1.2
低危

0fec3056093caeb13291d46048c82403aacd6517f2aed43340d8d028c410e2b5

0fec3056093caeb13291d46048c82403aacd6517f2aed43340d8d028c410e2b5.exe

分析耗时

193s

最近分析

370天前

文件大小

727.8KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN WORM LORING
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.77
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:GenMalicious-HVT [Trj] 20200513 18.4.3895.0
Baidu Win32.Backdoor.Agent.i 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20200513 2013.8.14.323
McAfee GenericATG-FCKW!8B7300A70AA5 20200513 6.0.6.653
Tencent Trojan.Win32.Agent.acf 20200513 1.0.0.1
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报) (6 个事件)
section CODE
section DATA
section BSS
section .aspack
section .adata
section ExeS
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (4 个事件)
section {'name': 'CODE', 'virtual_address': '0x00001000', 'virtual_size': '0x00028000', 'size_of_data': '0x0000b800', 'entropy': 7.985330386647021} entropy 7.985330386647021 description 发现高熵的节
section {'name': '.rsrc', 'virtual_address': '0x00031000', 'virtual_size': '0x0000a000', 'size_of_data': '0x00009800', 'entropy': 6.928504988659096} entropy 6.928504988659096 description 发现高熵的节
section {'name': 'ExeS', 'virtual_address': '0x0003d000', 'virtual_size': '0x00002000', 'size_of_data': '0x00000d5b', 'entropy': 7.7114067838204905} entropy 7.7114067838204905 description 发现高熵的节
entropy 0.9257994058155544 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 68 个反病毒引擎识别为恶意 (50 out of 68 个事件)
ALYac Trojan.GenericKD.40513395
APEX Malicious
AVG Win32:GenMalicious-HVT [Trj]
Acronis suspicious
Ad-Aware Trojan.GenericKD.40513395
AhnLab-V3 Worm/Win32.IRCBot.R3593
Antiy-AVL Trojan[Backdoor]/Win32.IRCBot
Arcabit Trojan.Generic.D26A2F73
Avast Win32:GenMalicious-HVT [Trj]
Avira WORM/IRCBot.86875
Baidu Win32.Backdoor.Agent.i
BitDefender Trojan.GenericKD.40513395
BitDefenderTheta AI:Packer.A8390A801D
Bkav W32.FamVT.LoringK.Trojan
CAT-QuickHeal TrojanDropper.Loring.A11
CMC Trojan-Dropper.Win32!O
ClamAV Win.Trojan.Obfuscated-1662
Comodo TrojWare.Win32.IRCBot.RICD@5j7h88
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.d839f8
Cylance Unsafe
Cyren W32/Risk.VXNU-4867
DrWeb Trojan.MulDrop5.7150
ESET-NOD32 Win32/IRCBot.OV
Emsisoft Trojan.GenericKD.40513395 (B)
Endgame malicious (high confidence)
F-Prot W32/Malware!9219
F-Secure Worm.WORM/IRCBot.86875
FireEye Generic.mg.9f18914d839f81d2
Fortinet W32/Generic.AC.56!tr
GData Win32.Trojan.IRCBot.L
Ikarus Trojan-Dropper.Win32.Loring
Invincea heuristic
Jiangmin Trojan/Generic.bglly
K7AntiVirus Trojan ( 7000000f1 )
K7GW Trojan ( 7000000f1 )
Kaspersky Trojan.Win32.Reconyc.gunk
MAX malware (ai score=84)
Malwarebytes Backdoor.IRCBot
MaxSecure Trojan.Loring
McAfee GenericATG-FCKW!8B7300A70AA5
McAfee-GW-Edition BehavesLike.Win32.Sdbot.bz
MicroWorld-eScan Trojan.GenericKD.40513395
Microsoft TrojanDropper:Win32/Loring
NANO-Antivirus Trojan.Win32.IRCBot.dpvlrd
Panda Trj/Dropper.AAP
Qihoo-360 Worm.Win32.Agent.B
Rising Trojan.Loring!1.A1A2 (CLASSIC)
SUPERAntiSpyware Trojan.Keygen/Crack[Payload]
Sangfor Malware
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

PE Imphash

5a498eee87e4d89512a84502f500181f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x00028000 0x0000b800 7.985330386647021
DATA 0x00029000 0x00001000 0x00000400 5.990819765625397
BSS 0x0002a000 0x00001000 0x00000000 0.0
.idata 0x0002b000 0x00001000 0x00000600 6.692664294641467
.tls 0x0002c000 0x00001000 0x00000000 0.0
.rdata 0x0002d000 0x00001000 0x00000200 0.2044881574398449
.reloc 0x0002e000 0x00003000 0x00000000 0.0
.rsrc 0x00031000 0x0000a000 0x00009800 6.928504988659096
.aspack 0x0003b000 0x00001000 0x00001000 6.111174633718887
.adata 0x0003c000 0x00001000 0x00000000 0.0
ExeS 0x0003d000 0x00002000 0x00000d5b 7.7114067838204905

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00031654 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_ICON 0x00031654 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_STRING 0x00032494 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000327e0 0x00007b5b LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000327e0 0x00007b5b LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000327e0 0x00007b5b LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x0003a33c 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_VERSION 0x0003a360 0x000002bc LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

Library kernel32.dll:
0x43bf5c GetProcAddress
0x43bf60 GetModuleHandleA
0x43bf64 LoadLibraryA

L!This program must be run under Win32
.idata
.rdata
.reloc
.aspack
.adata
EHFT!
