2.8
中危
DACN
0.12
FACILE
1.00
IMCLNet
0.66
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-BCFZ [Trj] | 20200102 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200102 | 2013.8.14.323 |
| McAfee | Packed-SU!A364F1D6D5EA | 20200101 | 6.0.6.653 |
| Tencent | Trojan.Win32.Kryptik.fwwy | 20200102 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | .code |
| section | .NewSec |
动态指标
在文件系统上创建可执行文件
(50 out of 216 个事件)
| file | c:\Program Files (x86)\360\360TptMon\360NetUL.dll |
| file | c:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll |
| file | c:\gcoxh\bin\inject-x64.exe |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk |
| file | c:\Program Files (x86)\Mozilla Firefox\libEGL.dll |
| file | c:\Program Files (x86)\Mozilla Firefox\plugin-container.exe |
| file | c:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi |
| file | c:\Program Files (x86)\Mozilla Firefox\lgpllibs.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk |
| file | c:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\feedback\360ScreenCapture.exe |
| file | c:\Program Files (x86)\360\360TptMon\deepscan\cloudcom2.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk |
| file | c:\Python27\DLLs\tcl85.dll |
| file | c:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk |
| file | c:\Program Files (x86)\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk |
| file | c:\Program Files (x86)\360\360DrvMgr\ComputerZ5.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk |
| file | c:\Python27\Scripts\pip.exe |
| file | c:\Program Files (x86)\360\360TptMon\MiniUI.dll |
| file | c:\Python27\Lib\site-packages\setuptools\gui-32.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\dynlenv.dll |
| file | c:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe |
| file | c:\Program Files (x86)\360\360TptMon\InstallTMDB64.exe |
| file | c:\Program Files (x86)\Mozilla Firefox\updater.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\LiveUpd360.dll |
| file | c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
| file | c:\Program Files (x86)\360\360DrvMgr\ComputerZ1.dll |
| file | c:\Program Files (x86)\360\360DrvMgr\7z.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python Manuals.lnk |
| file | c:\Program Files (x86)\360\360DrvMgr\Utils\360ini.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk |
| file | c:\Program Files (x86)\360\360DrvMgr\DrvInst64.exe |
| file | c:\Python27\DLLs\sqlite3.dll |
| file | c:\Python27\Scripts\pip2.7.exe |
| file | c:\Python27\Lib\site-packages\setuptools\cli-64.exe |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk |
| file | c:\Program Files (x86)\Mozilla Firefox\firefox.exe |
| file | c:\ProgramData\Microsoft\IdentityCRL\ppcrlconfig.dll |
| file | c:\Python27\Lib\idlelib\idle.bat |
| file | c:\Program Files (x86)\Mozilla Firefox\msvcp140.dll |
| file | c:\Program Files (x86)\360\360TptMon\TMDeskBand.dll |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk |
| file | c:\Program Files (x86)\360\360DrvMgr\sqlite3.dll |
| file | c:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi |
| file | c:\Python27\Lib\distutils\command\wininst-6.0.exe |
创建指向可执行文件的快捷方式
(50 out of 65 个事件)
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Uninstall Python.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心\360驱动大师\360驱动大师.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\IDLE (Python GUI).lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python Manuals.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python (command line).lnk |
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk |
网络通信
与未执行 DNS 查询的主机进行通信
(8 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
| host | 34.117.188.166 | |||
| host | 34.160.144.191 | |||
| host | 34.107.243.93 | |||
| host | 34.107.221.82 | |||
| host | 34.149.100.209 | |||
| host | 35.244.181.201 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| file | c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini |
通过文件的存在尝试检测Cuckoo Sandbox
(3 个事件)
| file | c:\Python27\agent.py |
| file | c:\gcoxh\analyzer.py |
| file | c:\omokcpz\analyzer.py |
附加已知 multi-family 勒索软件文件扩展名到已加密的文件
(50 out of 78 个事件)
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-4.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\jis0212.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macUkraine.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\shiftjis.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1256.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp860.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1257.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ebcdic.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp932.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp864.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp855.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1253.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp863.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-13.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-14.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-2.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\symbol.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\euc-jp.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\koi8-u.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macIceland.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-16.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp869.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1251.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\tis-620.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp865.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp949.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macJapan.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macTurkish.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1258.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCyrillic.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCentEuro.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp857.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macCroatian.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-6.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-8.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macRomania.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ksc5601.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\ascii.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\iso8859-1.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1252.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp874.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\euc-kr.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp437.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp1254.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\macRoman.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp850.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\big5.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp866.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\cp936.enc |
