1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.87
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:WormX-gen [Wrm] | 20200216 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200216 | 2013.8.14.323 |
| McAfee | W32/Sytro.worm.gen!p2p | 20200216 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b8b902 | 20200216 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(6 个事件)
| section | CODE\x00\x00U |
| section | DATA\x00\x00U |
| section | BSS\x00\\x00U |
| section | .tls\x00\x01 |
| section | .rsrc\x00U |
| section | .xacluzu |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': 'CODE\\x00\\x00U', 'virtual_address': '0x00001000', 'virtual_size': '0x0001a014', 'size_of_data': '0x0001a200', 'entropy': 7.781459389106345} | entropy | 7.781459389106345 | description | 发现高熵的节 | |||||||||
| entropy | 0.8461538461538461 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | GenPack:Generic.Malware.SN!.B4929ACA |
| APEX | Malicious |
| AVG | Win32:WormX-gen [Wrm] |
| Acronis | suspicious |
| Ad-Aware | GenPack:Generic.Malware.SN!.B4929ACA |
| AhnLab-V3 | Worm/Win32.Sytro.R27096 |
| Antiy-AVL | Trojan[Dropper]/Win32.Agent.a |
| Arcabit | GenPack:Generic.Malware.SN!.BD1341ACA |
| Avast | Win32:WormX-gen [Wrm] |
| Avira | WORM/Soltern.oald |
| BitDefender | GenPack:Generic.Malware.SN!.B4929ACA |
| BitDefenderTheta | AI:Packer.4E2AA94C1E |
| Bkav | W32.HfsAutoB. |
| CAT-QuickHeal | Worm.Soltern.A.mue |
| ClamAV | Win.Worm.Sytro-7109020-0 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.b59397 |
| Cylance | Unsafe |
| Cyren | W32/Soltern.C.gen!Eldorado |
| DrWeb | Win32.HLLW.Sytro |
| ESET-NOD32 | a variant of Win32/Soltern.NAA |
| Emsisoft | GenPack:Generic.Malware.SN!.B4929ACA (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Soltern.C.gen!Eldorado |
| F-Secure | Worm.WORM/Soltern.oald |
| FireEye | Generic.mg.c5305c8b593971d2 |
| Fortinet | W32/Parite.C |
| GData | GenPack:Generic.Malware.SN!.B4929ACA |
| Ikarus | P2P-Worm.Win32.Sytro |
| Invincea | heuristic |
| Jiangmin | Worm.Generic.zke |
| K7AntiVirus | Trojan ( 005568151 ) |
| K7GW | Trojan ( 005568151 ) |
| Kaspersky | HEUR:Worm.Win32.Generic |
| MAX | malware (ai score=80) |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | W32/Sytro.worm.gen!p2p |
| McAfee-GW-Edition | BehavesLike.Win32.Sytro.cc |
| MicroWorld-eScan | GenPack:Generic.Malware.SN!.B4929ACA |
| Microsoft | Worm:Win32/Soltern.AC |
| NANO-Antivirus | Trojan.Win32.Sytro.fwlmvn |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.47C7.Malware.Gen |
| Rising | Trojan.Kryptik!1.BB30 (RDMK:cmRtazpVPdddtVe8Ums7Sww0QKfc) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Systro-AB |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Malware.Win32.Gencirc.10b8b902 |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
8eb90f63ff7fc0bd388dac1d27b3afce
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE\x00\x00U | 0x00001000 | 0x0001a014 | 0x0001a200 | 7.781459389106345 |
| DATA\x00\x00U | 0x0001c000 | 0x00000778 | 0x00000800 | 3.85836319129189 |
| BSS\x00\\x00U | 0x0001d000 | 0x00000a25 | 0x00000000 | 0.0 |
| .idata | 0x0001e000 | 0x00000bfa | 0x00000c00 | 4.866195168814016 |
| .tls\x00\x01 | 0x0001f000 | 0x0000000c | 0x00000000 | 0.0 |
| .rdata | 0x00020000 | 0x00000018 | 0x00000200 | 0.190488766434666 |
| .reloc | 0x00021000 | 0x00001c74 | 0x00001e00 | 0.0 |
| .rsrc\x00U | 0x00023000 | 0x00001400 | 0x00001400 | 3.48566346147267 |
| .xacluzu | 0x00025000 | 0x00000400 | 0x00000400 | 5.110332907643245 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00024018 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000242dc | 0x000000b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.DLL:
• 0x41e1bc TlsSetValue
• 0x41e1c0 TlsGetValue
• 0x41e1c4 LocalAlloc
• 0x41e1c8 GetModuleHandleA
Library KERNEL32.DLL:
• 0x41e2bc Sleep
Library KERNEL32.DLL:
• 0x41e0dc DeleteCriticalSection
• 0x41e0e0 LeaveCriticalSection
• 0x41e0e4 EnterCriticalSection
• 0x41e0e8 InitializeCriticalSection
• 0x41e0ec VirtualFree
• 0x41e0f0 VirtualAlloc
• 0x41e0f4 LocalFree
• 0x41e0f8 LocalAlloc
• 0x41e0fc GetCurrentThreadId
• 0x41e100 InterlockedDecrement
• 0x41e104 InterlockedIncrement
• 0x41e108 VirtualQuery
• 0x41e10c WideCharToMultiByte
• 0x41e110 MultiByteToWideChar
• 0x41e114 lstrlenA
• 0x41e118 lstrcpynA
• 0x41e11c LoadLibraryExA
• 0x41e120 GetThreadLocale
• 0x41e124 GetStartupInfoA
• 0x41e128 GetProcAddress
• 0x41e12c GetModuleHandleA
• 0x41e130 GetModuleFileNameA
• 0x41e134 GetLocaleInfoA
• 0x41e138 GetLastError
• 0x41e13c GetCommandLineA
• 0x41e140 FreeLibrary
• 0x41e144 FindFirstFileA
• 0x41e148 FindClose
• 0x41e14c ExitProcess
• 0x41e150 WriteFile
• 0x41e154 UnhandledExceptionFilter
• 0x41e158 SetFilePointer
• 0x41e15c SetEndOfFile