It<,IU{
7@@onH-sPsb
n^{*.3x
vIW(U*s~p
HPYEA
/wY-$m>
+b!YphQYQzV
MF<"hD
***z*j*R*J%K%KHr
"$OHDEQ
$PPgo<NTv
-bA"E"
4fsx^F';r
HA@Tu1bU"i
0$*Tb%g
hvX#B7
ob!}L<
Xd24sR*
#?+o^^!M@z&&O
r+h=kLD
GK4v[J
A)Hpz_
S-qF`13S
N?&}&/v;9u.I
JhH2IS
5)K^u+p
WK,HI!
61;RKjNV
vJ]%|)DKcq|=tH9d<g
Lv9"c
}#DL_T
eCN8{z
L~x8/un0
O77YG0I3$?
$6O5>Y2^d
/5ox[34X0v
b>eCP|_X9\
$Gr,_F
`B!BCXzE
vF_hK&?
`%CwlY
=QDTYbyX)
\3M9f6%
DQU'ARvpsP
ZT:W/)
],e3D}}
vcy?B%~
`mCjU`<?0Hw
tPbLN(
XJ^8n%
zW'YU 6
J]Ab.'gw$;@qw
,y&k*c
#ni3Cks/|^>Qr
RRud4x^
Au:|Em
uLPHuHU
E%s5&:*SXjay
9RQ:j_
ELJzIX{L
yPX9D~XU~
^$jG;R9
2dR84!M"
O0gXGj
G.c`Of
,/#(mM=
TFX;!W:R
SPU< 7
%{h:PM[L
F$6+]Q4Y9
DO\h)l6joovJ\9W
D'K+;#
RZQ5Q.j
lI6YhX>
n(%]*PK
qt13Qv5@)
,t?x'NiG7F
$,O%>\\(qJP
36l{w0
kKgsJ`X
jD)1Wfb
}O1\O14
imfD3-
ryk1 o
ouY4E
JK%D\/*D
ebmYID.jd4
9m2pf[`G/0kE
Be@pPR,1Oy
V9&(IfdmN!
P2k7Ax.o')2Fv^gu
{ca\=>
^Q5jJ5N
~/D[?KY
l|3A?_S
x^EL.ryW
:Mu*R\f
5z-/M]
U}Ts|)'
_iLXh0{
d7;#*6@7
7j[O\na>t)
_P\yu(
#d,a~0#
6tpu6#5
`~wU|p
@V[*"1
|4XM!LE
qH\g9~_
58k;dUm)
%V/*=j
AIId)$.]LK
{@xH'K
})3hU%y
mG`nowQ
!jAP#s
F.KiH\
IX1'k{amQ
6w'#=9b)
` Uy(uRG4
(~HL8jmXZ
1_wMF8}ko
t@<=5@CNe~.MmF4mc
6E|DJ
/="*t4i)j9
D)td(_6%
Wobg^D
CPHxv^H@,?OEI
V@)Tr2H%nS
sBt2G&V:Gtb
BeAM_
|+\8Fc6
rI%CIo$w
Vb9lw=]ai26y$3:<`=(H[
A<kccZ
i>ur(OMTm7+
"W0Deg
=4e1,MQl
="3RfGkl
m=(]J4/'9L[bR
h|S9fN=o]6t.Dop}f)DxxM
723l]7g
|6"[RSS
-qDc}g*
2*tH"%?;cNle5
x.|e=|GgNo@ d
V|k"Kj56
)|1.zs
)^fNYl
b##oNxp
T763qCe
sDIYv'*q)2N
l$AG9PV*m),]
{.LYGR?FA
mLxMI +
_[(N,z}
*uxl|.
''d xG
a~bj,3>
|:{"TZ
OTn-QwG__
?2&iU|=S
~SEpM5}
ee09+(L1CJ-H
etF rGqjw7,`;
ZA>7lDUcCg_`%~@
ETE@ i
A>wSt)
<_9ejC[^
414JM7[9E)?@c
(TRXE[6i%PA
*`W~o|nn{*;M
zlX_N;
)Mk;!s
L3`&325?R75w:@
7pLtg*
xzwd.z
sb;!r7
S?]:*5
VRTP,5~G1.
zwL?Cy
#iw1p(1
|JF bL[SsP^
7?$s)\
K:TgRV%
W7HOzZ
K#?II{u
NqN{4!