| file | c:\Python27\tcl\tcl8.5\encoding\dingbats.enc |
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 34.107.243.93:443 |
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Gen:Variant.Ulise.1219 |
| APEX | Malicious |
| AVG | Win32:Agent-BCFZ [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ulise.1219 |
| AhnLab-V3 | Trojan/Win32.Ransom.R213603 |
| Antiy-AVL | Trojan[Packed]/Win32.Krap |
| Arcabit | Trojan.Ulise.D4C3 |
| Avast | Win32:Agent-BCFZ [Trj] |
| Avira | TR/ATRAPS.Gen2 |
| BitDefender | Gen:Variant.Ulise.1219 |
| BitDefenderTheta | Gen:NN.ZexaF.33558.kyZ@a8Hp6rci |
| Bkav | W32.OverlayND.PE |
| CAT-QuickHeal | W32.Sivis.A5 |
| ClamAV | Win.Malware.Lunam-6913201-0 |
| Comodo | Virus.Win32.VirLock.GA@7lv9go |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.6d5ea0 |
| Cylance | Unsafe |
| Cyren | W32/S-a846205f!Eldorado |
| DrWeb | Trojan.Encoder.14453 |
| ESET-NOD32 | Win32/Ausiv.A |
| Emsisoft | Gen:Variant.Ulise.1219 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-a846205f!Eldorado |
| F-Secure | Trojan.TR/ATRAPS.Gen2 |
| FireEye | Generic.mg.a364f1d6d5ea0f42 |
| Fortinet | W32/Ausiv.A |
| GData | Gen:Variant.Ulise.1219 |
| Ikarus | Trojan.Win32.Ausiv |
| Invincea | heuristic |
| Jiangmin | Packed.Krap.fyig |
| K7AntiVirus | Trojan ( 005205011 ) |
| K7GW | Trojan ( 00517a0d1 ) |
| Kaspersky | Packed.Win32.Krap.jc |
| MAX | malware (ai score=81) |
| Malwarebytes | Ransom.Winlock |
| MaxSecure | Packed.Krap.JC |
| McAfee | Packed-SU!A364F1D6D5EA |
| McAfee-GW-Edition | BehavesLike.Win32.Sivis.ch |
| MicroWorld-eScan | Gen:Variant.Ulise.1219 |
| Microsoft | Trojan:Win32/Ausiv |
| NANO-Antivirus | Trojan.Win32.Krap.espnuv |
| Qihoo-360 | HEUR/QVM19.1.4A8F.Malware.Gen |
| Rising | Virus.Sivis!1.A647 (CLASSIC) |
| SUPERAntiSpyware | Ransom.Winlock/Variant |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Sivis-B |
| Symantec | W32.Suviapen |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2010-08-01 18:32:37
PE Imphash
a8f69eb2cf9f30ea96961c86b4347282
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .code | 0x00001000 | 0x00000731 | 0x00000731 | 5.3388387628341984 |
| .text | 0x00002000 | 0x00001998 | 0x00001998 | 6.191552965438028 |
| .rdata | 0x00004000 | 0x0000001c | 0x0000001c | 1.7695459925589747 |
| .data | 0x00005000 | 0x000007a8 | 0x000007a8 | 4.978687910630875 |
| .rsrc | 0x00006000 | 0x000002bc | 0x000002bc | 5.067445284189073 |
| .NewSec | 0x00007000 | 0x00001000 | 0x00001000 | 0.5323488848091313 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_MANIFEST | 0x00006058 | 0x00000263 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVCRT.dll:
• 0x4051fc memset
• 0x405200 memcpy
• 0x405204 _stricmp
• 0x405208 strncmp
• 0x40520c _strnicmp
• 0x405210 strcmp
• 0x405214 memmove
• 0x405218 strlen
• 0x40521c strcpy
• 0x405220 strcat
• 0x405224 strncpy
Library KERNEL32.dll:
• 0x40522c GetModuleHandleA
• 0x405230 HeapCreate
• 0x405234 HeapDestroy
• 0x405238 ExitProcess
• 0x40523c GetCurrentThreadId
• 0x405240 GetTickCount
• 0x405244 HeapAlloc
• 0x405248 HeapFree
• 0x40524c WriteFile
• 0x405250 CloseHandle
• 0x405254 CreateFileA
• 0x405258 GetFileSize
• 0x40525c ReadFile
• 0x405260 SetFilePointer
• 0x405264 InitializeCriticalSection
• 0x405268 GetModuleFileNameA
• 0x40526c GetCurrentProcess
• 0x405270 DuplicateHandle
• 0x405274 CreatePipe
• 0x405278 GetStdHandle
• 0x40527c CreateProcessA
• 0x405280 WaitForSingleObject
• 0x405284 EnterCriticalSection
• 0x405288 LeaveCriticalSection
• 0x40528c GetCurrentProcessId
• 0x405290 GetDriveTypeA
• 0x405294 FindFirstFileA
• 0x405298 FindClose
• 0x40529c GetFileAttributesA
• 0x4052a0 CreateDirectoryA
• 0x4052a4 GetLastError
• 0x4052a8 FindNextFileA
• 0x4052ac SetFileAttributesA
• 0x4052b0 HeapReAlloc
Library COMCTL32.DLL:
• 0x4052b8 InitCommonControls
Library USER32.DLL:
• 0x4052c0 MessageBoxA
• 0x4052c4 GetWindowThreadProcessId
• 0x4052c8 IsWindowVisible
• 0x4052cc IsWindowEnabled
• 0x4052d0 GetForegroundWindow
• 0x4052d4 EnableWindow
• 0x4052d8 EnumWindows
Library SHELL32.DLL:
• 0x4052e0 ShellExecuteExA
Library OLE32.DLL:
• 0x4052e8 CoInitialize
L!This program cannot be run in DOS mode.
`.rdata
@.data
@.NewSec
RR G n
^UQQ=`W@
EPEPV@
UQ=`W@
ADiS3B+
QSUVWD$
u8-TR@
tQ3;tKxP@
_^][Y_^][Y
_^]3[Y
UQV5lR@
SVW3jD^V3ESGPE`
]X]P]D]\]H]T]@]LE0
t3SE0PEPPEXP
E<trEx
t3SE0PE\PEDP
Ex t3SE0PETPEHP
?"E|t#
]tE PEPutSu`uLSSu|S
u\9]Xt
uX9]Tt
uTu$Ex
9]<tEW@
j(hdW@
u\9]Dt
uD9]Pt
uP9]Xt
uX9]Tt
uT9]Ht
9]tu4W
t8;Yv%>\t
E|Y+Y\
Etj<^VESP
EEtEEpE
9]<t:W@
j(hdW@
u|S5V@
E@_^[d
=V5lW@
I9\tPP
.\u%\u
SVW339
YY?Vt$
VW=DR@
]UQtW@
EEPMQUR
Information
Couldn't open the file!
C:/exp/
[File]
[Sub-Dir]
o%}oooooEo%o
[}#}9}S}P}%[}}
}>}My}3}]}#C}8}k
}h}8});}
'}&}O=}
}@}$)}3}[}
D}U6}=}U=}p'}
memset
MSVCRT.dll
GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
KERNEL32.dll
memcpy
_stricmp
strncmp
_strnicmp
strcmp
memmove
strlen
strcpy
strcat
strncpy
GetCurrentThreadId
GetTickCount
HeapAlloc
HeapFree
WriteFile
CloseHandle
CreateFileA
GetFileSize
ReadFile
SetFilePointer
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
CreateDirectoryA
GetLastError
FindNextFileA
SetFileAttributesA
HeapReAlloc
InitCommonControls
COMCTL32.DLL
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
USER32.DLL
ShellExecuteExA
SHELL32.DLL
CoInitialize
OLE32.DLL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="CompanyName.ProductName.YourApp"
type="win32" />
<description></description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*" />
</dependentAssembly>
</dependency>
</assembly>
11CK3R1Z@HR1Z@=
uR1ZS1[@H3CKAI@R1Z@H=
uAI3S1[CKR1Z@Q1YBJR1Z=
uQ1YQ1Y
R1ZAI0TS1[BJ0S1[(R1Z(
mAI0(CK0fR1Z
visuavisuaGIF89a
ffffff3f
3333f333
ffffff3f
3333f333
ffff3f
33f333
ffffff3f
ffffff3f
fffffffffff3ff
f3f3f3f3ff33f3
3333f33333
3333f333
3f3f3f3ff3f33f
33333333f33333
v ($h(,0(4h8<@
iH&L6PF)TViXf\v`)dih
U@}rG V
0U00[* oB
'U0 J}
hJPEU
,xi|3wVmhJ
m)`Mt]
"wzENf|s
zmpkLxBh
~TPkS
?D:i]P@UU.UB*X*WfB
aX7bh$H'h
F2vRe#HC
E+xnX#)
3{ZIFNR/t
,\q*[=`
.Q.%1W>
y+ ZO,
zEj5rVq
A1XaHc'Zf
a\mq[-i4
%A@MMj6
gFVT7?