• 0x41e160 RtlUnwind
• 0x41e164 ReadFile
• 0x41e168 RaiseException
• 0x41e16c GetStdHandle
• 0x41e170 GetFileSize
• 0x41e174 GetSystemTime
• 0x41e178 GetFileType
• 0x41e17c CreateFileA
• 0x41e180 CloseHandle
Library KERNEL32.DLL:
• 0x41e1ec WriteFile
• 0x41e1f0 WaitForSingleObject
• 0x41e1f4 VirtualQuery
• 0x41e1f8 SetFilePointer
• 0x41e1fc SetEvent
• 0x41e200 SetEndOfFile
• 0x41e204 ResetEvent
• 0x41e208 ReadFile
• 0x41e20c LeaveCriticalSection
• 0x41e210 InitializeCriticalSection
• 0x41e214 GlobalUnlock
• 0x41e218 GlobalReAlloc
• 0x41e21c GlobalHandle
• 0x41e220 GlobalLock
• 0x41e224 GlobalFree
• 0x41e228 GlobalAlloc
• 0x41e22c GetWindowsDirectoryA
• 0x41e230 GetVersionExA
• 0x41e234 GetTickCount
• 0x41e238 GetThreadLocale
• 0x41e23c GetStringTypeExA
• 0x41e240 GetStdHandle
• 0x41e244 GetProcAddress
• 0x41e248 GetModuleHandleA
• 0x41e24c GetModuleFileNameA
• 0x41e250 GetLocaleInfoA
• 0x41e254 GetLastError
• 0x41e258 GetDiskFreeSpaceA
• 0x41e25c GetCurrentThreadId
• 0x41e260 GetCPInfo
• 0x41e264 GetACP
• 0x41e268 FormatMessageA
• 0x41e26c FindFirstFileA
• 0x41e270 FindClose
• 0x41e274 FileTimeToLocalFileTime
• 0x41e278 FileTimeToDosDateTime
• 0x41e27c ExitProcess
• 0x41e280 EnumCalendarInfoA
• 0x41e284 EnterCriticalSection
• 0x41e288 DeleteCriticalSection
• 0x41e28c CreateFileA
• 0x41e290 CreateEventA
• 0x41e294 CreateDirectoryA
• 0x41e298 CopyFileA
• 0x41e29c CompareStringA
• 0x41e2a0 CloseHandle
Library advapi32.dll:
• 0x41e1d0 RegSetValueExA
• 0x41e1d4 RegQueryValueExA
• 0x41e1d8 RegOpenKeyExA
• 0x41e1dc RegFlushKey
• 0x41e1e0 RegCreateKeyExA
• 0x41e1e4 RegCloseKey
Library oleaut32.dll:
• 0x41e2c4 SafeArrayPtrOfIndex
• 0x41e2c8 SafeArrayPutElement
• 0x41e2cc SafeArrayGetElement
• 0x41e2d0 SafeArrayGetUBound
• 0x41e2d4 SafeArrayGetLBound
• 0x41e2d8 SafeArrayRedim
• 0x41e2dc SafeArrayCreate
• 0x41e2e0 VariantChangeTypeEx
• 0x41e2e4 VariantCopyInd
• 0x41e2e8 VariantCopy
• 0x41e2ec VariantClear
• 0x41e2f0 VariantInit
Library oleaut32.dll:
• 0x41e1ac SysFreeString
• 0x41e1b0 SysReAllocStringLen
• 0x41e1b4 SysAllocStringLen
Library user32.dll:
• 0x41e2a8 MessageBoxA
• 0x41e2ac LoadStringA
• 0x41e2b0 GetSystemMetrics
• 0x41e2b4 CharNextA
Library user32.dll:
• 0x41e188 GetKeyboardType
• 0x41e18c LoadStringA
• 0x41e190 MessageBoxA
• 0x41e194 CharNextA
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
P.xacluzu
O(Ocp?I4K
_s1sa=_
N(Os0:
/H<R_l(
N(Osviv,]0p5
,Ec:|<
,Ec:Ix
jX7x[n
&X7xCn
84~jh7ky
qS,QNb
0pr(]Jn0y
'3zK)\
"Y%#81l
h<k':|
{LY~lDFJ:R
<zqKlDZJh$k
#`Oc0=X(lNI
'wo,QN
k04: 2<
?(Js0E
S)g8D,
hdk$KP
]pDj'w
&Fzlj(;t>|0~
^(dW$cR
s'cmZ|tu
(:l)mdT+x
/M0j\9
lD;('M
DCr$W9
>q(KsE
u :YHCOX#4
,{XcL[{o/3p
4JjjFk$
4Bl|kR,
W<1n+|
|~ QrP
o{j$k'
|Ldfj,k'34y
+^b[,n
4Jd;|6|0|D
0d#h/hgoa
U(OyXzN
(|e|8OY<#7
4iOe1\he"
}N(|~&X
U(OyXzN^
4l/QNj5y20Q(g8D@
8rG&9J
he}'x4iODEg(yo'8p
k;6~n/QNQ
cM$!$rZF=pz
bK!o19 W
rX)O(9
bKypX8w
!#j+s0:N
7!MI*:1
ybK!54R
|X}rM'@H8DY|7
9e^@0sa
\%k>jFE
?T"rWJB8s
ridT+x&JO
u @"0:{
pcFjsK
!fj(ElM4&
"LE^bKSvo{
rSJh/op9
"}@BiYwL
#hmE'1:<!
Zq[j%D}rM"oRr
4zM M'~(l{
$r(QL/3{
ce !Fv
DIrBFbM%cz>+!zJ5y20R/Xs
Z7iO'p8
3p(Gw1
rq:{0"'r
}@"cm0kT;!y-4iO
kay$dDs=
NjdnH`N
|@wdEb
N\'#8
hO,Nuj{
RqO7c\
J)Jq2yB
Nj,kv$l{
;_z20~+$k|
3_z20?
]"D5M(
jLs3OBc5
wl@jLj$v
19X8ws
<+E~E<(!|A
0pr"Q>{e
RP7Rg=
c`3hOs
J!iODz
sDc$};s01
s'ZE|^x
N(o(7z
#FG9\`m2
Mtf<+Nl\~PL
-=tD$i
u"^D&`
rE&l3:ic
k7+jyke
?%7DOF
s\2XJ|X
He(ocmL
x7DO6Sy
$%sjPh|
#|l(7z
z)XrSZL
]mMo(p
L|~c`Q7
9Kq~jB3|
r0:X8lw
NBO0:^Xj
XuJAdOsVEt
+:G@I5"X8Fm
N\L8eqx':
-gdNs2X80'
u1o*QN,%X2
,DL)O:
etFv,{@
!UN$h{
10}Cu#]
q^5#K;
*v| dDYOOs
7DOF hBqD
!,nwn9
nd]k`N91 AP
v8]Mn@6#r@Bx_f3.i
(J({8yp
F_!{tN-*GTO
DL!NwmN
jxC# &i
D-UiDxT
@Rd:+64HJ$
4 Ho8p
Rr\_~DA
{[% <Q#T/o0p
Ns'c30
Ns01Q7
8}y+$ix@gPNaS
4z> M'hz{
QZ8w 1(O4D
Xx3K:OsL
`SdiX8
B!iO,3:
9BO'28Me
.,Bt4r
NPh@t4
:.,pw|}:K(Dw1Nlr0$IlM
y9|3F6Mq {*$
.3wlOtgaEGsY}KT
4DW};&s0RP
47DOG7NwmN
p;H9wh
3onxC`
(ODEm8
sck0{I4C'lkynQZ8
N('c($u
:!Bygwss@
bP!ga\knxY
gd~hN|D
2cT+X8
y1(Os0X8
/X8xC3
(Ocn)X8(
\"X8'f
(O;X8Bs-H'
I[5X8
NXCX!T
AH<GXP[
Zb7s@D7H
$:-EGd7K
1V4*u'/jrtVm3
$ zo&qb*a"
W5"j$q
N\Hs4:z9|D
X#_XRT
PNjmHc+J$`^!iOVE\^te
I<%QOjX8\
::EHy0
9dLj('c1+
M(+#v0:
-.p0mL5D
fYJqMp
DzJj[_)Dt
w5]-ky
2DrFj^)DX8~_q9
Ldoj. 's>u
'&1$p8
N"ls0Q
,twE}cHD+>\\/,Oc
cc,DYr
!Ssy+xDy:
~)'AV{>
@l zsL
Qejh)Eg
cm>!i}Dr`d;
z'kylGD
X9zNA}
N? !d8e0
<s~>W+x
O/ E+x
s01n+t
@ jE2y
s03|<|$p
h &0pzNr
rIKlYF%
'(bO|%:
llk!a8t
d#+'hch^c
BPY87DOrTj
74AN(*v0`[
zOA}bE
c8DpN(O'1<9Z
.oaX8Dy
i(<s0:
hCPLNt
tb+s0N2,v
Qh2~X87
N;;Dr{
^1iO)?>
/x&JO
X8|F(O7z
sDLh w@z
a00T":
O"}@ f#>
p2:V]oK6\70_|1
G:(,s|
}3}'R7p^<
JhOkv(j{
VFh,U/<O
_'n0z{
@0F JO
yp,Ob7iO',(1U
7t)QN\
w+QN^D
$@l20B
B<(qO8
8wq\^'dj
aO x!Leb
}!Kl20:A'-2t
;rq:{-W
@(S3c|\N
S.oaKX
"D|:Ls0E
T2Oj]c
3\['9F
:hTEa0
A$BODER*\8g
0pr:T@!'
M(hw :R
8{brLMj
:NtuDtELM
r^j;NVg
DhNnm7s
ht{FB5~}}?