.x'-Ri
nm{5'&E`&nl(aa[A3fL4,
K\W;n>G/-]
i W#:w
3(|`;?X
UX_":o?[c
WR]m[c
QQxt)gy
Wg#@2e1
k.`/4"
L)\.m;
c[dD?J2iH0?P
$pUGm{ot
GB%U`&uyc
@n6p5/J
Ov9)bHI
!@/ynQusP^
"Hr1FSi
wfBx"h~T_
YHG=>Am
oof79k
kjA9O'3:N
/c(~bl/6%
nlDLJ^
^}DrXB`U
\:m_l"
q j4Tk
6!p.CdeE
z?KH {
0~F27>6Rm[
;'w,W?gT
E4iGE!tSKKfx,TYq/wzMk
\Qtx:)C5omTz
ST"%<E)bR
"'BNDN
N|NKq>
%Fq-"sBZ"ssXDr"X
< 5cDGV5.4
G7G1(V^
5>MF`4(T
7_23C<wq]
{I59T7~
XYT`]
p5a.J}
Oaa`5;s
sG>S^H~
.SZ{YW
SSdS[
EiZ=X}o
Ny$|7a
3m7)QXHv)3C7
"o`3\O
A+Rd>KG
xiM{[m^iM,w8_$l[k
rXkI@k2.RfZO
kOZj$=p]Z
[<P>3KM#,_
?lc)=2MrT]"
!/lq,j%_
Gr^KHizxeZ
$iMI!U
/e)#=Y
6yK}7<
5-6j,j
4]Z$R(
MY`bvy35
c2/YLPV4
[vek`o<C
%D;"pM
W{OR`( 3
2<qh=;
&TS%(I
UpVv^$`0M
gX>=?>RLFG%
C`_#ncY#
/zZu(Ma
8:X2!EzPPl
"HQk&
kSL{a#AEoY&
[a@M}D#\
WPltpX&N7['dw
G7 stR~n}=`7J
6cdZIA/H
qH;Q{u
~xJUZ4
6XGmMKZ&*3Je
1@uRF]
K&/&7O
u&a=c
rV\/!#V
nM)/K>H
;0^[a(c{
b1JQ>OW
*L;Ikc
iNPPB@
+}8}?=>rY
Z,}z!%
^x3hP|n
T):7Nm]A
To++K&
#`+y5r
9sz'+gwW
\7'GG'
QCF=Za
^~?x5HN|>O
`4aP_e[|ep }Y
[r1hU~#
hs;U@Z
I'|bN",
Vo'K&_r^8W61
o`45Db
N1SGS~x@
N[Y=[9
S.7RMl
9B5`kof OH7[
hC!Y/*1yPYc
qnh)qpWG!]
)][ZRJ1)T)8
vd 'd[eA@=[W}
tD#Am-N
t[&l|sAP
fO XFs0*
ll1E8
RxH?<@+(
9k$Z-QFJc!;
evm<Ma
!e~1Elu
~I4wyg(2
~2FzC]`
pbO>pUF*53t>
(8:'GJC_
Os&pgE
{mxE+^TI
$Xu3kfq-VP
} UR:IjA
Q9P"8E
+049|F2
a\V6Q|y
.Cw.MVE
)NS+cK
%~A{e)`F@
);P"XF/
elq~v$87
l`8qpnj
Trdw%Aw=
6sL|@q
m`'3K%*wp
2Sw@c'=
Q4/'yUf2I
@4$?9
3Y["Po
fT{{7Hu
uhfPyTcZ@
m0mb/s!Kxav
Bj8(;Nk
aw5G<
t0sAcG
iGEpBsj-r
P=M>9rV
#VqKwOB
2>;Q&4U
LOeQ&@c+Ok
pr\Kc$
o&Aha#!
w[pNCRlt
6GZJP<
:|(@Hq
dd0TO)C
g7)b\4`:
@#}*Ng
1+U)@;6D,u'
ry2Z`xvm~X2s
Cy1}5f=y
95-J.Ua
7O&.r-
\A)_/6z
uS=N$D
>Fg9rv
lBLx)2\~
q/Mts?\t
k[0KHs|UZ
^[1tq9
kA`_Hmv@_
G'zDW6
D')[r.-x
/J2L;X^]7
JXjVPqfN
t(DeGZX
J2te"Xbj
,-atMra
$WPq~J",ss
A6a9,9Y]LJ.Xa
<*"0r~Al22
(Eef`|?
}AoD"42R
|={#xv*~^^
w[~\wp9R>8
OI=HVs{
l'![_X,
u"jWCB
]*/b72'
ek,aX;T,D
iyf] 8?
LIzfHP1s@Wp
%fI,|V
R0,!)kgn
,xw`HP]a:[\nQ
/>(16AgG:
-_77'7c
yH[eak
=O?0F?
d{z3J6
z\Wx%aXl&nuAEYi? c>3C3
Ku):H{o{
OBgc$2
uJN9bIbv
cL!YJd]<
<WOy%f
8"0~#Fd
A5&[pu
J/k]ja
s!/WY
$'?.$6]
?[afaUo
GOx;2(\d
>gxT9I0P`
8([7}0|S9
x>0%>Zi
aIE8D4TtR
G!X@}Ke
_yp_A3
'JI\~m8\y(
ut$IJ<
"#2&e(SL-I
Q/GU8n
Hy)d|8ljQ#
BfhtVM93h;jl
3TcP| N/
AKz{yzth{g
,|0jYe*+|Y1S}n~)&
Ue~x0]
WdpmL!
$q&Jx\h
n$M}8{hdj
.(fkhOkO^PQ#
1^xv|PP`
U_RZ5a.;
),|Y%PZ)V
9r<.S?
uV4AUSdU_~w
[('\8B/2!:>"o]
^Ks(F@
Od?:1%
9+2CwNID`
lH?h!Fy
]tEkz{8S#y
4kbg
$xw0JY
zybB7J;w"qGJ*
_hnIB'
g@waWp.LHW@SxRL7Y
H+,HX^}q$i@^
@P'TAkM8*bj
BzHR#H
lS!_13
f{^`0]|
z*?*72
"!J%y+
uX?*T7
H&V6MRa
P$%`$"j
VYTR}RI
0jQ7JENs
|T1oJc~
vT}Ox.
