0.9
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
未检测
暂无反病毒引擎检测结果
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | CODE |
| section | DATA |
| section | BSS |
动态指标
在文件系统上创建可执行文件
(9 个事件)
| file | C:\Windows\System32\DC++ Share\mip.exe |
| file | C:\Windows\System32\DC++ Share\DVDMaker.exe |
| file | C:\Windows\System32\DC++ Share\ShapeCollector.exe |
| file | C:\Windows\System32\xdccPrograms\inject-x86.exe |
| file | C:\Windows\System32\xdccPrograms\Procmon.exe |
| file | C:\Windows\System32\xdccPrograms\ConvertInkStore.exe |
| file | C:\Windows\System32\xdccPrograms\is32bit.exe |
| file | C:\Windows\System32\xdccPrograms\InkWatson.exe |
| file | C:\Windows\System32\xdccPrograms\FlickLearningWizard.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell | reg_value | Explorer.exe sIRC4.exe | ||||||
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:40:53
PE Imphash
5662cfcdfd9da29cb429e7528d5af81e
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x0000c984 | 0x0000ca00 | 6.572458888267131 |
| DATA | 0x0000e000 | 0x00000a1c | 0x00000c00 | 4.533685500040435 |
| BSS | 0x0000f000 | 0x00001111 | 0x00000000 | 0.0 |
| .idata | 0x00011000 | 0x0000083e | 0x00000a00 | 4.169474579751151 |
| .tls | 0x00012000 | 0x00000008 | 0x00000000 | 0.0 |
| .rdata | 0x00013000 | 0x00000018 | 0x00000200 | 0.2108262677871819 |
| .reloc | 0x00014000 | 0x00000710 | 0x00000800 | 6.25716095476406 |
| .rsrc | 0x00015000 | 0x0000167c | 0x00001800 | 1.9500847097407592 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00015768 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00015768 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00015768 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_RCDATA | 0x000158a0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000158a0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00015918 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x4110c8 DeleteCriticalSection
• 0x4110cc LeaveCriticalSection
• 0x4110d0 EnterCriticalSection
• 0x4110d4 InitializeCriticalSection
• 0x4110d8 VirtualFree
• 0x4110dc VirtualAlloc
• 0x4110e0 LocalFree
• 0x4110e4 LocalAlloc
• 0x4110e8 GetCurrentThreadId
• 0x4110ec GetStartupInfoA
• 0x4110f0 GetModuleFileNameA
• 0x4110f4 GetLastError
• 0x4110f8 GetCommandLineA
• 0x4110fc FreeLibrary
• 0x411100 ExitProcess
• 0x411104 CreateThread
• 0x411108 WriteFile
• 0x41110c UnhandledExceptionFilter
• 0x411110 SetFilePointer
• 0x411114 SetEndOfFile
• 0x411118 RtlUnwind
• 0x41111c ReadFile
• 0x411120 RaiseException
• 0x411124 GetStdHandle
• 0x411128 GetFileSize
• 0x41112c GetSystemTime
• 0x411130 GetFileType
• 0x411134 CreateFileA
• 0x411138 CloseHandle
Library oleaut32.dll:
• 0x411160 SysFreeString
Library kernel32.dll:
• 0x411168 TlsSetValue
• 0x41116c TlsGetValue
• 0x411170 LocalAlloc
• 0x411174 GetModuleHandleA
Library kernel32.dll:
• 0x41118c WritePrivateProfileStringA
• 0x411190 WinExec
• 0x411194 UpdateResourceA
• 0x411198 Sleep
• 0x41119c SetFilePointer
• 0x4111a0 ReadFile
• 0x4111a4 GetSystemDirectoryA
• 0x4111a8 GetLastError
• 0x4111ac GetFileAttributesA
• 0x4111b0 FindNextFileA
• 0x4111b4 FindFirstFileA
• 0x4111b8 FindClose
• 0x4111bc FileTimeToLocalFileTime
• 0x4111c0 FileTimeToDosDateTime
• 0x4111c4 ExitProcess
• 0x4111c8 EndUpdateResourceA
• 0x4111cc DeleteFileA
• 0x4111d0 CreateThread
• 0x4111d4 CreateMutexA
• 0x4111d8 CreateFileA
• 0x4111dc CreateDirectoryA
• 0x4111e0 CopyFileA
• 0x4111e4 CloseHandle
• 0x4111e8 BeginUpdateResourceA
Library user32.dll:
• 0x4111f0 SetTimer
• 0x4111f4 GetMessageA
• 0x4111f8 DispatchMessageA
• 0x4111fc CharUpperBuffA
Library wsock32.dll:
• 0x411204 WSACleanup
• 0x411208 WSAStartup
• 0x41120c gethostbyname
• 0x411210 socket
• 0x411214 send
• 0x411218 select
• 0x41121c recv
• 0x411220 ntohs
• 0x411224 listen
• 0x411228 inet_ntoa
• 0x41122c inet_addr
• 0x411230 htons
• 0x411234 htonl
• 0x411238 getsockname
• 0x41123c connect
• 0x411240 closesocket
• 0x411244 bind
• 0x411248 accept
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-C GL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~ SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u |U|ttx
yu pUkp0hwhlj
u XUXPPT
u LUrL7D~DHq
-u @U @8+8<
u 4U4,,0
u (Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG∋"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
wwwwww3388
D333338
/D333333
DD333333?
