Z@V=Z=Z=`9
w,w} {%
Z?Z3a9`?a>Z=[;c?a=kW>\?Q1)K
[9_8vU
dRL5H=D;VA^>\=U:b@]@b=Y@`8Z7m!|%x
y$y(_<_9Z9\<]7]8
u[xf\:bA`6=
jQH=H<C8I:U<[9]?b9_9aBZ<`9_>U8xd
Ocu"z#y z
|RhZ=a;^5b9
~qRJ6C5I;<yBn<rAp`:[=Z;WAX:^6W7Z;Z;
v!z#~%z#{Kfb>
E@rAn@r~
@o:rBp1wa~
tTV@O:F>K=BqDu:x:qZ6]7W;^?[@b=a<]@[7^>yl`9X=3
}#yM`Bu=n=nBo
rv<m5t;p[z
KB:E:K7I=cbCu9p8t_@_;[:\6^<Z:X4T>b;c=\:Z?\8Y@`;e7/
x!y:w:x<n9w
~:w>j?mbp
QG9J?G=PA~W<r<kCr[>V7Y>a5Z9]8X;[?[7\9]<];^:Z2X7]5Vdy${ vw
|<q>r;uby
iS:q<p
XD9O:H8C:
~O<s;k
Z\9T:]7^;[8\;^5W5[9mWbHcNjYbKhJkY]HSrN;~${%v
r~H3y!>+]9H2E9J7I:G8N0Y<\6b=kYdHfIlZeDhImZ_G^K_<]?_;V<^8b@[6^3]<e{
~'|%y zZ<Z<c8
~qf}t]
@'H I7H:I:G5B8H;[4]7c:\=`<[6[2]:[;]7c9Z6\8X8]@_7Y<]8`7Z:]?tQ`;/"z'y&z(}YBZ9
z}D]!,k'F3I8I<G;GB`?[;\A[>Z:`<e>c>^=_AZ;`:e8];V<\;a6_5S5^?b9
y[fD1"|1
dQm,1Q
<3M;C5A9W;Y6]8[CV9c=Y=^AX<a@V@\<^6b<d:dA_7[7\E_:]8[9_7_A[?Y8W=[:a7
Z3fay~{wzu~]sEUg+C8)N
C:H>G/X?_>Y<]9h:]4`6W:^<a3b7\=\>[7\;`<T=d>_:^=U<_>\:^;^=a9^<]9
`7d=bGt
mvx{}V'U
,H>50-o
L4F>`:a8V?]@];^7]=\=b8XA^5d;_;_:\;\CZ;^>`>^6a9Z:^8b5]7^9`<
~a3Y3[>Y>]9cMgO^@P9B6G7/p
</Q1`:`=_=]<Z=Z;[9_7_>Z9\<_AY<XC]9\<_;`9Z9a:\8\9^;d6WA]B
^9\?[6a=^:_7W5b9bAK;C:I9D6)M
N0\7d?[=X6b;^>`9c=b?_>\=[9Z9`<\<^<Z8[5^<a>a7^7a<X8]3~
W;Y:\<cOeL^9`:_<];b>F5L9I>M;,
Z:[;W;X5Y4_9`@c=`5`9[<]>_:[9e8_8Z=`@Y8\9S@[7c;rP
b>[A[9Y:zxuvflcN^9Z:U=G;K=F8S8P63x#S2`<]?b6W<[:T<^8]<Y6^;_4V6^9c9`;]9]9a9f:`?_<wS
~wUZ8_<Y:V8i^|{xzz~{h^^<Y?M=F8H<D8HAVCW/0L
X9Y:X>XA_=`7]=^C_<X=`<]9]8[>_8Z7X;Z?X<Y9yQ
nR^8]8^:e:\7nZy}uwy~t]:Y9_?I;I9H<E5F:b=^<4{):{&^9]>]8]8_;]=Y;^?_8\?aC_<Z?XA\?WC^C]9uW
xUZ7_;_<]E^>[;_:Y<cYf^]>Z9X=D:M9C:K;H5^?^6\9!Q
R/^;`>_7`7Y7]:a:`=^>[?b@]>d5T:^8Y;];
xX\7]7e7V<X<Z>\5]9`8_9d7\;^;U7G5K8G7K2R4\?U8U<T29w%b:]:Y6_A[;`5\7`:^4]<b=a4\8^8a?\>b4
~xQ\<[A\=\8]9gAbJ[7\;Z6_E\7W9a=R;M;H>C7?8^;[5b7`<a5F
+`8`>`9`AX?\8]9[?^=_;]7a:]@]@ZBf>\>
kX[8eCZ>a<b9c=]<siq
wjUZ7b:[:b?]AW;F:?6DAF9]8_8]7a;^7[A];X>_=a7]<Z;Z<c2^=[<^5Z;W9\5[=_7_;c;uQ
kYCV<_>\D`D]9c>[=bKv~yq