42!oeZ
y~@VoF&c
tx.U(\h
bwJ00=
'.z^kzp[oh^#
uE]00.`06=f
*{[%mh[^c f3
}[c9$"(:
-r26Xek2
/hut52
e)E6+0%"7r"
kLV1@{
_j5MXKa+3
B@3E|u
Tv,&j.&
VL{(*5
,'(@n1
))*G>0+,>
F~J2k3
"!xKb]
Q(;T{2D
UI#{(<|wp
ERRlr+Fo:S
gZ-vG_M,mJK
"c;L9'.K_|$
z{0`Nq2YqQ
|eb{,
u+n m:%w4
pPKKmy
wbp<XLH
7&*0(L
Vi(BV>Y!nX
tuU=+\b
cCv+1t3!H
cwWdiO++Q
x*hjo5
H?8?Dz
m5bhRi
[=\v<|
yP[G[x
9@t@=\
fl{{wd.
c8R)u<
{u55o.
TsF6Mh
^!xEPh
0)N<JK
{9XIB3
9{l)&51w]
RIJokl)R
C6vce+i
#T4{]V[b
$t!ze$^~
z$2^cf^BEuZgD2xD
FPJA~8
rT}mj;6f
7WxcrNCnU
rDC-P\
<eUQ=O:U.:
-N\J3zfE{3M
Hvq_;Z#
bz/?qX=c7GP
{]l6jt^
1jVkK,;*[k
+U:S^Y
[{yd?(
{#6a9tM.y
7j{il?
;yke}X
jGG^d[fAM
03a"Ir
K!J7#Ngg;
]p3t)
hG`n]VYW
j.cnra:8
]tfh1b#
Zj 2`Z
qd5ThNI
MT=PT%
O4Qf>+MfQ6EYv<20qwX
!;Ls0ESO
@ml,aj}\hL/M{
<vKBe8I9onT
A.^nWo
y0V\9=
>oD'Ip>[Fh
(ZL2J]y{%i
oaev).
pfITusJePlgmd@
JD5{wii0
/O!RDF?
=Fyzb+
<A+F82@
[4OndN]87xHqB_
vZ%CR8H
Ixd!VC>
/fYEU_
AqVGOBLW1^w
h0g4"G
'9xt{#
t"I:6)V>
{[^5b0
_{k^\'
4Sf&[H
/5`6bJ^0>P
:3;^vfS
7|{%z1
==AHt&[
@G*vD=/^RN
Q]j:>s!^h
suhzPrF
Ap%'4_
9(+M{}cs|uq7
#*2!Oh
,[\n#td+M_m:rFFc8.
7R4Dhj
W8qPN1
nH<lA'
LYY(]9%?=x
,FY;;O
V3L+Eh
[-'x)h
#WqSlGN
xnF-!\Mg&IR
<N1\OgZ
,xi4XT+ V!
8NJtRh5
$`C]8~&;O|
bMYC^O$
H@RGc`D6
4-Hi:="W
!(3x U;"t(_
vFF<Ax}
dblIc0x>SH
jX~y5~O`)2
LME;.yc~7$[
'w,kwJ1<siU
v8h8FU
nUnoz[9/
P"vXz[WL
i.{4GZ(
L(}/2s];
Tq-C,wQ"
!{OUUI-*jKWqzN
%lAx(kQo.Iv_a
p4e.)
[Cu}^N^
2_h7Go
t>t0Ku
~?LD~^
<|6dwsl
[N27^qr
q\yCv.;C
;"rmyq
Td)Y'O(
Y[SNB^i|
h!%5q5#a8Dk
&k<}M3mv
Y_H^!W
5LeF#o
L8NZb
l6MNNa[
*aQMniY
KMRHcd
<AT.Ikue|P
C/*LZpVsl
4!-W8mv
X_x-4xpPd?
S&{Ls/rB(
V {w 3u
7qUfza{-J[
$(TU%^
)%:iRT_Awj(
S}^5^V
W';??E
_%}D@m
d>g17o-
3WvgW\GgYw~h~{
vwOtW|?r8{
Lo^:=z
2?~eT~z/
6psQ;s8
7F;5"]
=?==ykj
]#z>Kw
=_zE}_xe:
MxgV]Sw|.j~
iKAdG`
ygp"^$Y
`"Z&`=+&2(C
<`DL`vWc
\"I#@2
r"@#nk
rl"<OX
"H#nV-a
%26tGT
D~F.h$6
Jy`@\%6
@"`#nc
0;+'(.
Y+[%+0j5Bn
Z3i+cA=H(
9Hifa[U3vA8/dO6
N(I"#\nH
qAZi"B
z<VL+0d
pzM@[c
Xz@0A]
x+^&xT-A
Zq2(V#q
xLP+0:
k.?8zk
ev<PV&(b
VKAdG`
V&xT-A
ygp+L$Y
o+^%+0]
5AZ)5Bn
ygp+A$Y
03K9`TQe
(+B$PX
o+gk..YT
9lif`+;z`f4rZ
JyeiL.PA
=@VM@[c
="}4x`P"%
nhp8"%Z
ygp+:zpM,
X+J$YC
= V&hDuA[+
8"^$pX
z<D&Xe
0"Z&0;+&1C
~ rW#p
6p1v0"ns
{wLucz.V-a
0+F&0;+
2b!Y+Z#rW#p
DJADG@
=03K9`
z<DL.PA
bzPTMna.
=@VM@[c
+\&hDuA[
Jy`0aV`
x<VL+0c
|ih|$1
z.ogn'
f2%M>VKs;aq7|}w;7tQ.^oXZ52T
n[Yh~&a|7%g+^4
$oLJo.@q+H
Zdu74XN
vxsYdv
H{O>n(0[
_;Y"n;
Gr9y"D
Lx$L0
mcA=/c7|W
q7eN -
KhA"M%[
'8t>No
A_7v{Ou
{!9JiyD
$IAL>!"g#"D
'|/(n@-
HB9s~n0
sdwcqD
"N:3{w3\Jwg
-xgxyg
'aP6O?
