0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Vools-B [Trj] | 20190915 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190915 | 2013.8.14.323 |
| McAfee | BackDoor-FDWY!7531A1CAEB3D | 20190915 | 6.0.6.653 |
| Tencent | Trojan.Win64.Vools.b | 20190915 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 50 个反病毒引擎识别为恶意
(50 个事件)
| ALYac | Trojan.GenericKDZ.54942 |
| APEX | Malicious |
| AVG | Win32:Vools-B [Trj] |
| Ad-Aware | Trojan.GenericKDZ.54942 |
| AhnLab-V3 | Trojan/Win64.Agent.R260439 |
| Antiy-AVL | Trojan/Win32.Vools.a |
| Arcabit | Trojan.Generic.DD69E |
| Avast | Win32:Vools-B [Trj] |
| Avira | HEUR/AGEN.1040430 |
| BitDefender | Trojan.GenericKDZ.54942 |
| Bkav | W32.SmbhostPOL.Trojan |
| CAT-QuickHeal | Trojan.MidieRI.S5662055 |
| ClamAV | Win.Trojan.Coinminer-7000567-1 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cyren | W64/Vools.E |
| DrWeb | Trojan.Vools.16 |
| ESET-NOD32 | Win64/Vools.P |
| Emsisoft | Trojan.GenericKDZ.54942 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W64/Vools.E |
| F-Secure | Heuristic.HEUR/AGEN.1040430 |
| FireEye | Generic.mg.7531a1caeb3d9cfd |
| Fortinet | W64/Vools.P!tr |
| GData | Trojan.GenericKDZ.54942 |
| Ikarus | Trojan.Win64.Vools |
| Invincea | heuristic |
| K7AntiVirus | Trojan ( 0054e3901 ) |
| K7GW | Trojan ( 0054e3901 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.Agent |
| MaxSecure | Trojan.Malware.74214413.susgen |
| McAfee | BackDoor-FDWY!7531A1CAEB3D |
| McAfee-GW-Edition | BackDoor-FDWY!7531A1CAEB3D |
| MicroWorld-eScan | Trojan.GenericKDZ.54942 |
| Microsoft | Trojan:Win32/Dynamer!rfn |
| Panda | Trj/Voolsminer.A |
| Rising | Worm.EternalBlueMiner/x64!1.B91E (KTSE) |
| Sophos | Troj/Vools-P |
| Symantec | Trojan Horse |
| Tencent | Trojan.Win64.Vools.b |
| TrendMicro | Trojan.Win64.VOOLS.SMAL01 |
| TrendMicro-HouseCall | Trojan.Win64.VOOLS.SMAL01 |
| VBA32 | Trojan.Win64.Vools |
| VIPRE | Trojan.Win32.Generic!BT |
| Webroot | W32.Malware.Gen |
| Yandex | Trojan.Vools! |
| Zillya | Trojan.Vools.Win64.14 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
| Zoner | Trojan.Win64.81508 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2019-03-18 14:28:02
PE Imphash
79001dbac89a105c9bab5f439ce4db95
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000fea9 | 0x00010000 | 6.3897129405539435 |
| .rdata | 0x00011000 | 0x0000a22a | 0x0000a400 | 4.764368146852795 |
| .data | 0x0001c000 | 0x00004114 | 0x00003000 | 2.238715914006353 |
| .pdata | 0x00021000 | 0x00001278 | 0x00001400 | 4.685243904330574 |
| .rsrc | 0x00023000 | 0x000003e8 | 0x00000400 | 3.298770736619321 |
| .reloc | 0x00024000 | 0x000006a0 | 0x00000800 | 4.996325210187091 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_VERSION | 0x00023060 | 0x00000388 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x180011088 EnterCriticalSection
• 0x180011090 LeaveCriticalSection
• 0x180011098 InitializeCriticalSection
• 0x1800110a0 DeleteCriticalSection
• 0x1800110a8 CreateThread
• 0x1800110b0 VirtualProtect
• 0x1800110b8 VirtualAlloc
• 0x1800110c0 LoadLibraryA
• 0x1800110c8 GetCurrentProcessId
• 0x1800110d0 GetTickCount
• 0x1800110d8 SetLastError
• 0x1800110e0 WaitForSingleObject
• 0x1800110e8 Sleep
• 0x1800110f0 FreeConsole
• 0x1800110f8 CreateFileW
• 0x180011100 GetCurrentProcess
• 0x180011108 GetLastError
• 0x180011110 ReleaseMutex
• 0x180011118 CreateMutexA
• 0x180011120 CloseHandle
• 0x180011128 CreateFileA
• 0x180011130 WriteFile
• 0x180011138 GetFileSizeEx