)F*kB1vs;
*O$3q:
}0^099oO
.LIb:N69
(Ms0E:61- G
g7DO|:O
"|:cH%D
Y:{orF
eFlhD.E
Uz!62%'Tq
)9Nnt2
&rZTeMz
)!w'R$
dOsoamL
Fmr~0cqlXaQ
33J.\>lF_
"dKjcaR
"NEEmL
Xh #00pzJ](7z
0prZ0@(E^
ScmZi<
/O @c,B
&DJ0:|@
'iX8vC
)DhiRL
(bK}Vp
#*nqk`&9
4rP0'cmZ~DJ
tx|o'0p
l,|DFE
0j,k's
368,Jrq
<|V$' k{z
3zL#)'}V1%i
4$rGvF
Wb-8^ _JdT+x
j,GcoS1p
21 [|T
kbN$y{RDrVJ
os5bX8
:h~~60l
tlaS4w
yb9SZD
mQ.Za/p
S<OJgP
!\X)Os
hcB0<Y
X8t~FW
Ng0_,3
!Ns0S0
Y !0prWJj?
J(OGbk
N(Lw}2B,
8nDl<W
'=s0Wk?M
",jw}~u
"8jc}i}B
9'<8EM
zL#)/8?
DyCH(|l48BZXxt
527iOo
57iOoe1T
qAs0E >
G(]GD3
;(cr9sC
O(Ot`k8
r\j!{9hN L
N~Zk>h)-frj
G(]GD3
;(cr9sC
r\j!{9hN<L
N~Zk>h)-frja
oi>(7RE'/L:
)!2i+x
N&lks0:
Er]Gj7
SOhX8w0
zlj(=2y|4
s01~+l
99F+XJlxlj`
EsP;K8
pDjm|w:F+XL
/0M|0~
zlj(@>
(@9:bN
4}3_'7
]GD"ER*\8gn8p
%61gcC
oTd24R
s0,LdMhm/4Y91
M4L7'5bm?YM
/3jy(';
AN}'z2<!$x
'5&+Ns09
(Os2_c
usd9>+R
KjZs0a
h}%61O
UML5nX8
?OPOm'61z
x! 6E/[9LL}bKMN;r
&1<!^%x
W-k1R*P8g
JF#(OsEs
O$]9y@
X%dDjGv
0p:\d:O
xpEhm'63
sd;uBjm
wrUaPN|;
,M0X8z'
!Gh G0pt
=Jt"(OswNC6_
}+(Ose1
XRlxO(DFE
ABOR:gX8wo}p
XR@xO(DE
'tUBOs?
OjckaHP
(@(0:8ta 2(OY
SpQ;Dhc
'LOeh%B
D\)OXJ
usc\{9J
-D*s0:
3N('c1X8o/
s'hN(cR>D+<]138X8
7)}!}'
,|l)i^2
!}@"<:
t@p301
9e"qQV7
0Dy|:z 'qbEj
y{12!(
Nse1\c
#$O'e1
}32Ts?>
=JO(OG
/*C1:0h
HmFM-c
~ap,2n?+;
B*zDMK
ZnvzhW0
O|N(NLX
^r][71o4
7rEKs0Qi4PO
9Mdy]GA
Nj+> x
jmD*EV
''V jm'9
xhO!6RT
4s0:r08B
jkK31:
hs4:Q7
1iOD^E
2iODjE
t@30yZ0
z=4iO
L&-O|20
Su=W?.v0sm\
/z-F6iOS
)EX8 )0p
LA(EGWX
:<(7'N
*T3*g3xD
$w!bq;
8# N8sE:
8#)N8sE:
<8#,N8sE:
18##N8sE:
68#&N8sE:
+8#=N8sE:
8#0N8sE:
%8#7N8sE:
Z8#JN8sE:
_8#AN8sE:
T8#DN8sE:
$w!bq;T(x
J(O6H_
N(Os0:
N(Os0:
D\B5Wy%a
N(Os0:
bxe:Z=
N(Os0:
N(Os0:
N(Os0:
Lus9sa
N(Os0:
bxR7M=z
N(Os0:
^_J*Ws
N(Os0:
qv"_s`z
N(Os0:
N(Os0:
q_>q(:s0:
N(Os0:
N(Os0:
Np:s :
Lus9uy*^DOIe
N(Os0:
bxu<D 8z
N(Os0:
N(Os0:
N(Os0:
Lus=y`.]b!48s0:
N(Os0:
fUc,Qyg
N(Os0:
bxf'M(z
N(Os0:
N(Os0:
N(Os0:
N(Os0:
bxu<A 5QVjx
N(Os0:
N(Ostz
N(Os0:
Dyn,}
N(Os0:
b<Zsdz
N(Os0:
qD5s!
<\8XN(
CNf+7x
N(Os0:
#n5s09
N(Os0:
N(Os0:
\S]9\y8
o|LF.f
g7DOF9DE
Oq<3/:|
[:]-ky
OpbFa5pU
,179.9w
@$@Os0Rh
#FiB,0wE
OecH`:w11P
,W8C\5=
tN}@BP
pDj3{0#|41
tDjcj20
4Jb[EX8
:5(Om41>
L)O4? G
jm'&R
xEC7DOp&S
9w'gi?~L
fg3>:~pq<
OugMaoDaaQ7
}lMP`Y?
/O]^%g3N
oDc~|A
=8'A%y'D\
cm/G}s]^hU
r]JDfX8
pM;g[R
9,N}BI1q
Nju.8f
AW~KSWOJJi
| 3)\t6
};OQH8 x
EcTa[ 9
'&9 YM
y,-w~y
:5[5G;
3Z1ok(7E
xLfAhE
EDW?lqCPN
Yw~~>:'
EJ4P8M
S1Q8Dt6
L4OvdEa
S4:+:G
F}@"2o;
0shQ4}
wNq}@nmY}
NY;OsC:z}
L(O/"?X8
A i(c29Phz '
(O&X;kM
7H ]]B5UL3
j}G/"?X8K[1
XQsMX'Ks
v0:dxdI
kpf1OmL
+OE0:u
Xy.x8QN
RQ8oE%
$SaCs[
%H3:F4aO
5%Mi{MoBQ
G3QH[bi|p
%4B/pUh}s
3X8$rm;
](<|/eQ]GJr>?B1E%
;L:@hg
/~lB2y
{b:_XPgE
}yCx+&RvC
O(!sE^
0djEdTce5DOF
:ZSsv8QNj
`Ec0owp
S&,jwA7zF9q?.QN^s?X8
Si1oc?
NI/7%Lkd
zJPwR_x
$~ZEjgdxo
SJdV8x
Ose1<!
