1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.89
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:WormX-gen [Wrm] | 20200517 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200517 | 2013.8.14.323 |
| McAfee | W32/Sytro.worm.gen!p2p | 20200517 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0ec43 | 20200517 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(6 个事件)
| section | CODE\x00\x00U |
| section | DATA\x00\x00U |
| section | BSS\x00\\x00U |
| section | .tls\x00\x02 |
| section | .rsrc\x00U |
| section | .qgiwj\x00b |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'CODE\\x00\\x00U', 'virtual_address': '0x00001000', 'virtual_size': '0x0001a014', 'size_of_data': '0x0001a200', 'entropy': 7.747458075322385} | entropy | 7.747458075322385 | description | 发现高熵的节 | |||||||||
| entropy | 0.8461538461538461 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | GenPack:Generic.Malware.SN!.DB0EB50A |
| APEX | Malicious |
| AVG | Win32:WormX-gen [Wrm] |
| Acronis | suspicious |
| Ad-Aware | GenPack:Generic.Malware.SN!.DB0EB50A |
| AhnLab-V3 | Worm/Win32.Sytro.R27096 |
| Antiy-AVL | Worm/Win32.Soltern |
| Arcabit | GenPack:Generic.Malware.SN!.DB0EB50A |
| Avast | Win32:WormX-gen [Wrm] |
| Avira | WORM/Soltern.oald |
| BitDefender | GenPack:Generic.Malware.SN!.DB0EB50A |
| BitDefenderTheta | AI:Packer.2986B73B1E |
| Bkav | W32.HfsAutoB. |
| CAT-QuickHeal | Worm.Generic |
| ClamAV | Win.Worm.Sytro-7109020-0 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.ff26e2 |
| Cylance | Unsafe |
| Cyren | W32/Soltern.C.gen!Eldorado |
| DrWeb | Win32.HLLW.Sytro |
| ESET-NOD32 | a variant of Win32/Soltern.NAA |
| Emsisoft | GenPack:Generic.Malware.SN!.DB0EB50A (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Soltern.C.gen!Eldorado |
| F-Secure | Worm.WORM/Soltern.oald |
| FireEye | Generic.mg.bcc1815ff26e213e |
| Fortinet | W32/Parite.C |
| GData | GenPack:Generic.Malware.SN!.DB0EB50A |
| Ikarus | Worm.Soltern |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.zke |
| K7AntiVirus | Trojan ( 005568151 ) |
| K7GW | Trojan ( 005568151 ) |
| Kaspersky | HEUR:Worm.Win32.Generic |
| MAX | malware (ai score=86) |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | W32/Sytro.worm.gen!p2p |
| McAfee-GW-Edition | BehavesLike.Win32.Sytro.cc |
| MicroWorld-eScan | GenPack:Generic.Malware.SN!.DB0EB50A |
| Microsoft | Worm:Win32/Soltern.AC |
| NANO-Antivirus | Trojan.Win32.Sytro.fvurpj |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.477E.Malware.Gen |
| Rising | Trojan.Kryptik!1.BB30 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Systro-AB |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b0ec43 |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
8eb90f63ff7fc0bd388dac1d27b3afce
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE\x00\x00U | 0x00001000 | 0x0001a014 | 0x0001a200 | 7.747458075322385 |
| DATA\x00\x00U | 0x0001c000 | 0x00000778 | 0x00000800 | 3.85836319129189 |
| BSS\x00\\x00U | 0x0001d000 | 0x00000a25 | 0x00000000 | 0.0 |
| .idata | 0x0001e000 | 0x00000bfa | 0x00000c00 | 4.866195168814016 |
| .tls\x00\x02 | 0x0001f000 | 0x0000000c | 0x00000000 | 0.0 |
| .rdata | 0x00020000 | 0x00000018 | 0x00000200 | 0.190488766434666 |
| .reloc | 0x00021000 | 0x00001c74 | 0x00001e00 | 0.0 |
| .rsrc\x00U | 0x00023000 | 0x00001400 | 0x00001400 | 3.48566346147267 |
| .qgiwj\x00b | 0x00025000 | 0x00000400 | 0x00000400 | 5.007261711642095 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.DLL:
• 0x41e1bc TlsSetValue
• 0x41e1c0 TlsGetValue
• 0x41e1c4 LocalAlloc
• 0x41e1c8 GetModuleHandleA
Library KERNEL32.DLL:
• 0x41e2bc Sleep
Library KERNEL32.DLL:
• 0x41e0dc DeleteCriticalSection
• 0x41e0e0 LeaveCriticalSection
• 0x41e0e4 EnterCriticalSection
• 0x41e0e8 InitializeCriticalSection
• 0x41e0ec VirtualFree
• 0x41e0f0 VirtualAlloc
• 0x41e0f4 LocalFree
• 0x41e0f8 LocalAlloc
• 0x41e0fc GetCurrentThreadId
• 0x41e100 InterlockedDecrement
• 0x41e104 InterlockedIncrement
• 0x41e108 VirtualQuery
• 0x41e10c WideCharToMultiByte
• 0x41e110 MultiByteToWideChar
• 0x41e114 lstrlenA
• 0x41e118 lstrcpynA
• 0x41e11c LoadLibraryExA
• 0x41e120 GetThreadLocale
• 0x41e124 GetStartupInfoA
• 0x41e128 GetProcAddress
• 0x41e12c GetModuleHandleA
• 0x41e130 GetModuleFileNameA
• 0x41e134 GetLocaleInfoA
• 0x41e138 GetLastError
• 0x41e13c GetCommandLineA
• 0x41e140 FreeLibrary
• 0x41e144 FindFirstFileA
• 0x41e148 FindClose
• 0x41e14c ExitProcess
• 0x41e150 WriteFile
• 0x41e154 UnhandledExceptionFilter
• 0x41e158 SetFilePointer
• 0x41e15c SetEndOfFile
• 0x41e160 RtlUnwind
• 0x41e164 ReadFile
• 0x41e168 RaiseException
• 0x41e16c GetStdHandle
• 0x41e170 GetFileSize
• 0x41e174 GetSystemTime
• 0x41e178 GetFileType
• 0x41e17c CreateFileA
• 0x41e180 CloseHandle