• 0x180011140 ReadFile
• 0x180011148 LocalFree
• 0x180011150 LocalAlloc
• 0x180011158 GetCurrentThreadId
• 0x180011160 GetProcAddress
• 0x180011168 WriteConsoleW
• 0x180011170 SetFilePointerEx
• 0x180011178 RtlCaptureContext
• 0x180011180 RtlLookupFunctionEntry
• 0x180011188 RtlVirtualUnwind
• 0x180011190 UnhandledExceptionFilter
• 0x180011198 SetUnhandledExceptionFilter
• 0x1800111a0 TerminateProcess
• 0x1800111a8 IsProcessorFeaturePresent
• 0x1800111b0 IsDebuggerPresent
• 0x1800111b8 GetStartupInfoW
• 0x1800111c0 GetModuleHandleW
• 0x1800111c8 QueryPerformanceCounter
• 0x1800111d0 GetSystemTimeAsFileTime
• 0x1800111d8 InitializeSListHead
• 0x1800111e0 RtlPcToFileHeader
• 0x1800111e8 EncodePointer
• 0x1800111f0 RaiseException
• 0x1800111f8 RtlUnwindEx
• 0x180011200 GetModuleFileNameW
• 0x180011208 InterlockedFlushSList
• 0x180011210 InitializeCriticalSectionAndSpinCount
• 0x180011218 TlsAlloc
• 0x180011220 TlsGetValue
• 0x180011228 TlsSetValue
• 0x180011230 TlsFree
• 0x180011238 FreeLibrary
• 0x180011240 LoadLibraryExW
• 0x180011248 WideCharToMultiByte
• 0x180011250 ExitProcess
• 0x180011258 GetModuleHandleExW
• 0x180011260 MultiByteToWideChar
• 0x180011268 HeapFree
• 0x180011270 HeapAlloc
• 0x180011278 LCMapStringW
• 0x180011280 GetStdHandle
• 0x180011288 GetFileType
• 0x180011290 GetACP
• 0x180011298 IsValidCodePage
• 0x1800112a0 GetOEMCP
• 0x1800112a8 GetCPInfo
• 0x1800112b0 GetEnvironmentStringsW
• 0x1800112b8 FreeEnvironmentStringsW
• 0x1800112c0 GetProcessHeap
• 0x1800112c8 GetCommandLineA
• 0x1800112d0 GetCommandLineW
• 0x1800112d8 GetStringTypeW
• 0x1800112e0 FlushFileBuffers
• 0x1800112e8 GetConsoleCP
• 0x1800112f0 GetConsoleMode
• 0x1800112f8 SetStdHandle
• 0x180011300 HeapSize
• 0x180011308 HeapReAlloc
Library ADVAPI32.dll:
• 0x180011000 SystemFunction036
• 0x180011008 RegCreateKeyA
• 0x180011010 RegOpenKeyA
• 0x180011018 SetServiceStatus
• 0x180011020 RegisterServiceCtrlHandlerA
• 0x180011028 RegCloseKey
• 0x180011030 RegQueryValueExA
• 0x180011038 RegCreateKeyExA
• 0x180011040 RegSetValueExA
• 0x180011048 CryptAcquireContextW
• 0x180011050 CryptVerifySignatureW
• 0x180011058 CryptCreateHash
• 0x180011060 CryptHashData
• 0x180011068 CryptDestroyHash
• 0x180011070 CryptImportKey
• 0x180011078 CryptReleaseContext
Exports
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x1800054f0 | ServiceMain |
L!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
IKMCHEKD$8Ic
_H(3HHt5LA(Mt,A
HJ(E3HI
H(@SH HHt5HA(Ht,Hy8
HS(HK@S8Hc(
H [H\$
WH 3HM
Hi H9i0u
Hi@HA0HA8H
DHK@HC8S0HC(Hu
wFHC(H
H\$0Hl$8Ht$@H _EL
ATAUAVH HH
HC HC(!H
H\$@Ht$HH|$PH A^A]A\
HC(D(H
HC(D(HC(`
D)HC HC(Dp
WH HHMt
HO@W8;
HCXHCPHC`Ht
ChGLH\$0H _H\$
HHI@ADBoS0HHu
S0HG8HK@Hu
S0HG@Hu
HW8HK@S8HK@HS8
E3HHHo`HGHHH\$0Hl$8Ht$@H _DD$
USVWATAUAVAWHl$H
LIXL*Dy0Dq,HHQPAL]gLML;s
QHA+HUoA
rML$8IL$
ID$HL;u.IT$PI;T$@t"ML$@LML;s
A+HUou|DHIML$X
ML$XMD$PDLMM;s
AT$HA+HUoIT$HL;u'M;D$@t ML$@LMM;s
E+APHUo
)}gLMHUoL
]g+A)|$
}wLMHUoA
}w]gA rAA
E3E3AL$
HF AFDAAD$,
A)LMLEHU
HMHt$
MHt$ m
LMHUoA
AA#AD+
}wE;t$
AH#ID$ DD
D+AAL$
}wE;rD]gAH
AA#AAL$
ID$8AL$
Ht$@HD$8HE
HD$(HEg LMo
HD$ Eo
UgMoHt$
HN@V8LM}wA
E|$0Et$,A+
DHIML$X
ML$XIT$P^
L.E|$0Et$,]gLML;s
AT$HA+HUoA9|$(
A!<$E|$0Et$,f
HN@V8A
E|$0Et$,A+
HEDID$X7
E|$0Et$,A+
HEAID$X
HN@V8A
HF E|$0Et$,A
HEID$X
DHIML$X
ML$XM9L$Pt7E|$0Et$,A+
Et$,E|$0^
L.ML$XHI
A_A^A]A\_^[]H\$
WH E3HHxHS@HO@W8HS8HO@W8HO@HHG8H\$03H _D
WH HD$P
HH@IDB/IP0Ht
Hx HX(H\$0Hl$8Ht$@H _H\$
WATAUAVAWH0H2Dr
Di0i,ELAPHHQXHA
DAHD+A
AAA+AD$
HGHH+G@L
LGPL;G@
ID$(A#ID$
AAA+ E
AH#ID$