j:EX8}0
`1wc1oup
JO &?30R
DzE40Wx
NO(sICvX8x
NM*sEX8
!]lv1:m
xn.QN{1d
-k1R*\8
, qXO2
GEZKPhVo1rPJ_{20R
P#6P1o>p
2'V(jw
G3\G/RH
xvhO!6
G>{ZQx
aE yhB\JD
b!z*{0:
$WFG^N-t|r
cU2}X?(FE
Nh_s4:
,&(-_d
0pr}!r
4cU2}X6(Eb@4
OsDr{m
`x,u4zs53y
J#iOe1
0%uZjTh &0pxm8O|
X8 [0pr
-)E_[b+
BM!DIp
0pr}!r
jSs0ktm
XstE@s
'fe;uFLk
x}hO!6R
"sI.7z
O:F.Ee
XnX4(w:x
5301/-
8~7DOX,(
Xx79r9iO
%cNk~U
}3_o~V
|(TW4rTj
l201~+7D
Du!\),O
NJHqICZY
;X8$+O
q,#0>7
rxeQ+x
D}r}!rXq:{
scmZc/
\q9}N(
J(bE, w
jckaHP
|DDj!}@"cmP0kng.QN
HByx0
AJ-l20D
LX(TlG5]O:
G(Okvm{
(,=To#3|
7bD|{.QNe;5ONX
DjN(Os0:
N(Os0:
NBOsy\
m$Q~oD
N-ZER!|_y
#[<OsyZ
h.3U#H<(OR
CAT(EJ
Nj"EJ,k '-0p|;
NE`\I:
+SICvX8x
NI"sEX8
-OsqjBX8x
"sEX8cNj
c13-=
"{|q c[
S?{0TPg
8wxPNB sky:
=Jt"(OswNK+S
q-m7s:
\|roH'DykA *'c
#jD@3~
VSIk(Y
ejN}&zs\
$r}Nd;HEOmM
;"@0<|R
h<k'~<:
jSs0Kn\
jrQ?+c
/zkF])D
2'vv&nCS0P
'8hn_sZP
;T"xo2p
%$j-ky
#js0h|A
Lh K40prVn
x7DOr@V
1(OuF
q+%cXZOm
,{ywrUjhoDnE<(
SuBwXM
BUPNl}'61z/
0V?q69z
Z20njmS3<1
!dEjm/<R
N5Osx{
NTsh|{
(OsD{{
(OsP{{
(Os|{{
Nj=s430R
%@OZ\x
ww.QNX/Osz X>
Hs01/O
8 3k0pA(s0
HxokPp
cMx'fYdsA
p '~mYls]
x 'RmY
7':mYs
*T3*gxD
u'e1<(
#dAY,s
$w!bq;
iO'e1<(
O"W4BK\xL
UhO p;
(Os0X0
N(Os0:
fHf6L
/]0EN`
d=(sN47&"_EBBE
F j)'mV;>
> xN]@
Q'yX8sG
Mz>u,p/jXE
jm_$fE/o0
8tC$tEjO0
NB@.'61"Ho0p
oe1\9|0
0prEF`
`PlXa
D9KdCjjG's?
)E_e 9
9E$\z|
v$o'Fa(0|
DbK/8Oe
s'cmZ|}
(`@|{:
N()ku$H~
[;/HG?
G;V1=,xLq0YhO'|F
X8sGr7
,Ox:ZhO
<@+H1:
ZhOpXMb5
JZhOplXnL4
NjnG5s\
{6sX8XW
0U}pCB
JDNEiac
uF6d4nIp
mkH~o9
30|OJs:(y
+$NFz>S
G50prElmDbE
z&482|
5(joGv
c 0~$rWFhnG'4<3|
'FslmD>E
us0&ItC
SdTce4
x*O]HDE
')'6 >{
NW|1,X8
KOX(O!6R
sGrUBOs4:Xj
(&+OuFL
,c4o9p
x7DOb%g3wa
X^v|v :eF
S@cV(4tU
u1e+rD\
,S\X^va
X8sGr6
s'c9c7@w7(OSWGOi
m309O!y
(m30'Oi
(m30'O
L(&m30O,
pA^kGG)
zLk9d sMc
+!% hOD
0pr%Ls0R
5c9c7@w7K(OSWcO#
-(bn30
(n30mO#
(n30mO
^(=n30;O
s0L}(Os
3n+U|F
pDjKd>,@c4
%0^1,3'
3{1Ok(Dy939
(o30cO
N:kGwO
&083~+|
|$,Td W,a~+
Z",jzca
SrAV+Tg?=
(h30yO7
(i30yO7
((i30O'c
N<kGt~
BXp33T
X8G~pTj
|2| ,W
(WQnPOpTj#o
o$&{F9%i30e
0prTjKt.|<(LKK(
jckaHPA
m(2~o!6RT
!}@JiYc
}!}'p^<
5SJdTce4
j}DE<(
u'ck20
3R%X7DI
0p}; AdT+X8
NOs0:I
(bN}V9
3'7Q}.ko Tp
'+RtG+]
(ke30Oh
X^~$M(ks?;
rUFhkG'6<3y
+z\PfDyvZHQ>
0pv.Os
h8SJdT
G}M({`
DE<({3
G}M({l:q
7DO\(O
|l)i^0<B
|l)i^0<B
'V1$iiu4cEjk
Ne;1|xdT
O(@(0:E
1"xo+(p
s'e1<!
,k}{pEhm'.
S%4>{>
uN]j}!6R
\4LoO*p
"$tEjQ0
;r]j}'61"to'+p
}@JiY|u
x+O]G'
]ggsdS\iGC
o$$U=Mq.!-5
(~30NOX
[uFYP
$rUmGyO
.dTce4x
Na!<@:
0ppUh}'6R,
g}krUbEY:
|4T`*PN
8sS/-PNX
{zO/;;D0c
^jm'&j
_>}@bi
0|(y30EOL
|({30O
E 3:^X
(&(Ng:
wrUjeDRE[8
rUbN~Dr
#9'6Rp
y{+rU>@GrJ
*OuFg}
700)~)ob
9w{ejjmDE
P>E'6Rq
XsrEjmDEoY8
X:Ys01
THPlM&$K
)ks7|c
sN(eBJ
j}'61w
N~.<@:
FrElmDEii9B=[
XSyKr]
$PNlmDNE
!'(s0J
]AVe'&7
;r]l}'61"l
w/rEl<
N(|fX8sGg
S%4>{>
wN]j}!6R
wtEjm'k
wrEjm'k
sc1iiw4
= ,0pr
z48%<G ?!}@uZcmcF
*2@Q H
u 92>:G
}@uRiO
q+%cXO}
AV,:<!U~
(bEX8tg]g}
x,;&PNbqo
x,;&PNbqo
xj@YkGoK2p
K)mdT+X8
F j)'mV;>
7Cs01>+c@
;z> gy
hODNEQ1o/p
{ZqfD) (7z
NNFyD\
Y#7p,9W(hkGy
)/$,+j
zZ1odec%
ikg8D\I
GS"$1R$x
0)=1H8
NQ#ic^^to
N({48+x
"{)'kV3 iib4D
e;rz{x
4Dy`Qlia
T[$}wrMQs7
Wy'r6jw
9dIQ:0E
~oHE:8x
N"T4|<|S
)'sV:/e8
!NjS|j\
7DDLS|y\
+%SV1g
tEjmGD
se1\a{
ix{`R(
Nq}@fiYc-4z
8P>z+ 0pt]l}'
:4HL7'J
~o/<(>}
t@K307
,ngX7&JO
,:n4cU
1<3? 0pr3T\@158GdP
J{y40$
X5DyIs0:e
Sb&=t|
xN(OQ:
ll:y{r
zG1s0E
5/X8K[
N'us0W+f
N(@(0:
E0:}/op
`lmDFZE_X8ZB!P
(O!61,2
v;3[iS
PNX*Os]^
oe1^Q\8Y;
0ppUjmm2R
ejmuFB
hOFpX1
}N(Dx?>
XAeOsR9
:@(0:Gb
0dl}DVE}/ocp
>lDHtE
l!6Rti
NS7Q0/m/op
Hs8[}9Vy~`q1
8 oN0p
{SGty~X8
kJ7V1< Y8
4j}'61"D
J}@"cm
;H(qdT
y]1$|D
!\]4j&|D
fDybD"|E
;R*\8g3
e5DOb4
$oXlL4$A
'jm'&R
V'm4tz[k
Mq{tRp
q+%cXkO
Mq}@ Nk:9tL
8HpL6FB"hO%0,
(hO%0t
d\pL0=F
+hO%0h
HxpL8<F
b*hO%0\
\ pL\>F
2/hO%:
zN(pxX8?@.u(O
t@Z30y
K8#]N8sE:
@8#PN8sE:
E8#WN8sE:
z8#jN8sE:
8#aN8sE:
,OsdOjX8x
h_|7DO(
+%S;z|D
'}e;eF
I*h8'VpJ
,H10.sx
e$6Cs_Tb
'M'94:@
8OaMyV1;
OtcQaMcA:
5XgDyF
h:FyJ*
(OEc/<w1bG
ynE _^y?
/70XN`
K8 6tP:
=XOsYw
FXrG^`Os8"O
ynE _^y?
/70XN`
FtUjR"EB
!+'q}
lD`Os;
N ]A'e?