Library KERNEL32.DLL:
• 0x41e1ec WriteFile
• 0x41e1f0 WaitForSingleObject
• 0x41e1f4 VirtualQuery
• 0x41e1f8 SetFilePointer
• 0x41e1fc SetEvent
• 0x41e200 SetEndOfFile
• 0x41e204 ResetEvent
• 0x41e208 ReadFile
• 0x41e20c LeaveCriticalSection
• 0x41e210 InitializeCriticalSection
• 0x41e214 GlobalUnlock
• 0x41e218 GlobalReAlloc
• 0x41e21c GlobalHandle
• 0x41e220 GlobalLock
• 0x41e224 GlobalFree
• 0x41e228 GlobalAlloc
• 0x41e22c GetWindowsDirectoryA
• 0x41e230 GetVersionExA
• 0x41e234 GetTickCount
• 0x41e238 GetThreadLocale
• 0x41e23c GetStringTypeExA
• 0x41e240 GetStdHandle
• 0x41e244 GetProcAddress
• 0x41e248 GetModuleHandleA
• 0x41e24c GetModuleFileNameA
• 0x41e250 GetLocaleInfoA
• 0x41e254 GetLastError
• 0x41e258 GetDiskFreeSpaceA
• 0x41e25c GetCurrentThreadId
• 0x41e260 GetCPInfo
• 0x41e264 GetACP
• 0x41e268 FormatMessageA
• 0x41e26c FindFirstFileA
• 0x41e270 FindClose
• 0x41e274 FileTimeToLocalFileTime
• 0x41e278 FileTimeToDosDateTime
• 0x41e27c ExitProcess
• 0x41e280 EnumCalendarInfoA
• 0x41e284 EnterCriticalSection
• 0x41e288 DeleteCriticalSection
• 0x41e28c CreateFileA
• 0x41e290 CreateEventA
• 0x41e294 CreateDirectoryA
• 0x41e298 CopyFileA
• 0x41e29c CompareStringA
• 0x41e2a0 CloseHandle
Library advapi32.dll:
• 0x41e1d0 RegSetValueExA
• 0x41e1d4 RegQueryValueExA
• 0x41e1d8 RegOpenKeyExA
• 0x41e1dc RegFlushKey
• 0x41e1e0 RegCreateKeyExA
• 0x41e1e4 RegCloseKey
Library oleaut32.dll:
• 0x41e2c4 SafeArrayPtrOfIndex
• 0x41e2c8 SafeArrayPutElement
• 0x41e2cc SafeArrayGetElement
• 0x41e2d0 SafeArrayGetUBound
• 0x41e2d4 SafeArrayGetLBound
• 0x41e2d8 SafeArrayRedim
• 0x41e2dc SafeArrayCreate
• 0x41e2e0 VariantChangeTypeEx
• 0x41e2e4 VariantCopyInd
• 0x41e2e8 VariantCopy
• 0x41e2ec VariantClear
• 0x41e2f0 VariantInit
Library oleaut32.dll:
• 0x41e1ac SysFreeString
• 0x41e1b0 SysReAllocStringLen
• 0x41e1b4 SysAllocStringLen
Library user32.dll:
• 0x41e2a8 MessageBoxA
• 0x41e2ac LoadStringA
• 0x41e2b0 GetSystemMetrics
• 0x41e2b4 CharNextA
Library user32.dll:
• 0x41e188 GetKeyboardType
• 0x41e18c LoadStringA
• 0x41e190 MessageBoxA
• 0x41e194 CharNextA
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
P.qgiwj
=Uo<)z
*lu "A[
f0;|{;H
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV6h0
;fV68h0
;fV6h0
;fV6,h0
;fV6h0
;fV6`i0
V#F]1HGtMuA[>7
l:mS|R
pz:`.q
L[$$jo;d
b;]{nMJ
"q fX
u;^Dl=K
}^ilmskf
X %HEvr
~mya }
o,q2.ycvr^6
7\%`.E
_QQcvJ
amU|Ra
Lu;mHy
_;XFt,Mu
Nocq3lZ
ifq2Zo
V[Vl8(7
DLs7u;~
A`v7J/
.^6neGDg
5Q[sl8
V)5ZZv~
[m'sF`
y9^,<y7=_aIuJl
LQqNHe
sB7>{!H{MuX
avw@G'q?~
iv;{$_^
I[w lrM
[$$jmm
I[q juM
&!{ll\0b
o{_0L_
).$\0U
quhaz~=
Rx9^j,;f
_,s}F0z{{
_0aJ5'IK H
-o+nVvMI{ml
uMq//Vc{u>;
+cvY|?yfMJ"
|m`D8M
3"tLMu
uZ8l:h'
MuQ[q%cVZU
" q9@"
Z`c:,LD
11J>7*M
vZTF0za
edZ}F0zi
V)y"f$/,9v
mg@,Bra
JBK@;HA`v1^
YH"T*adZ~d>d
"1Nl.kxcvZqtl>
`.E M9x+w?fAdv1~
/EB5V>GH"
f;R>`o$
edZd0i
Zl/cod
{J_<s.Kowq
MJ$9f5
-<gqM$
Zqu:3zcvqd
3pel9cK*
wl<mic
@XqYo@b
M_;HnV`qd~ 7
`ZrK/;fcv
1b^,zW/;
q2Uz[/;H
u?qT%3Gn
d;Ksla%Ju
adZB,;t
1p^xs ZH
zZll87acva
&HADsvqc
[ZTvsX7Ht
aDuC f
U1BX|l9e5cvLZ
N^>b,;/
JqBo1:\
V!DFK7
Wt+S;2uMY?q jFpM
EVcYT 8
s;]II/IP
k;{{F4W>Ms
O)p q%
I;fAgv;6_dX
q2 >1|Ra^u
A;dX cErZ
0H$qZqp
q9RL'9o.
Zqul,m
b~2qBru:lg
Z;AHvvZl$j
AHEIqP&
*`HKBs'
mgK-MD
xj"a[u
YZambL1a.
p-</2Zq`
"w"Zd90g[!
7I-LDjN*q
ACtMuU:
KIMX<*
wMr>B4;H@tqq
e\cBT-<V.
#f,qb/
-^-ul:_Acvq
&N5cvJ/
BrIV)q>D,Bra|o
cOAH{vYiL5s7
"9R<<J1Icvr]\
`.{iH_
';Lko}."UeZqtsf@tq
\3pZ|TE9
Vdv~6[
+V~7"Z
:#)pTq|
cvJu.<gE~gvGZb:+nfN7fpE
0B;HBN7:
quB]Tm
wsAcvtb_
q<>qYg
Jp$%H"CaMumk
Rbp'k~
;-AHcv
=n^/1lYqIm1xg
)MV4$jmf*c<80]~dq9
?ZR r+%I
d*zIVN<u3-
I"9R77N{iI0Fyl9
]Ul"bB
{qZLl9f
"C!c;Z"[OuEo
s7dA(cv9V478\-Cjs %HQt
u$jmd
;dAq;z
V$s>sV
wMPqug
O w^*q
;Ek$mkCKq
|}D;HV@
yu~N!xS
q1eYq^^;
9\J(cqb_
~qukl8
[%ul:moC
ORKiz{c!
r^jf:-Iqic
bwER$@
9c!y_/IV?{
[Us+jdZcm7J/
<V.I[Ms
^e. &D?e
3b3Qz%_
h3Qz%_
h3Qz%_
h3Qz%_
^;QcvB
?Z|f"G
1hUqsjtA
w6\qls
p;H7h1Z
U;m)1ZNN
q`nt9;
%\`U1$@?
r0k*e)OL
(5[{"QZ"xj,G
z ,o~S Dq-$7u
qZqx;=
sVI+>o{a
K,)J>q
f.H\& Y=Z,W
@$$jm{1ig
A;fApvI
?qf-vzQ|bGAq
eAq6X$
9mjK"Rk.&
;iqfOApq9R
qkfHVCbf?
I+>oI{t
V)n9mxUig
6&m`1rg
jYOk!9mf"
4ZG[%.
=JL_pr
}l@"S@
y~$je)
IMuZl:%Hj
p|/&cB
Y?Z#'Jg8{C}fE
W8yEb:eOB
u /lmK%_g
P$g>xEb:
?a#'Jd8{
h;R>7{
UKtqA{%H"
B:;>yq
cebZ%H).I0,
kmcv?Zmz
}u.Q HqD
c.).I0,
-Q KqD
L^SqUl
lG].2!
8g';h$_!b
;G-q;HA[q7
c8*["Q
s7?G-@qMX
yb:xdB
4m1AQtMu.
&m=h OyX
=_fSCr7Q
@A`vM^\W`
qZnnj;H"R`Ju~f"WR?;<
P(i"yHgTW6z"W%G?
dvZ$:e,"
Z!B;Hj
"w@r>w
!wl?nw
;H"AaeVuXm
L^SqUPiR
xH {*AdZLx
>u23fH
M>]b!)
S(F0zig
AQ}{(S
)VcJ"Q
SkOL"U
rZolH"#qg8
)i>r%,Z
r_l_0H9/{HV
8g5:=Zst_4z#Nq
_;A`Wvb
M(o,fV qe8{';YAbvZ:E?-
X"Q3PVtlMu~W
y;_*.Y0.
\qZ$ji>
u`Muob('*H
BqU'$jmd
QZMpwj
V Ju[$$jcl"Yd
@$Qdalucl\Rt
bq1JR_
J@rIV)s%;fdaMun=c
o/Qjx9M
d`&avv'-)j3f
cvI4b(
rg;K?5
<}cv?Z4b(
Xqh?F(
y$9n^cs
7cLuMu4b(>f
Uu`Lu?<uiK<oe@tlMu
f,vm3h
R$s0"E`D.