.ZTaJ
qDXKQ\
6LyRYw[.J[:'/V4rd@b
R+)/zJK>
l3;sj~
a2/N)9/}-9
Me1vV.
#!%IS2S:QAm+
|^v$ W
-{S \[,2THe
658^Ba
* nw/;^Ew/
QZslKJ'B4E}
D^MUxTw
dtccsk]
4u4Ls)'(-Avb4
mt+'$("|P
*9vkt>n&o
EWEzDu<arAweudz-D8E
CUY'265
2lZfw;|D])cD?enm
ays6Z}
LSg,|8
Ca:(:x$Ps
u0'Eb7a
3V'`0@9VU=H
F7$;jsJEC
rzZ1+bl`
$F6#?xv
Wz/"4h'
*iGFl58
EEtvcU
k<S9\21
1//1:HR
P0NGs~ye
Y!nCpN
D2X*Cs
!wbur+xV
Gd+yH %.hI
Y''^>h:2&4/1
=PTp,9ORiY:gyLnLkq}F5`X8}C
8l8[1J/:
tTo/:W
-Ub775
m8(tAif&CX
q!FVRb#swGX4
C4C]$xRx|a
49I*R40G4VBj?
_nUh2Pxnq
'Tea5t}
5p#j31
QQb(jB)Y"S-rExD
~syd=Y,S~"eEj*rc
9uxZEj2h
libNjM
AHB8*54
rBB6nkhtC
8Of+5KXX.X
WZC~7;
"<$\&,
|4:<5l
><D\F@L8|LN<I
Bb<T#djf
kp,fq\vm|zxt
w\l8]1
;visuaBM8
{DDH0,10+1<5<ZU_
ait&(*
)#%70:NIU|
4,1@6AWM[|v
Wak&%)
3++G;BTHWaZlqoloq&&&
MBISHWfZlZS^
otwSWWHJG$$"! 0-,.)(:45TKT^Tcmbqg\i
xgovLQW7<="%%
"#!!! %"!2.-MJGtnp
hw{HOS+*.
NJL|uxdnv,0/
-*+KEJldirim~
>9<b[`ulo{+.0
/*,`Y]p
*%'\UX]ln
'%%uqu
*+)zz|hsp)_@yBbkGfksq
IZe9FTi$Ho
\WUFA><766102,*#
.('831.*($&(69>|}P^vZtoz2c^EWf
}{zvsroihb^]\ZXihflnk|v
HOdE[}Gg]t.^JDVi
3Hc4BW27=>O`FZg
trZS]<F^D`Cf_uGu<os
8K[,*&.@O#1H
);'4=
V[k88LMGRR[r:Sz:dUUDl(X0bK|
434Z^j'*<!".35F\f
?W{;jAx3n'N,S5fbtu
DIHx|(*6*(2
! "OYkRc2Pz
K/djUai;@O=a{
###QSR
53>6+4gRSN974.58-.GBO@Z
>'X1Kr!*9
(Zept
%!"zz|
!'$+V?F^:3V>>n`yO5<1:MFi/P
#&4op~<n
!0F]v+4;
C>=HCF
" D/8!
0 "10A7fk[
07GrwE{
/Gd^x=AB1,*WPS5,,6*&C/37.4
)4D`t~
%)A[~{}~tnt9,,$
4+2=GY=bI~
1=NGmXhh
D.Hh|^
EVh.:NBXu^kvi+Iz
*T/Ms!L}#Iw
% 8["KtE`yK
7o$[P{8
distutils.file_util
Utility functions for operating on single files.
$Id$iN(
DistutilsFileError(
copyings
hard linkingt
symbolically linkingt
Copy the file 'src' to 'dst'.
Both must be filenames. Any error opening either file, reading from
'src', or writing to 'dst', raises DistutilsFileError. Data is
read/written in chunks of 'buffer_size' bytes (default 16k). No attempt
is made to handle anything apart from regular files.
could not open '%s': %ss
could not delete '%s': %st
could not create '%s': %ss
could not read from '%s': %ss
could not write to '%s': %sN(
errorR
existst
unlinkt
writet
close(
buffer_sizet
errnot
errstrt
C:\Python27\lib\distutils\file_util.pyt
_copy_file_contents
Copy a file 'src' to 'dst'.
If 'dst' is a directory, then 'src' is copied there with the same name;
otherwise, it must be a filename. (If the file exists, it will be
ruthlessly clobbered.) If 'preserve_mode' is true (the default),
the file's mode (type and permission bits, or whatever is analogous on
the current platform) is copied. If 'preserve_times' is true (the
default), the last-modified and last-access times are copied as well.
If 'update' is true, 'src' will only be copied if 'dst' does not exist,
or if 'dst' does exist but is older than 'src'.
'link' allows you to make hard links (os.link) or symbolic links
(os.symlink) instead of copying: set it to "hard" or "sym"; if it is
None (the default), files are copied. Don't set 'link' on systems that
don't support it: 'copy_file()' doesn't check if hard or symbolic
linking is available. If hardlink fails, falls back to
_copy_file_contents().
Under Mac OS, uses the native file copy function in macostools; on
other systems, uses '_copy_file_contents()' to copy file contents.
Return a tuple (dest_name, copied): 'dest_name' is the actual name of
the output file, and 'copied' is true if the file was copied (or would
have been copied, if 'dry_run' true).
i(
newer(
ST_ATIMEt
ST_MTIMEt
ST_MODEt
S_IMODEs4
can't copy '%s': doesn't exist or not a regular filei
not copying %s (output up-to-date)i
invalid value '%s' for 'link' arguments
%s %s -> %sR
distutils.dep_utilR
isfileR
isdirt
basenamet
dirnameR
debugt
_copy_actiont
KeyErrort
ValueErrort
samefilet
OSErrort
symlinkR
utimet
chmod(
preserve_modet
preserve_timest
updateR,
verboset
dry_runR
actiont
C:\Python27\lib\distutils\file_util.pyt
copy_fileG
Move a file 'src' to 'dst'.