yc][7X7d<\=_<U9T>T>Z<Z?_@];c<_7Z:^;X@_>^;d6_<`9_AT8_?e6X9_=`<[;^>[6V=^AY;]9[?]9[?aB\8^BV8pl{{~{u
q]9\9X4[8V;bA]:];]<_<];YA`7a?\8f;]<];\;^<Z>Y:_AZ6_;]=X9^>`?Z;^<c8W:^;d9^>]9_<T2XAa5Y;Z<b9w
z|vj]_7]:a9[;\7`;Z:a<d8^7VAc8b;a9^<^:Z7a<
1*11111111111
2+2;2A2V222222/333333333
4N4_4444444465F5W5a5y555555555
666B6J6R6\6a6m66666
7"7(7-73797>7N7T7Z7k7q7{77777777
89999::l:::::::::
; ;$;(;,;0;z;;;;;;;
<<$<(<,<M<w<<<<<<<<<<
= =$=(=x==========
>K>P>Z>>
?#?)?/?5?;?B?I?P?W?^?e?l?t?|???????????????
0$0@0c0w00111111
2+222222222
3(333M3X3`3p3v333333
5Q5i5s5555555
616N66618<8{888
9909;9:::::?;F;[;;;;;
<X<_<t<<<<
=&=J=z=======
>">C>J>V>\>h>n>w>}>>>>>>>>>>>>
?<?|???????
000000<1B1X1]1e1k1r1x1
11111111111111111
2 2%2-22292H2M2S2\2|2222223
4,4G4444444
595A5L5[5m5M6W6d666666&7,717=7D7N7`7w777777777
8(8h8888888
9:9@9H9999999999Z:c:i::
;";G;N;V;;;;;
<<<8===O=m===>>>>>>>>>>>
??*?/?8?B?M????
2L2U2a22222
444n5555`666$858o8|8888888
9b9m9w99999
:=:P:::&;;;)<5<H<Z<u<}<<<<<<<<<<$=M=^===>>]????
0 0/0000*101<1s11$565H5Z5l55555555
6"646F6X6j666e75888k99A:M::::.<
111177
t0|00000000000000000
1>>>>>>4?8?X?x???????
0(0D0H0h000
7 7$787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|777777777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|888888888
9(989\9h9l9p9t9x9=>>>>>>>>>>>>>>>>>>
Mjs5Mw==
L!This program cannot be run in DOS mode.
i2h:2h:2h:2i:gh::1h::3h:)%:"h:)%:Ph:)%:
h::3h::*h::3h::3h:Rich2h:
`.data
@.reloc
otools\inc\nlg\private\inc\msfsa\faarray_cont_t.h
otools\inc\nlg\private\inc\msfsa\falextools_t.h
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
bad exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Unknown exception
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
nlg\lib\msfsa\faallocator.cpp
nlg\lib\msfsa\farsdfa_pack_triv.cpp
otools\inc\nlg\private\inc\msfsa\faarray_cont_2xresize_t.h
nlg\lib\msfsa\famultimap_pack.cpp
Internal error.
Object cannot be initialized.
Limit size has been exceeded.
Out of memory.
Object is not ready.
]ut5p?