5Ou>o3FBtMu
E!;Ykn$<*s;Mkn$<
; $byZs
qf U:LsH
*E)O1q?
X Oy1MRO
4=YIO`O
5$4*E`HA[
V)s%;f>vM
e,`kV)s :
\eD we+J
?ZV)s%;yVN99
dAfv;M
J";YN.
=OC Z|s<`
9cXyavu~
qq ;HAtHMu
4iVc#b/
&4i9VcJ"
{pj?f"tq/:q!>A
'9I[q5
QiX6l=m
Lu_s+V_
KyYn}d8/J
f,vl:m
[$$jmoK
nS/D5mu
7NpAhHc %Hp'
m[d7|$"!
ZV)s%;f"N
Ju:nop
+}l=fZAcvXodO@b
@{O~o`<
?ZbHC&;I(4
QqAjEO
\c`Zs>D
{;RYYQq
{2sPqNg
OP K.P
qn~n;H
m/IqFsM2^
j:5cv)Y
\HqaKl:5}
6!kmf<e
y%?n^g<Z
?q3V Ju1L^H
&<}n"of
Zy ?=G
9-;nZ<f
Z!8;.8VaAumH"
o,.IS(l
qyZ!$j
cyM>$3V6<_0IZC,;.V60_0IZS,;.V6$_0IZ[,;.V6\_0I
Upw(gK[
#mwPx`u
|5+0:qFauT(
^ Sq1E[
INXc]c
3::Bhn
~ $jh "OB
INXc]c
3::Bhn
~ $jf4e
,ajf4e
7qA[;_f
r~m4t~
K2`Pwmg8
K2`\wc
!wn7{rvM
+^!l)@ WV@L<
5Q[y H
$?@ kvq
DVn9uZ0l
bu9@d
MmEua@V?
y:} N|
BGmnKbY
fA(cv?
"N|b/M@
qyfaxoF
$^Pl9e{`~ZM
aecNrZ
nK$BPl
QJaLu:
XlwMIV'5B
t`.hjq
9Lhd:wV
wjm3h [qZ
u%s`.*xm?~
(oqZpyl?
" aqmz
wv}l$f
EcvY?;7
kHA-vt
,_V\S?
qi*{,V#
I+>o{a
,bvRUxm5G
$Vr"Z$;`Jcv!Z
y:r-9d
?Y=Z,W
)m;NdiR3yZ
_`}ub3 f
\&scviT
JW'fpvi*
ifvJ%W%f"
fApIvu^
%HpHol.cvr^6
^9H)HK}
q3nCtMu
_f;p9I
Ol 'J,
j"]bw2Acz
p1LX>2
pPzne
.HyMu6
NG.qDKzqQl
L"Vdv<{
V_aYZuU
Mc+Zb:6fu}ow
;V_`ku
f.pq?&n3S
q6Atv9IA
U"lMIQ
"tPMu@l,
UF{qcv!Z,l2mfACvY
>Os|RR
u6_dXqqc
f.*>(\0)l&zJo
>J1]*M
4:icv="*;
c*IbZLN
h $kqE
!Z(9l6
q~$[HjCt
pMIV?&
u-;LX~R*rZ6DB&z{i I0b
@VH"tMu
>Os\~R
aPHj6_MaXl:e
J$9fi*{,V#
QMF>&a
ul:icv!b3
A\cvZ$j
>Osh~R
azVHj]MaXl:e
JaeZHX
$9fi*{,V#
QM~>&a
%ZaE~=\
YZaE~){
YZaE~-|
YZaE~&v
3a<Hie
YZaE~'e
YZaE~'g
YZaE~&u
|?HSqZ
T)P ('.
Z-EBHG
X=z&.`,S'z
?ZV)q qE
^l:mf"t
Mu!/>-cvt
Zl"mfA
Mv9\2<ta+
S(n<od krcc@<
f.IS(s :Aig
Z!$jQx`N7
DAcv7J/
K2`@wrg
;Hw$9fknZ
ud;Q OR
@w!y"7
s 7VS!
$cvQ[y"/VcvpZ5
\ZV)q<
zT}mlY
QsZUOH[a~uU
g'lVcv
A<qv7J/
[$HbMIP
Q7>q%VaYu
-=uMu:
Q_ayub
9Lb9N\
oj5"_axuU
1kYMs6`
yi2~;]k
Apg V:L.q
R)s1+b"\
V,s?:y{:P8
2p;wwg
cvJ6n
79mAig
Vn'c.+)s9
Vn'csbn%ke
Yk$%HE
I"9R{l9
V)l"cM
I"l#mf*t
M[N#q-;cvZn
A`dv1NrZ!9mf"
V)s!#yiurx:o~
IcvMtpu4A
N<z=:Vu[k
>,HIx"Nz1
?'u~nb)k
"\a)Z*
"N`aOu"7q
"ZTq?f
|n2==i&XC
*pqsu+V
d$Vpv$l
"]`<n[&%
wMM wH
z vDcv
6&q2x~Rbc9
U-ji G
n;kNbC
l"co,tb
A+H"V`aipu8
X7&/x!
1bZD*t
6p;=EqyRj14[
D8Z,Hc
E9ZL1uA@if9AIxjmvMH(v7et
zeWLH/
#o#x`\43
.:cv7u
ZtMuSmvP
@{: "0Yn9
q3na3cZ
#6b[Qxo%
g0;@#Nn0~Z=n$
@J'9mu
/[ bSUr!U
71p(?
91~E?{e3\pEU{h>
sr`=8HVVdbe
s2%If1uZ,mF
1U/}2$=q
,o>&=|~
LhbvJk
`HVc#b
]:H^05>
l)pvMPl=
`UVP Nu1L^HH
3>q5qf
Q\Qt&l
*Acv21M^y
j2pZyd
}Zpj{:
3;fHKu
h{iFx>Os
UVuB`b
"qi% Q
%3Vwyt
9Sahux
`7V \(
+cvJj}*
@~H$Wv
^;cvrK]Bu{
cvqS'i;`
cG"&EI
loAP*v9
"tMuapi
BHVcvsZ`
kf}cv!Zb:
\w/F1z
Ot,z=j
PJV\P9^P
VC=E{[HAUvb
cv7&wc
>dicv7Ns[
gMuPwl
gQVuI[
Zq2Zq5F zcv
!{w cv!?~U/
_qZf>?Hj
nG~Z$u;HXu
*q3fAhmv9
A,vqcO
q!6<n/M
qBr2, 3
!:L'b{
q!6</M
SqV)d>
6cvBa[F
2|t]q{ym70hR;p
uZV=q6'<Va
tqRbZ9
m;_IAav9Z
T:LSaEOu:b,
qrKqJi;-<[9
_9vq:R9V0.,
i$j5jvM
@q7cvzZ
cv'Q^;cv7:joR
+}cvt?
;[qZlwv
\8Hz"M
[$l fp
{iF6>Os
AdavuZ
uk?(LkR
kH$Fl(wZ(+
[ZNHAev
Yq9*u?s
[Q(Z[!L5S1
+Zj'<;dJ
";fXVAd
F>z (1jZ{
?\O0o$jgV[U&Z
qZ|f>r;Hj
6b:]mt
xI04gH81CD.
.=cvdm
H?ZV?z:
'Hj$MMM
g;:"tMu
w"_tb_
R,;HRBM
[$$jmf"tq<-<labS
&N oMJ"
q5+cvJ
q[l-fAxbv(
|z[aePub
fMJ$9f4
F{tXMuG
BMVm=g
pu:%Hp
ig*eZc'=.(c~
04Zh*eZE
%q*&zJ;qb7
~&OKqL_TH
S8QZ o%~R
eJQp/b
@g;`cv
UG1HXM
-;bAlVv7JUo
H-$Z`f
;HfeBr2
, 3tMu)
;fA wv9
irc+\eZS];jbM(t>K
U#_;WW
l:Aqv9
3?@;H"tMu@j>cV
3?@;H"tMuP_1z1cvF
/^BC{
AEv7J/
@HAx?v?
