1.0
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.80
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Dropper-NZI [Drp] | 20200526 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Urelas.b | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200526 | 2013.8.14.323 |
| McAfee | Trojan-Urelas!CCA1B638D00A | 20200526 | 6.0.6.653 |
| Tencent | None | 20200526 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | GSYGDSYD |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 40 个反病毒引擎识别为恶意
(40 个事件)
| ALYac | Gen:Variant.Graftor.148398 |
| APEX | Malicious |
| AVG | Win32:Dropper-NZI [Drp] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Graftor.148398 |
| Antiy-AVL | Trojan/Win32.Urelas |
| Arcabit | Trojan.Graftor.D243AE |
| Avast | Win32:Dropper-NZI [Drp] |
| Baidu | Win32.Trojan.Urelas.b |
| BitDefender | Gen:Variant.Graftor.148398 |
| BitDefenderTheta | Gen:NN.ZexaF.34122.piZ@a4OuNmd |
| ClamAV | Win.Malware.Urelas-6717394-0 |
| Comodo | Packed.Win32.MNSP.Gen@2697wr |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.8d00a9 |
| Cylance | Unsafe |
| Cyren | W32/Urelas.AM.gen!Eldorado |
| DrWeb | BackDoor.Golf.198 |
| Emsisoft | Gen:Variant.Graftor.148398 (B) |
| Endgame | malicious (high confidence) |
| FireEye | Generic.mg.cca1b638d00a9b75 |
| Fortinet | W32/Agent.49CA!tr |
| GData | Gen:Variant.Graftor.148398 |
| Ikarus | Trojan.Win32.Beaugrit |
| Invincea | heuristic |
| MAX | malware (ai score=80) |
| MaxSecure | Trojan.Malware.121218.susgen |
| McAfee | Trojan-Urelas!CCA1B638D00A |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dm |
| MicroWorld-eScan | Gen:Variant.Graftor.148398 |
| Microsoft | Trojan:Win32/Wacatac.C!ml |
| Qihoo-360 | Win32/Trojan.Dropper.666 |
| Rising | Malware.Heuristic!ET#96% (RDMK:cmRtazoFpgv1Np2WVB7gMrT/TZyU) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_GEN.R007C0PEQ20 |
| TrendMicro-HouseCall | TROJ_GEN.R007C0PEQ20 |
| VIPRE | Trojan.Win32.Urelas.ab (v) |
| eGambit | Unsafe.AI_Score_99% |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-08-14 22:10:58
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| GSYGDSYD | 0x00001000 | 0x00028000 | 0x00000000 | 0.0 |
| GSYGDSYD | 0x00029000 | 0x00013000 | 0x00012e41 | 6.462187800503667 |
L!This program cannot be run in DOS mode.
GSYGDSYD
GSYGDSYD
@.reloc
jgVjdhXA
_^33z8
8V5x1A
jlPD$0
^8ULLpA
^L$H36
^L$H3z6
3^L$H3N6
L$L^3326
SW3j>P$
fuh`LA
SUVW3h
3D$"D$&D$*D$.D$2D$6D$:D$>D$BfD$FHA
fT$ D$
T$$RD$ Pj
T$ RPh
u0h<MA
fu.hHA
|$Hj^$
u?D$ P
RD$$Pj
_^][331
SVWdMA
RD$"PfT$$#i
MSMPu)
_^33O+
3SQfD$
MSMPu)
3WQfD$
MSMPf$
D$ j@P'
fu+t-h@A
uKh PA
SUVW3h
3j>P$R
PL$6Q3fD$8W
D$"D$&D$*D$.D$2D$6fD$:D$
PL$0Qy'
tz_GBP9s
fu+uS(
D$-SP3\$4U
RD$$D$(D$ D$,h
D$4PW\$(\$$\$0\$4
D$"D$&D$*D$.D$2D$6fD$:f$D
L$HQWWh
T$PD$LWh
$SUVWj
T$LhOA
_^]3[Y
[YVWVj
@uVW$
D$ PQ'
D$8RP'
L$8QR'
]3[YWh
][YQSU-L0A
_^][Y_^][Y
3lQSWj E"
~PFJWP
[YSUVD$
@u-T0A
GWVjPj
u/;u+A
L$&3VQD$(
fD$,|F
T$ Rt$
T$ RD$ PL$
u#u T$
tJ;~8+
D$ SPF
_^][3^
RD$2P|$0L$ fT$4A
\$(\$ t
t$ 33f
D$(ST$
~yT$ L$$RD$
WQD$$?