W3+t#Hu7Vu
^3[UQE
V3WM0u
UVW39~
<|uCt7
t79V$t2h
M 3UE9J
MA3;~\U
E;}q}M
PE @PE
MPE+@PE
G;}|}]}$
F;}^U9]
z;~\;}T;]
Yt]U]U]
EVW3EP
jjjjjjjj
jjjjjj
jjjjjj
jjjjjjjjj
jjjjjjjjj
@jjjjj
jjjjjj
rehebetajedaraguluyodawo hura
curemaxojosewu majamepozo teramexizosima
sogutuyozukonipihowusocegu
tosixu xacojofodagoluhitokihonizezige sojevilohamocugorozotahujamiju
rukukiyipucajetutolorubewo mapebokazumigesakukixoyefepuwa
hujecugetutunivileraluwafujo joxarukulurazapuneku cedolapeduboji
bikugikijabe
hizujizayonizinukisihinitu fatotovohewimipuzigovujozi luwibaduyoxitijigudesu
gupegaleheruwagobukiredexuvuwa jeyowujovutuzudiposuxezoyiru dipufopicivehopowegigoreriveke karisaruginilevusubonaxiwiyo vizicese
Ji sohorabe nuserevatakenevagumegeda
keyupocunucipojafiyayama zu pinonebazahinoja gohoxogamekixitunodolekoxosi zeveke
hemesuju ni
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
@Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
KERNEL32.DLL
WUSER32.DLL
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
((((( H
h(((( H
H
GINILEVUSUBO
TUSIDAFOHIXEKAHOTIYIWIFUVUDAMO
XOFEZAVUYUBOKEJUNIKUDI
:Yokezaniboru kikeki muxurupovoju rota vugo yiyiyugose kado
Difejige fasozamo
:Hajedumiyabe daseyeruxiyeho xidecekajege xozayago pegiyutu
4Luyugihepipi gudisirabu zogasojiso rizosexabo neramu
3Xefakiwobekoye tepezesokaxo vovahoteri bewivojohiki
Toketumo
YCaverenixa datebicofu tiwefogucubohe xuviyicaya nemoyicehije tudexi cawomutegafe fopiwoze
oSuwofo bolikuhu bujojukalo lijogagulucuru keyuroyupohe velivudubiyu yinaxodeyadosa wewecarixage virehuhu sezoyi
Famola liyeve
2Fuwupi vizimajakaca naluhi buzolufafo rafodujugifo
Gezelo kaxe
&Yunicekino bemi tokuwaciti xa haluxulu
VS_VERSION_INFO
StringFileInfo
080904b0
FileVersion
5.0.0.0
InternalName
toofirtyless.exe
LegalCopyright
Copyright (C) 2017, gemkerzeip
ProductVersion
5.0.0.0
VarFileInfo
Translation
RESOURCE_FATOKENIZER
KERNEL32.DLL
smscoree.dll
nruntime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
((((( H
CONOUT$

Process Tree

0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7.exe, PID: 1612, Parent PID: 2244

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3008, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2004, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2704, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1996, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1176, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1928, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2388, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2728, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2020, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2916, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2380, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2720, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2680, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3068, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2868, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1784, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1640, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2012, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1104, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2368, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1528, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2208, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2856, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2412, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2808, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2352, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2192, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1808, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1760, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2940, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1700, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1912, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2120, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 736, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2144, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1152, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3028, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1156, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1200, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2876, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 696, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2604, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1196, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3012, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1472, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2520, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 792, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2920, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2812, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2348, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 556, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1632, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2776, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 904, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2236, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2972, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2324, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1984, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2664, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 796, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2108, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1072, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1980, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 328, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2992, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2092, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2724, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 972, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3016, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1192, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2256, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2964, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1140, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2448, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3080, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3144, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3208, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3272, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3336, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3400, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3464, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3528, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3592, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3656, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3720, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3784, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3848, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3912, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255
ipv4bot.whatismyipaddress.com
ns1.corp-servers.ru
114.114.114.114.in-addr.arpa PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
PTR public1.114dns.com
zonealarm.bit
zonealarm.bit
ns2.corp-servers.ru
ransomware.bit
ransomware.bit

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 57665 114.114.114.114 53
192.168.56.101 57666 114.114.114.114 53
192.168.56.101 57667 114.114.114.114 53
192.168.56.101 57668 114.114.114.114 53
192.168.56.101 57669 114.114.114.114 53
192.168.56.101 57670 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51758 114.114.114.114 53
192.168.56.101 51759 114.114.114.114 53
192.168.56.101 51760 114.114.114.114 53
192.168.56.101 51761 114.114.114.114 53
192.168.56.101 51762 114.114.114.114 53
192.168.56.101 51763 114.114.114.114 53
192.168.56.101 51764 114.114.114.114 53
192.168.56.101 51765 114.114.114.114 53
192.168.56.101 51766 114.114.114.114 53
192.168.56.101 51767 114.114.114.114 53
192.168.56.101 51768 114.114.114.114 53
192.168.56.101 51769 114.114.114.114 53
192.168.56.101 51770 114.114.114.114 53
192.168.56.101 51771 114.114.114.114 53
192.168.56.101 51772 114.114.114.114 53
192.168.56.101 51773 114.114.114.114 53
192.168.56.101 51774 114.114.114.114 53
192.168.56.101 51775 114.114.114.114 53