U__;Wk
cvre:'_H
];ecvrp@{$
.cvY"$
;HVcvsZd
SHVcvtZ%>;HVcvtZD2;HVcvrZ?
mLK0aJ|lo(W@
`.{.1b{
q>6<{.1
Zpu_g{
WzwqZB
qZq eE
q!CV/IP
bE ;~jV
N}u?&.
Z@nl ;.
DE{Z8'n
J\%`.E
f[ Q*q
uYV{n.{`qb
q0*-cvq
MZl m
"tpMuCs
!fEtMu
Ct\MuCk
"Ua=um
iKl:mk
QKl:mk
1 pc*;t
aIu6_dX7q?
qncvqb
i &qMu
e-cvvPn
u@d;g"V`;~:
}T* qf
&uM_&o+
VuMu&%Hp
xRVuJ.#qn
y1qujaq
'~>O I}Z:b,
hA`gvqc?
s }o* qf
q>6<DuJ
-= \bs
L'b{&'1
pZQvH1
pZufH!
sZA;HI
sZE;Hi
%sZ!;H
EsZ;HpC?
)M2>C;H"
~R0}Zj;
=6c1=eZs
=c1rZH|
t(Mui%
[v?_.H{cvr%
f*>Q0Z
;fV6pk0
;fV6xk0
;fV6@k0
;fV6Hk0
;fV6Pk0
;fV6Xk0
%>z{iI
5h)Z<ja
ycJ!Z$jmYu
wHI[pp=;
V)q7f=u
'M:>y"+
wu f.p'
q?@ZMupwf`;
q3fH puMaS=sc
I|cv7v
Bv4b!!,
9tB_C#H
3?q1+cv
uiqU9cox uYqCw~s3d
D@qoRL
"V`aqu<s7
y;VB:l}{{
}YCw(ox wFwl
tMu<D:b,
[$%;HS$9f0
, 3>1rN
l,'qy6
CyoRn;2'
y7=q :@B&
tDMu<a:b,
m&9s?w
ADdvqc/
"J"Q<E<
Vc:p9I
UZauJuc
v<bHueq
q%gVNr@n`
;d;MJiul:
N9u%;`
"t4Mui%
IV)4Cd
aFu_"fXyj
@Bs62a
"PbLoR
l,]qeH
:lx{{^4S
X0^{q m
%fAlnv9Y;
@qmRJg>;6tu
5A[! v
?;2tu)qio
A[! Yqm~Qx7R5
vxQ|FO
}7a]uj3TN
aKu;o?7
5)[d>`.HS$9fmf
WVI+>o {t
;HA vJ
1Rpsl<mh
M>_l,k~
arH$VlaU\u
:R*o1b^qf
>ovMawq#b
bMA|qv
V\tZ`H
dIjZeM
2a~c]d3
fpj>wm
qfAcvJ
B(IV)l
^l:mf"
U;.*+t[
9Ri*y-{,V#
JuL'b{
9Ri*)-{,V#
J1uL'b{FB1
.UfcvB
f$Vla_u:
Ma[$l fE@
V/IV)mf"tMu<|l
=K#v1pNzne
)f"0rb+
Ul=HA4lvY _>cv
qql1mfLv"a_
I$9fi.h[D6?
G$VDaTu6
w~I* qf
wfAq6J/
"#cu6J.I
d@gq=* w
FcR< MA
?;H"VhrPl
?uKq<ysZg|
"VhrPl
?wanL'b{vY1
.EccvB
[D[pwl9
q0.ftM
%Hpje>u
)at: &0
&wMW $
nd~58Z
UqXb@n
mf"tMu
"V`aU\u:
Z[b95{zSf?2{}S)?+2{}StK?&n
XoVafi%~
M;HVfxv
Fpb79
;H}EZP
Ucv(=;9;e
tMu.|eF
-Rc`Z:
%vt@Muh9
5lcv,Z
]mcvLZ
NtDMu@8$
C6Vu9pPl
a:H*nh
tHMu^~eF
@? I* qf
U}=s;f
Avv6J/
-cvrJ:
-B`aX~l
C5VuIq@
qq`M?q5Av[
91bXwB
AdvYPl
A0evYx"V`
VcvtZS
k~9YcvBr2!, 3
j"_VI$E
_dh"F`
M2>gI4
k~)tMu@:b,
@HvYzPl
uzp@qf
;ifaehu
!Vo`cZ:
L[vLM($VHaUQuc.
G(ltZl
zPj2WV
!VobtZ
vC95.(c
1qNsm{
;=u'qYE
I$9f@ol
Zpl)k~
.%pcvY
^&%HE 9p]fNAbv=;9;
ZwMg&%z{`T8Y)f?
HZaPuW/l=
VAa-Lu{
b;H"tMu:
xv1Nca
JWF!l=
X %;HS"
1qNsm{
;=u'qY
.G @J0
p`u;i1
<+Ucvb!9m
qHc~1XZ
V?m8mV
1`[wj~e;H
cv*qFwy
:^jQjrFw9m
O.*h9IQ
"%uMu1
mqoTuUc
;~n&."
mfXQZa
-wcv[,
9@5mKc
`Qcv!9
"Vacuc
t2MuA[Q+f
mf$Gqb
^!&%HXqj
_aMuU5
?l2H)/
95.(cqi.
I$9fw`
w'QcvbU
Y>ZMaz: k~
eG')Rcv
H$VlaE}u
@Ad`v6J/
."NrQuU
k;H$VlaM|u6
q0AKv?
ApPv7J.
AQvqc\
9R!cK"~8[
K?ZVL<
m,vV)e
u7Q.1$
X %HE 9c
cvB;f]
I" =bcvb
w91rpl9eEK
f;Iq#8-sqo@.
{iF>Os
pV[aMud
q]wZ[aOuM
q1Aav6JUK
:tMuHlJ*H"Vlau:/m~
ukSj`}
_wf^AvY@D
L5p)zcv
Eyv'c!
^;}wcv[
{Q"Zp 5
V)sf V`[?
ZaYEu:
]qabOh
"Vtaul<mn
bHt~65Z
VwT."$j
F*?zAcvB`2, 1
u*_M<f^Av
BZ>wV_`Iu
fpaZXm
9^U)q1lv"a]
9Rk{$c)
HE 9{?q*;jv$
qmq gK
mt=MuPn
R~uvA7
$9fPwq?
cA,_vq
fA4_vq
Z$8;fp"
F*?zEcvBr2`, 3
\>z>;Lw
L'b{z1+>
PP0bWb
fKAv?
;LpRa=
ApvqcH
{iFC>Os8qRBZ,_*?z
qRau6_dXhqqc_H
_?zLcvqbGZ
QHJaeZH
$9fi*7
,mf"I$yE
JdN(lf\<
\E~!c"
L'b{fq1
.u[cvB
Za6uvl,m
L,aUg 9RB+
2=NXy.
MI$gU;cS$o~
,aZ!9mqh
lfr",/.
u2]0EUyM
rH d\tu
"lVcpB
R]d@)s;
K/quZ!${
w9N.p:g
q%9y^cvv[
cv9s?q":V
+q0.cvv[
,e.Ocvq9\
-e.Ncvqr
_dh$^`
M_&o+ TS
>C)|LA.
yBr2, 3
Z)z>AW
mfA\cv9
{t89Mu
M>_lm;gH
;HVfqu/
'6wrpl
6_dXcq?
`;Hv=GU)a$Q?