Do0o,Ds
H\$(H|$ +
ML$(MD$ p
HWXLGPH3Ds
Do0o,DI;s
E<$AD$
ID$ ID$
AH#ID$
$+DEugHWXEHH
HWXLOPDI;s
DGHD+HGHH;u
HW@I;s
HGHH;u%LGPL;G@t
HW@I;s
+DEukHWXEHH-
HWXLOPDI;s
DGHD+HGHH;u L;O@t
HW@I;s
+DEtBAA
$"Do0o,c
I+HWXEHH_
HWXH9WPt
Do0o,+
EDo0o,Ds
H3HWXHHH\$`Hl$hHt$pH0A_A^A]A\_
HHHH@H`8H\$
UVWATAUAVAWHl$H
H3HEpH
LL$HE3DD$(HD$8DLH\$XLl$@LMLMLM
LM LM(Aq
DM4DAt
A;rBD0IIDADM0D$,HT$ L|$
ALL$pMEML|$
HcHDHD$`D
GA+A;v(A+
HD$`A;s
A;rHD$8A
dLD$PLt$8M
LD$0LDpD9L$
t<HHTht0HD$0
Lt$0HT$ L|$
HL$@@A*
A+AAA;s
+#B;D0t%D+
L+AD++#B;D0uL|$
AAHMpH3+
A_A^A]A\_^]HHX
WATAUH`H$
LHK@MDBIS0HHu
ElHD$HE3HD$PHD$@H|$8AQ
Ht$0IDLd$(Hd$
HC HK@HS8L\$`I[ Ik(Is0IA]A\_HHX
WATAUAVAWH`H$
HK@MD
MS0HHu
HD$HHD$PHD$@H$
Lt$8Ld$0HD$(H
IHD$ N
Ht$HHD$PHD$@H$
Lt$8Ld$0HD$(H
E3AHD$ u
w.HK@HS83T;u
HC HK@HS8L\$`I[0Ik8Is@IA_A^A]A\_
Hx ATAUAVH HqPHYXLj
EHHH;v
GhELLHILU
H;u]Hw@H9GXu
GhELLHIT
H\$@Lm
Hl$HHwPHt$PH|$XAH A^A]A\H\$
LL$ LD$
UVWATAUAVAWHt$`L\$hMLNXLnPI;Es
^0DV,IA
DnHE+L%#
HL$hD$@
E+H+H;N@suHFHH+F@H
H;N@rVH+D;v+D+
uL|$XL%A
Hl$PHT$h% u]AK
IC AA+
1DV,AC
AIC AS
2DV,AK
1DV,AC
3H\$HI;LNXA_A^A]A\_^]H\$
WH HHHu
HA(LA8H
LI@LLI H|a
Ht$8H\$0H _HHX
Hx ATAVAWH@H$
MADLHtmH$
H{8Ht1H1
HC@MHD$0DH$
AHD$(IHl$ H\$`Hl$hHt$pH|$xH@A_A^A\@SH@H
HHT$xA
HT$(DT$0
HT$0HK D$ ?a
H@[H(H
WH@AD$
2H\$XHl$`H@_HL$0HD$8HD$(H
tHL$0HD$PE3HD$ E3
tHL$PE3DH
tLL$82DD$xHT$pHL$PD$(
HL$0Ht
H\$XH@_HL$
VWAVAWHHE3H
IL|$0LD$(
2HHA_A^_^H$
Hl$@HL$
Hl$@2HHA_A^_^H\$xD?~/I
LL$pDD|$pHL|$
HH\$x9/t!
Hl$@2HHA_A^_^
HHA_A^_^H\$
Ht$ WATAUAVAWH0E3DL
3HD$pHHDB`I
HKPLIcI
D$(LHCXHD$ JH
2H\$`Hl$hHt$xH0A_A^A]A\_H(
H\$ H(Ht
H\$ H(LMC
SHP3AC(
IICE3IKE3D$(?
u5HL$pDH
E3H\$
HP[@SAUH8Ht$X3HLd$0ILfH8
H|$`HLt$(L|$ ?
C<;C8w=L{0H
HC0Ht2Mt
K8HC0L4C8HI
uL|$ Lt$(H|$`Hl$PLd$0;Ht$X}
H8A][H\$
WH A<HH;A8w=Hy0H
HC0HtDHt
K8HC0H4
C8H\$0Ht$8H _H\$0Ht$8H _Hl$
H\$0H|$8;5!
u*HKPHt
HkPHKXHt
u*HKPHt
HkPHKXHt
@H|$8H\$0H
Hl$@H ^H%
HUATAUAVAWHHpHEHX
Hx HcHG
LL3HOD
E3LeLeLEI}
HHE@L5#
HHHA<>
HHE@IHEUt
HHE@IHEU
HHE@IHEU
HHE@IHEU
HEHt)Ht
L\$pI[0Is8I{HIA_A^A]A\]H\$
tQ;sCH
H<Ht1HOPHt
H\$0H _H%
3LD$0HT$8HD$8D$0
tFT$0HL$8.HL$8
2H(@SH H
3LL$0HD$8LD$8D$00
T$0HL$8
H [LSH
ACA-J93ACA95DA
HuLL$0d
N@SH H
H [H\$
HH\$0H _H(
H\$ H(Ht
H\$ H(H(
3H(@WH0HHt}H=:
3HL$@HL$(L
H\$H2H0_@SATAVAWH(HY
DI@AWP
3DfA;G
AI(D;|A
MM+_0I
Hl$XHt$`H|$hLl$ txA
uAWPLL$PA@
3H|$hHt$`Hl$XLl$ 3H(A_A^A\[H\$
Lt$ AWH H
90t2HH;rH
2H\$0Ht$8H|$@Lt$HH A_H;s
9;t-HI;rH
2H\$0Ht$8H|$@H A^H{P
t"HI;rH
2H\$0H _
H _H\$
3tF3;s
H\$0H _H\$
H\$0H _H%
H(H(H(
H\$ H(Ht
H\$ H(H\$
A8z<tAAzL
LD$8H|$8|$0H
H\$@H _H%^
Ht$ WH 3H
Ht(HT$0H+
t\tS1tJ3L
H\$(E33
E3H\$(L
HD$8HL$PD$0I
uLD$8H
u[HL$8HD$@HD$(LL$DHD$0H$`
E3HD$ H
D$0H$P
uLD$8H
u=HL$8HD$0D$(
HD$ E3D$0
H3HD$pHH
HT$03D$0
HT$PD$P
H\$`D$h
HL$pH3V
H3HD$@
HT$ L$$3H
D$0D$
DD$4D$8
HL$@H3
E3H(H(H\$
HH\$0H _H\$
HH\$0H _H\$
HH\$0H _ff
@SH H!HQH
HH [H(G
H(H(3A
H(H(k#
WH IIHx
L3HHT$XL$PH\$0Hl$8Ht$@H _SG
H(H(3ES
H [H\$
IL3LELE
H\$PH@]
H [@SH =
H [@SH H
DHH [H(H
H(H(t9
H|$ AVH HL3"u
H\$0Ht$8H|$HH A^H\$
@D$8=[
H\$0Ht$@H _HHX L@
VWAVH@MHB
u4u'M3H&M3HeM3H`
\$0H\$xH@A^_^H\$
HH\$0Hl$8Ht$@H _H\$
HH\$0Ht$8H _g@SH H3
H8@SVWH@H
3E3HT$`H
Ht9Hd$8
HL$hHT$`LHL$0LHL$pHL$(3H\$
|H@_^[@SH HHH
HH [3HA
H@SH HHH
HH [3HA
H@SH HHH
HHH\$0H _HHHL$ H
HHHL$ "H
AntelDAineIDE
GenuDD
cAMDAuthAentiA
UDMD;|$3
3H\$8H ]39
Ht<Hd$8
LHL$0LH
HL$(HMHL$ 3
HD$`D$P
HD$PHD$@HE
H\$ UHH He
H;uoHM
HM H1E
H H3E H3E
H#H3-+
H\$HHH
H;rH\$0Ht$8H _H\$
H;rH\$0Ht$8H _Ht
WH 9csmu_y
uYA -
wLHA0HtCHcP
t HA(H8Ht
HHH\$0H _@SH HHH
HH [3HA
VWATAVAWHPL$
MHMHIK#
Hl$8L|$0
T$(HHD$ x'
L\$PI[0Ik@IA_A^A\_^H\$
AcsmE9
HB(I9A(
u!AI A+
3H\$0H _HHX
UATAUAVAWHhH
H]gLHE3HDeIDeMM !