192.168.56.101 51776 114.114.114.114 53
192.168.56.101 51777 114.114.114.114 53
192.168.56.101 51778 114.114.114.114 53
192.168.56.101 51779 114.114.114.114 53
192.168.56.101 51780 114.114.114.114 53
192.168.56.101 51781 114.114.114.114 53
192.168.56.101 51782 114.114.114.114 53
192.168.56.101 51783 114.114.114.114 53
192.168.56.101 51784 114.114.114.114 53
192.168.56.101 51785 114.114.114.114 53
192.168.56.101 51786 114.114.114.114 53
192.168.56.101 51787 114.114.114.114 53
192.168.56.101 51788 114.114.114.114 53
192.168.56.101 51789 114.114.114.114 53
192.168.56.101 51790 114.114.114.114 53
192.168.56.101 51791 114.114.114.114 53
192.168.56.101 51792 114.114.114.114 53
192.168.56.101 51793 114.114.114.114 53
192.168.56.101 51794 114.114.114.114 53
192.168.56.101 51795 114.114.114.114 53
192.168.56.101 51796 114.114.114.114 53
192.168.56.101 51797 114.114.114.114 53
192.168.56.101 51798 114.114.114.114 53
192.168.56.101 51799 114.114.114.114 53
192.168.56.101 51800 114.114.114.114 53
192.168.56.101 51801 114.114.114.114 53
192.168.56.101 51802 114.114.114.114 53
192.168.56.101 51803 114.114.114.114 53
192.168.56.101 51804 114.114.114.114 53
192.168.56.101 51805 114.114.114.114 53
192.168.56.101 51806 114.114.114.114 53
192.168.56.101 51807 114.114.114.114 53
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51809 114.114.114.114 53
192.168.56.101 51810 114.114.114.114 53
192.168.56.101 51811 114.114.114.114 53
192.168.56.101 51812 114.114.114.114 53
192.168.56.101 51813 114.114.114.114 53
192.168.56.101 51814 114.114.114.114 53
192.168.56.101 51815 114.114.114.114 53
192.168.56.101 51816 114.114.114.114 53
192.168.56.101 51817 114.114.114.114 53
192.168.56.101 51818 114.114.114.114 53
192.168.56.101 51819 114.114.114.114 53
192.168.56.101 51820 114.114.114.114 53
192.168.56.101 51821 114.114.114.114 53
192.168.56.101 51822 114.114.114.114 53
192.168.56.101 51823 114.114.114.114 53
192.168.56.101 51824 114.114.114.114 53
192.168.56.101 51825 114.114.114.114 53
192.168.56.101 51826 114.114.114.114 53
192.168.56.101 51827 114.114.114.114 53
192.168.56.101 51828 114.114.114.114 53
192.168.56.101 51829 114.114.114.114 53
192.168.56.101 51830 114.114.114.114 53
192.168.56.101 51831 114.114.114.114 53
192.168.56.101 51832 114.114.114.114 53
192.168.56.101 51833 114.114.114.114 53
192.168.56.101 51834 114.114.114.114 53
192.168.56.101 51835 114.114.114.114 53
192.168.56.101 51836 114.114.114.114 53
192.168.56.101 51837 114.114.114.114 53
192.168.56.101 51838 114.114.114.114 53
192.168.56.101 51839 114.114.114.114 53
192.168.56.101 51840 114.114.114.114 53
192.168.56.101 51841 114.114.114.114 53
192.168.56.101 51842 114.114.114.114 53
192.168.56.101 51843 114.114.114.114 53
192.168.56.101 51844 114.114.114.114 53
192.168.56.101 51845 114.114.114.114 53
192.168.56.101 51846 114.114.114.114 53
192.168.56.101 51847 114.114.114.114 53
192.168.56.101 51848 114.114.114.114 53
192.168.56.101 51849 114.114.114.114 53
192.168.56.101 51850 114.114.114.114 53
192.168.56.101 51851 114.114.114.114 53
192.168.56.101 51852 114.114.114.114 53
192.168.56.101 51853 114.114.114.114 53
192.168.56.101 51854 114.114.114.114 53
192.168.56.101 51855 114.114.114.114 53
192.168.56.101 51856 114.114.114.114 53
192.168.56.101 51857 114.114.114.114 53
192.168.56.101 51858 114.114.114.114 53
192.168.56.101 51859 114.114.114.114 53
192.168.56.101 51860 114.114.114.114 53
192.168.56.101 51861 114.114.114.114 53
192.168.56.101 51862 114.114.114.114 53
192.168.56.101 51863 114.114.114.114 53
192.168.56.101 51864 114.114.114.114 53
192.168.56.101 51865 114.114.114.114 53
192.168.56.101 51866 114.114.114.114 53
192.168.56.101 51867 114.114.114.114 53
192.168.56.101 51868 114.114.114.114 53
192.168.56.101 51869 114.114.114.114 53
192.168.56.101 51870 114.114.114.114 53
192.168.56.101 51871 114.114.114.114 53
192.168.56.101 51872 114.114.114.114 53
192.168.56.101 51873 114.114.114.114 53
192.168.56.101 51874 114.114.114.114 53
192.168.56.101 51875 114.114.114.114 53
192.168.56.101 51876 114.114.114.114 53
192.168.56.101 51877 114.114.114.114 53
192.168.56.101 51878 114.114.114.114 53
192.168.56.101 51879 114.114.114.114 53
192.168.56.101 51880 114.114.114.114 53
192.168.56.101 51881 114.114.114.114 53