;a&9jf:d;g
TM>Ds<
i7$I!wZ7tH
`57$Kw/
#K|7$HAw}bD
N!g0ql
,n$rR;"S%
KDw<7<
dnpY|Q
Hna&q&
+7,I@,
*nI$I;7
>DH{'.n0~"y,
~%h ?S/,
1%l 83
1%j>S8D
:#xVdhm
w9;&m2
.ocy{cj
%r7^x7|Wf
df"S%
7|lgy.xsMW;>
?fQH#
&xT;7$MP;h
$G\)D!"?
#$|y99-"L
T)*EKLY
/7+YHL
acgx$,
1NMI"D
lP7NHY
UKv <T_F;Bj=J
AdtT+s~H}J@HC12SQ9B*t
ISxO0<Q2
BhF'WB
UzEPx<;jCfT
l9W8]!WYlJ
6EPfR6BE
"<=YGU
j9v\mF7|*i;<KL
2F?"Rn
"<tpSg
v2TNdx
"8|(B[gweMb[
[%FrF
"y,|iQnx*
U2"Ijl
"0=yFA>*w
f={8hEf=xq
@#4g-P<eO
8eDpDJP
N@~P2w
$~^"Gxbr
w,TY3@
`"0t?(TNh
*&DyA
TL8v4>@bd
AOaN/82#5
P;wx4EDdE
]Q'(-@D
NX{8N1} wkTD
@Kh'h!
]{yQ0J
j7;BZ^GE ^`
,;T%D%(xT%Dd
0(?3BT
%(r8!T%D
D<fZwP
["(pPNV\
xeNUpT
Q(r"NU
0aoL>c{7k[]2E?
v/n5?e
xD2<we=s?w
oeqcs"W_yW4s;
gd{rxn_9ll|Ts
jL| {9u:
{91y[M
xWwmOd6s3]
%5:mN[2
up1w$
9Q;{}T
3o?f4xG@:'x
#>7#t!E
>*[znCs:cK{Ufu
%I!E6z
Oqq|OEWt_A
:2*X=,#k
_^(3/='}0G
Mw:;^
2wwdpgz62k;TBZolW]gEz;IzM4mn
}k=/#|nr/Y/V
Io}$ ~5E915?
zK?9],D^Vc
lS9[xwn>#~tU
oqo^tM
svQNHz3gm|
4[?DGu
!,11],{GO
niXJfyvo
$f\w7c"
eW"YDazA
(T<]OUb
883si]dJ<NY:
uh"4@N
r!}(7#^Sx
6^k\,n
w1nGWtZ_l
=kEl`3{P,Yk$eO
=1._j^
'}P{zC{|:
w;;\?2Y
LKt^,
Wkf4^c
C}>9[@
M?_+T^t^RMJH%^$
j?qeqF
y- t/Z{~z`
sy]VRN^W#
&'p3L_!
xW?XapiE
%&Sm@XHs:}
06>MD.}m
{waYWFG
[*E:Sw
s#,uhu1
fHc`3aa
-"}Z,!`
[2lQ4i\B
CwR1g2J(%jY|`
V,z2oLj9Y~
6Bm$C7c
pFm4nLk]
R)`,?0A
i$0}1*mPIXi.0v
+%,P^P
t5X" fX
3oD9V#A
ZyL&n)hmFn5F|yIEP
2s-beJ
n\^V,}B
7R1-N1J
7s 4yO.
kzr+9{"
A\#^jA(V
PQ[(0\B!0pQ 8
89-q.4o7
wOFuil
zRCm9q:-+^G7
gI_KB:*
ip4?=Lj{"
E|x/B2d+
pI=J"2%Y o?JKfF,rE[
9e&KBmItFD^.~9n
q%hA1N5~
UF}RtV1NJNTR(p
9E! YdD
H1RA9
(h*bYMet{H
BFGQ/DJ<
p<(vld
wlDM3s>R
cl(DDG
+~v9x[8{xn,b
LyC<[T5
)i,ZJ`6#d
Pi&o@N-`!
:eKP ^
I_NxRXI8Mic&
Tc~uR'YxV`rF
4,-K>6
DXKG#ngA5!
wJvJXR:9NPAU\,2
g.#1Gbet,
 "_gg
^qY)eq[SPDU/=K
7$l-^0
+w25BO
?$}'4_>IYf
z9QYs
'c8K+Z}
[F-" 1F<
e>l;33!
k%ZhLO
wwwwwwx
fffffffff`
wwwwwwx
Install
QTypInfo
"RTLConsts
System
SysInit
SysConst
CVariants
KWindows
UTypes
$VarUtils
SysUtils
sActiveX
3Messages
^Classes
L!This program cannot be run in DOS mode.
.idata
.aspack
.adata
_6r1>
]{G&j>1
w0}>QX
qC.<<R\iC
bvB1U7
OK*i(qP
$pAA{+
;.sW}AHe2wM
x6vG`14
ef]JcpKR
{t[sJ"
WVC.K(RjUE;-purz
EOW*?LI\S-7S
$@}c{b{d1
N#2tCiZI4SuM%
ei8Q4RIX
E%m%[xfk
GtN\of=G
X/{&fM83c;
R5ZX~b+Sjx
{nH'"~xe<gwt:
d=uotu|
".k-,QTO
R:q:%`~
d@s4t;<?O~6+m
EE&ThkXY_Q
c`E1I5>B^r
6VCR ^4p
s3WcQ?Gc?: ~/+
ZVOGmmX)*k:I
wI9:F YmLd
G:I.rA
AbvVs~
oT'lIK
hOQwuzR
Z&UVI0
/)X7}7
Iz:+F%
EtT(a9h
P%1%5h5Zz
VmQpKWej
5KG R^
T)J}Z-&&
2-FI>Z
&?z}j&
~G58*|
(h7drBF
.?X.@/!