LI;~ DHM
Lp(LuW%
uiEE9&
LuW?csm
DEwHEL|$0DHD$(HHEIHD$
HO0HcQ
HMLG0Hc
EoMLEWI
HD$HEwD$@IFHD$8HEHD$0Ld$(H\$ E
HHcC H
u?LMLIIp
MoLLEWH
L$@IL|$8H\$0L$(Ld$ "
L9`8tA
MHD$8M
t$(H\$ m
I[0Is8I{HIA_A^A]A\]?
UVWATAUAVAWHp9
t@>MOCt8>RCCt0H$
MHD$0LDl$(IHHl$
HD$`L|$0EHD$(EH$
HIHD$ v
3HtJG
HD$HHGDl$@HD$8Hd$0
HL$(HHl$ $
HpA_A^A]A\_^]<
WATAUAVAWH HLH
E239:~x
HIE0Lcx
HIE0HcH
~DHcL$
;>|H\$PAHl$XHt$`H A_A^A]A\_
HHIHILHEIHc
AVH ILA
IN(zLA
HHV139_
IN(ALHH
H\$0Ht$8H|$@H A^H\$
AUAVAWH0MIHL3Ex
Ht!HHt
tGIU(Ht9Ht4McF
HHu0IM(Ht"Ht
I9}(t9Ht4t
3H\$PHt$XH|$`H0A_A^A]@SVWATAUAVAWHpHE3D|$ D!$
L!|$(L!$
Lh(Ll$@
HGHHD$0H_@HG0HD$HLw(Lt$PH*
HP HR(HL$`A
LHD$8L9
IHL$HH
HHD$(H$
D|$ H\$(Ll$@H$
Lt$PLd$8I
Eu2>csmu*~
u$F -
Lh(HD$0HcH
HHpA_A^A]A\_^[H(H
HDH L@
SVWATAUAVAWH0EILL
HD$(LII
3Ht^DLIIM
Ll$xL|$p|$ |$$
H0A_A^A]A\_^[H\$
WATAUAVAWH@HMIML
9X@u4>csmt,D9
DIILx0
HN(LIIn
r 9_ t
>csmuo~
ri9V vdHF09X
HN0Hci
\$8MHD$0I
D$(H|$ <H$
MHD$8M
D$(H|$ ?AL\$@I[0Ik8Is@IA_A^A]A\_
Hx AVH q
H;tK9_
H\$0Hl$8Ht$@H|$HH A^H(
H(@SH g
WATAUAVAWH@Ma
HM9IIY8M+MILn
AvHHl$0H|$8;3
csmu(H=A
HD$(IF(HD$
Iv A~HI+
H;r BD
AD;rD;u2D
IAFHDD
L\$@I[0Ik8Is@IA_A^A]A\_fH\$
HD$PHL$pHHf9
AuHL$p\$l
HL$`D$hHD$0E3HD$(H
HD$PHL$pHHf9
AuHL$p\$l
HL$`D$hHD$0E3HD$(H
E33|H(H
H\$0Ht$8H|$@H A^@SH y
H [H\$
UWAVHH`
H9HGHX@Hp0HHOHU LuHHu
HE HHEHt
DEDELMU
L\$`I[(Is0IA^_]ff
s"HHIHIffffff
IAfHQQfQQ
HQQHQQHQQQ
HQQfQH
HHuH [ff
I vJH+s
ILHILIII
?+3HH3H
H(@SH H
WH =rG
HHHH~$
HH\$0Ht$8H _H(H
H(H(McH
H(@SH LL$@I1
H [IcP
WH AILL$@
HL$@;|
H\$0H _L
@SH IHtXLcQ
Ht=E3Et0K
AE;rEt
H(HL$0HT$8DD$@H
HHT$8H
VWATAVAWH Ax
HT$PE3
A;rA;sI
H\$XHHl$`H A_A^A\_^HHX
Hx ATAVAWH r
HHl$pHHE3,D
LT$hLD$`A
t~E3HcO
;rA8t2A
H\$@Hl$HHt$PH|$XH A_A^A\A
VWAVH LL$PIHHHL
LHIRH\$@Hl$HH A^_^H\$
WH@IIHHHXpH HS8LHL$x3LL$pD$8
HPhHH\$0\$(HL$ H
Hl$XHt$`HXpC
H@_HLH L@
SWHhH`
D$@Hh_[@SH HH
HXXHH [H\$
WH HH;xXu9HXX
H\$0HHXH _
H(SH@`H(H(?H@hH(@SH H&HPX
H [3@SH HHX`H [@SH HHXhH [@UH$PH
HD$`Hc
HEIB@HD$(HELL$XE3LD$pLD$0HUI
HD$ HE
WH@IHT$PIHHS
HP`HV8HPhtHS8LHD
@`3D$8HD$0D$(LD$ L2H\$XHt$`H@_
M3M3Hd$ LD$(s
@SH 3H
2H [@SH
H [H\$
WATAUAVAWH E3DM3IL
?H3HH;
IHtJIH
3H\$PHl$XHt$`H A_A^A]A\_HHX
Hx AVH IIHL
H\$0Hl$8Ht$@H|$HH A^HHX
Hx AVH AIL
H\$0Hl$8Ht$@H|$HH A^H\$
H\$0H _HHX
Hx AVH0IIHL
HHt*HDHL$hLHL$(L
H\$@Hl$HHt$PH|$XH0A^H\$
H\$0H _H\$
H\$0H _H\$
H\$0H _H\$
H\$0Ht$8H _H\$
H\$0Hl$8Ht$@H _H|$
H3HH|$
u9SH H
H;uH [HHX
Hx AVH
uLH5[7
u3H\$0Hl$8Ht$@H|$HH A^@SH
H [H0H%t
HH\$0H _+
tuHItiH
tbHItV$
tSHItGH
t@HIt4$
t1HIt%
H I sI I
HIH\$ UVWATAUAVAWHH
H3HEE3IDeLLAHt
uzHt-IHfD9 t
HEHD$8DLd$0M
t$(3L|$
tD9euE8d
HEHD$8HLd$0D
t$(M3L|$
DhHMHUHT$8A
D$(HEHD$
HHH;|I
[HEL98
MHMHHL$8D
MLd$03Dd$(Ld$
A_A^A]A\_^]E3H
3H\$0H _@SH 33%
H;uIHtHx
H\$0Hl$8Ht$@H _3csm
Lp AWH ADEuJ3
u3HcH<H
?K@+3HH3H
H\$0Ht$8H|$@Lt$HH A_@SH ?