{s . W
4f@N9Q[
fN7v%9[|
=7v%9[|qcv/
GU)Qv!#`.HS$9f Q
Nz~vMY
eG.qME~:H
Z~k:Hr~Pk)c
!30R2q
;mG,q1j%a6H
AZ@}=VmEU)
=VmCU)
"V`v$JaL
K/quZ!${
K/quZ!${
rn6K*qu[$${
a9^nne
vM[q?dX K
j}vM[m;.p
tOwmi cyU
wjmn]h
;HVequ/
pX(fY G
!{n3f;bq
V!1q 7
uM~\%%Hp
Sau6_dXqqco9
f.*>DP0P
%&?z{iI
sVwq,q
YZaE~<v45wj=H
qZy;HM
YZaE~!v
qZx;H]
YZaE~:g
qZMw;H]
:R/z45w2H
ZU`F'H
1ZAXn H6
?w:g5`p
qZsZ7H
?hw:HSqZ
Z!Bo<v
Z!Bo)w"?d
qZAn;H
UZ>b}H
Z8XHaT
*-@q1~
l?fHVs
}Z-EnHu2
}Z-E.HG
V)~4Omt`YMu
Z!fEthYMu
"tTMuC{
tTMuCs
r%HE ;~l
@jP:q5@
@wl)m3
dbsu%`.E
9zCslpno
cvrPlON
;fAcv6J.
DI& 4q3f@VB
c:1f"U
auur;_I
~l=bGA
m}~qb &
1f\FtM
9zC{lpno
9^:cv:1qpfp
Vd(kZ
Hquhaq?f
;2ggG4
_dh NdO4N@
HAlbvqc-
?zcvBr2
HA<bvqc
`p"L'sLpRaaZ(S
HADqqc?"
9L'pnVfx/IP
mf"u[*HAq;
ui*z,V#
;2%dm~
{iFm>Os
m{=scvr^6
9Wwc!<fAv
L /,v2
qt3mf"
[$$j5{{_aEZ6l9
JBC.l2'
LMJV)d>
srvMq[< H$W!
v[4~`.pq=&n
{VI+>oYzt[MuL
u9[$$jmkSSx
%H Ubp
q?\"fn9Y
q'`."C
ul:mPn
N{nT-<
Zl<`.E
Z!9%HE
f"[tb
qujaqf
f.p"9P@l
_dh"V`
m{z6tM/
m{zuMaD:
@lbVuM_&o+R
Vl(IV?w3Xcv
&`Ucvb
wWRau:
fKAXv?
cv'vl=
V_Mu!e
c{"7MbO
WtkMux
H$V`aAu
Ou H0Q[K:pq
e".Uc$j
l"1HAv6J.m
Br2[, 3wqb
uPmMu$%HV[aMu.E
l,mxcv/IP
`Qcvbo
`Z: @;HA
7QU]n3
cv~i*z,V#
Ic>Fi% 4
%CRVwyrPl'hV*9o
?Zl)wLC.
_dh"Vd
IMfF1,
@HuhMuL'b{
q%Ra5um~
f"V`aEu[$%HD
q%#cyIP
qRTm~oYz
zpY@wl
I~-I!%Hp
Eqvi*cz,V#
J->NZ]
aL ~:b,
:9mnQm
Zds 7^U
_dh$F`
vM_&o+
q5"+c}9Y@l
VuPdMuL'b{0
T"V`au
ZGl"cX"Fp
:"Vxayub!+f
%;HVcvsZ
5{iF_>Os
-<q?V@
qujaq
N^cvM_&o+R
$Vl(IP
9P@:Sx
iMR* qf@VB
H"V`aKu
A@vqc/
yMBl)m~
G;t0Mui*1z,V#
-<w \(
q_&o+R
fpq?&nR
q."t{i%
%GVwy/
5{iFB>Os
gMuPl9m3
\&sS;{
ztHbMu
9Wkl"64P
}r,p"Vda
Z6_dXjq?
9mfAvq
sl;z9&` U
fE 9s?z'=
p&I5bA
]Mr^l:5
Z^l:mf"
Zpl9m+
l:7HAvMN<
mxae@tl
?ZV)q qjtNypl
hf;HMJ"9Jk4q+`La
BX9Jk?q f";cE7J'
A.!s;m
lMJ'9B _j
cYIV)q
uH\vu~
OYfAnv7|&
!#jRxM
hb;H"P
[$$jmPn
Nd,F[$l HE
I"9Js,q+f\zv"
[{]l9m+
'9NLL5q%
"y;p9Tkn
l^\%$j
HXyjZo
Umf@VB
yMN{s 7v
%o9%Hpv
q2M}eFH
N^q?ZP
qMu@wl
Ubv7rn
awy;B"
ptf;H)abs
aX{hlH
YGW9]!q
^&9m{g
Z,n*rga!ua;m
"9P$ckf"
Hp'6X.
I$9f?<Xyu
rf"nMup>l+}Scvz
quZ~FzKcvQfA
[z=HAvZTXl9fF
tHLu>z;n_/
9zC{b:>
9IV)q>D,{z
6(Rs9{F{=m
aX6l<e
Vc. wp
yMFl.cvFo%HE
9R~sl,m
jq?f")
aq.S0fAvCC<
A{Mr=;_I
?ZV)mf"
KWc]R{n
E~_aLu
Zxn+ \.
MZl mf=
Z!$?EtLu
}Zc!<fA8`w
qZ%=;H
S5)Afw9Pm~
a;V9q7
5{iFF2>Os
v7|.+m;fHA(v1J_U
LA4]vJ
<mb@)O
xf)(;6_dXq?
Z!f.HVcvtZJ
Gz[ajud
;@"U4N
LV`a9Y
V_`yNt
aEaEtl
c!<fAkw
`.p'9xm
+f"Vv$
$9fq<"V`
~@;H"V`a
0~wM8[
cgLIJ"
"C&L/7FAmw9Y
Afv9r@l
fA\Hv9Z
?ZV?q%
P/IV)e
YaQ|ub
54=*bvr`;N
t|MuVk
?ZS(s1&o
y[v< `
)H"V`aLtM
J-&n4R
yfAbvtv
;fAXgv6J.$
3H"tMu
I+>oyz
JJ$9f@w
!Z0~&O
9Tol"m
96)q3n0Y
f;{iFK<>Os
Ahw9R?
ifaYFt
{iF >Os
T V@U>
&<}zUcl
icv(6J.
%CWwbz
[$l fp"9P@l
)[d>`.Xqj
X"tpA[!
$$jm[D
3C;H"tMuim
RaAtPl<\g
zzMa{]zqbv
{%%;HVcvtZC
;HVcvuZQ
;HVcvrZk
S%<TGYQ[C;H"t
MuU;o?
mfAiv/
aXcJB`b{
bqujaw
bzbvrK:
N<bv9R?
olwMF{n
N08[3+
Vt8Lui% E
Wwy*9o
F!zcv,q
T(q1Aiwy&l
WI+>ozt
^&%Hp'
(l1T:LRa[ul
quZ!%Hpq
i*Lz,V#
;tzMu@wl
~Fzcvb
VuLu&%Hp
r.^`~Pn
qujaqn0
z<c"Fh
Z;$`HO
Z#|gH*O
c`4Z*;q
{;H"V`a\u9rm~
V]vUgl
tLu@];Qbv[|
Svi*hz,V#
Omcvqb
W"YQi%*hM
Mca}Wt6_dXq?
uMcb9I
9R;fAPqvC
Z\l*gD_aQ_u_!9
qujaq%?V
9IU~=N
;fApvYP^;j>eMa_
areH$Vda]t
9Ri*z,V#
$F`0uZ
f^"thMu=
_?H_aYu: q
B_&o+R
`p"9RPl
m[r@:S*
Sg>~zR
Sg>PzRK
A\q[AZ
s;H$Fd
c;Hqb/
UftMa7P;
*_;Ucv(J
U_a)Iu
_dh-rPl9m
wfAfvY
fAxv6J.$
;UbvBr
4BL tj
{VtLui% ap
[$l fu ;Vl"mf
mBqpl4mhj~lM
9>,y <
gqujaq3f
tHMu@~AIv9
"Vha1Wu*
]uZ~FzA#cvV
AXHwqc
BI+>oztPLu@
@HGwYb
,;tMuCw
<;tpMu[w|
S;H"V`aYYu!a
Hua}~H
XMzvl8=s[m
F>4abD
^26=oH
$H"V`abu: wTL
\&8;fD
\&sS["
[i*z,V#
Zl"64P
vxmfA<&v9Z@
aPH"V`
?q3roBM
~i*z,V#
bzAbvru:
UyPl9m3
u mI_&o+R
RrEb*k
O A\2<
"F`3^2<m~
gca!8u/wc
Wc<Lu3
`acvyQr2
Iu@:S8
4x"V`;n:
qujaqf
-[2HAVw9
]SV6EM_&o+R
.bv__&o+DR
Ui@l:`jVXMa:
"9H"V`
ZbKHVGl9
VI+>oz,bv
@xMwYb
Z8$7pj8U
m_Y"ttfPw^;jqM
wjmf"&Y
Qc:0_A"t$fM
;fAdv6J.