IABC2mm?z
(UV6LpF
hQNPv\E SHRI<[<bK;q\
$:at?tx
.[pOZ3
z@HE|XETo
(nL{zs:q[d
i,gfWy
8BV/@:X#
Oa!<ML7UX9w
1x|P=!r)C1>ldNv|dRc|
/J\3*am
M?y0S<2+
A-abpa
!/&s"I.t
.bn6m8p(
!0lnF'7
sG zu""|JY
W?i:DL~
W^,&zy?(^
Pu9J;V*
GO+^J,e @XV
Sd_p@}
pz\PVAY
68p:HE|
l~>6.$r
;z,,\M
sOy+CAh
i %rRB
RAd+E0
)L9MJRL
!gmNGs
^LOri{D
R[kP{COj_WIft2
mj^11UI!mKn_
]Y&85)8,^6
E(T=c:#&
/go"v=+cb
8*ePL~8
noB.Ah
y~ei<V7
=ojyrO
q-k=ej>Yz
8=T7KI
Kg1\YLXw0%2
+htqMl
9@F:(X'
!mOmp,5
zn5D"<9
~zbmLD%Mm
^<=~@1
xo68BgKy
IS1-0gX}!
P]7*/vS
gpzH@4BT
m3a3ci$
#%4C8
-#vF-r
^cMGCsALD
$;;N{4kk
6#=c6n3
[`bxhczC)
CtJ=,m
}'=+2(6l!$f
xXcX"?z\b8>z}
R2,Z5!:b
]^oo#i
rG1'}s7F!Oi?y
uADRexxF
BJL0Bwj
B7.,03<l
el\O30
SFqT.jq
8O}WJ1
059v>J'G^N_
Cx;^N6
%A)m+r:{]x6G
D*}s GcgC
SteO)_}\SbP
~JDA1[
@KGfq68U!/
~KJ9ObY
p|?bG|W=!
c1{g3g3DH,
7x1#P
tC'lGC'c
N/$*\,
!VQOu/mNY}
Z4E8#a
;vWbklIw*
S@#b?]o
1gnX[~6%C,T
Ag05As4M0
Syzeu%
hfXI=Y+6o1'J9]\e5
1?^4}cE:H
ge`QP#*6K
"te,D7t
&=||s@Z"Yxl[\
}UFa5c
<:hfsSExCj
[];T2)
S{(N]]lW
!SdSc~RZ
!EUrM/^>
YLfcc]
<O2v8k
!(f8{P[:=
E@8pQO
2O.::X(ej=|0
%MmvszKv
J!;nr\
(#!B\
Znqo8j\
-?2fJO
q(dTy%r
L0,C~;*
V f:^oZ]P
t!c;O)`P}y/5@n
rPP4W:
Q,&[ImnExAH
3^T;'xu
e|wTUB
M?I8t7
c"'4m+ag:i
Fe1K#A
D!*Z;]
mqdn]^
mrVUbWkNwD`:
?L5lnCbH
oq.UtOY
uW$z|t2zgoGPmouw|
b@R+#S5S82!
QQ<kM=X]f
{+`q't
fFpPu#C
l@dfzpVZ+KNdWmdjt=Np`Li6
"mK.Q_
^S@Pth
tW[Y*d)L/3/2R
b}O[kD5Y
E6("o5
"O_>o2=?ZDii
+KEJc&
d3f#ZF\
yqMhu>OV^!Px'nDJu
yGfa,w
E|^ja|Do
[:,=,Y;f
g9N?J<N
lc&wUY5
J67DE-3^UQ
#kuB/2
lMI-.W52O@s0Y=vZxZ_+
V|!md"g&$X-$|
4+>TbTW{
C@!5{3Q#Qk
(Szp&$
b2[0_V,O|F@)^n\
IK*vw'&
njHjr?u
'hKsg$D/K'
JxhH3gBb:]
.8[`P";E3k
tOTj2_qMf
Oy[1XB<sVR
2i,IP<CCG
XB7<;nh
j}tc8~F-B
I<e:w]SZy
rw1V+FwQ\N"a
:Y8,e\>#
ibd<&=cU%ls@
PrC8Wmjz
SzD?0K~>
S\%:UyVR^CN
QS$/n<A[{3
73Ay;N
CM4+)Ki
Yga-J\W
E6>Z6Mi
iI{QVX-`+
%Q3Vei
RS#"o!,
79=9:8
####################################################################################################################################################################################################################################################################################################################7##
BFsl%!gkEgG62";J
*zp @.i
)J2P<<<
+#OQL.6
Y?YzUQ
&xw{sw4_u/K1
+.P4TYfN P!9$
. &|M3
-]a^;b
@1tI1JE6m9r&?LM,r*B7%p
~4~)I
D*sY:j
y}>Mvug{x
W=V*u,~
76/3z+'G
e<? `2
per=>O
mp}F6:fp
CA@g 6'
9S|k)OXg
5V1~n'_:hzGz'Zk2$E%
4uH{9HA|
N l|X"@!