$pUh]'0 :
t@S307
+s0EX8
jjnK%7
!q7vs",jz?
,W<3~+{
ye@jlkd6|
0py(J%W
os0&ItC
-C|Tu-p
b6(O'6838TDv
#B@qq5s|Nu
N ]A'd?
$pMhU'% ;
Zy"}Fbuo
(jm_Ez}
8P5QN-*
$"}F9%2097d
D}r"DbEQ7
FXrG^`Os8"O
ynE _^y?
/70XN`
5>HO00
NUs0zvd
j,k'`qe
|p4JbC(7z
8s0EX8
w*2X8wDYrTj[;18|
:zL3'YDs:
#9E&0-
$w!bpq;^y
N(Os0:
Lus<i{=Y
N(Os0:
UH}*7o
N(Os0:
b!hHs0:
N(Os0:
D*6BU}p_y
N(Os0:
Lus:hj<}
N(Os0:
bxd+Z=
N(Os0:
QIA,~ ]
N(Os0:
N(Os0:
N(Os0:
UNJ*W?
N(Os0:
4Rs5vf,7
N(Os0:
N(Os,{
ly=\Es0:
iO'`H|+LDOY
/D#UIf,]^(Ots[|=Ky
N(Osz{
O(Ocp.
|/[*s07z
QNj(ec^202j?
iOs02[,J
/G DSa+$S
C_|X7g
P^(Os07z
|/[*s07z
N(Os0:
eyu/As0:
N(Os0:
rs=rn<T
}!d@s0:
N(Os0:
rs;|f=k9
N(Os0:
CUb=Uu/
N(Os0:
d<I"'{
N(Os0:
b(O'gS{*7g
^T{9UKw
0(W4bK\x
*Oshna
NOs0:IJy
|dx~e,
]Ua6Lg
N (Os0:X8w}+8
(Or0nnx
N(Os0:
N(Ost{
`![s0:
N(Os0:
O20Rd*
NbC'oaV7
'nj\:c
|'e1R'
WRJHq9V}:
DUr:\_'
'D8(O'1
.O8Az3~
S1<: '0pK
a <zgF
XDH}:\
'EIPq"U}
ejnKDJ
2'e1R)
'641^8
vEmMQr
x7DOzFXy
/0-;~o#
$S{9g7DOb%g3oc
0ljoK'+8
`-OeF:
^JWsVNv
9dMjhMoe1
,kU}{r}!}'tkq^<
'Z"QTce4
j|luF1
r}3}'Bjq^<
1.VeCjhG%6RT'
w4p}!r
8iO')8$$|TU?V
+O1?Lt
GncR+x
jmE`48W
NS)\|q~
Q(duN_}
I*h8'oqJ
jckaHP
cM1DAr
(O1 X8
|):|BI
.j0woac
jBEj|<1
h\~ysr
cSeFI41
)IlLunIX8Os
u:^HxO
r@F4Sy
/1%"N|
< 0ppcBs'cmZc/
0|8S'1Bc
\S}Oa+0
DUr}3D*E
?'mE^X8w
PH8z-A
uF.X84np
Ph 0prSJsz2_
x7DOF5S1
D\yjjE
nN}sr9
q}@ fc
)EcM'e;s*{
0pxjiO3Ej'
Pc0o0p
(O11.J
q}@"cm
0#@!20?
pr'Ls0J
S,ncR+xxLzhB]H^7
:X(O'&812Tf6
rPFjhGocc!
~o!Dc[
k\c^Ix
$3SdTce4x
,k}wpUjm'&1h
N2\s?>
): 0ppU
\=SeNn;8|2o|wuN;p>|t1
sa3.+h9
z['ucx
p(9'|?
}@NiYk~
P(OeL'X\
FrUj8gJt
jm'K6h|T
'>~rEijI&551o`
h|l)i^0
7iDyb%g
)L|<3u
D}r}!}'Xq^<
\,ncR+x
}!}'ZXq^<
|l)i^0'B
L(OD+E
!}@ZiYk~
\ykCc(hEz
HN(O!>1oc
0prUj(
'k6gQ`
Czd;uBB
'BlmD(E
e5DO~\
1Wy5'J
8QNjmD:E
Mq}@BiY
}!}'Cq^<
rEjm'{
|wmBc{
(+SCT3
h\~ywr
P8EkGu
{+jckaHP
^8~sLN
D}r7'{"
jz1"<e
NjmDE<(
(OjckaHP
c=`(O%6
0nj}'^k
ARjmD'E
*T3*g@jy
wrUj K7z
y+N|l)i^0D
#he%&3
m~o'6R1X{
'j\@3|/a
G}pVbjN|
%f6Njx
OpVZj8Ek'lF
s'ck7DOF
9dRkkRrB
}(DEXcDLr
fDy6(:
o EX8|D[=$
hX87DOF
jVEcHe
rS^l,'f{
rSZ2X1
rS^ll$HcxfO
|_q9+=T@'f|{
o EX8|H
hlkHD6pd
=W'z3n+2
G/ eQ7
2r"_1Hu
0_s0Q?X8
s0>z<x
"}@ fc/
xq9+=V@'f|{
c4oc=p
#,O'e1\
DWr(s0Lc{DL
rC^l<ro
|_tdAj=
u<3%BN|D
j^?scKD
"}@JiYa
:XuB9J
,DY8Mlk_DD
@fDy}:_S
2012y87DOF
,O'k#,DLr
sOsf1q
rEc&okp
|~8Ek
4B(%21i
\kD6<:|
jj|ka+x
JlzmB]D-
x%=N9Vc
]/H0=Z
Mjh[%61
5!`0oc
N#{EpCD
jV?{|L
s : 9V
p0/'6R
cm:,0tC
kG|'vhm%&1
0Kq}@ bzM&DLr
F}@ f>{
j)'68P
DWrmBSEZ S0pr}3DE
\8}{?U
O@IsIm
DLym\@DDkg]8LKv
#jnK)L
|Tt-sr
^hxCGx16[h
-j ojD
jhk_(7z
}3'k*P
@cb4t]D'
J&iO01(t
J&iO91(.bx
DG|;Bq
)SdT+x
4c9\|I
G3\G/R
X8tCDHN
!\G'%<R
hOs0z X,
N(Os0:
aR*H8g
r}!8Q;LbK%Oeea
X8 +0pI
S}F\{o
hwm~re)
!\M'LN
1hc8'}s
q+%cX3~N}
2TsDY}
79E&&m
^gw492DjE
*T3*g&
W4ne5'B=
iODraE
fDyF;'
sGzm\\_'.H
,k|]}srUjx?'
|l&X}N<}
(OuFX8|
M(sc1+KO
X^tD9'f
/(OD*2E
W0K\^tD
:Q1>+i0
!}@ fI
(Xq.04n6q
pr(WbpU
DWtUj{[DBD
cxpAdYS
I*h8'n:qJ
-k1R+x
:(O5!`1y
4Jh,k'
H4F(Ot2:|
d!\B''
LjkKDE
|(O'=$}
DWrCFjcC'041
eYj%ck20
"}@"cZ
KR_3=+bD
:Ose1\\
X8 .1pr@JjmG'312H/
r@j RPwr
xrUFjhx;PwN
rPj`g'681zk|
G}!}'<=q^<
1prUFl`'681jc
CRjmG'3Lz
(MjckaHn
G}!}'<q^<
rEFjz%1
h\~yktEjm'k
s0Zh0njmx;9'
{rEhxS'6
iV g 1p
U]F'6Lz
S@cV(rUj}%#
jckaHP
C0uT'~
"}@NiY~
|l&XhN<}
(OjckaHP
>cyX8~T4B:
wr"s05zN
S&Eq cV
4J:lk,|a7DO
Nhlkt2dk+bb
{r"|s0+zN
S&Eq c
4F:lk,|3
F jtR
w7(O&{
N(Oq3:
(A20nNrl
DRE<!4
]dT+X8x
b;(OsEX8
,Os~VcX8w
wr"s08{
0GTjK 7n+:DL
K)kyZYv
PZ)n0nlmDvD
gj201:m
EjkK%D.