WH Hd$8
t'HL$8H
HL$8Ht
H\$0H _H
WH 3H9=
H\$0H _H\$
WAVAWH03L
HHH@84
HHtlLA86taHHA84.uHA>=t5
HHt%MHH
H\$PHHt$`Hl$XH0A_A^_E3Ht$ E33
Ht;H\$
H\$0H _H(H
H(LH\$
LL$ WH II
H\$0H _H\$
LL$ WATAUAVAWH@IM
DA?HH3:AHH|$0HH3Z
HH\$ HGH
LH|$(LH\$8A@
AA+3HH3H
H\$ H;r
H;sJHH;t
?D+A3HH3I
?H33HH
DA?LL3
H3HM;u
I;t MLL$(ILL$0LHD$8HHD$
H\$pHt$xH@A_A^A]A\_HHX
Hx ATAVAWH H
I3M3HI3IHL;
DH;r ED$HHg(
?A+HHHI+I3H
AHI3MA
H\$@Hl$HHt$PH|$XH A_A^A\HH
MCIS D$PIK
D$X?H8E3LHu
?+IL3M
UHH@HE
HELM(HE
HUHM E(EzH@]H
H(@SH H
?+HH3H?
H [3U@SH H
Hx AVH E3HH+HH
GHt H3Ht
HH;uH\$0Hl$8Ht$@H|$HH A^H\$
WH HHH;t H;Ht
H;3H\$0Ht$8H _@SH =
d@SH 3Ht
H [LL+C
Ht7SH L3H
H [@SH HHw<H
3H [@SH LHHt
3HBHI;rCI
3H [H\$
UWAVH$
3HL$pA
~HD$pHD$HHM
HT$@IE3
Ht6Hd$8
HL$`HT$@LHL$0MHL$XHL$(HM
I[(Is0IA^_]H
Hx AVH0AIHLN
DLHIHH\$@Hl$HHt$PH|$XH0A^HH
?HHuHD$`DLHD$ HI"
H8Hd$
E3E333?H8H(
H(H%^^
H\$0H _H(
H$H(H(
H H(H\$
WATAUAVAWH DL=KMILK
H;tzsM)
3HtJIH
?+HI3K
3H\$PHl$XHt$`H A_A^A]A\_H\$
H\$0H _H\$
H\$0H _H\$
H\$0H _H\$
H\$0Ht$8H _H\$
H\$0Hl$8Ht$@H _HHX
Hx AVHPAIL
5HHtWH
LHL$@H$
HL$8H$
L$(IHD$ 23ID
H\$`Hl$hHt$pH|$xHPA^H\$
H\$0Ht$8H _H|$
H3HH|$
2H\$8H _@SH u/H
H [H\$
WH0d$
D$ H\$@H0_H\$
3H\$0Ht$8H _@SH HHu
WAVAWH@`
L4AH|$(I;tqH H\$hH\$0Hu
H+A;t*D$$$u C
T$ A;A
DD$$H\$`Ht$pH@A_A^_@SH H
H [HHX
Hx AVH
E3fD9t$b
t^AH;tEH;t?
Is I{(IA^H\$
AVH 3E3HcH
#K8@HC(H
5H\$0Ht$8H|$@H A^@SH
H [H\$
WH 3H=!9
H\$0H _HHX
Hx AVHPE3IHHHt
D82u&Ht
fD13H\$`Hl$hHt$pH|$xHPA^IHL$0HD$8L98
tQHL$8DI
D;~/A;|*I
D$(H|$
H;r:D8v
D$(HD$8H|$ H
D8t$Ht
LL$ WH II
H\$0H _H\$
LL$ WH II
H\$0H _H\$
LL$ WH II
H\$0H _H\$
LL$ WH II
H\$0H _@UHHPHMHEHELM
E E(HEHEHEHE
JBHEHU(f
LMLEHUHM
qHP]Ht
HJH [@UHH@HEHMHEH
E E(HEHE
HHMHIpHMHIXHMHI`HMHIhHMHIHHMHIPHMHIxHMH
LM LEHU(HM
LMLEHUHM
H@]H\$
WH HHH
H\$0H _@SH
3HmHH [H\$
H\$0HH _
HH\$0HHt$8H _H(H
H(@SH H
H [@SH H
H [H(Hu
@WH H=
H _@SH 3H
2H [HcH
H [HcH
LL$ WH II
H\$0H _H\$
H\$0Ht$8H _@SH@3HL$ L%4
H@[H\$
HD3k3H~
uH\$0Hl$8Ht$@H _H\$
HHT$PI
H;rD$VHT$VD$p "D
p A;vH
LD$pd$0
3HD$ 7(
D$8HEp\$0HD$(\$ (
\$0HD$(\$
LEpL+Lp
I{ I]H\$
UVWHH@@sHE
H@ HA !