@HMJMu
U9R9[g
ll;s9I
f!D_aZ^;j~MaM{l9
#_["tgPw^;j*
9mXj*zv> `#
_aLu_!9;Hp
;]isZn
qujaqfHA
d|=~ \(
Wwcv@l
i"$Jf.pqJ
bvv@wl
I+>oyztLu,*
nm~tMuE~lm~.
`HP rQ^@wl
+z\a9R?
Rcb|9R?
q0sVI+>oyztLu,+
JJ$9f0
WcvPwl
JRs>q3f
%#WwnBr
J$9f:o~
"VElm;f
m~tMu+
A|avaE2 q3f
m~tMui% d
m~tMux|
z:q3cv(6J.5
{{^ML'b{0
u&c:#f
Uq_&o+R
t%Vl,q
u7J/L.q'fpq
Wu+qPw9*f
LAhcvu/
;Z3rZ7
uZy3<Z0Z,
OGL'b{
qG^9R?
PU~9R<
-BraX~fpBi
T.:Sa5
Mu\'@qM@wl
tLupct;
-<u^p9
"V`aOu\
qujaq3f
/RAlQwMm
}&c:&f
Uu|L'b{0
ccJuN<qf]m
!9R/ q3f
uJvUc!
Ucj_&o+
+Rd$9fi.j
!Z|q3f
UyA{L'b{
UVmMIQ
+Rd$9f
V@I~i*8fz,V#
QG~9R?
@"S`aBu6_dX
u&c:#f
Uq_&o+(R
Qyv@d;_
"Vlauj
!{~L;H"Vd
AdvaxP
)q&l fp
mAFHn2"
Z8c:,fE)
A"w9I!
I1bYw
"V`a-Z
?VYv%{
FH_actl
bvvr9[|q
Zc:4_A"V`aZtu~m
N5t$Mu~
]fKAv6J.
(Zsc:!`
aOabt*/q
T:L(Ra
jF2Ma:
Vt;{9
tZ~F^z
aEst:+
$VLaqst:3
$Vxaot
U_aEZ6_dX:
Xl:\C)
mf"tLu.*
;e9I}~mTL
ZHl-m7j*hMa
q0l"tMu
9Ri*nz,V#
j0Ma[$%Hpq
,mfk;Za
Q_alt:
o"wMajml<
hH_att:
8$zZaRu6_dX2
"J :~^;cv+q
V)~4OmtLu=q
n/q_aZ
;g\~uqb
mfAtVv
R;&nMIV)l
"9RimxUcv}w3WI
mz[aMu~l9
"RJbQl<
q3_oBM
Acv/ %HD
`.E :~l
R]3>Zl
;H|BrIP
t[$$jm{j
BrI5.*X*q
q0Asw6J/3D
ZrO<;_I
I'9z1X
a9RN<x
qpq3f"
_aaZ~l9
HJ/IV)l
t[$$jmf" aHj <;f
qZl,mx
yi]c.*ufZqXl<
Vt_C@L
q1+!cv
|=CI/IV){";
9^mf cqb
yMbc!2f"
mf3k9E$
-BraK}f
!9U{8;fp
!9Uw8;fj
?z]cvJP
}=G \(
k;LpRa=u
EqZf.A
BVHA|vrD
*>xP0)]
sc1e#Z7
?zL0b
;HVcvpZ4
{iF>OsXsRd
SqZ$:b,
^!g"1Nnl
q9f>H}
9^9H$q|
9e=be1r^p{W
0nf9uYi
MZ,l mWI
qsl<`.EtXLu
O%#!95
Ww!Z:ox
V)q q_aMu
w+fA4/w
Ew$q'fp
RL.sf"I$JD
LV%M_&o+<R
mfAbvbc
jf#Ma:
;HE 9c
CtLups9m?
9cv%`.E M9x+q0.5cvr\;
8nVJ*q
|ZaMub!tf"
[m:,j?
bv}c7q!kWwwb
mf#Va-Iulkf
q3eJ"*9o
qujawfA
@;HA/wJ@j
I$9fsf
?9tMu<h
L'b{g
ok@;wYe@q
f.VcvpZ5
%<z= M03X
N>M_&o+
3RJ- %H*>S0
z(_Z#\%zF
I-vMu+
#%/^h}%zV
;H|Q;|_O'3
;HVcviZM
^HVcvRZH,
Z;|Q9n
CHVcvoZR
Z &Q6i_U'w_?
?w_^h|
^8zQ#%8I<a
O:rCzF
z<p\/i
S#a76A
5w_W'}
;HVcvRZD
N; 3%9
^HVcvhZ_
?wQ;HVcvfZV6}$W ;a
CHVcvfZG
CHVcvaZT
R,d))`
^HVcvWZG
O:;#{$V
^HVcv[ZR
b+OH:r
P-vMu(
$3 -v_M:z
_4?|_^)|
;Hr\<`_r
I-vMu%
;HVcvZZH
HfkMu"
C9zfkMu:
?|_^)|Q(n
;HrQ.j_
V@['vl"
@;HA:w9!
cay1tS
ca0tycr
;Hv-ZVLPsRa%]u
(`#K-`
UHq2+B>
q%`.HVcvmZY,L:O
x&vqZP
@7mhZ6qH
.H$Vd3rZC
Nf.a)Ou6_dX:q?
{W_`I)t
VcvuZQ
;HVcvtZQ
:dM;[@
t\MuHl.H
;~$VhaANu
(`#I;u&>j
UHVcvuZ+
M5F>&nC
%LPsRa
^u6]Mz
uqUjnSc
kVtxLu1
7qZb:?+
y/cat~
)ng~7[
MhE[pZxlncc
UhsRaM
{Z8l7Z
9nm<f,Kjv?
LPsRa[u6_dX
(`#K-`
UHVcv{ZL
h)p"?`
;Hv]?f
Ft,dQcv7~n
X<z{iF>Os
W;`]cv-|R
7r];bv?rlm=
Uu6_dX
\Hq2+B>
$9fi.j{iFS>Os
5PcaEukn
f$V`aA)t:
}cvf0#S
wV})ZF<z
$9fi*Iz,V#
SqZt_2"z-bv
EZz>Hm
Runtime error at 00000000
0123456789ABCDEF
KERNEL32.DLL
KERNEL32.DLL
KERNEL32.DLL
KERNEL32.DLL
advapi32.dll
advapi32.dll
oleaut32.dll
oleaut32.dll
user32.dll
user32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
WriteFile
WaitForSingleObject
VirtualQuery
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetDiskFreeSpaceA
GetCurrentThreadId
GetCPInfo
GetACP
FormatMessageA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeTypeEx
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
7project1
IniFiles
"RTLConsts
System
SysInit
KWindows
UTypes
SysUtils
SysConst
^Classes
3Messages
CVariants
$VarUtils
QTypInfo
sActiveX
8Registry
=Uo<)z
*lu "A[
f0;|{;H
;fV6h0
;fV6h0
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUH;
4PTvey
.#[V#1=?S:
%+LYh5u>
;!_{\B].PlQ\v^`
nQ=wk|
($R4FL[FW1X)^';d
f2#|-)\m
P`2/Le
+/Uub.
xlIM*ap_OA/]
+-nXfCU
he*xy$|
V)ldo`1<Kn
oH<yW7nvNnW1vJiQ$z,@
LqDV;K8ZQrH_e^
W8f\ZR<
dUsL$ 5wcY{
v?&?]vAB
iHO:DaFA35
iI-IcH{q
\I!&+YC ](ufVzt5+, 3[M4fkj
5-6SaW
'9t8 m=6
R<pu@>\2
9L}n&}
ehJ&h7{-n
yC>16^*F$.