/DD33333?
DDH33?
/DDDDDD3?
DDDDDDH3?
/DDDDDD3
DDDDDD8
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
ClkitM)`9
Tf`hLcJf
YQk|P\n
^-Bz3r
ul<z$e1
*b5;cdks
=~.nsS'0[as7BC9
MAG]ev4Q>_
A7^A7-ka#2
4rZ%ch:{z
exQ!3d(
?=0xuX;74
E'|A80b
Q<nnxL@a3
K*Dz,sJ:
7r+q'{KhFf8;
MC%}.Zd
SBC~v3
J.PKX]
oyAs!V~
n )"p{
73dZ}_
VVb_^b
Gxr`N,C
l>>81R
LKGA?SL&
k/W0ArK&
erh`*^\I
v1#c-~cS
_0Sc0ha
3f|n'OpNfM
,I=f7!=Cl
th/ %*
qwq{Kp4
!N+*IUPHM
$(:N*h
'nV{MS
/[*|FW4z
slq@p"'w
W%P9S$.[we:m3
LV7|paCj
,,1PU`
* > 8R4z
JH}{s5f+2
%(Yz<r
aJquX'C
dQ`.>qy<lJw
<oGp|(
KeZ+jNf|W
viEF8[
7CC~9:
MvKMDSF0mUQ`
WE+|Zy?6&Flala
qC?*A3X
HF7.f5F}|EY uzd
cRV!Z+8d
6Y/<Gb[K:**@iyk
ofJ>BdET
I FudAv;AK=
]4R-bBNW[3w
1$_'XZ
Ht(`xwk|h3
/UoeuccN
)+M]1qU2y.
W([ePZ
Lg-(mg
V9kWl>]
IQmW3y+~00}
~%H-@<az
kO^:Tdv=^
vj JVkt4(oBT_2
L{0T}o)Y@
tp.qI)
)Qr~F5CF2
'S0PtjB\
N~D]c,P
YvCGr3-_
C4f-i(
+{J7W_Kp
F<BY1Z0o=
Uip9,j
!z".s5^m
ndh.Pc5J1C*
]nsK|,[Q
F<KsiP
XgC`]FAt4`.C
};iwH-
/xm|5EG0
6p<8zu7|g:Vi
Ww?/V~
]fm-/P
/6gO;>u
d/4e1w
/ =%m^
pUW);kYX^%
~9k'Dd
G=#HHKV
KO&6{x
qTvukE@
^^~'WT
WudVt;\c
BwZ}2`'!9[
gd&L6iNnQw
-d:S"e
'#Cq{2f*u3Yd|
\S9s;(!=DS
Fw#+^o6OT0~-ha>F B'
\8-m:a'
C!VUTUo#!_d(
QokX\[
-aDDp*b
Wf~7qu6 J
\5Uwcbfw
%6;dYDbBSI
]DAD@#c0-P
w'.-2(
_z-@]A?
H*ws?+
3v24<m_D374
&e&%hl-!+o
jIeey#[UMza
(^VEn^EDQ&>
Fr}pRl,*[8
T.glFvxR
H)Ttl^v|
$W,?:oqvHV"
C$2k fPEi[
U@&WBU_b
C;!Ha,93x
jrmvQ`
'OfS3G9lv
k!~vn:.
_ *Pug,Z
w}l~J\
'Z!68)U
:<(LTB@
n!I*b!,#x\6
em@/)Am
M1dZ"U9
~*{ IvBbh)X
XW=1#Nu`B5M
^O|?`M
TlH=k}
[y/;-7!K?8*>@C
T)'EsCLi
UW\F|
EJ@!2^4
:/11sL;
z|K=5MyuM _YJ
1ZZs:VP!