H3H\$`H@_^]@u
uHEHELM8C
LEE8HUEHM0%H
H\$0H;
HL$0H;t
HH\$8H _H\$
Hl$ VWATAVAWH@H
H3HD$8H?3u
HL$&@8t$&t0@8q
@81uHC
IA81t@@8r
D;w$EP
A;u"H5hd
I+uH3HL$8H3
L\$@I[@IkHIA_A^A\_^HHX
Hx AVH@
HfD90t
HHfD94FuH4FH
fD96uLt$8H+Lt$0H
HLDDt$(3Lt$ 3
HctLHHHt/Lt$8DLt$0L
l$(33HD$
H\$PHHt$`Hl$XH|$hH@A^
WH IHHHt
3HBHI;s
8L3SHH\$0Hl$8Ht$@H _H(
WH HHH;u
\HH+Ht
H;uH;tH;t-HH{
H;u2H\$0Hl$8Ht$@H _H\$
WH HH;t&HZH;Ht
H;uH\$0
Ht$8H _H\$
LL$ WH I
EHH\$0H _LH(
HSVWATAUAWHHE3D!h
H;u33H
HD$0Ie
HD$(H;t1H`
+3HH3H
HHA_A]A\_^[H
HH\$0H _
H(HT$0H
HL$0H.HD$0H
Hx AV3L5}
Ht$ H|$(A^H(Ht"*x
3H(H\$
WH HHu
H\$0H _H\$
WH H3H
H*HH\$8H _H\$
LL$ WH II
H\$0H _
t-HD$@T$PT$XLL$PHT$XHD$ LD$ HL$H
OH8H\$
UVWATAUAVAWHH
H3HEHcH
HD0(HE
D2>L2=A
HUEDmE
HEHd$0
3HD$ H
HMLMHd$
D9urbA
HT$ DB
HUfELM
HHMH3K{H$
A_A^A]A\_^]H\$
HLcIAH
(L;soH|$@H;s$
H;rHd$
HD$@+LL$0DHT$@I
H3CzL$P
I[ Ik0IA^_^H\$
HLcIAH
H\$@H;s1
H;rHd$
HD$@H+LL$0HHT$@
H3$yL$P
I[ Ik0IA^_^H\$
VWATAVAWp
LcHIEH
HD$PI;s-
H;rHd$8
HL$PHd$0
LD$PH+D$(U
HHL$ D
tI3t3Hd$
LL$@DH
H3wL$p
I[0Ik@IA_A^A\_^H\$
WATAUAVAWH ELHc
H\$XHt$`H A_A^A]A\_H\$ UVWATAUAVAWHH`3ELcHEu
B\19C<
tBD18 t
HUJL1(
!}N$>3L]I;
BD18tM
uyEHMLAEHMLAEHMLAkJL1(LM!}3H!D$ EHHE
EHEH uhEt-
BD08@t
H`A_A^A]A\_^]H\$
03HHtLH
H;t=Hx0HOE3
@HGH;uH33H\$0HHt$@Hl$8H _HtJH\$
H@H;uHH\$0Ht$8H _H\$
H\$@Ht$HH|$PH0A_HcH
AVH Hc
tGH|8(t?
H\$0Ht$8H|$@H A^H(u
HH(@SH@HL$
H@[@UATAUAVAWH`Hl$PH]@HuHH}PH
Hc]`MHU
H+Ht$PH
Dd$(DMHt$
D$(IHEhHD$ [
H#I;HB
H+H\$PH
H#)HHt
3HtsHd$@
|$(IH\$ t2Hd$8
3H!T$0D
uf!T$(H!T$
H3MmH]@HuHH}PHe
A_A^A]A\]
D$(HEhHD$ HK9
WHpHIHAHL$P
HL$XD$@L
D$ 3|$h
L\$pI[
uHH\$0Hl$8Ht$@H _^Ht
Ht0SH H
5H(H\$
HH\$0H _H\$
WH HHtIHtDH
H-Ht"H{
3H\$0H _H(u
SH HHI
wHKHH;
eHKhH;
SHKpH;
AHKxH;
H [HtfSH HH
H [H\$
H;uH\$0Ht$8H _H
,H\$0Hl$8H ^@UATAUAVAWH`Hl$0H]`HuhH}pH
H3HE DEHMHM
H+H\$0Hty
H#_HHt
3HtHL3HEDt$(MH\$
HM H3cH]`HuhH}pHe0A_A^A]A\]H(3
H(H(Hu
[HH(L3H
WH HHHu
JHw9LL
rt(Hjt
3H\$0H _H\$
LL$ WH II
@H\$0H _
t-HD$@T$PT$XLL$PHT$XHD$ LD$ HL$H
WH HcXHu
3H\$0H _HL$
WH HcAHMHu
HSDLD$HHH
HD$HHtHL
8H\$0Ht$8H __fL$
ot$ HXffffff
ot$ HXf
ot$ HX
Xot$ HX
YXY%#s
YYYYYX\
XXXot$ HX
ot$ HXfffffff
ot$ HX
ot$ HXHHHd$0
E3DD$
H(HSHP
HL$ Vu
D$@HP[H\$
Ht$83H\$0
H _HUSVWAVHhH
M_HD$@H\$P
D$PHT$@
EDE_HD$HHD$(HT$@HEoDHL$`HD$
t4t0HD$@M
]oUgHD$0
D$HHMH33W
A^_^[]@SH
HT$ HD$ D
\$0D$("
L$xLD$x
(t$PHhff
*HHd$0
HD$xHD$(HD$pHD$
UHH HA3
H#t>H=
H;u0HE
!P HE0
A HE0H
H\$8Ht$@H|$HH ]H(
H(@SH E
?UH [H\$
Ht$ WH HH
L$0t$8
H\$@Ht$HH _@SH H?