TuNX8UuQN}
TE'6:F
@71:_M
yK'6|zw}
DWrUFjh'3(le
<5n_QN
'681rZY
'681zc
Nje'&1
)\SGO8[8=D
Ose7oc
0pr]j}'6R
$tEjmDn::s
I*h8'L/qJ,
B-L(OD~D
#@*20?
N#;Rc*
;8wwdZj}'
o,ncV7
X4oG#p
b\IqDSe
XQNlmDD
Mq}@ 2+
"}@"c1
r0:\8lD
0pz1b[y:
8]<QN#I
NjmDN3:QX8=
$L(ODjEV
x]iO!6
G-k1R+x
|wmBc/48s
0~ik#j
{rUhmj6
7' h,k/O
JOxd1;{x
9eIjVE
fDyF%(S`mF
"o`Os0a
HZ,^0njmG'3
',hmeuiX\
FtEjmG'3
9dUlmD
t@~201
|l)i^0nD
(hnGE0:j
Z1ocfi
QNlmDBD
Dy(D\R8
y(D\R8
;O('cc
u'WF' 4
pc^s'cc!
7'!h[S(7z
>xjgC< 0
D)*uZH[
,k|_F.
jckaHP
!{tcD{os
#hk_e1e
?9E&NB
''r'j}'='
xiO!6R
jmDr8:Z
ejmD7:<(
9S<H-q
spRnjmH:{}
4rUjho%61y
szf:P1oc
K\$rUbPo
~{wdWjm'#
D0prEjow
pUjm'3
P@3j?c
Lo%"(N;y
$n2<F.
wp@Vjm
EQNjm'3
x84*-3|
jckaHP
s0b?4n
Nq}@ b c
byX8zv
NjEaR*P8g
(?O-ky
'8>{k|D
"8s0Q(
r"4s0a
q"MOsEX8
"s01X8
s'e1\c
xmF(O,
`ybX8zv
EaR*P8g5'
I4N'b\
b%g3oa
fE5Psw{ d(OuNJDy
|l)i^0D
$erEjm'{>P
7DOjmG'39B/,
jmG'31z
l:(+SCT3
FrUFjhD
$s0+,?cTle'}Nk|
#@N20?
P0h+<y
q+%cXLN}
PScR+x
DEVlL
t?.R+}
<rs0:N
LjmG'38
4rUFjhG'#1
'68aR6
[ON(Ose1
wrUFjhDfE
I!]o'68^
Dj!}@uO
!u'689B-<t
"}@BJh
wrUFjhDEV
#C}!}'
7(+SCT3
wrUFjhDEZ
DEVc
D(OjckaHPp
!\DDOr
0lXc/4jj
NjSK)D
!&1y
N|Q$P8
8u,:'P{
xjEc(,
jmG'38Jh
su'e1<!
fiODVD
rPj}DrEY8
|l&XGN<}
9<(Otc
I!\R'681jc
'&81ha
szbj}DD
jmG'31r
Oi0p};
I*h8'?
Ose1e284n
[LrUFjhG,LysrUFjhG'#1
NpW'VcJgS
wrUFjh'3
krUFtYJx
0PSmBJc`
4rUF_R
"aZ0nle'681jc
PuBwX7sq
jd|s8{
0peT-b
biOq?X#s
eiO/ )
Lg )O^
X8z$D\
E1:+J&y
(EJ {$1prEjmD2:Y85n
'rMhmejX\
8 wO0ppU
hy5n+QN
51ptU
'&1X84
t@f+207
*myR M
*~NN(061Y8
X,Osy~
h\~ysr
K1p:$X
GncR+x
m}~o!&1t
2 m1oc
O21ppUl}
TSdTce4|
+dFbD*D
i @1pq
k#,$rFFDE
rcZd;N:p7{op
tNs>(,?|T
wnG}rS^
J(o 19|D
NloV1/c
8$r'SQ3?
&GS"1d mM@
rS^d;@t
y,j]B)Dc2x
!\a'+8
Hs|D++t8aG
9dHjhW%6R
{'qigy
zsR s'7z
,k}sr9:~>}
9djh]j6
^<w04Yc
9eHc:M@1U
b'bL I1p
cM1DAX|G(Ec
( 'z0pKq >PG7DOF
W`lLwK)
a`&FxN(O-ky
Nq}@ frM
MsQ0X{
!S`1:\e5DOjmG/
+%S2DmD9
I*h8'q1
8 C{0p:Q
GRN^^y
I*h8'nq
Lz=8iO
;p#xop
lc QNS)|zqJeTo-K
N}@@Rsz
N(Os0:
N(Os0:
O(Ocp*
c13,1w
r0:PZ87w
N"Ls0y
+:4Q8<(7
?(Ok5(:
X8tCDIKq{
OpSJlk_DRDT+x
6h dT+x
0dJe:p)7
#'JjmD*E
h "1p|Aut1h k!1p
\dTce4
F1prU
tpdHbU
x',d@86Q
0r',R<rG[
3 (;N:
}/0xwiOS
R-k1R+X8x
NtOscmZ|}
<#[ Os
h r|\|O
:(O-ky
jjEc,DHr}3
4t\jLs0tC
y{zNj%j20
;xyok1q
-k1R*P8g
sI.:tC
|luFJ
!}@Ni{
s>PV(MuF:
xxiO'61oa
4n/hq
|!M<5EV/7O
b`P*sEX8
M*StMa7YuN
b*G)'X
@!\*Sq^/0]
__/-T|!L*]U_
|nG8 _^jv]
D#7GTc9\
7V0=I;
0OsxM/7
SqY`6L
Os}t/9KX/C*SQ^/,]
\Y{7V
6OsgTk/K
Os}Y}5]
Ocx|t+
]oa9HuN
!\*]U_
OsrHc6\
_a*YuN
\~`6T
u6(OsEX8
4Osw[k9L
OsqQn-]
\Ux4W
1Osj^n=
B_wX8x
|"G8 _^jv]
?Oscw\
|!L*]U_
b'F*SC_n+
y G8Sh
y G8Sh
u<\ ]U_
__wX8x
OsrN{=
9`P*sEX8
7OsxVi4Q
Osc[}/Y
c!MoSTMa7YuN
YV! ]x
=Aq:Zo
OsgHl9^\
b`P*sEX80:M)SQN`k
g \J}<M
Cb_;Js%M7sEX8
IY`(Mu6(OsccR
N'1,lM
? (1p}:X!D
x[DiO!F
u#tOsc
!V;iODzE
G, sT{6LN
R./|Yn
N}@@k^
zNlmDjEPK!
X8o'kq
k w1prU
#zN(|l&X
NaWv20R
=phV;iODE
OslUi/Y
b!G)/gTk/K
_f]68x
9n_lEC
8 k1ptb
E^m 71ptb
4I(OED
8yo[lq
#QNs?v
f:qmmF@
(yoKmq
\'&[d:71
M!sEX8
|"A=sEX8
#Os}BZ4W
$Os}BZ4W
'Osk_n;P
? s1ptN
PE:zV0lZB
IDE<!LZD
X8o3Uq
$SdTce4x
DT{X8x
Nl&sEX8%t
&OstIn4]
wN{s0:
|_t<}:
J1T+X8x
N}@@k^
kGUWQN
:\EDE|
ov20R@
mD~oDE<(
Runtime error at 00000000
0123456789ABCDEF
KERNEL32.DLL
KERNEL32.DLL
KERNEL32.DLL
KERNEL32.DLL
advapi32.dll
advapi32.dll
oleaut32.dll
oleaut32.dll
user32.dll
user32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
WriteFile
WaitForSingleObject
VirtualQuery
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetDiskFreeSpaceA
GetCurrentThreadId
GetCPInfo
GetACP
FormatMessageA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CreateDirectoryA
CopyFileA
CompareStringA
CloseHandle
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeTypeEx
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
7project1
IniFiles
"RTLConsts
System
SysInit
KWindows
UTypes
SysUtils
SysConst
^Classes
3Messages
CVariants
$VarUtils
QTypInfo
sActiveX
8Registry
,_s3x`4]
O(Ocp?I4K
_s1sa=_
N(Os0:
/H<R_l(
N(Osviv,]0p5
,Ec:|<
,Ec:Ix
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU8X
:0sO(N
4PTvey
.#[V#1=?S:
%+LYh5u>
;!_{\B].PlQ\v^`
nQ=wk|
($R4FL[FW1X)^';d
f2#|-)\m
P`2/Le
+/Uub.