If 'dst' is a directory, the file will be moved into it with the same
name; otherwise, 'src' is just renamed to 'dst'. Return the new
full name of the file.
Handles cross-device moves on Unix using 'copy_file()'. What about
other systems???
i(
moving %s -> %ss#
can't move '%s': not a regular files0
can't move '%s': destination '%s' already existss2
can't move '%s': destination '%s' not a valid pathi
couldn't move '%s' to '%s': %sR4
couldn't move '%s' to '%s' by copy/delete: s
delete '%s' failed: %s(
os.pathR
renameR
EXDEVR9
copy_itt
C:\Python27\lib\distutils\file_util.pyt
move_file
Create a file with the specified name and write 'contents' (a
sequence of strings without line terminators) to it.
filenamet
contentst
C:\Python27\lib\distutils\file_util.pyt
write_file
__doc__t
__revision__R
distutils.errorsR
distutilsR
C:\Python27\lib\distutils\file_util.pyt
<module>
<visuaXT
Handmade
Celtic Knotwork
Torn Paper...Black
Torn Paper
..Gray
Handmade 2
Swirligig
#(,R1Z5
NBBB[[[[[
N Nvtv<xnz
}sjb[TLC9,
~reWI9)
%Aa~i~s
/245666{5f3P29/"-
vcRJ@4%
|#oJbuUI=
bKDKDk1_>
<Xwj8l6
w:ToAI
=;eAte63D`
o'}'6h
9PPTPPPp'0i
,G07p/l
pmfP0`X
X`jj4t
@Q`ll0d
}$SLDP
X\XcT*,
4?Mp/b6@
7mn;ZqU>2w*3
R/v^T4o6fKX8Dl;K(g
0q0?dx7ipV.AL35#a
3y2Xp2w}1hSN1Fo)1)-
-6-64M/b@6V69=DqK`QQWGZD[/{RySsTjS^QOO@M/J
C?;8520/N.-
FS.kgNU%tiUX\cip
y!Npqrqp
k'h8eIa[^lZ|WTQONwS
"U1NR\vWZ]Sp
O$4|DreTwUiXiP
&4DUgx
ponnnprtwzz}l
T$S7PLLaGwB<6/)$
wi\OB5(
&6FLUan|
):K\kz|zz
)4@KWcny
"p)X.C307!9
52/+&"
#&)+-.
-=M\kz
)4@LXcoz
xj^QE8*
'7ESar
ykhcZOB3#
4Vy~|zx
w)v9uCtStcusvxz}
$3(C(C
A>;73.~*f%P!9
r k1dD]ZWqQKFB>:8
6+6;6L7_8r99998741-
qaSE8,"!
vfXH7'
%0;DMV]lz
zhWF6(
)4AO]lz
zpdVG6#
qaUMF>2)
(D(A5>A9K4U/])e#m
R"m)07<AEG
C#@+=49=4G0R+]'h"t
#(&6)C-Q0^3k7y9<T
th[M>.
raUMF>2)
~sg\PB2 (
5ALU^fnv~
%0;GTan|
(6CQ^ly
_0Rf)z0z
fK0`sQ
=L77Qz
=_{mLs#fQ0
f#7s#{
IxyJ!k<
W!P.<<'WCrdkI!d!
I5WdCr^I.
r!y.rBPd
m7smmXD=
DXfX70
0Rm_mYeDD)"
F |~j.Fd
MVn ZTTjnB-&-+OZx|
9VFTx@O+-
N.6.6KNKN.
d8`*d.k
!.n<YWurkI!S
S2ZPuua?V
N.f.fKNKN.
_i@ v_)f
is%mmvo
vDs%Mvf7b
)37GR,m
)mMoGK,,@bQ)
%0R_,mYDv)T
r.f.fKrKr.
YDkD<m
!.<WrkI!0
D)`PmV=.
05dmK!>rDXz
^7IY.z
r..KrKr.
L_nM_)
Ds$S{f7
L)a7uRZm8f
m{$uKZZnQ)
R_ZmYD)
$)+=L_
F}| 3pF:
Gn}ZTT3n\pwp+OZ&|pn\M\
T&\Awu2n8U
9GFT&@O+p
L)_nMf)
=_$mSs{fQ0
7s{$Xu
)Z_7mS
visuaPNG
~"IDATx}
SzV-RDD[
299?}}
|@yn9O
u8OF,\G
0mqlv$&bJ
\d0L9lu
Qzt$-@$Jk@
bUx| K_0V
C4~1c
\E2&EKe
$DQ`YMy7
*xRf=6jc
N"0G(b}2+A
/{>,i6
0T<@I&+
LN23%<
lMc [5
ti9A(:ue
~8iqx2q
yd0OT$
xE$RFN
,1Pf!z)
#8#E`
a4k64X!6ag
5t3[kW*!
XY'{Y*
t7nAc K{
^#s(6k
EcX3aMbfh
#?V&XvU
@$#Gs/
-dO."`K@]?Y<
7l2u7[5y
lRT1i|4|J%j`
"J%ePEV
s3I{nH
'>^6m.
ZW~H]=U_
CA#Xr8B
]x==w+o
GFY1pm[A
_&^X'T2
B%FUN_
I6ms~+_YT*,\
/^ra/Z
OO8eU2!#7nA
CI%|PkL
TqrsAx!G
#7l~@ #%01"
iMaKrA
;}!<97sa
L8{O>]
A>hH[*)MJ
#Zt[[KgV~z
mmm|g
\BP~WGm6o
T'&?88|A
hASX,n5
C" weJy
jaRtmZa
[5w@(`%
3Z!DAw
h"]. =hwP86
!6%cD;v8
_vB!`@B
8Tr5Qa
&5,rGBD5@CW
%ffDwNEt#
[zz#N**I%`X
)HU 33l< 8U|
PVrNL&
)T,%?\
bIZ(,2
SlLJ(0{$ev5D.
XCYyP9
QVSiZ1
Q&09N&z
30U@e 0Y+
5&Y1C-;aTUfo
Y"8RY&Y@
iJz\b'yzrD
Rnp4L"*&$
3ADsK1C=?