H [H(?H(%$
H(MA8HI
HcL#IcJ
L3I[PLcA<E3L
AH(E;r3H\$
WH HH=H4
t"H+HHHt
3H\$0H _HMZ
3HcH<H
u.H IuI MI
]@UH HM@H ]Q@UH H
PM8H ]Q@UH0HH
HL$(T$ L
gRLEpUhHM`COH0]@UH HHMXLE H
b_H ]@SUH(HHM8
;csmu+{
u%C -
HM@HH(H(][@UH H38E8
H ]@UH HkH ]@UH H~x0
~H0H ]@UH@HHE@HD$0H
H@]@UH H3H ]
@UH HH
0H ]@UH H
@UH HHEH
@UH HH
H ]|@UH HHMh)H ]@UH H
H ]I@UH H
H ]0@UH H
H ]@UH HHM0H ]
@UH HHEH
H ]a@UH HMPH ]J@UH H
@UH HH
H ]@UH HH
H ]H(H
H(dH(H(H
H($H(H(H
Unknown exception
bad allocation
bad array new length
incorrect data check
incorrect header check
invalid window size
unknown compression method
need dictionary
invalid bit length repeat
invalid stored block lengths
too many length or distance symbols
invalid block type
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid literal/length code
invalid distance code
inflate 1.1.4 Copyright 1995-2002 Mark Adler
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
bad exception
Main Invoked.
Main Returned.
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
CorExitProcess
GetCurrentPackageId
LCMapStringEx
LocaleNameToLCID
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UUUUUU?
UUUUUU?
TUUUU?
=imb;D=W>6Z=
=. ob=
p)=m6W
>8=pT=:
>qw >`
=lg=)>,
yHs=nX
!>11Y@
/>58d%
_ >)MJ$>
*>eVM >cQ6
!>6'Yx
>jtm}S=`
)>6{1n
Vr.>Tz3
&>Ra+f)>0'
>^!-=j
#)>^x8o2>Lj[;>
f3>fvw=>;H9>&X
'S5>*StO9>T'4
!n03>Pu
5>>t"v:>R
;>[ >["`=>7
\ .>9Ir,>X>z
VYS9>HVo6>a
"$>S= 5>Va
>=K~Je#>!Ix[
>dn-/!>
(>aIbQ=cQ6
1>v+M<7>=*>!
0>To ->
bp(=>?g
8:>})36,>
+>+&z*>nOv
=O >yu`=GQ~f=oj
?>!T4<>
BC?>6t9^
*:8'>0
<>Rm=1>
"3>PkY)>'._M
*=4<,BF>^G*>`J
K&>.yCB
.xJ>Hfy\PD>!M
L>|b=})>
\ >vc [1>H')>dL?>
Z|F>Ni;>_j+>
yC>O@L)>uzKs@>
>He@>5A
3>N;kUr=CA
K>VR>>e
kE>fvwM>`7nH>
L>ev[%>
_A>pP&V6E>`"(5~7>
$>y{@>W9oM>W
!">}tM>'>+Ai=1
I!>u|KN>
c0iN>/
:>r-4@>%>b?
c?qBJeD?
z?g1?P
#?4,Tw?ru\?
[,'?tn
+?{>e?
?3=l}?
l@6 ?"1K
?cj`?Y0Q?m
4?)I ?
??7zR?
?J?'t?
y?4g?mu
]tE?A4?F
`?7Ck?a
I?rS<?
6q?"Qja?J;OR?d!
YB?V3?@b
?-)4d?
?#a?X0
V?:kP<q?R|c?UUUUUU?%G?
Gz?f`Y4m?`?vS?beF?M0':? %f-?QY^& ?
,?u?{?U)#`?
;?"z8$?c
8?E[u?H
i?*_]?x+
yF?W[:?
+J#?Xw
?h/?KN?K%?P-
8}?5'Ps?'
|h?p"^?w~S?$I$I?[`
*?x! ?UHy
<?t?;?J.g?
"?)F@J?g|?{
_H?$G4
,?30]X#?&H
?F ?:5VD?;
Oq?qA?
%?.r/?
9??eu?
!?){?G
yj?Mb?urY?
^ 0?)wd(?
@ ?7zQ6$
xjVp $
@@QZ^&
ogL*B9q"am
K`Kp~('0
9| eVD")*C#9Y[e
}]O~o,
N~S5:*
Software\Microsoft\Windows NT\CurrentVersion\NetworkPlatform\Location Awareness
LastBackup
SYSTEM\CurrentControlSet\Services\
{F147EC-C7F5-F89"
InvokeMainViaCRT
"Main Invoked."
FileName
ExitMainViaCRT
"Main Returned."
FileName
Microsoft.CRTProvider
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.pdata
.rsrc$01
.rsrc$02
core64
ServiceMain
GetCurrentThreadId
LocalAlloc
LocalFree
ReadFile
GetFileSizeEx
WriteFile
CreateFileA
CloseHandle
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentProcess
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateThread
VirtualProtect
VirtualAlloc
LoadLibraryA
GetProcAddress
GetTickCount
SetLastError
WaitForSingleObject
FreeConsole
KERNEL32.dll
CryptReleaseContext
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptVerifySignatureW
CryptAcquireContextW
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegCreateKeyA
ADVAPI32.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
HeapFree
HeapAlloc
LCMapStringW
GetStdHandle
GetFileType
GetACP
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetCommandLineA
GetCommandLineW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
CreateFileW
SystemFunction036
^"Dqj"*
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
eTB9(8)
WindowsRPCService
C:\Windows\system32\WindowsRPCService.dll
C:\Windows\system32\rdpcdd.ini
Windows RPC Service
Enables a common interface and object model for the Windows RPC Service to access management information about system update, network protocols, devices and applications. If this service is stopped, most Kernel-based software will not function properly. If this service is disabled, any services that depend on it will fail to start.