xlIM*ap_OA/]
+-nXfCU
he*xy$|
V)ldo`1<Kn
oH<yW7nvNnW1vJiQ$z,@
LqDV;K8ZQrH_e^
W8f\ZR<
dUsL$ 5wcY{
v?&?]vAB
iHO:DaFA35
iI-IcH{q
\I!&+YC ](ufVzt5+, 3[M4fkj
5-6SaW
'9t8 m=6
R<pu@>\2
9L}n&}
ehJ&h7{-n
yC>16^*F$.
)Aq|mSn#?y
W5Wo0bG
@]KhiY
_)6LsR|O
Z"n1DP
1>|`QWl\
5~VL(pXY
E2~'R^xP
3d)S%*-q
U@LbO/
.6;s4 NNjH
MVHypY
ap&S\(
ym':oYL'1
*R<8x=O
/9 r.i|
D[~xyY)c
G~8yHL?`V-d)
r5avJq
Q/>fVX'F
z#` J$
v=qb.OROR?JO
!G'nyz> T
yEo7|
x'IB.fKgh
'%1DfC'jLX6%
`n(OfSb?
E3P#%K
"@@~%/N0u'"|e
{e)4mL^
a_5^%#
dt3)(?Tt/RX\D<
M5&l:N1
+P_N4(KJ2E
ul#2`kD!m
dIv1F@f
5)Z>P/c*Tx{nPLs
C`,'2-j
LXxEq~WE0
_!Vc/@
\h&oo2`
i`C9dVG6
,hK/|\
3AWOM@cI
O,Q`=tHi#A^
P5jr_j?d,
j;21KtqX}%y
9K0lGs^
*,|j}D
\zL+gX>
iY/Qdp_3
1n<]~R&
era:~+o2
<{@cC[
]C|63Im
t,*7|W"
~yI9'']\Ez
F~9BZc
n=T G yxG
J=QZhK
A(X>9:g.[
H|bd6uuw|
@ZzTZ*u
t7Yhv;.U\U{j
4.C~"`
F[9j)>(Du
fd?Dzz$xI
x9C6t=\+Fve#2A
`D6?j,YfWf+675
pa$1> 73K
=dK]JHF
S[,|!R
O&X{?S
p7#}<k
Fpg\0lpS
87@]`@cX
3_5IXL"OQ-
B!UocZ
&Tezb3S&j2+4
|o5;8![(3 I7
/Ai.'3
/FDSqC
mA D4&+oU&
HB'oJ)
Gb=# }
(?DQ=j(
2|U{>KoBJm^
taVV B
!s(F$> :
/C/gAR
az<?54YC
.l#KSn;H{
n,\k8v6@',"8
&*[p`*:,H\zj4
@n /Wu&ePL+CFH=gSw
l{%{}3
GTN|{1`
.$x},r$;h{
(~_RvlJ
-zB<xfI\+,
uDkhW'[EF:
DnaV.w>
GL6bM)x&[
i!Q<sf
7$ %|Rv
@qr*dTB>t
VpPpP~Q
C&S}oDO4Y<3/
dlY5L<
LCRGyl@
nx=f Gb
-u,MXe
m]n;o:
os4<2;;X(]VP
s!>W!2$-/
|E]P)|
dcfJD
r=u.PPd1{l"vn
S&`n5@RE^v8?MY
:z]G>U
u<fYRF,'eY}c
JSff>X
Z)t4^9<c
Iv_OceTE
Y`|MGAjH=4c
)JGJDq]^ ;|gw[
8K3k'@o]_M?8#
fGu%JMG
|O/i|e}!pdmGG,._
)zV~?8-k9{c
J^n'uPv[/
r;)(K9H<l
"7ret6Tg
KWeP":7?LM
[|@I}f
Ie|w,%0z
(6#T]B'
uPs}0a
8s)X"k'#O
l%fK)Y
EH<7U6
Apd&-H/|
=<@>bD|6.
E|FZyU
4V74QRH
^4r RJp`M
KUpPIc
x#})p6
CR7)kBn
vH~p~g
6fU]3`|[GV
|@s-AEM
?2Fyoy
-4<pYzr
1Njc{$ztAZ
|y;^zi7*7%
;!e7Cor
:)c{f"/|
Bh^ ; v[
A:uD7g4G!Z;
|s/%~jBE"nNz
pZ'+":J7=n
h`o<|nP
f"uJIIqC
x.WGVn"
xAO1\H^e-
w:ZLYp99
mS _ i
5hmdVM`"
`2]>Y!
^U@X?P%<D*9skOJ\
oNGTt`
z`)opN
Lw=p4-}
_v3.V3
$!]"oJ'o&R&A3\!;
WMT`)?o
<CsT+UE(tqS
(V2s;(
Yo6bvP+
R2r|]91m':T]
WDH"]&c
au-5\3tR/
j~rn9 hn1C
KZM.9OcV
fZkHv}1[;ztJd
FK82]*C2>K
BN_C92
AVeQh9`O|k[Y`V
55R42_
.Mh&m\Wo(n&
N-~iSl[CFN
~/dr7]!
o_f2>N
"QqWmc
#RSC^^fY
AFr>t1'%}Bj
,ebva7
? {-/ qF^TS(=w4j
dhKVc'zm<^p
R`&4f.
I0W)*]X$So
f5wh]6-A$Bm7&Q
]FYA&{I3+|kW
|r>om[GhFEo-
9Zr1c(+w
dR=aAJ
|:T~?Q^fcHs
+fc8P?$
@jjV>Vxl\8
E$P2`|z?vw
qTOH|4rw0
2Tl1&@@#|U
x5 <g7+
=@[#IyC,"")
y~!xvV
hA?)@A
#]uivm
~D[GG:
>A63%f1,DzG
R*t\+"BPHC-g
H3XA|PB
3zW r$
)03;K#U|S
]KfmyO2,E
FD yeMWa2Agz\K
<L$a*o3
_?k`}^Y}
NqP~@Xbj' l!U
=#^'Y!{
~=6dO1g
~>PteR
IoYa0>VN
+`P4gAR
bv32|'
yLwG!H'
-H7=+I*Y`
2q&zbH
Sw>OAp
Bk/3gsW3
VXne_%1\O4I
\3<V"Jg
U$!U_X?
3q, 3d'
j&A.,70
E'krcwr|\
aIb\ND ?
-}:("HjP
6HZCZP
IIr, EAeZ
G [^$yi\={bLxu
&ma[!