3~)rb4
S]}/9KQ?
n![w}GLgOC
i@|"u*[
X[K#-+ml@4
>]"a#x[7Z
+[rF6w[%C?@
d9.YPiN
KC[NfK)D
,@%xjf
D"yr{{
"05cP,
pT[_h
hkiGF)
VH1sDe
0?q3Xs,5`=]AN
GNpeS0~9u&I'L0N%@
&%7BxiW
A;Tv$
,DQNakNOj#
CmiC2)1Uu9@
+WT]A
LN,V+v[Q^M
]C'ppD
tS?f8
8J`xS'ow
~2Tl2(^5ke5b'_
ut=O[zYA
z]d3,-M
N,">Rh.//
g=zc}G5
rUQJdPl<Vb
6ujG^f8Q
nV~T,ZG\d4
f8A_Yz@
dG#scG
s%5-?y
###########################################################################################################################################################################################################################################################################################################################################################################################################################################################7NN;##"
o)68{[/[n
38EsW!
^+SWx{
*]cT]Hv
(y'UJv=S9"G
"a;Z/Z
TOtNM:.;dXGEy
2H__>\
7Z_2F9
Q]n!'u
kq93YW
$F,^N_
TcrO*^5
VLv!WN
uj#xa+
4B} <Ej
>]DiXo
rIg\e\'
CX.(ZA};@\x
KS################################################################################################################################################################################################################################################################
\;.V5-2P3'HN1$FS5)8S6-,P3,
T.&1V6*_X:0L0$L/$P3&P2'~K,"[N.#:W1&&X,,
qjdC9C'
L+"R0#tQ-"KO.!1S- R)
xvSL`6+I)
@\1$PE|v
kbl=1L*
Bt>/[Lwo
xO@f4&N)
rQ.##Z,
gVb4$L.!Q0'0S1!
u:'gwl
yp[<2T9,0`@0
{qkK.%jO2(:M3"
m{qsrvy
zweB;9
J,#G+ ;L/
x9$zAD?=>?A
Km^aejkur}x
mjZ90;
i\`]WK>/!
krtqk`RC3
|oaO<'
uuqqts8
}}uvcb9
?c?m=
{{tt{{ji:
xxzzji:
uugf:
nnookkvvwwdc:
7=752
mmjjggjjdc;
8"E'O UWWeT0Z
xxhgD&
13 L1`;nHt<qy
hgI+4E'
ge]YZkKH3\=1U+
=%P?pb
#_Gxvvn
rm~|kieVjH?)O5,
)ITmu/eDE
z|ZxIJLLB3
jpjg^4
o###!o###<<<#+"#2!###2!##
*)---#
*###)>
#a##.!/#;##/#7##.#<##
!4##.!/#;##
o$###c#,m###
2!##<X<
?########_
q,/#c##.#<
##<##X?
<<</#c##.#<
##<####)?
##2!##
##[)Bo;
##2!##
2!##X?(
=)=")0)3
<##(!(
<##(94(
<##9#(4<X"RIv2!##
C)>Bg((\#
"#2!##j
=Ca>##BW
<##C<##
######2!##8C
##7|;f
ar######c!V<<<<
##<##C###c
w###<<<
;X92!##<<G
2!##O##?G###B=#/####
!##!##
!##,!##
<##<[A;.
/!##.#<##.<<##############*$-
'#+*$)(#
*3$)*3+$)33-
3$3)/3
$3-$3-
3$3)/3
$3-$3-
Ft1uM>C)9
[K?n8jv
##########################################################;######3"#K###
"#S=##########################################################################################################################################################################################################################
oO##}1
1=o!##aC>_<A
1=oo##aC>_<A
##B;##"!8?>=4;9753
+csCS########""""!!!!####""!!88??>>==44;;::::::::
!*\g<<<"~7
?%1=S?<###&!
?%1;To7###
<<<#o*!,B!#
1?a###
###!b}######B?#mw###
###Na###C%1
`E1M###d
)1/<)15
17.?)19
Sg<###%11t###
15F}###d;T<###
~W~)15)19S;("^
<<<<###),
CAw###B!#ba###C I1M###~!aC)2F
###<###
a/=C~!%a/
ba###_*],KAw###B!#
1=?R<###^
!Bg?^
??###^o
9p}###_;~5
F=###9
ZB4!f!5p7###
ZC/"##0
o"##~}
/"##o<<
.5s###o
"##,"##B!#
;bs###b
##bC##C###b
"##^No!###B?#m=##
!.oe<<C4
"#####N`.!o=e<<
oce<<aC,A=##
`oQ<<g;
"##~9"[cR
."o<<CC|
g4.ox<<C=.o'<<CC|"##X
C"##}<<<
o<<aC,A=##a1"##s###
o<<aC,A=##}1##
##o<<aC,A=##X
"###CcE!##?
"##)11"##q,KA=##o###{,d
11<C%1;x"##
;oe<<###4
44%1;"##["##"###<<<oS
19y###ts###o
o<<<~u
17?R<###^
n7###|?R<<<#n
o<<<~}
"##uD/"##Z
oV<<~y
#,aCf) <*
15<###g[g?
?|=?###_7###
?<<<#t
##o<<5g|??*
13<###g[g?