`\_u`%\
-J2W|a
SU:q#5
W-kp6G]8
fyb!0nF
/@zn/^5
.+q#m@DgTz
dMxr={
*d|EG|}5Z
##9kZj#
;p<*M7W
gW8BZby=5
q4yO/xhe
B-b)VQ
Jcy_pjsG
2jB;n7
UdUtYb
pL! 85<*
;-^YOn,Gt4HqkY)~Ek
$=V;W84
t{|Dmbp`
H9x1^F
BlY.hT
{o[tZg
rfYH\OFyQ
aq 6VE
(+Q56U%4G|Y
m8kV!_
v+o@G2vZOjzj
$}M)<0d6=Eo
O`<3&qCR<
%qp^5~sGYWs
?z2g\+ zx
;-&NQj
430Tm,
BQL"K(
1/uU@Pk
!CVrg,2
Rp7bt7
}`g\`L
l3psYJ!i?*3
8Tu!Xw
22);3^Lt
5<zMWv
luIs-'=k!
585Rl,
$\T)mr
twV6wm8ofTu|U_
S>ZN%VI(
$Y $Q2 :]"NzQ
lc$:,JO w
:\BV/jC
F(gvV~>S^hfRq
qUde`s
E$\_bI/#Q5"
T,EAAq
L3-p*kO])8bre
FaBK$5O
::ss&<P-8:T
eo!]v>3
#<<owWf?Gj
wm->c%%GO
HHk!|?%K6=~_|6{r
qz~g\D
;v\f)I
0UOyG\Z!{
|m6Dhe
;E)q/HQ
?,6s/r
`swy6XZ
Shp]<v
=f4(5|*MQ]Gw
yDmi\T
V:]e>j
-':E_>7QF
Y8{1Lc
2\~'7S4]TM
WKOz\_])koK
095Y6Hsh
'#'U,E
~m[ k;
y]'K"5
ax}PPn[
s@px g
**Vs=DC/
FF?i-;5^"~BO*N9#<9*B,
9mozt2C .o
&b029kZ)
7:S? o
A^9z@#
M`;<lN-
O?7gWf
JWOjFB
i6#}>2C7
85wboH#7Vf"P
4(|3sbB
NP))q}e
=y?nCpbgptq
hX|WLQ
eAL~^;
tU*^}0{-BJ(p
!gw`%WA
D=LIJ&3Rn
B?r*G~xJ
g#L=~d iv
S,bBa^
ut4_]6
H5n65=c
*)}DxfnD
5l~V%h2
is:rAYK
R)Ho/T]@4
Ml8I<S$,5[tKEuV
nc}yPu\z
]<Wzj7#a
uP d6
??wq^7
%5QEC<
6)JXV4PZ
#dD,|S5K<!e'T>
0P;=Az)"0l2*x
vN;'\uy
|hRp4~8rEH
x7@Qi1H`5g`
j@?nx#uoZ+j 635e
2CHp/JlNwY
*#`5V>!z#iw$f=
}4/d;b
h^$NRvv-
NU&=Fr(
;Ia{D.q
Y#.H.^41
5Wyt(ex
R ^znL!
vMpv*pLb
|2jbX.n
G6r.H,Jgnr1"m{~
qX,#ty8G F
e(4g\F#bmf'
awB&7UM_f)
K?J/l9
lB;@ yt
G _5,mM
,uV*#A
!o9lHazl=c}Y;T>
b#7zd!M\
*l/+;>45G
JwL b,NI
mOhdenX
#xsJ:T
$e2Ya=W1
;'w~$qQ>?
cfK=>|
efqNfYDQ\A
X&nT(?[,
IDmD^Z
cx#0GHE
EcXjr=
UB}k'9
yqjW9ZY*W
!l`0sF
X=x6A=hr!P
@$`tbIRkDBi&w
+1F+K`J
UJ|T6(6Adpe
w^l0sr
Ytvs"^$0\QL
]-8`}pw^'p
H[ Oz(|,RC5
U57IRQ
eolRMA
n3q#`:*O&[^
UU7eEV4[
Z?u'<p1
UR/f\c
2Ba{oT#-b
*D?KD}:~
qqYH*H
x[3RlSU).o
S]y9`-q
`zFM'2
WHM!) ej
]FF&?$vEe*y
gPmfTV
ME,JwEeasM
qJ\ A(&
-.HHS!