)Aq|mSn#?y
W5Wo0bG
@]KhiY
_)6LsR|O
Z"n1DP
1>|`QWl\
5~VL(pXY
E2~'R^xP
3d)S%*-q
U@LbO/
.6;s4 NNjH
MVHypY
ap&S\(
ym':oYL'1
*R<8x=O
/9 r.i|
D[~xyY)c
G~8yHL?`V-d)
r5avJq
Q/>fVX'F
z#` J$
v=qb.OROR?JO
!G'nyz> T
yEo7|
x'IB.fKgh
'%1DfC'jLX6%
`n(OfSb?
E3P#%K
"@@~%/N0u'"|e
{e)4mL^
a_5^%#
dt3)(?Tt/RX\D<
M5&l:N1
+P_N4(KJ2E
ul#2`kD!m
dIv1F@f
5)Z>P/c*Tx{nPLs
C`,'2-j
LXxEq~WE0
_!Vc/@
\h&oo2`
i`C9dVG6
,hK/|\
3AWOM@cI
O,Q`=tHi#A^
P5jr_j?d,
j;21KtqX}%y
9K0lGs^
*,|j}D
\zL+gX>
iY/Qdp_3
1n<]~R&
era:~+o2
<{@cC[
]C|63Im
t,*7|W"
~yI9'']\Ez
F~9BZc
n=T G yxG
J=QZhK
A(X>9:g.[
H|bd6uuw|
@ZzTZ*u
t7Yhv;.U\U{j
4.C~"`
F[9j)>(Du
fd?Dzz$xI
x9C6t=\+Fve#2A
`D6?j,YfWf+675
pa$1> 73K
=dK]JHF
S[,|!R
O&X{?S
p7#}<k
Fpg\0lpS
87@]`@cX
3_5IXL"OQ-
B!UocZ
&Tezb3S&j2+4
|o5;8![(3 I7
/Ai.'3
/FDSqC
mA D4&+oU&
HB'oJ)
Gb=# }
(?DQ=j(
2|U{>KoBJm^
taVV B
!s(F$> :
/C/gAR
az<?54YC
.l#KSn;H{
n,\k8v6@',"8
&*[p`*:,H\zj4
@n /Wu&ePL+CFH=gSw
l{%{}3
GTN|{1`
.$x},r$;h{
(~_RvlJ
-zB<xfI\+,
uDkhW'[EF:
DnaV.w>
GL6bM)x&[
i!Q<sf
7$ %|Rv
@qr*dTB>t
VpPpP~Q
C&S}oDO4Y<3/
dlY5L<
LCRGyl@
nx=f Gb
-u,MXe
m]n;o:
os4<2;;X(]VP
s!>W!2$-/
|E]P)|
dcfJD
r=u.PPd1{l"vn
S&`n5@RE^v8?MY
:z]G>U
u<fYRF,'eY}c
JSff>X
Z)t4^9<c
Iv_OceTE
Y`|MGAjH=4c
)JGJDq]^ ;|gw[
8K3k'@o]_M?8#
fGu%JMG
6E\R*-f
vQ AkC!ls*1
\1WCYjPTY`znr
(PNdUi
9b#}WW}
,1B0K;uf
jX2/rV<}TQ){
dLT]&|49$
u78,p>Cdt
{@f.be<
_uexT'
O=`H[TQ"<5ap
rdxQd=
:iOn 0*<=xD
?:#EX*
m*>> Sn#:[ jWM
K=-kGPZuK%m
r%KGc$Y
uBCZKSW~m&=x#2iq1p|XsU'
'PMqR(ts
9Tk)iK
|OPPdE
8g#1v7{N0`+
N_<'Ls.
xX;9bQ
_#hG{9?lK|
{ddOCR'>
i]Rf$%%2`K
KfH!4Ew[,e:!]2
\[FFgcXL
?wMoWB
N?nJ~PMq_A!
b9rx+.c
SWID~R`Ch
LZOw}Hj^
Nv*tg~(rH
7dFM_v
lO/m0G
}?"W&S
>W=` 7
:P-,]D3
_4z~6HIcI,b
yccmm<
&eYK PMgZp.
~EKA0R
im())/n:-
8yRbq4S8
K\~E~iT
S6:E";Wr
yWGX{3Si}?x
Fu~rIm
*[ 9stF(
OcoQ94
ZEmt>6;
*a{n {W tZk
n|BY*1!
,c3_Z
-;^'aFxO}@CX@KK
2'Jg%8gj
\&#/jWJv'
Twn,E6
KD9(}f
{{J$Sz[Z
omPiI"
(FFrmVbNGWgp:
.'O83|%w
-'fF g/`Y .{]
;Imk)EYa
\5i}A(5
yYNTiW|
PdL^Z*Qh|b`
Vx4Li)
CC3)~:
.<*w[%
0l!NW,Y
ycX0]Q
wc>T5m>
</32U5^z"Um2AlE_
zy"MI.+v HRY?R
@#{ u
; %,?X &P!Y57XJ[
DVO_jW,i#^
S%zvf <$W]^
|Byap-tG5B(p,
{t37=_# WH{
NZlqn|r[
qja[z>T0
*rw<V?<N?
gJo c2k
; 1?"g\8W
M/n&.*u|C
T6PsM'eB
\?Y]1W`
R{KVS{BO0-o"s3
P;JySm
B#?tr\|*Y<&L
,57YbF[8
]#~O!Mge
-PzKw:
$z0,!!w
@1X,Y@ ;
q?/US<
%S1 >\\nS
.=wH1
s4R]t:0
28(gOMfd,3
\)=K->25
>E!Zg@63> '3z@DMj
D _7WQGB[
#(I$_b0
Fn4nZ[Z
^{\V9@&
8m&)`8=kY!G'
[*;11jL
r'_-pk&[o(b
jl)|vz
!Nc+ua
RRMW)2
~Gi G5
UIIPV~
~"h4&wIpk8q
L_TTV7ZOxy
1=&W-;/`F27Y
*HwjabV]JEh
VC* ]%
Ka4RFH
CGJRO>|
Hg_"Ni
&{qlq.[)
fVw"iG4o[l
57YHJ'6B
2'>RY!
E4N>"2Z
!QK0?I Fl=S=adLjMI
J"a&P`zq
'\&AbF
wHdM%{TV-6$uwK,
La=!}2E1
{qTxOjh2
viD} _
'U-E6? \
S9RM9}
?P|fe({VkR
zBZBl*@SF
?S/ylZ
`VhNq3p5PF:w^t./
{OxOA{nd/
&71#,s
I|,1)F/U ^H<(34'Ym?