=?###^o7###
<<<#oW
"##8%199
1;gTo<<aC)5%1
,KA9B?#,
CA9B?#############################?###"#~"#"#####@
XX###)
9###A`0
09#&&&&&################################################################
kernel32.dll
LoadLibraryA
GetProcAddress
6666dl8
d$#$$$$
d$m>$$c"$$
d$)t`=)`
q|yb^@$#=)`9
@(@p?#C
d$9d(?$$$<9
$$$1)d$
)d$p$$$/)d$+)d$Y$$$
)d${)d$r$$$O)d$K)d$c$$$`)d$\)d$
$$$S)d$o)d$
$$$)d$)d$6$$$)d$
d$ttN=
d$4$$$p%`=/
Z$=1)d$k4j<=o:r@bt$4$$
d$MP)d$tZ@s=
d$<$$$
$$$\@#$$)d$EZ$=/)d$Z$\$$$Z9Z$Z#\$$$E=
)d$=o@)SZ$E=)d$?NZd=O)d$1o"zZ$)d$tNIE=S)d$IE4$$$
d$t)))59buI=`)d$tE=)d$L
d$#$$$<$$$
d$t9($$$)&RiRYo?
$$$&R_Xmo?
R_Xo?$$$&Vm_io"j&
l_Io"T&
_`Co"^f
$p>f4$o"LDv41o8n
9~==:n89"$$$%0I
#0+0w0
d$5H 4
d$9($$$$p
d$y<$$$$$
d$1p7!)d$p?
$$$p{N)d$)
d$@c@*$o8f@$o)?$$$tZ$=O)d$1o?
@C5u@Fb#$$
d$<$$$
@}$o]FI=
d$@$$$p6
d$t|"$$Av<1o9v@9
d$$$$#$$$oq#"9
===LrstI=
d$1o5KJ
$$$KJD
d$@$$$p6(
d$t#$$C"
$$$tI=
d$ppKJ"
$$$TR<===en6
:$$$i"
EN)d$e@
~#u@?F]@@+$
0===8f@$
==)d#p"C
d$"$$$p
d$9(MP
d$m>$$#
d$)p<#
d$$$$)0k
WhY8Boo:LQ'qCm/)c8e_zG
]Fs}~{>(M
L/;bDy
32 6-
SG+D]I!Id~29!Fw
`@$$d,$oOE
d$$$$$$$$$$@$$$$$$$]OE
d$$$$$$$$$$$$$$$$$$]$$d$#T"$'$$$$$$$$$$$$$$$X"$H"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$q_RV_X)
`XX$$$$$u_pwm`oX_|CV`X_c$$$$$N[RpoCXtRmp_Yp$$$$$u_pwm`oX_~[X_vCW_c$$$$$yR_Cp_~[X_c$$$$$uXmBCXcXXmY$$$$$uXmBCX~R__$$$$$r_C`~[X_$$$$$u_p~[X_I[j_$$$$$yXmi_|CV`X_$$$$${i_BoUU_RtR_i_Vp$
EwVirtualAlloc
VirtualFree
t.x,<t
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
(08@P`p
8\(L(C@;
rDt$h3t$
E@D4l|Mu
1|hDhG8
A;r_^]
YSVW33h
T4$F`u(j
}RL4#HL4$F
D$$W3|$
3V5:@D
D$,8_^]
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
%2%2%2%2%2
kernel32.dll
LoadLibraryA
GetProcAddress
,xS,i*
J|CJ6!
_-gsq
6+%K4-A[
xFVi7"_(U5E
V4S'IVC/^rN~1
MR=xybsZ-c
[J9p/M+
:zf3`Pm!
Kho>M[k
qi4=hF
ae*RjP'
Q&}CV#Z#INb
B<TI/4\{1be
m|KB1bC#("
WJK:)2c
a|zODTO
yfO^-0
rO^jf`
%qO^-f
J;i/m[J5
1zU&VV
pRT@og
K(2!nxqCB`1
m312als{Ri
\o1{pF
lr{J@h
1{R1C#}e3B
:,3:19P|cjY
id*,],
vY3:Bu
Vh5BQ [(~m[k9(
Da^gA"
Kt#V(4
ixGV%4
ixGV%4
~dSB1
dsBQ /
dpBQ /
~m[J9(
ixFV$3
ixGV(4
ixGV%4
ixGV%4
~dSB1
dsBQ /
dpBQ /
~m[J9(
ixFV$3
ixGV(4
ixGV%4
ixGV%4
~dSB1
dsBQ /
dpBQ /
~m[J9(
ixFV$3
ixGV(4
ixGV%4
ixGV%4
~dSB1
dsBQ /
dpBQ /
~m[J9(
ixFV$3
ixGV(4
ixGV%4
ixGV%4
~dSB1
I{Sb-<Er
ixFVWvK
8zXg5:
ixeFRY
C2 ixGVo%
DVCLAL
PACKAGEINFO
IDAPPLICON
List count out of bounds (%d)
List index out of bounds (%d)
Stream read error
%s.Seek not implemented$Operation not allowed on sorted list
Stream write error
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Cannot assign a %s to a %s%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid property value List capacity out of bounds (%d)
January
February
August
September
October
November
December
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
%sA call to an OS function failed
Variant or safe array is lockedInvalid variant type conversion
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Variant overflow
Invalid argument
Invalid variant type
Operation not supported
Unexpected variant error
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Write$Error creating variant or safe array)Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow Invalid floating point operationFloating point division by zero
Floating point overflow
Floating point underflow
APPICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Generic Host Process for Win32 Services
FileVersion
5.1.2700.0 (NT client.010816-1143)
InternalName
svchosts.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
svchosts.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
5.1.2700.0
VarFileInfo
Translation
VS_VERSION_INFO
StringFileInfo
040904B0
FileDescription
CracksWare Original Cracks.
InternalName
LegalCopyright
CracksWare Corporation. All rights reserved.(
OriginalFilename
CompanyName
Cracks
ProductName
ProductVersion
5.1.2700.04
FileVersion
5.1.2700.0D
VarFileInfo
Translation

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.