QD$0R>
3VQD$(
D$.3VPt$$t$ t$,fT$4=
RPt$ x
RD$ PL$(Q
f9T$ ua|$
L$,QT$
_^][3;
SVW3;t
^0WWWWW
AAKu;t
AAFFf;t
Ku3;uf
SVW3;t
^0WWWWW
AAFFf;t
Ku3;uf
U S39]
;t$;u
;tU;|BMx
YYt"Mx
39]fD~
VVVVV[
;t3f97
uf93u !
jEPhLpA
_VVVVV8J
VW3M]9}
E+)E(V-
3PPPPPEN
Y}V*YEE
SVW39}
}O;]rOt
u+WuV2
M+;rP})E
YYt)EF
YY]jXh@SA
@@fufM
@@fu3_[]
^0WWWWW
GGBBft
f_^]UW}
SW=H0A
E3B;r9]u
S3VW;t
^0SSSSS'
3_^[]j
jEPhLpA
7GGEPj
RPjjEUCh
M]EUVe
Yu)jAXf;w
E;ErCE9Eu
3;Er/w
QuuuSg
u>9ur9w
`p33_^[
U]UQSV3;u
^SSSSS0
^SSSSS0
IGG;r3_^[
U S39]
;t4;|"Mx
SSSSSd
,ffffffE
P~CC>Yu
3PPPPP
t4+t$+t
ItQht@lt
3F tBP
itmnt$o
PVP5}A
YYYfgu
YYY>-u
jj0XfQfE
t-RPSW
`pM_^3[
1 B8rA
;r"(tA
;r =(tA
W3E}}}
FFf> t
at8rt+wt
E}9}urE
E9}u:eE
FFf> tj
FFf> tf9>
Y]3u;5 A
+SVWLpA
1E3PeuEEEEd
Y__^[]Q
E_^[]E
9csmu)=
URPQQhL{@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
jXEU;u
Y]\3_[^j
0VVVVV
WWWWW6
W>+~,WPVYP
Y/V|Yt
Y}3u;5 A
V34809u
u&30VVVVV
P4UM`8
<PVEP(
r3VVhU
QH++PPVh
,P+P5P(
\D+48;E
0?@Y1(
8+0_[M3^j
WWWWWr
DDDDDDDDDDDDDD
8csmu*x
VW33};
VVVVVD
u&hP8A
3PPPPP
@Y<v8V@
3VVVVV
VVVVVt
;t$t j
EP4\uA
EYF`[_^
Gf>=Yt1j
3PPPPP
3Y[_^5
UQV3W}
@@ft<uf t
@@HHf9
@@Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33Sf@A
`]YY?sJM
u+@S@WS
_[^SVWY
jTh UA
Ej@j ^V
[j@j ~9
;rE9=A
UV5dvA
UV5dvA
eYV5dvA
YYt:V5`vA
P^YF,t
PPYF4t
PBYF<t
P4YF@t
P&YFDt
YF\=8A
YYt4V5`vA
E3E3;u
F$|3@_^
i3G}39
MOI;|9 M
SI VW}
HD9#U#
MLD3#u
]#\D\D
<at9<rt,<wt aSSSSS
L9]u<eE
F> t>=upF> tj
/SSSSS
Wt1t'P
GW"YYF
UQSVW5
;r@PuR
WPWPWv
whu;5{A
8]tEMap<u
Zf1Af0A@@JuL
@;vFF~
XM_^3[j
Y^hS=<1A
Y%u wA
3W;to=~A
7YY~PE
USV5<1A
SV5H1A
t7t3V0;t(W8Yt
VYY^3j
Fpt"~l
j *Yfj
Pf;r]*
QP;YYu
3PPPPP
t4+t$HHt
ItUhtDlt
HHtYHHt
2itmnt$o
PSP5}A
^YYYgu
9YYY;-u
t-RPSW09~
0@?If8
@@u+(u
u(9t M
`pM_^3[u
EU_^j
WWWWWJ
3]V3;|
VLYt.V@Yt"V4
]39}~0N
D=VPSYYtG;}|fE
YYM_^3[q
5~Yu'9
YYu,9E
tAt2t$
eMapYL
E`p:39]
_};= A
SSSSS'
tGHt.Ht&
^SSSSS0
Y+t7+t*+t
;t0;t,;t =
uEPuuu
SuEuPuuu
$ MeHM
;tSS6@
tSSS6u#
E+PD=P6
_8VVVVVL
9ut(9ut
SV33W9u
CCGGM
tBft=f;t6EP
Map_^[
UV3W95
;u VVVVV
GGBBM
B(;r3_^[]
SVWLpA
1E3PEd
Y_^[]USVWUj
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
S3;VW|[;
t58t0=
]V3;|";
u${0{VVVVV
]Y3C]~
u}uyG+j@j }YYEta
3SEEESX5
PZ+t Q3
tVURPEPQ
Iuu}]U
+EPRQL
?Yj hWA
Y+t"+t
+td+uD
3PPPPPr
P{EY3}
u@OdMGd
u wdSUY
WPIY8A
YYt,t(
;t0PWYt%
S3VW;t
^0SSSSSo
3_^[];t
^0SSSSSho
*oVVVVV
@@fu+E
H]UWVu
DDDDDDDDDDDDDD
SSSSSi
tGHt.Ht&
^SSSSS0yj