.?AVtype_info@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVPluginProvider@@
.?AVPluginBase@@
.?AV?$ListStore@PEAD@@
.?AV?$ListStore@PEAUZipMemChain@@@@
.?AV?$ListStore@PEAUStringParam@@@@
.?AV?$ListStore@PEAUPluginReLoad@@@@
08@X`h
@HPX`px
(08@HPX`hpx
(08@HPX`hpx
(08@HPX` 0@HPX`hpx
08@HPX`hpx
(08@HPX`hpx
(08@HPX`hpx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
(8HXhx
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
0@P`p
(08@(@H
08@HPX`hpx
(Xpx (08@HPX`hx
a�d�v�a�p�i�3�2�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�f�i�b�e�r�s�-�l�1�-�1�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�s�y�n�c�h�-�l�1�-�2�-�0�
k�e�r�n�e�l�3�2�
m�s�c�o�r�e�e�.�d�l�l�
a�p�i�-�m�s�-�w�i�n�-�a�p�p�m�o�d�e�l�-�r�u�n�t�i�m�e�-�l�1�-�1�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�d�a�t�e�t�i�m�e�-�l�1�-�1�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�f�i�l�e�-�l�2�-�1�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�l�o�c�a�l�i�z�a�t�i�o�n�-�l�1�-�2�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�l�o�c�a�l�i�z�a�t�i�o�n�-�o�b�s�o�l�e�t�e�-�l�1�-�2�-�0�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�p�r�o�c�e�s�s�t�h�r�e�a�d�s�-�l�1�-�1�-�2�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�s�t�r�i�n�g�-�l�1�-�1�-�0�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�s�y�s�i�n�f�o�-�l�1�-�2�-�1�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�w�i�n�r�t�-�l�1�-�1�-�0�
a�p�i�-�m�s�-�w�i�n�-�c�o�r�e�-�x�s�t�a�t�e�-�l�2�-�1�-�0�
a�p�i�-�m�s�-�w�i�n�-�r�t�c�o�r�e�-�n�t�u�s�e�r�-�w�i�n�d�o�w�-�l�1�-�1�-�0�
a�p�i�-�m�s�-�w�i�n�-�s�e�c�u�r�i�t�y�-�s�y�s�t�e�m�f�u�n�c�t�i�o�n�s�-�l�1�-�1�-�0�
e�x�t�-�m�s�-�w�i�n�-�k�e�r�n�e�l�3�2�-�p�a�c�k�a�g�e�-�c�u�r�r�e�n�t�-�l�1�-�1�-�0�
e�x�t�-�m�s�-�w�i�n�-�n�t�u�s�e�r�-�d�i�a�l�o�g�b�o�x�-�l�1�-�1�-�0�
e�x�t�-�m�s�-�w�i�n�-�n�t�u�s�e�r�-�w�i�n�d�o�w�s�t�a�t�i�o�n�-�l�1�-�1�-�0�
u�s�e�r�3�2�
S�u�n�d�a�y�
M�o�n�d�a�y�
T�u�e�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�h�u�r�s�d�a�y�
F�r�i�d�a�y�
S�a�t�u�r�d�a�y�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
A�u�g�u�s�t�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
M�M�/�d�d�/�y�y�
d�d�d�d�,� �M�M�M�M� �d�d�,� �y�y�y�y�
H�H�:�m�m�:�s�s�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
z�h�-�C�H�S�
a�z�-�A�Z�-�L�a�t�n�
u�z�-�U�Z�-�L�a�t�n�
k�o�k�-�I�N�
s�y�r�-�S�Y�
d�i�v�-�M�V�
q�u�z�-�B�O�
s�r�-�S�P�-�L�a�t�n�
a�z�-�A�Z�-�C�y�r�l�
u�z�-�U�Z�-�C�y�r�l�
q�u�z�-�E�C�
s�r�-�S�P�-�C�y�r�l�
q�u�z�-�P�E�
s�m�j�-�N�O�
b�s�-�B�A�-�L�a�t�n�
s�m�j�-�S�E�
s�r�-�B�A�-�L�a�t�n�
s�m�a�-�N�O�
s�r�-�B�A�-�C�y�r�l�
s�m�a�-�S�E�
s�m�s�-�F�I�
s�m�n�-�F�I�
z�h�-�C�H�T�
a�z�-�a�z�-�c�y�r�l�
a�z�-�a�z�-�l�a�t�n�
b�s�-�b�a�-�l�a�t�n�
d�i�v�-�m�v�
k�o�k�-�i�n�
q�u�z�-�b�o�
q�u�z�-�e�c�
q�u�z�-�p�e�
s�m�a�-�n�o�
s�m�a�-�s�e�
s�m�j�-�n�o�
s�m�j�-�s�e�
s�m�n�-�f�i�
s�m�s�-�f�i�
s�r�-�b�a�-�c�y�r�l�
s�r�-�b�a�-�l�a�t�n�
s�r�-�s�p�-�c�y�r�l�
s�r�-�s�p�-�l�a�t�n�
s�y�r�-�s�y�
u�z�-�u�z�-�c�y�r�l�
u�z�-�u�z�-�l�a�t�n�
z�h�-�c�h�s�
z�h�-�c�h�t�
C�O�N�O�U�T�$�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�b�0�
C�o�m�p�a�n�y�N�a�m�e�
M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
W�i�n�d�o�w�s� �C�o�r�e� � �M�o�d�u�l�e�
F�i�l�e�V�e�r�s�i�o�n�
6�.�3�.�9�6�0�0�.�1�6�3�8�4�
I�n�t�e�r�n�a�l�N�a�m�e�
W�i�n�d�o�w�s� �C�o�r�e� �M�o�d�u�l�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�.� �A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
W�i�n�d�o�w�s� �C�o�r�e� � �M�o�d�u�l�e�
P�r�o�d�u�c�t�N�a�m�e�
M�i�c�r�o�s�o�f�t�
�W�i�n�d�o�w�s�
�O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
6�.�3�.�9�6�0�0�.�1�6�3�8�4�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.