Dk7xGz-c90
A;, ZA
3|Xr[0k
O7"H{^:5:MmrtS%&#
Ve/elAe
{fDOFN
3J'6@:
3<}1#d
o[1TSE#
gZ"6Xi
0t(4GA
Tt<b[Cc0UVz"U/]U
0$YBuQaH
)`b5Y%#%^H
(*o.~Y1
s)8YNy
S+X*w4"jC
2>BeSz2=j
(|`|"'
R]QToe
XBPj^KkSi!n0d
f?S {SUu7
J?ys'#o
w|VoFU
vzvJh+<H
*g^R6jL3
){K6l/^xP
.#[BNK8
'l\5tZ
L,d<{b
#%f@^S
!DMt &
Gz"WpIeg/?C+
^>[Lz@I"
E|m@b\
kVfH@)z
46fRIu}s
SY/q:`
H{FUuC
$2q|d}
^,NrQ"
,n \Mupb
u{3(,W
n)ia+VT_
8VC?Jj
3^Yo(jh.
"BgbOz"S
pJzOGLa
JZ 0=LWH
YQDXirm+$
r4L-ly
:_9O`HlR
\L`(OYqK
_Sv*bdf2i]
/(?aT`
uh5V"{4oe
zz+.r1R+{%Kc
Q^0|><usyjucg+?w3
T6@;pq{
re8z_@+@*
RY*!B5ZZa4_
HAbfo%69T(K
6k7Nn;j
Sxj|Qv
Cp7WY,(<?
{0kgn']
;.[C9R
Njw/x9
v#XY-t
2yBm^``3G/"N;6\
qeJ !nR
xk}8SdFSQ
YKQ$g%
|CC])0
7b[MPNm2u
W"#|rBcpG=(Y-xE+M
17+J+8
6.Czxe
_"On6n.oci
{u7O~P
WTJ*YB(|
KZk}p9pJQ|'*
DX8=e\K
;{T3=5
PM'_SI
gdG)ZG>8E/&}
Wq<P(%0
7bIU*V
7_>:AE
Vj5YI7
mD7}G_
_P"A"`H
%5E fN
*1-Y1oEXd
UNmnY!
GQgEP|sG|
tNpGd@i-}"
{kXH6*
Jg57:NPL
$2<ArJ8\#@nw6/yBiRuFu
~{' @kz2;NW9
l^G,7a
::SH&2QS6
Vr0}u1
YmUECYE
~SUFy/cTHt}YH>dl[
w,'bPD_EQ6 ]R
$?cws\S
MIy,/'_
HFx`,`Y
3qs]--UK
<JlA;<O
Fm?bTqL
d3:?&&F/EWY
-=b I 5}
0[E]{VG&E
~*i'$l
ixrZP[5
vK;K ,yszkW
E6;,?M
=3HKLu
o Ekb=/o@pMAvA1j.
1[z;1/y2<(Xw
eGb]AQYpZ"
iHB%qN
tDe~EtiI^
My-fa>c
?ECY$U`
"Q=HV"w
nilJ[zM
SPh|p3.&4A7b!U0t4l<
{Mo\/U*E
7?RRvN`2njz
BZqx]WOX>}0
;;Qw+;
h.,q]m"9%vH
,t1*-}z/
7J0C3C
P0k&d(.EW$R
:q'f1L
uGZ:p/U
u3EAay
(@*DHRuZZ
vR94Ub?UnIyY
wZme!sh%Jr`
PfE)f,`
.MNSM@-8D4w6o`D
+'XE''3:
*Pd'8n{*
37~aq
<hovY[jIZ
y%-geH
X+6O<]N
G9`/$Hs
wS,Ukn
{/x#MD^
MrRpbS=
HnOqi<}X
6cwo,u
>$bZ38q!M}R`@\136&z
|}?g E`JZ*$O??TjC
f4*.)% =
SG0bl afY/{
GfUhtmX$hr8}VC'
`OjJy"lnOA
CGO#aY!