Y+t7+t*+t
;t0;t,;t =
uEPuuu
SuEuPuuu
$ MeHM
tSSS6#
CSSS6s
E+PD=P6N
_8VVVVVc
9ut(9ut
cSSSSS
;u.bSSSSS
MfMf;u!f;t
E`p3^_[
H8]tMapUj
MlX}9_
u+`SSSSS
;u+`SSSSS
E`p3^_[
H8]tMap
QY}SzYE;t
ESV3W9
u8SS3GWh;A
E 5T0A
39]$SSu
;~Ej3X
3;tAuVWuu
t"SS9]
EVYuEYY
3;tuSWy
uKYE;t
e_^[M3
MQu(Mu$u u
UQQLpA
SV3W;u:EP3FVh;A
39] SSu
ESEYu39]
e_^[M3
MOu$Mu u
4I6-Iv %Iv$
Hv8Hv<H@v@HvDHvHHvLHvPHvTHvXHv\Hv`HvdHvhHvlHvpzHvtrHvxjHv|bH@
P5GYF ;
P#GYv$;5
GY^]UV3PPPPPPPPU
ru{vnM
tR:QuMPt<:Qu7Pt&:Qu!Pt
@AE9]r3_[
+UV3PPPPPPPPU
^SSSSS0VS
f;v6;t
Map_^[;t2;w,OSj"^SSSSS0R
0;u,ZRWWWWW
u+9uv&PE
E`p3[_^
u,] ;t
3;v.jX3;E
;uL9=A
Y}SIYE;
wIVSP+
]5VYE;t'CH;r
PSuwSESP
9}uH;u
E;t CH;r
PSuFwSu
3{_K|u
L1$!_^[u
HVVVVV
^s)EPj
Map[3PPj
ffffffu
S3VW9]
u.FSSSSS
v(IFSSSSS
E`p`E9X
8]tDMap;E
;t+3_^[
u EVVVVV
uYF;~[
-WWuuj
WWWWVuWu
VYYE;t+WWVPVuWu
ujYEe_^[M31'QL$
EPQEPEj
AAu+Hu u
RQMQVp
Map^[UWVSM
B:t6t:t't
WVS3D$
bad allocation
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UTF-16LE
UNICODE
Unknown exception
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
112.175.88.209
sanfdr.bat
:Repeat
if exist "
" goto Repeat
rmdir "
%d.%d.%d.%d
112.175.88.208
ExitProcess
GetTempPathW
OpenEventW
CloseHandle
CreateEventW
CreateThread
GetFileAttributesW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
DeleteFileW
GetModuleFileNameW
GetTickCount
GetVersionExW
ReadFile
CreateFileW
DeviceIoControl
GetTempPathA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
KERNEL32.dll
LoadStringW
LoadAcceleratorsW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
wsprintfW
USER32.dll
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
SHELL32.dll
WS2_32.dll
GetAdaptersAddresses
IPHLPAPI.DLL
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
GetProcAddress
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetFilePointer
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
CreateFileA
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
218.54.31.226
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
0!0(040_0d0l0r000000000
1A1F1h1w1
2*2Z2|22222,393F3Q3o3{33333333333
4#4*484F4S4c4m444 5*5A5R5_5}5555555
636E6`66666
7G7s77777777
8r8w888888
9G99999999
:":,:2:H:U:`:f:l:r:::: ;%;*;=;N;g;x;;;;;;;
<*<q<<<<<'=J==*>=>B>f>{>>
1c111111
2#2*272Y2222
3,3N3b330464n4444444
6/66666
7"7v77777
8[8z8888888
9s9z9999999
:7:Z::::
;-;Q;w;;;;;;;
>w>>>????