192.168.56.101 51882 114.114.114.114 53
192.168.56.101 51883 114.114.114.114 53
192.168.56.101 51884 114.114.114.114 53
192.168.56.101 51885 114.114.114.114 53
192.168.56.101 51886 114.114.114.114 53
192.168.56.101 51887 114.114.114.114 53
192.168.56.101 51888 114.114.114.114 53
192.168.56.101 51889 114.114.114.114 53
192.168.56.101 51890 114.114.114.114 53
192.168.56.101 51891 114.114.114.114 53
192.168.56.101 51892 114.114.114.114 53
192.168.56.101 51893 114.114.114.114 53
192.168.56.101 51894 114.114.114.114 53
192.168.56.101 51895 114.114.114.114 53
192.168.56.101 51896 114.114.114.114 53
192.168.56.101 51897 114.114.114.114 53
192.168.56.101 51898 114.114.114.114 53
192.168.56.101 51899 114.114.114.114 53
192.168.56.101 51900 114.114.114.114 53
192.168.56.101 51901 114.114.114.114 53
192.168.56.101 51902 114.114.114.114 53
192.168.56.101 51903 114.114.114.114 53
192.168.56.101 51904 114.114.114.114 53
192.168.56.101 51905 114.114.114.114 53
192.168.56.101 51906 114.114.114.114 53
192.168.56.101 51907 114.114.114.114 53
192.168.56.101 51908 114.114.114.114 53
192.168.56.101 51909 114.114.114.114 53
192.168.56.101 51910 114.114.114.114 53
192.168.56.101 51911 114.114.114.114 53
192.168.56.101 51912 114.114.114.114 53
192.168.56.101 51913 114.114.114.114 53
192.168.56.101 51914 114.114.114.114 53
192.168.56.101 51915 114.114.114.114 53
192.168.56.101 51916 114.114.114.114 53
192.168.56.101 51917 114.114.114.114 53
192.168.56.101 51918 114.114.114.114 53
192.168.56.101 51919 114.114.114.114 53
192.168.56.101 51920 114.114.114.114 53
192.168.56.101 51921 114.114.114.114 53
192.168.56.101 51922 114.114.114.114 53
192.168.56.101 51923 114.114.114.114 53
192.168.56.101 51924 114.114.114.114 53
192.168.56.101 51925 114.114.114.114 53
192.168.56.101 51926 114.114.114.114 53
192.168.56.101 51927 114.114.114.114 53
192.168.56.101 51928 114.114.114.114 53
192.168.56.101 51929 114.114.114.114 53
192.168.56.101 51930 114.114.114.114 53
192.168.56.101 51931 114.114.114.114 53
192.168.56.101 51932 114.114.114.114 53
192.168.56.101 51933 114.114.114.114 53
192.168.56.101 51934 114.114.114.114 53
192.168.56.101 51935 114.114.114.114 53
192.168.56.101 51936 114.114.114.114 53
192.168.56.101 51937 114.114.114.114 53
192.168.56.101 51938 114.114.114.114 53
192.168.56.101 51939 114.114.114.114 53
192.168.56.101 51940 114.114.114.114 53
192.168.56.101 51941 114.114.114.114 53
192.168.56.101 51942 114.114.114.114 53
192.168.56.101 51943 114.114.114.114 53
192.168.56.101 51944 114.114.114.114 53
192.168.56.101 51945 114.114.114.114 53
192.168.56.101 51946 114.114.114.114 53
192.168.56.101 51947 114.114.114.114 53
192.168.56.101 51948 114.114.114.114 53
192.168.56.101 51949 114.114.114.114 53
192.168.56.101 51950 114.114.114.114 53
192.168.56.101 51951 114.114.114.114 53
192.168.56.101 51952 114.114.114.114 53
192.168.56.101 51953 114.114.114.114 53
192.168.56.101 51954 114.114.114.114 53
192.168.56.101 51955 114.114.114.114 53
192.168.56.101 51956 114.114.114.114 53
192.168.56.101 51957 114.114.114.114 53
192.168.56.101 51958 114.114.114.114 53
192.168.56.101 51959 114.114.114.114 53
192.168.56.101 51960 114.114.114.114 53
192.168.56.101 51961 114.114.114.114 53
192.168.56.101 51962 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 51964 114.114.114.114 53
192.168.56.101 51965 114.114.114.114 53
192.168.56.101 51966 114.114.114.114 53
192.168.56.101 51967 114.114.114.114 53
192.168.56.101 51968 114.114.114.114 53
192.168.56.101 51969 114.114.114.114 53
192.168.56.101 51970 114.114.114.114 53
192.168.56.101 51971 114.114.114.114 53
192.168.56.101 51972 114.114.114.114 53
192.168.56.101 51973 114.114.114.114 53
192.168.56.101 51974 114.114.114.114 53
192.168.56.101 51975 114.114.114.114 53
192.168.56.101 51976 114.114.114.114 53
192.168.56.101 51977 114.114.114.114 53
192.168.56.101 51978 114.114.114.114 53
192.168.56.101 51979 114.114.114.114 53
192.168.56.101 51980 114.114.114.114 53
192.168.56.101 51981 114.114.114.114 53
192.168.56.101 51982 114.114.114.114 53
192.168.56.101 51983 114.114.114.114 53
192.168.56.101 51984 114.114.114.114 53
192.168.56.101 51985 114.114.114.114 53
192.168.56.101 51986 114.114.114.114 53
192.168.56.101 51987 114.114.114.114 53
192.168.56.101 51988 114.114.114.114 53