UeoT|Xz9W
tes[Gy8#
/(J3?`y0
&3??4U
itV.`m9
x']9l%#dxs^O
(^Y(<t`
Q6vnA@V
l>y5ON^
snj~G>
a7TKawl
m] hsG3
:e"U8.7tW
JGH~wK
RP:\g5?U
KRkLI]+
(kS=;1AG)ee
j.V o
(0"$Qb:G
ns/oO;a5
IJ!WMh
x DR\2nk
{oL8L_8
x(.zd,'^Ye
O>ZTW oSv
T})LRi)wF`[H
>U0+k]
v}ofxuU;
XJzw&3g
bTl!]-8
G7$`4WNh>t{
cFJ?U]T8
si*~.1
g\'Trq|KE
{d0ASCi[d#P^K9!]B
24vrCSHF6
"Y,g\(A
*t[<8'e
VLft,]
2/TTN8
kRB-wW
oCAd0x
k%_=:1o
(I^Z!?/
A8e(0Y
'Kc+KZd
2AL0rJ
gVgcu42\;e+N
+%u}pgH_v
x1.6 ;>=I{n
47Y9`
MsTHx^kc
55/I}*c
W/}Be;1
>zE$&2
Md4cc:q
Vkq5lsjc=G
k1==0yN
~$*Ibg
35hHvtH!v
4n*sZWC`[
\=oVy67
v4V!KV
1nO(A 6 gl
FHT@5s9
X>FY= c<JPEtV
gEDq#xU)sU2q4
:{G_{x
^Y-akP
z:5OJm
\Ac$QjqKc7FQ
8=3\)k9cN
CzSlb!@ GKmuBK
Y?W2&@W
QPcoN`9wy
14[OY>
m.y<03Oh
bGX1\LG
(**=(\
JmT*0uw@6p
/YOG%bp
N8DskR=Vf=aP_
J+/0>dBT ACFj<N7Z
3pOk*r
9Uj R^
&_g/84Kz8
N$b.<.a8tmpN`L
`fA35W
W-ACr;a
-h8o;L
`Ul<m)uY_
N_aJG^R0\3CcE
5{8HEB,
0^_H-3F
j>5/5au
6NK_C7A0
PPZO}/|~R
x2u8E#e
B\QizP/6',
ak13^kr~]\Zw
x.trc9=.05P,AyO
F59RPY18sH<
SHehVsJro'
H:Xq(<um,
nm}P5TB
5t|MjZO5
G&|rh7
IK|^nm/~S }Z
v=`.V)
Y$=JnoSX}Rf)
kgp<!eqRO<cYRdC lX[
}~Yg9*hEGWhI@
rO[`O91P$
lN h3on*<
`(Jh0=
@4y^Va
Zy79~$biP#/
L]P0VZQ
%=Dp"q
42H9@4 S=dxFw
R;TPwyeA
"w.7^[2W
382m6q]M
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�(�
Process Tree
- 024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe (2108) "C:\Users\Administrator\AppData\Local\Temp\024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | f6eef6e7dd4fc3c6_mip.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\mip.exe |
| Size | 1.5MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 52be7316cbb1f174192dade78c261c88 |
| SHA1 | 6fb18336da2d39323a6d62738995b6ff917ce6ed |
| SHA256 | f6eef6e7dd4fc3c645f3cf90de319c80d66e6f26a6caea66c40e77d4792f4f46 |
| CRC32 | C6D36C00 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e1f68e8f29f40e3c_shapecollector.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe |
| Size | 679.0KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1da89e2eacc051cb43f3e246d995738d |
| SHA1 | 3199c8cc7c811566854d706c5e28d14c881c1506 |
| SHA256 | e1f68e8f29f40e3c2ea6a40903c6f0634d029b2a6302c37f3efe78297660b87f |
| CRC32 | EF061B60 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6f0a3ca4bf6abfc5_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ded0ec4edd8e480b3787df7f0e6d5c8a |
| SHA1 | 7c1ad8481061e60bd3b4cdcce925aa64201fc7c8 |
| SHA256 | 49435dbac866cc926357691bf1587dd2aa7f193cd037d75e8b234d5e60c3235e |
| CRC32 | 865C18CE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2748d1e1f58d9745_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6b5f95743a42916d2da42122dda62b57 |
| SHA1 | ac522dca84ad5c97bd525d0f2076b5d55507cbd6 |
| SHA256 | d21f7013d3f81813f9004b5a3718317489e7fac5581002c34d607fbd21213581 |
| CRC32 | DBC446B0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ef7eee1b962d53fc_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c6baa9360fa37140209f948b587b9ace |
| SHA1 | 2775ab52e0cd011ed6c59c2be39ba98ac5abacfc |
| SHA256 | 9d2c853f7391d8612f5f65c3839ab08974ba25cb87df8649199201278dde5e50 |
| CRC32 | 26D67498 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cbf9b79012c86300_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 68b8a095ef647c1a4a4efd10df8241bd |
| SHA1 | a89e458c79d3a295e348ab52d481c7871767a6ac |
| SHA256 | 9bbc3b31e3948afd6432fb782c0a06c3020fd9958c159525cada8a8e1d135cd3 |
| CRC32 | 68FB4E11 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f49eca2dd0ff5358_procmon.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\Procmon.exe |
| Size | 2.0MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 974f390e2b8005911989b7a51ff753b1 |
| SHA1 | 12bf0036fb0c1f8084fef8612c3eadc78da54e5d |