3@qPPs
u3iijd1-J4,'T%cIg\)U2V$He+$
j"EFVr!_t||oSB
>fLDJDf
EU`PG5
C{8N@mW*
YAbR-(fZ
8r$I^e3Z
fh-14(
9,sXqnI
[h8pzR
FUY)ES
2QJvwuw&TS
k1N3cXdP
'LZZyzI
DR4<<7p'
deI-L006X
M0~xx1
N).$9/2G
A,\.RfH5
1#@4Mes{ >WcA
{H8s.5k
yZz #UN
+:c~lJ-+-T
(\~ql7
R1xF.024a
"444Akm
l6p:0Phll
-a"fMq9
CC=}}}lV
5kC:^nc
{zz{`os
}RymVy
"R0mppm0
a`pwp\{SsL
1|"Y1vf
fsKKg}d'oV?
~VJy)!FJ
A64e1I&
cBcCfr
b+,ZpgA
:qd76f^_
{{kT,Uq0Nn
~&z{##
#(1XfSC
z;V7pR&Sq
c0jTlkj
vlS>~O
3~?rNvE;f
^q5Z~*<
V3E5!$K
!4%5V/=T:,(dhAz!$
|F#e H@T3$#DQC
V=0XV!!s(+
z3*AxN
AYk e(5w
<>'\JJ=
-!HLPs
gEb-\H
+E'yM9U,x$D5Ubn,
+D|KAP-,uS
#6r`M*X52g
_5bSU^@"
I6XJQe~(eV
6KU8} W?
, bI@eZm
)[`/$k
c\ZPl]8brYo
ZBxHz3p+RT
Sd*Kln4
Lj9.Ta
Fg0g~Z
5WM4V|&=
{F\!4^
qC+J%#7
n0zcr9R} W8
V<_UFQ6r_oKj
[;w:u)8}5hcDS}}{w4M~
YG44PD
eu{o['
tww z0/%
$eIu*.
mjt4^9
w!V#/?*/^|?s.xUW]}Eewy)C
vmK\)
hcLEWS
3=s7|G Oha
tkn={z
>6o<ko"
gmn_p=|
kt-]zE=
4s|_V|
vy{; 3+Xw
:h6rWO
?>m# N;3
_(%T*HFJ%)\,
K/*O:$m
;w.N/t
N=8=Im
v5S_S
_9#u_--
?vtL7*#y~
Cbq934>i
>4md6,Yrz
z-kn7yp
p<gqP;p?mN
RtDKIyc
>#+mO {
O7u1s.H>]nJCA'
S ~8wn14}6;g
Q+9S/[w
2[!o5o
Ywu/TE_xWT
.__+\|38~L"!
<@'?ugCU
D}uIA;uEIZ
D-;haz{::&s
c6kBXn-
Zb\VqJ
k<Ugz5BNqgKsc
Ub=8N?hN}ZZ:;PTT
;Aq8)n
<u-vcE
n!cqhh^:1'_
C?0,!WJ#
5 a2rd
ejRuST"DkGS'
h}QsS{,
NCcVTz~in
H B0TD[m{"tXh
Zws>go
PjF1^z
N,ExM*V$:/Q
$rT`d'!
oJD)4C
\s1Dc2h=
(ba4w)
`2PI][
vL&6-A~
Cc5oL`-B P} @
_WTTDD
7AARb(
0+JHAdL
5a2_JP1
G,Ih.HS
\fMUUu~~
33332~
gxlkmu.U
EE3g*../**1
oThhxmm}^
#Fp^ziFxxXjSve
>dN~GSS
GFF ?bENXX
,\hYOJJ
9MM&GV
dz1t0oG*'E
q)))'N+~ ~af~
["F#S;
,h'CFESI
L$ 6j5(.@X"
9F E_rFSO14M#
7VQQi0
9m"]A YXv
Z^nuFt%KZ:+;{
i^nutt}FG
|~hhb7n
84BZE36a
/][XXJc
t7o\ZZ1 |
KJ<KWfg/8q"
2m63Ez
zh9#4`]1
11=zz&M
3*8GAAqHHxvv
2z%A/<^;)
rf2(,,JH
QUu+~~
;t=.Kt
$>h@{,
BjH,pQ'
G(NT`Cu
S<7bC/WTU
:wSSSrr
xoCS,Ua@
,BN@2%
e^/UU.bi*Yf
nP)acDIxPu
o:eUh9'
4@FE`wV2 -E
N"?!?vj
d$,KTAkEA
:MpWv5
42P#v0LM
:_SsWn
))9]Vv:22N:A
,We~@1
M-c|_?R:\-/?
}|\^lV
b[jz++*X]ZZNK+W
v'xTT_2h4"WYB%e--2
0I-2BeNJ
666N>--mVkzSR7gxa
oZZ]}k!kP
C?dIxx}vsm/
c1/kJKN4
.^6v#tPSS8
11m =ztee5
`vbz`N%GQ
Z.|6'}D
tPRR>mt [
Mq6K >qf
ed<~h!
w>k33gf.lW
6h~>N5N
%oMII`
wdcu<2
i{oNFFF#}wO
#jI4uB(IN
!8q*00
UU7O%P
iw\\(h
SY'Oxa
6Sd'\G
{M2%)iTf
[6owwla;
`Z,*'Ed
{8qkCBzN,V<y5ui}
<p{U'Lp
JJN^^=v?a
Zww;E4
908xUQ
#";U,L
IS!unlXYy
UU||:xyy\~
Q4 4URoZF[x >\
+W.]|19yLs
QZS4y_Tz(}Rm'b\
5N|QhR/qv- $m
(COB*+e
QUKe,/!}
TC(c`N GE4
Ju.@s~-
)6D-lQ!
?Udeq^>P]&*
9u Ymv055Vo
*rn(D|
,nEJX\:f
A=|,"8
L&.k14?
g+ZkvRL
Eet33:)
#::.(:(*s
#Tfx@bK
*K*uZtI
`$+#s0sHbz
/ J2+).V
me(iJf
/rTBgi
.cS-[|J
`A8vz~
bC0`usMa
UF,}!1Nj
^ZOVRe
v`r}U0SL
)ls8w66eLU6
jo{ms^75c
7N!W+-X|6sL
iREVloDl
_IE(UP
C@YIl-,
/-<3-y
X|@AVll
&e4Q4L)Xl
.^nmj"
k{V+-:
2H?JZ2)
wZZ{F_
^1z+{hQ
g;anDd
D)BA'"$Q"#
J.-`sY=K
c*hmvXJIcSOK~>ybNLC~y))
\2Y9n|
hbA\?mVk(t9K)
$!nv4>/=?