/1A8fKc
\js4N>l<
e<28-F
o9]?sQ%1/
F5E#O~ ]lY
?t4a5n[
b-eS|P@
kojd=jP
5@;)Ne
:<8\3W
l~ 76b;!
y%]iT>
K$a_Tw
vmg>rL%m86e
^FU%we~
2m~G&6
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
L�i�s�t� �i�n�d�e�x� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�+�O�u�t� �o�f� �m�e�m�o�r�y� �w�h�i�l�e� �e�x�p�a�n�d�i�n�g� �m�e�m�o�r�y� �s�t�r�e�a�m�
E�r�r�o�r� �r�e�a�d�i�n�g� �%�s�%�s�%�s�:� �%�s�
S�t�r�e�a�m� �r�e�a�d� �e�r�r�o�r�
P�r�o�p�e�r�t�y� �i�s� �r�e�a�d�-�o�n�l�y�
F�a�i�l�e�d� �t�o� �c�r�e�a�t�e� �k�e�y� �%�s�
F�a�i�l�e�d� �t�o� �g�e�t� �d�a�t�a� �f�o�r� �'�%�s�'�
F�a�i�l�e�d� �t�o� �s�e�t� �d�a�t�a� �f�o�r� �'�%�s�'�
%�s�.�S�e�e�k� �n�o�t� �i�m�p�l�e�m�e�n�t�e�d�$�O�p�e�r�a�t�i�o�n� �n�o�t� �a�l�l�o�w�e�d� �o�n� �s�o�r�t�e�d� �l�i�s�t�
P�r�o�p�e�r�t�y� �%�s� �d�o�e�s� �n�o�t� �e�x�i�s�t�
S�t�r�e�a�m� �w�r�i�t�e� �e�r�r�o�r�
F�r�i�d�a�y�
S�a�t�u�r�d�a�y�
A�n�c�e�s�t�o�r� �f�o�r� �'�%�s�'� �n�o�t� �f�o�u�n�d�
C�a�n�n�o�t� �a�s�s�i�g�n� �a� �%�s� �t�o� �a� �%�s�
C�l�a�s�s� �%�s� �n�o�t� �f�o�u�n�d�%�L�i�s�t� �d�o�e�s� �n�o�t� �a�l�l�o�w� �d�u�p�l�i�c�a�t�e�s� �(�$�0�%�x�)�#�A� �c�o�m�p�o�n�e�n�t� �n�a�m�e�d� �%�s� �a�l�r�e�a�d�y� �e�x�i�s�t�s�%�S�t�r�i�n�g� �l�i�s�t� �d�o�e�s� �n�o�t� �a�l�l�o�w� �d�u�p�l�i�c�a�t�e�s�
C�a�n�n�o�t� �c�r�e�a�t�e� �f�i�l�e� �%�s�
C�a�n�n�o�t� �o�p�e�n� �f�i�l�e� �%�s�$�'�'�%�s�'�'� �i�s� �n�o�t� �a� �v�a�l�i�d� �c�o�m�p�o�n�e�n�t� �n�a�m�e�
I�n�v�a�l�i�d� �p�r�o�p�e�r�t�y� �p�a�t�h�
I�n�v�a�l�i�d� �p�r�o�p�e�r�t�y� �v�a�l�u�e�
I�n�v�a�l�i�d� �d�a�t�a� �t�y�p�e� �f�o�r� �'�%�s�'� �L�i�s�t� �c�a�p�a�c�i�t�y� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�
L�i�s�t� �c�o�u�n�t� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
S�u�n�d�a�y�
M�o�n�d�a�y�
T�u�e�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�h�u�r�s�d�a�y�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
A�u�g�u�s�t�
E�r�r�o�r� �c�r�e�a�t�i�n�g� �v�a�r�i�a�n�t� �a�r�r�a�y�
V�a�r�i�a�n�t� �i�s� �n�o�t� �a�n� �a�r�r�a�y�!�V�a�r�i�a�n�t� �a�r�r�a�y� �i�n�d�e�x� �o�u�t� �o�f� �b�o�u�n�d�s�
E�x�t�e�r�n�a�l� �e�x�c�e�p�t�i�o�n� �%�x�
A�s�s�e�r�t�i�o�n� �f�a�i�l�e�d�
I�n�t�e�r�f�a�c�e� �n�o�t� �s�u�p�p�o�r�t�e�d�
E�x�c�e�p�t�i�o�n� �i�n� �s�a�f�e�c�a�l�l� �m�e�t�h�o�d�
%�s� �(�%�s�,� �l�i�n�e� �%�d�)�
A�b�s�t�r�a�c�t� �E�r�r�o�r�?�A�c�c�e�s�s� �v�i�o�l�a�t�i�o�n� �a�t� �a�d�d�r�e�s�s� �%�p� �i�n� �m�o�d�u�l�e� �'�%�s�'�.� �%�s� �o�f� �a�d�d�r�e�s�s� �%�p�
S�y�s�t�e�m� �E�r�r�o�r�.� � �C�o�d�e�:� �%�d�.�
%�s� �A� �c�a�l�l� �t�o� �a�n� �O�S� �f�u�n�c�t�i�o�n� �f�a�i�l�e�d�
F�l�o�a�t�i�n�g� �p�o�i�n�t� �u�n�d�e�r�f�l�o�w�
I�n�v�a�l�i�d� �p�o�i�n�t�e�r� �o�p�e�r�a�t�i�o�n�
I�n�v�a�l�i�d� �c�l�a�s�s� �t�y�p�e�c�a�s�t�0�A�c�c�e�s�s� �v�i�o�l�a�t�i�o�n� �a�t� �a�d�d�r�e�s�s� �%�p�.� �%�s� �o�f� �a�d�d�r�e�s�s� �%�p�
S�t�a�c�k� �o�v�e�r�f�l�o�w�
C�o�n�t�r�o�l�-�C� �h�i�t�
P�r�i�v�i�l�e�g�e�d� �i�n�s�t�r�u�c�t�i�o�n�%�E�x�c�e�p�t�i�o�n� �%�s� �i�n� �m�o�d�u�l�e� �%�s� �a�t� �%�p�.�
A�p�p�l�i�c�a�t�i�o�n� �E�r�r�o�r�1�F�o�r�m�a�t� �'�%�s�'� �i�n�v�a�l�i�d� �o�r� �i�n�c�o�m�p�a�t�i�b�l�e� �w�i�t�h� �a�r�g�u�m�e�n�t�
N�o� �a�r�g�u�m�e�n�t� �f�o�r� �f�o�r�m�a�t� �'�%�s�'� �I�n�v�a�l�i�d� �v�a�r�i�a�n�t� �t�y�p�e� �c�o�n�v�e�r�s�i�o�n�
I�n�v�a�l�i�d� �v�a�r�i�a�n�t� �o�p�e�r�a�t�i�o�n�"�V�a�r�i�a�n�t� �m�e�t�h�o�d� �c�a�l�l�s� �n�o�t� �s�u�p�p�o�r�t�e�d�
!�'�%�s�'� �i�s� �n�o�t� �a� �v�a�l�i�d� �i�n�t�e�g�e�r� �v�a�l�u�e�
O�u�t� �o�f� �m�e�m�o�r�y�
I�/�O� �e�r�r�o�r� �%�d�
F�i�l�e� �n�o�t� �f�o�u�n�d�
I�n�v�a�l�i�d� �f�i�l�e�n�a�m�e�
T�o�o� �m�a�n�y� �o�p�e�n� �f�i�l�e�s�
F�i�l�e� �a�c�c�e�s�s� �d�e�n�i�e�d�
R�e�a�d� �b�e�y�o�n�d� �e�n�d� �o�f� �f�i�l�e�
D�i�s�k� �f�u�l�l�
I�n�v�a�l�i�d� �n�u�m�e�r�i�c� �i�n�p�u�t�
D�i�v�i�s�i�o�n� �b�y� �z�e�r�o�
R�a�n�g�e� �c�h�e�c�k� �e�r�r�o�r�
I�n�t�e�g�e�r� �o�v�e�r�f�l�o�w� �I�n�v�a�l�i�d� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �o�p�e�r�a�t�i�o�n� �F�l�o�a�t�i�n�g� �p�o�i�n�t� �d�i�v�i�s�i�o�n� �b�y� �z�e�r�o�
F�l�o�a�t�i�n�g� �p�o�i�n�t� �o�v�e�r�f�l�o�w�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.