192.168.56.101 51989 114.114.114.114 53
192.168.56.101 51990 114.114.114.114 53
192.168.56.101 51991 114.114.114.114 53
192.168.56.101 51992 114.114.114.114 53
192.168.56.101 51993 114.114.114.114 53
192.168.56.101 51994 114.114.114.114 53
192.168.56.101 51995 114.114.114.114 53
192.168.56.101 51996 114.114.114.114 53
192.168.56.101 51997 114.114.114.114 53
192.168.56.101 51998 114.114.114.114 53
192.168.56.101 51999 114.114.114.114 53
192.168.56.101 52000 114.114.114.114 53
192.168.56.101 52001 114.114.114.114 53
192.168.56.101 52002 114.114.114.114 53
192.168.56.101 52003 114.114.114.114 53
192.168.56.101 52004 114.114.114.114 53
192.168.56.101 52005 114.114.114.114 53
192.168.56.101 52006 114.114.114.114 53
192.168.56.101 52007 114.114.114.114 53
192.168.56.101 52008 114.114.114.114 53
192.168.56.101 52009 114.114.114.114 53
192.168.56.101 52010 114.114.114.114 53
192.168.56.101 52011 114.114.114.114 53
192.168.56.101 52012 114.114.114.114 53
192.168.56.101 52013 114.114.114.114 53
192.168.56.101 52014 114.114.114.114 53
192.168.56.101 52015 114.114.114.114 53
192.168.56.101 52016 114.114.114.114 53
192.168.56.101 52017 114.114.114.114 53
192.168.56.101 52018 114.114.114.114 53
192.168.56.101 52019 114.114.114.114 53
192.168.56.101 52020 114.114.114.114 53
192.168.56.101 52021 114.114.114.114 53
192.168.56.101 52022 114.114.114.114 53
192.168.56.101 52023 114.114.114.114 53
192.168.56.101 52024 114.114.114.114 53
192.168.56.101 52025 114.114.114.114 53
192.168.56.101 52026 114.114.114.114 53
192.168.56.101 52027 114.114.114.114 53
192.168.56.101 52028 114.114.114.114 53
192.168.56.101 52029 114.114.114.114 53
192.168.56.101 52030 114.114.114.114 53
192.168.56.101 52031 114.114.114.114 53
192.168.56.101 52032 114.114.114.114 53
192.168.56.101 52033 114.114.114.114 53
192.168.56.101 52034 114.114.114.114 53
192.168.56.101 52035 114.114.114.114 53
192.168.56.101 52036 114.114.114.114 53
192.168.56.101 52037 114.114.114.114 53
192.168.56.101 52038 114.114.114.114 53
192.168.56.101 52039 114.114.114.114 53
192.168.56.101 52040 114.114.114.114 53
192.168.56.101 52041 114.114.114.114 53
192.168.56.101 52042 114.114.114.114 53
192.168.56.101 52043 114.114.114.114 53
192.168.56.101 52044 114.114.114.114 53
192.168.56.101 52045 114.114.114.114 53
192.168.56.101 52046 114.114.114.114 53
192.168.56.101 52047 114.114.114.114 53
192.168.56.101 52048 114.114.114.114 53
192.168.56.101 52049 114.114.114.114 53
192.168.56.101 52050 114.114.114.114 53
192.168.56.101 52051 114.114.114.114 53
192.168.56.101 52052 114.114.114.114 53
192.168.56.101 52053 114.114.114.114 53
192.168.56.101 52054 114.114.114.114 53
192.168.56.101 52055 114.114.114.114 53
192.168.56.101 52056 114.114.114.114 53
192.168.56.101 52057 114.114.114.114 53
192.168.56.101 52058 114.114.114.114 53
192.168.56.101 52059 114.114.114.114 53
192.168.56.101 52060 114.114.114.114 53
192.168.56.101 52061 114.114.114.114 53
192.168.56.101 52062 114.114.114.114 53
192.168.56.101 52063 114.114.114.114 53
192.168.56.101 52064 114.114.114.114 53
192.168.56.101 52065 114.114.114.114 53
192.168.56.101 52066 114.114.114.114 53
192.168.56.101 52067 114.114.114.114 53
192.168.56.101 52068 114.114.114.114 53
192.168.56.101 52069 114.114.114.114 53
192.168.56.101 52070 114.114.114.114 53
192.168.56.101 52071 114.114.114.114 53
192.168.56.101 52072 114.114.114.114 53
192.168.56.101 52073 114.114.114.114 53
192.168.56.101 52074 114.114.114.114 53
192.168.56.101 52075 114.114.114.114 53
192.168.56.101 52076 114.114.114.114 53
192.168.56.101 52077 114.114.114.114 53
192.168.56.101 52078 114.114.114.114 53
192.168.56.101 52079 114.114.114.114 53
192.168.56.101 52080 114.114.114.114 53
192.168.56.101 52081 114.114.114.114 53
192.168.56.101 52082 114.114.114.114 53
192.168.56.101 52083 114.114.114.114 53
192.168.56.101 52084 114.114.114.114 53
192.168.56.101 52085 114.114.114.114 53
192.168.56.101 52086 114.114.114.114 53
192.168.56.101 52087 114.114.114.114 53
192.168.56.101 52088 114.114.114.114 53
192.168.56.101 52089 114.114.114.114 53
192.168.56.101 52090 114.114.114.114 53
192.168.56.101 52091 114.114.114.114 53
192.168.56.101 52092 114.114.114.114 53
192.168.56.101 52093 114.114.114.114 53
192.168.56.101 52094 114.114.114.114 53