`(Ru\j
))<Ii9*Jk/2
67/N1>
WKAii*h
!v4MTE
Fd=R>*<gD
5\%jv6^72A
f=fj>tVV!*
SRUfL3J
;:'$U;
S~'_SR<O
t7-mW$'M
4^:[gzeqjyq
EqIqwv\fd~2?>a9
!qBLl'
'4ccbO\!rx}
H,V`'TK
n5UG<cl
L<em;ed5
mpBnBBPZKe"
8geo'3xfGpt{P25A
/lkt3bc
ZafSAkGw
7MEJ=M>8s
mw M4[
d]l{|b
tQdG3dG+)4(|";Ck
rz2jJNj
uv:m2~b`:
[!2H|])34|
-p^]$x*]3bc
iSl4L8zW
FU%%hVQ
BP,:cn
b^O4l>
n'NG3'sH62
VJcg?M`
DCjmvLX
I%|Rts3u_:
M*7*!F
V@q+FRSA
k8M-n+#RsB8b5
N4dP,V
cj+T"
}T)H&.)
%]|+2;\
vxJ^:Ik,K
CQ5*$iB(
,}"~Dz*K;):^+Hnb
h9g{Q[
BlYY\GYjGT
4I;&4Q:
9$Sdg_F
Lp")H}
4[FYHI;
QK}E?s_
tIQGR-
LdAD@L
YO %`v
\'apJZI:()eBtZe@tk\@*
sF=,7#URxmr|$r"K
5}H(HSJ0(E` ky)<& -!Kk!JD)- c
):F)#H
V_*3\I
vF8U*ntt
jt`HvuiuP(dl
p:0~z Y8
Ea7H1'J
PUu%!P_[[^SSQUURs"--
Hf}}}IIIffVcCCIIqjJZG{sY
^Bl?r4vN
TlZd)mP"
jg}gXow5X1
|@Ykipm
)Vem/r
PHSYKBa_}=
Z62b{EZ^fM%yY
Y2 %*dy%bebTW86)=!!vGvg
ank=99>
lc_Za)
ACDm{r)
SNWN~l(K
3fdEEZ
iD#eSN8MiiiS=
OgJVdA5S
,|[oAtT
>e^gnWh
l! <?=/
sMQh0
D6*v%'9"Jm
omu7NxR *v
M]85]>E W
d+!6ma
EVG$hWy
CJ(YXxbi
(*_B-lxq
aYYYoll
LHH<rdZn
]x9iii@:::
@V\W_/NG:
-9sf[[
z`^ <y2
#~+T. :
b]WN f
YsoF&'H
#;4B(/
<r*x//f
Y|da<ea<ea<ea<ea
GRcF/^zC] ;;;KJJZ-
rBSLINN>_*++kkkC
g}qVYSa<
P~?J||
Xn]BBtX Zv
;v$&&JuX
|@P3B8D
|@EUU@
L~WVS!%
UoO'A>
MLwSMMM
I.iP^Ue
h/0q\{x
su> *e2HJXfCGZ
h ]]]`
)m1Ht`dU Wy0
X:|q"fE
nsbR3z5%qJ
z*#!'4
?7N'.y
'|H/#J4i
AZX^poSO&.ccca
AHKKX,K.EW
;8&O>#<7'O
+{w]dI
(-9F/T
jlwy'q
/".WXAe QCz%6~|
S`B5GC
S &U2}a
\1Ov `
aE0 1M
~YXXHpx.?
@}@ZHn+Q
j(s>{.r
0'`AxN{Z[[8zY
KB***;
75^iCS
?w~zx6mM
oo<ySO=
[WVV6v
:-//ot
_|qyyybbE
/&/X`\r
x#FM kO<
+nFHyRR,>l0{
geeA<#!E=
ibu(l)
cD}K9{oR0
ivm^z)
1I~`?M 7
l3f[p@
&y8t~i
OXSe8Y
dFdi'!'
([}20DA
pLD";wRkp8vL
w}vsyA
N/ w=~xxk/
wuYqqq{1cRRR.]:|'xB
;gSN]|yGG
!<y2%J h
|zs=w
\ ;@>7x
i~_E(+++^|@0?|
E"~%%K
"1d(F 7n
N/j?/.FG/,\
0`4HRM"
l6SyA~x
vCSc[k
?e0}yO
MKs#%m
->>>b{?&hb 63GQy<y
K}5N,iR
HJRIzc
OL~r[7E]uBKQ
vk>_e8n
,b(<{{_w
?/'rL>
odfvtilv
JJj6;Be?
VSO"-I/|
\pxaPU
Y[{\r:_
nx</;;/5,E~
.es^t&D
g7C!xr
mm#^o<|m{he%
!uon6j4
b9Q_n4
Zol|mga2P
ql>Lc6
f3VndtFs
0:rdp'F8J
inP0_ZEOlo?z
8"Izg&
#wY,/njZF
d&'E!o?t
N9j2|@j
j;8`@C2
jQ>*/!3;T
/I*RR%
\4ib(2
#FS>JUc
:o4Yd2{de.~
V5K`daa
:MERdy9xs
-t,-L<S'
`sss#*'#T
011?k_
V].WoolVJWWW[[
|Dgg'FgffA
uhhhzz
C5b?T(=_
'`O;e8Ebo
ktkAGPm-$Y}[no
~ sMzO-O7vXW>^
qswwL`;>h;kk
zhht]JU:
1e+`iHK
Tv)/Tq#BRu
)#-]*7z,
k/.k+K .
% sDv_U}
IENDB`visua
visuaMZ
L!This program cannot be run in DOS mode.
P`.data
P.rdata
P@.pdata
0@.xdata
0@.bss
`.edata
0@.idata
`.reloc
ATUWVSH HMum
H [^_]A\
H [^_]A\f
H [^_]A\
UWVSH(H
H([^_]f
BI1HsI
LD$8T$4HL$(
LD$8T$4HL$(HHA1H
ffffff.
LK8LD$8"
HShHK`HH[^HD$8
HLD$ L
VSH(HHL
u#L)LI9I
fWVSHPE1HH1HD$H
H|$H1A
HH|$ A
HT$HH1A
HH|$ A
HT$HHL
HT$0HA
HT$ HD$0HT$@
0HT$@H
HP[^_fHP[^_
HHD$ tv
HT$ LD$(HHD$(
HL$ H&
H0[fff.