\846tIvHk
zC@c8_
+<h8f#LIz
z;Ds4R
[td7hy%
xJrN<(V O
C)Ij! W+x/e/^)'5+pr]
j4S\R9hj
Xg~xvyW.n
k%e! [
58(gzZ
Fag"x#-~(~
P?iP`JDt<22
v)&a^Mfi/nC}H
Z92=ou"hP
,;'ZuE
zqh5)r
\Q:=IX<
TZu6OB
fZ?U)w[
,FmXkq0g
;'Wv {Bw
zJnY"BK]_XK4
RM{V6wF
!Z~Y]e
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
L�i�s�t� �i�n�d�e�x� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�+�O�u�t� �o�f� �m�e�m�o�r�y� �w�h�i�l�e� �e�x�p�a�n�d�i�n�g� �m�e�m�o�r�y� �s�t�r�e�a�m�
E�r�r�o�r� �r�e�a�d�i�n�g� �%�s�%�s�%�s�:� �%�s�
S�t�r�e�a�m� �r�e�a�d� �e�r�r�o�r�
P�r�o�p�e�r�t�y� �i�s� �r�e�a�d�-�o�n�l�y�
F�a�i�l�e�d� �t�o� �c�r�e�a�t�e� �k�e�y� �%�s�
F�a�i�l�e�d� �t�o� �g�e�t� �d�a�t�a� �f�o�r� �'�%�s�'�
F�a�i�l�e�d� �t�o� �s�e�t� �d�a�t�a� �f�o�r� �'�%�s�'�
%�s�.�S�e�e�k� �n�o�t� �i�m�p�l�e�m�e�n�t�e�d�$�O�p�e�r�a�t�i�o�n� �n�o�t� �a�l�l�o�w�e�d� �o�n� �s�o�r�t�e�d� �l�i�s�t�
P�r�o�p�e�r�t�y� �%�s� �d�o�e�s� �n�o�t� �e�x�i�s�t�
S�t�r�e�a�m� �w�r�i�t�e� �e�r�r�o�r�
F�r�i�d�a�y�
S�a�t�u�r�d�a�y�
A�n�c�e�s�t�o�r� �f�o�r� �'�%�s�'� �n�o�t� �f�o�u�n�d�
C�a�n�n�o�t� �a�s�s�i�g�n� �a� �%�s� �t�o� �a� �%�s�
C�l�a�s�s� �%�s� �n�o�t� �f�o�u�n�d�%�L�i�s�t� �d�o�e�s� �n�o�t� �a�l�l�o�w� �d�u�p�l�i�c�a�t�e�s� �(�$�0�%�x�)�#�A� �c�o�m�p�o�n�e�n�t� �n�a�m�e�d� �%�s� �a�l�r�e�a�d�y� �e�x�i�s�t�s�%�S�t�r�i�n�g� �l�i�s�t� �d�o�e�s� �n�o�t� �a�l�l�o�w� �d�u�p�l�i�c�a�t�e�s�
C�a�n�n�o�t� �c�r�e�a�t�e� �f�i�l�e� �%�s�
C�a�n�n�o�t� �o�p�e�n� �f�i�l�e� �%�s�$�'�'�%�s�'�'� �i�s� �n�o�t� �a� �v�a�l�i�d� �c�o�m�p�o�n�e�n�t� �n�a�m�e�
I�n�v�a�l�i�d� �p�r�o�p�e�r�t�y� �p�a�t�h�
I�n�v�a�l�i�d� �p�r�o�p�e�r�t�y� �v�a�l�u�e�
I�n�v�a�l�i�d� �d�a�t�a� �t�y�p�e� �f�o�r� �'�%�s�'� �L�i�s�t� �c�a�p�a�c�i�t�y� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�
L�i�s�t� �c�o�u�n�t� �o�u�t� �o�f� �b�o�u�n�d�s� �(�%�d�)�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
S�u�n�d�a�y�
M�o�n�d�a�y�
T�u�e�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�h�u�r�s�d�a�y�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
A�u�g�u�s�t�
E�r�r�o�r� �c�r�e�a�t�i�n�g� �v�a�r�i�a�n�t� �a�r�r�a�y�
V�a�r�i�a�n�t� �i�s� �n�o�t� �a�n� �a�r�r�a�y�!�V�a�r�i�a�n�t� �a�r�r�a�y� �i�n�d�e�x� �o�u�t� �o�f� �b�o�u�n�d�s�
E�x�t�e�r�n�a�l� �e�x�c�e�p�t�i�o�n� �%�x�
A�s�s�e�r�t�i�o�n� �f�a�i�l�e�d�
I�n�t�e�r�f�a�c�e� �n�o�t� �s�u�p�p�o�r�t�e�d�
E�x�c�e�p�t�i�o�n� �i�n� �s�a�f�e�c�a�l�l� �m�e�t�h�o�d�
%�s� �(�%�s�,� �l�i�n�e� �%�d�)�
A�b�s�t�r�a�c�t� �E�r�r�o�r�?�A�c�c�e�s�s� �v�i�o�l�a�t�i�o�n� �a�t� �a�d�d�r�e�s�s� �%�p� �i�n� �m�o�d�u�l�e� �'�%�s�'�.� �%�s� �o�f� �a�d�d�r�e�s�s� �%�p�
S�y�s�t�e�m� �E�r�r�o�r�.� � �C�o�d�e�:� �%�d�.�
%�s� �A� �c�a�l�l� �t�o� �a�n� �O�S� �f�u�n�c�t�i�o�n� �f�a�i�l�e�d�
F�l�o�a�t�i�n�g� �p�o�i�n�t� �u�n�d�e�r�f�l�o�w�
I�n�v�a�l�i�d� �p�o�i�n�t�e�r� �o�p�e�r�a�t�i�o�n�
I�n�v�a�l�i�d� �c�l�a�s�s� �t�y�p�e�c�a�s�t�0�A�c�c�e�s�s� �v�i�o�l�a�t�i�o�n� �a�t� �a�d�d�r�e�s�s� �%�p�.� �%�s� �o�f� �a�d�d�r�e�s�s� �%�p�
S�t�a�c�k� �o�v�e�r�f�l�o�w�
C�o�n�t�r�o�l�-�C� �h�i�t�
P�r�i�v�i�l�e�g�e�d� �i�n�s�t�r�u�c�t�i�o�n�%�E�x�c�e�p�t�i�o�n� �%�s� �i�n� �m�o�d�u�l�e� �%�s� �a�t� �%�p�.�
A�p�p�l�i�c�a�t�i�o�n� �E�r�r�o�r�1�F�o�r�m�a�t� �'�%�s�'� �i�n�v�a�l�i�d� �o�r� �i�n�c�o�m�p�a�t�i�b�l�e� �w�i�t�h� �a�r�g�u�m�e�n�t�
N�o� �a�r�g�u�m�e�n�t� �f�o�r� �f�o�r�m�a�t� �'�%�s�'� �I�n�v�a�l�i�d� �v�a�r�i�a�n�t� �t�y�p�e� �c�o�n�v�e�r�s�i�o�n�
I�n�v�a�l�i�d� �v�a�r�i�a�n�t� �o�p�e�r�a�t�i�o�n�"�V�a�r�i�a�n�t� �m�e�t�h�o�d� �c�a�l�l�s� �n�o�t� �s�u�p�p�o�r�t�e�d�
!�'�%�s�'� �i�s� �n�o�t� �a� �v�a�l�i�d� �i�n�t�e�g�e�r� �v�a�l�u�e�
O�u�t� �o�f� �m�e�m�o�r�y�
I�/�O� �e�r�r�o�r� �%�d�
F�i�l�e� �n�o�t� �f�o�u�n�d�
I�n�v�a�l�i�d� �f�i�l�e�n�a�m�e�
T�o�o� �m�a�n�y� �o�p�e�n� �f�i�l�e�s�
F�i�l�e� �a�c�c�e�s�s� �d�e�n�i�e�d�
R�e�a�d� �b�e�y�o�n�d� �e�n�d� �o�f� �f�i�l�e�
D�i�s�k� �f�u�l�l�
I�n�v�a�l�i�d� �n�u�m�e�r�i�c� �i�n�p�u�t�
D�i�v�i�s�i�o�n� �b�y� �z�e�r�o�
R�a�n�g�e� �c�h�e�c�k� �e�r�r�o�r�
I�n�t�e�g�e�r� �o�v�e�r�f�l�o�w� �I�n�v�a�l�i�d� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �o�p�e�r�a�t�i�o�n� �F�l�o�a�t�i�n�g� �p�o�i�n�t� �d�i�v�i�s�i�o�n� �b�y� �z�e�r�o�
F�l�o�a�t�i�n�g� �p�o�i�n�t� �o�v�e�r�f�l�o�w�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.