| SHA256 | f49eca2dd0ff53585f46d67da36c7fd7988efaf41c41a3a0be9b16ca130d0263 |
| CRC32 | 53F5DD20 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 11d87c672d3f31d8_inkwatson.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe |
| Size | 388.0KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 486e3f8c5408ec76ab95a9d9cc3feeff |
| SHA1 | b7bd9f41275331db12111fc6c2fac06efbb52ede |
| SHA256 | 11d87c672d3f31d8e6911813102d9c680ca52abc4d555e3464425ddb5162e31f |
| CRC32 | BEF13E69 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ea33615abba506ff_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 64afc3cfba51075026037e1e50c3e92b |
| SHA1 | f091518c0d9ec2d39e93f2b3509959061e7be4d7 |
| SHA256 | 606b767ffaca8296ca97e1126ad8e2da140d300777f55a53a41f7490e5ec50ab |
| CRC32 | 55F63E97 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 76e06e48e379850d_flicklearningwizard.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe |
| Size | 906.0KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5ca8b21aec8625e550b21033def5146a |
| SHA1 | a66b66176fafcf686a5b397792e785d6cd8ca3e1 |
| SHA256 | 76e06e48e379850da87f6514a8a54914ae6657494929bb83255f54cdc88d32ff |
| CRC32 | 7E100F4D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0378bd4a657432ad_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fd7c39081245b58a6adffd957d0d9e8b |
| SHA1 | 08fb64664354fac48618fac86581ad145fdb03eb |
| SHA256 | b2c442edaebdf94a399a1c2d189f30ed1ac67e81b63543cfbdb5205abf7fcdf9 |
| CRC32 | 3ECF25A0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9479965195fce173_is32bit.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\is32bit.exe |
| Size | 119.8KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d55790bafb3269fcfa54fbf55293f687 |
| SHA1 | 56a19640b48891eb3c6b2eaf3c86b96e9b5234e3 |
| SHA256 | 9479965195fce173ca972b7880c052c86cbbcb7657f29b9c448fb5f9c73155a9 |
| CRC32 | 212AE64D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6efc6c881b50a528_inject-x86.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\inject-x86.exe |
| Size | 130.3KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8b3096d7d110c5927570681beaca52dd |
| SHA1 | 5f29048b2add9999ced7f72f89bb5e00b112a2f1 |
| SHA256 | 6efc6c881b50a528a9da483f7856fc5ddbd9f546fcc6d7c0f60fbcee0deec468 |
| CRC32 | C28D1732 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 23f37adf961265e2_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 1.2MB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5f42c42b52174695f2109cd0ba290c2b |
| SHA1 | 89b87d9e80b68121e106048b0ac20e351af3293d |
| SHA256 | 3af9e44146854a563fe8aae4e8dc862c596a65eda8c3ac87cf22c78c64464291 |
| CRC32 | EF44057E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a1e88659a4ad4f4f_marijuana.txt |
|---|---|
| Filepath | C:\marijuana.txt |
| Size | 21.2KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | ISO-8859 text, with CRLF line terminators |
| MD5 | c0214c7723fe7bde6bc2834742bcc506 |
| SHA1 | f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3 |
| SHA256 | a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73 |
| CRC32 | 0D0BD2E9 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 52f9578abd79e030_convertinkstore.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe |
| Size | 188.5KB |
| Processes | 2108 (024499824edd4eaa6edb30824a7aa8203c5b3357ff0df658b99fdbe63b6ceaf3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bb79d6ff859ad74f9cfea07931e29474 |
| SHA1 | 98aa22cbebb636b6769f48d135da0059388af8bd |
| SHA256 | 52f9578abd79e030f9f0f4d8c3903f0961d216d74f3124bb9854575ff10754af |
| CRC32 | C218325B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.