VSH(=c
VSH8HD$XHHT$XLD$`LL$hHD$(A
ffffff.
AVAUATUWVSH`H
HcLl$0L4[I
u5IHHH`[^_]A\A]A^
f@tLd$,A@
HT$HHL$0H
MDD$,HT$HHL$0
H`[^_]A\A]A^f.
HT$HHL$0M
UAVAUATWVSHH`
H[^_A\A]A^]
H)HD$ H
LHULzH
MHUHMD
CEH9r2
HuH(ff.
ATUWVSH@H
H@[^_]A\fHL$
LH3T$0H
H1H1H1H!H9t HHH
H@[^_]A\H] fH3-+
UVSHHpHH
HEHD$8
IHU1HD$0HEHD$(H
1fffff.
ATUWVSH A
u%Ht H
H [^_]A\fH
L%HHHI) H1/
H)CH t7H
HtHH([^Hf
UWVSH(H
Ht3H-Pk
H([^_]H
UWVSH(
H([^_]
HHt=(Hx
H([^_]
A9t'HHB
fffff.
H(L9u1fff.
WVSH H
w 1f= MZH
HH [^_1HH [^_H'tHc
H(H9tA
uHHH [^_
VSH(f=MZH
1H([^HtH)HHH([^fff.
VSH(1f=/MZH5(t
H([^HEtHc
H([^fff.
WVSH 1f=MZH=Ht
HH [^_
HD(B' t
H(H9u1HH [^_
HHH [^_fH(f=CMZt
VSH(1f=MZH
tHHH)BHt
@$ H([^1f.
UWVSH(1f=MZH5t
HH([^_]f
tHHHtH
HH([^_]
1HH([^_]
Failed to find the attachment '%s'
access_attachment
Attachment
Attachment input
access
attachment
Copyright (C) the VideoLAN VLC media player developers
Licensed under the terms of the GNU Lesser General Public License, version 2.1 or later.
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
.pdata
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
GCC: (GNU) 4.8.2
libaccess_attachment_plugin.dll
vlc_entry__2_1_0a
vlc_entry_copyright__2_1_0a
vlc_entry_license__2_1_0a
access_GetParentInput
input_Control
vlc_Log
vlc_object_release
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__dllonexit
__iob_func
_amsg_exit
_initterm
_onexit
_unlock
calloc
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
libvlccore.dll
KERNEL32.dll
msvcrt.dll
libaccess_attachment_plugin.dll.dbg
.gnu_debuglink
visuaGIF89a
ccc___
@�V�6�9�=�D�K�Q�W�Z�
n�n�n�m�l�j�h�f�
^�_�_�`�a�c�d�f�h�i�k�l�
a�_�b�g�l�o�n�f�U�B�,�
:�9�7�5�2�1�1�1�1�1�
}�n�x�g�x�_�w�U�v�J�t�>�s�1�q�#�o�
k�i�g�f�e�d�d�d�
q�p�p�o�n�m�l�k�j�j�i�h�
L�M�N�O�O�O�N�M�K�
B�@�>�<�;�:�9�9�
B�B�C�C�C�C�C�B�B�A�A�
@� �?�,�>�:�>�G�=�U�=�b�<�o�<�|�<�
7�4�0�,�'�!�
|�n�^�U�H�6�"�
|�n�^�U�H�6�"�
H�e�l�p�\�e�n�-�U�S�\�r�e�s�o�u�r�c�e�s�.�H�1�S�
r�e�s�o�u�r�c�e�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�p�e�e�c�h�.�H�1�S�
s�p�e�e�c�h�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�t�o�r�a�g�e�.�H�1�S�
s�t�o�r�a�g�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�d�e�s�k�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�e�d�e�x�p�.�H�1�S�
m�e�d�e�x�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�u�i�2�.�H�1�S�
a�r�t�u�i�2�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�e�s�t�o�r�e�.�H�1�S�
r�e�s�t�o�r�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�i�c�o�n�.�H�1�S�
a�r�t�i�c�o�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�i�g�r�a�t�e�.�H�1�S�
m�i�g�r�a�t�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�h�r�e�u�s�e�.�H�1�S�
s�h�r�e�u�s�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�e�r�r�m�e�s�.�H�1�S�
e�r�r�m�e�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�a�n�g�r�e�g�.�H�1�S�
l�a�n�g�r�e�g�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�c�o�n�6�.�H�1�S�
a�r�t�c�o�n�6�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�c�o�n�5�.�H�1�S�
a�r�t�c�o�n�5�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�i�s�c�c�o�m�m�a�n�d�r�e�f�e�r�e�n�c�e�.�H�1�S�
m�i�s�c�c�o�m�m�a�n�d�r�e�f�e�r�e�n�c�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�e�o�p�c�o�m�.�H�1�S�
p�e�o�p�c�o�m�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�e�d�e�x�p�t�v�.�H�1�S�
m�e�d�e�x�p�t�v�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�u�i�3�.�H�1�S�
a�r�t�u�i�3�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�c�o�n�3�.�H�1�S�
a�r�t�c�o�n�3�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�c�o�n�2�.�H�1�S�
a�r�t�c�o�n�2�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�w�e�r�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�f�s�t�e�x�p�.�H�1�S�
f�s�t�e�x�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�i�n�s�t�m�e�s�.�H�1�S�
i�n�s�t�m�e�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�u�t�t�o�n�s�.�H�1�S�
b�u�t�t�o�n�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�v�s�t�a�.�H�1�S�
n�e�t�v�s�t�a�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�u�i�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�u�i�4�.�H�1�S�
a�r�t�u�i�4�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�d�i�s�k�c�l�n�.�H�1�S�
d�i�s�k�c�l�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�w�a�s�w�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�d�i�s�k�m�g�t�.�H�1�S�
d�i�s�k�m�g�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�c�k�u�p�b�a�s�.�H�1�S�
b�c�k�u�p�b�a�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�v�i�d�c�l�i�p�.�H�1�S�
v�i�d�c�l�i�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�i�c�e�n�s�e�.�H�1�S�
l�i�c�e�n�s�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�a�f�e�m�o�d�c�.�H�1�S�
s�a�f�e�m�o�d�c�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�w�o�r�k�.�H�1�S�
n�e�t�w�o�r�k�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�e�c�y�c�l�e�.�H�1�S�
r�e�c�y�c�l�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�w�n�e�w�u�e�n�.�H�1�S�
w�n�e�w�u�e�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�a�r�e�n�t�.�H�1�S�
p�a�r�e�n�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�h�g�r�o�u�p�.�H�1�S�
h�g�r�o�u�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�e�r�f�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�e�s�c�a�l�a�t�e�.�H�1�S�
e�s�c�a�l�a�t�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�u�l�t�b�o�o�t�.�H�1�S�
m�u�l�t�b�o�o�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�l�u�t�o�o�t�h�.�H�1�S�
b�l�u�t�o�o�t�h�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�g�a�m�e�s�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�e�g�a�p�p�2�.�H�1�S�
l�e�g�a�p�p�2�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�i�i�s�b�a�s�i�c�.�H�1�S�
i�i�s�b�a�s�i�c�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�r�t�c�o�n�.�H�1�S�
a�r�t�c�o�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�e�f�s�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�p�p�3�r�d�.�H�1�S�
a�p�p�3�r�d�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�r�o�w�s�e�r�.�H�1�S�
b�r�o�w�s�e�r�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�a�i�l�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�h�e�l�p�p�l�c�.�H�1�S�
h�e�l�p�p�l�c�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�y�n�c�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�c�t�i�v�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�f�i�r�e�w�a�l�l�.�H�1�S�
f�i�r�e�w�a�l�l�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�h�a�r�d�d�e�v�.�H�1�S�
h�a�r�d�d�e�v�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�e�c�c�n�t�r�.�H�1�S�
s�e�c�c�n�t�r�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�i�t�p�r�o�b�a�s�i�c�.�H�1�S�
i�t�p�r�o�b�a�s�i�c�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�a�s�i�c�s�2�.�H�1�S�
b�a�s�i�c�s�2�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�f�a�x�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�p�p�m�a�n�.�H�1�S�
a�p�p�m�a�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�h�a�r�i�n�g�.�H�1�S�
s�h�a�r�i�n�g�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�o�c�a�t�e�.�H�1�S�
l�o�c�a�t�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�w�u�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�h�g�l�o�s�s�.�H�1�S�
s�h�g�l�o�s�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�c�c�e�s�s�.�H�1�S�
a�c�c�e�s�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�y�s�m�a�n�.�H�1�S�
s�y�s�m�a�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�e�g�a�p�p�.�H�1�S�
l�e�g�a�p�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�w�r�m�g�m�.�H�1�S�
p�w�r�m�g�m�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�r�i�n�t�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�r�e�u�s�e�.�H�1�S�
m�r�e�u�s�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�p�p�w�i�n�.�H�1�S�
a�p�p�w�i�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�a�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�d�b�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�e�c�p�r�i�v�.�H�1�S�
s�e�c�p�r�i�v�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�w�l�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�h�h�o�m�e�u�e�n�.�H�1�S�
h�h�o�m�e�u�e�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�u�a�p�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�a�s�i�c�s�.�H�1�S�
b�a�s�i�c�s�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�e�d�e�x�p�2�.�H�1�S�
m�e�d�e�x�p�2�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�h�g�r�o�u�p�p�.�H�1�S�
h�g�r�o�u�p�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�o�b�c�t�r�.�H�1�S�
m�o�b�c�t�r�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�r�i�n�t�p�.�H�1�S�
p�r�i�n�t�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�w�n�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�d�e�s�k�p�r�.�H�1�S�
d�e�s�k�p�r�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�d�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�w�p�r�.�H�1�S�
n�e�t�w�p�r�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�o�b�i�l�e�.�H�1�S�
m�o�b�i�l�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�l�o�c�a�t�e�p�.�H�1�S�
l�o�c�a�t�e�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�g�a�m�e�s�p�.�H�1�S�
g�a�m�e�s�p�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�j�o�u�r�n�a�l�.�H�1�S�
j�o�u�r�n�a�l�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�b�i�t�l�o�c�k�.�H�1�S�
b�i�t�l�o�c�k�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�t�o�u�c�h�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�n�e�t�p�r�o�j�.�H�1�S�
n�e�t�p�r�o�j�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�d�o�m�a�i�n�.�H�1�S�
d�o�m�a�i�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�S�t�k�n�o�t�e�.�H�1�S�
S�t�k�n�o�t�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�e�c�s�t�a�r�t�.�H�1�S�
s�e�c�s�t�a�r�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�i�c�s�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�e�f�s�f�u�l�l�.�H�1�S�
e�f�s�f�u�l�l�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�o�f�f�l�i�n�e�.�H�1�S�
o�f�f�l�i�n�e�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�i�t�p�r�o�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�e�c�p�o�l�.�H�1�S�
s�e�c�p�o�l�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�m�u�l�t�i�m�o�n�.�H�1�S�
m�u�l�t�i�m�o�n�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�p�r�e�s�s�e�t�.�H�1�S�
p�r�e�s�s�e�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�t�a�b�l�e�t�.�H�1�S�
t�a�b�l�e�t�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�w�i�n�m�e�e�t�b�.�H�1�S�
w�i�n�m�e�e�t�b�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�s�n�i�p�t�o�o�.�H�1�S�
s�n�i�p�t�o�o�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�f�u�s�.�H�1�S�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�r�e�c�o�p�a�c�k�.�H�1�S�
r�e�c�o�p�a�c�k�
W�i�n�d�o�w�s�\�e�n�-�U�S�\�a�u�x�d�i�s�p�.�H�1�S�
a�u�x�d�i�s�p�
Process Tree
- 6df684120bfb578cbc9ed9a958f0df3c620a3dcb939d416b239d493729f36b87.exe (2284) "C:\Users\Administrator\AppData\Local\Temp\6df684120bfb578cbc9ed9a958f0df3c620a3dcb939d416b239d493729f36b87.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
| 34.117.188.166 |
| 34.160.144.191 |
| 34.107.243.93 |
| 34.107.221.82 |
| 34.149.100.209 |
| 35.244.181.201 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 34.117.188.166 | 443 | 192.168.56.101 | 49179 |
| 34.160.144.191 | 443 | 192.168.56.101 | 49180 |
| 34.107.243.93 | 443 | 192.168.56.101 | 49185 |
| 34.149.100.209 | 443 | 192.168.56.101 | 49189 |
| 35.244.181.201 | 443 | 192.168.56.101 | 49177 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.