192.168.56.101 52095 114.114.114.114 53
192.168.56.101 52096 114.114.114.114 53
192.168.56.101 52097 114.114.114.114 53
192.168.56.101 52098 114.114.114.114 53
192.168.56.101 52099 114.114.114.114 53
192.168.56.101 52100 114.114.114.114 53
192.168.56.101 52101 114.114.114.114 53
192.168.56.101 52102 114.114.114.114 53
192.168.56.101 52103 114.114.114.114 53
192.168.56.101 52104 114.114.114.114 53
192.168.56.101 52105 114.114.114.114 53
192.168.56.101 52106 114.114.114.114 53
192.168.56.101 52107 114.114.114.114 53
192.168.56.101 52108 114.114.114.114 53
192.168.56.101 52109 114.114.114.114 53
192.168.56.101 52110 114.114.114.114 53
192.168.56.101 52111 114.114.114.114 53
192.168.56.101 52112 114.114.114.114 53
192.168.56.101 52113 114.114.114.114 53
192.168.56.101 52114 114.114.114.114 53
192.168.56.101 52115 114.114.114.114 53
192.168.56.101 52116 114.114.114.114 53
192.168.56.101 52117 114.114.114.114 53
192.168.56.101 52118 114.114.114.114 53
192.168.56.101 52119 114.114.114.114 53
192.168.56.101 52120 114.114.114.114 53
192.168.56.101 52121 114.114.114.114 53
192.168.56.101 52122 114.114.114.114 53
192.168.56.101 52123 114.114.114.114 53
192.168.56.101 52124 114.114.114.114 53
192.168.56.101 52125 114.114.114.114 53
192.168.56.101 52126 114.114.114.114 53
192.168.56.101 52127 114.114.114.114 53
192.168.56.101 52128 114.114.114.114 53
192.168.56.101 52129 114.114.114.114 53
192.168.56.101 52130 114.114.114.114 53
192.168.56.101 52131 114.114.114.114 53
192.168.56.101 52132 114.114.114.114 53
192.168.56.101 52133 114.114.114.114 53
192.168.56.101 52134 114.114.114.114 53
192.168.56.101 52135 114.114.114.114 53
192.168.56.101 52136 114.114.114.114 53
192.168.56.101 52137 114.114.114.114 53
192.168.56.101 52138 114.114.114.114 53
192.168.56.101 52139 114.114.114.114 53
192.168.56.101 52140 114.114.114.114 53
192.168.56.101 52141 114.114.114.114 53
192.168.56.101 52142 114.114.114.114 53
192.168.56.101 52143 114.114.114.114 53
192.168.56.101 52144 114.114.114.114 53
192.168.56.101 52145 114.114.114.114 53
192.168.56.101 52146 114.114.114.114 53
192.168.56.101 52147 114.114.114.114 53
192.168.56.101 52148 114.114.114.114 53
192.168.56.101 52149 114.114.114.114 53
192.168.56.101 52150 114.114.114.114 53
192.168.56.101 52151 114.114.114.114 53
192.168.56.101 52152 114.114.114.114 53
192.168.56.101 52153 114.114.114.114 53
192.168.56.101 52154 114.114.114.114 53
192.168.56.101 52155 114.114.114.114 53
192.168.56.101 52156 114.114.114.114 53
192.168.56.101 52157 114.114.114.114 53
192.168.56.101 52158 114.114.114.114 53
192.168.56.101 52159 114.114.114.114 53
192.168.56.101 52160 114.114.114.114 53
192.168.56.101 52161 114.114.114.114 53
192.168.56.101 52162 114.114.114.114 53
192.168.56.101 52163 114.114.114.114 53
192.168.56.101 52164 114.114.114.114 53
192.168.56.101 52165 114.114.114.114 53
192.168.56.101 52166 114.114.114.114 53
192.168.56.101 52167 114.114.114.114 53
192.168.56.101 52168 114.114.114.114 53
192.168.56.101 52169 114.114.114.114 53
192.168.56.101 52170 114.114.114.114 53
192.168.56.101 52171 114.114.114.114 53
192.168.56.101 52172 114.114.114.114 53
192.168.56.101 52173 114.114.114.114 53
192.168.56.101 52174 114.114.114.114 53
192.168.56.101 52175 114.114.114.114 53
192.168.56.101 52176 114.114.114.114 53
192.168.56.101 52177 114.114.114.114 53
192.168.56.101 52178 114.114.114.114 53
192.168.56.101 52179 114.114.114.114 53
192.168.56.101 52180 114.114.114.114 53
192.168.56.101 52181 114.114.114.114 53
192.168.56.101 52182 114.114.114.114 53
192.168.56.101 52183 114.114.114.114 53
192.168.56.101 52184 114.114.114.114 53
192.168.56.101 52185 114.114.114.114 53
192.168.56.101 52186 114.114.114.114 53
192.168.56.101 52187 114.114.114.114 53
192.168.56.101 52188 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 61453904a592e1a7_jtvvbr.exe
Filepath C:\Users\Administrator\AppData\Roaming\Microsoft\jtvvbr.exe
Size 200.3KB
Processes 1612 (0ca5ebe5c247ac9ccaa2c1a90ba394cbd7b3748f478f3830c35c24d5f0c89ed7.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 32c99d88f31d0a82461962130a2c5c9d
SHA1 4f6e8e794d9c2fc2c2fa2507f2b2847ff0fd6ade
SHA256 61453904a592e1a73263ff4f589876989aefbe9ce54bb3af844634dcbd13ed8c
CRC32 78E1F540
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.