@0e00000j1111"22 3W333333<4x44444
5"5X5g55555-6666666666666
7#7*7i888
:+:{::';d;q;z;;;;;
<<<<<<
=G=`=o>>>>%?W??????
0 0N0w011
44444;55
66F7]777
9K;;)<>?
1U2z22222222'31335555
6O6`666
7!778A99:p;;;;;$<W<]<e<r<<<<<<??
E222222222222222
3 3%3+353>3I3U3Z3j3o3u3{33333444444
5$5G5Z5667888;*=>>
3"3&3*3.33393S3b3o3{333333333
4C4v44444466
7%7{7777
8>8F8e8u88888B9
:$:<:T::::;<<z==9???
0051B1
2$22233b3P444
5 5I5}556
7%7H777L8
:9:: <
0O0h0o0w0|00000000
1^1d1h1l1p1111
212[22222222222
333333
4<44444444444
565B5J5Z5o5555555
6666+7C7N7r7{777777
8B8U8m8
888V9\9u9{9#:.:m:::
; ;1;<;<<<<<.=5=J=======
>i>q>>>>>=?m?
0!0&0K0Q0\0h0}0000000000
121>1D1P1_1e1n1z111111111111
212W222222
3'3333
4X4_4z4
44444444444444444444
5'52575B5G5R5W5d5r5x5555555
6<6I6U6]6e6q666666666 7&7?7S7Y7b7u77.8N8\8a8::::::::
;,;7;=;C;H;Q;n;t;
;;;;;;;;;;;;;;;
<%<+<<<<
=0I0|000!122
3"3/333333+44u6666J7v777
8-8d8o88
9+909G999E:::
<W<d<n<|<<<<<<<<
=2=i===!>>>>>
?????????
0.070=0F0K0Z0000011
2d222a3x33357y888&9:9`9<='?W?|?
3333333333
4+4i44H5555
6:666}77777
8J8S8_8v889$::::::
;<G=====
[1}1111
6/6M6a6g66A7M7777
8*8;8`88888<9M9999
:8:F:O:::
;8;j;r;;<====
>#>u>>>>>>>>>>>
1(1-12171G1v1111
2!2&2-222222:3I3e3s3y333333333333
4Y4v445
6z66666666
737Q7X7\7`7d7h7l7p7t77777768A8\8c8h8l8p8888888
9Z9`9d9h9l9F;;1<D<`<r<<<<<??
30\0y00000155566
7T7f7s7
7777778C9f99:=;G;_;f;p;x;;;;U<<>>>
?/?A?S?e?w??
1O2m24
7H7N7Z777
9)9]9c9o992:9:::
;D;;g<6=<=A=G=N=`=
===q>~>??
0,0e0r0Q1`1
355L6P6U6
2L2P2T2X2\299999
x:|:::::::::::::::::::::::::::::::::
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
\1`1111111
2 20242H2L2\2`2p2t2|2222
383T3X3`3d33333
4$484@4T4p444444
54585X5d555555
6(6H6h6666666
7(747L7P7p777777
00011P5\5d5l5t5|55555555555555555
6777;<8=H=X=h=x===================== >0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>i|d|!|d!|
KERNEL32.DLL
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect
USER32.dll
EndPaint
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
WS2_32.dll
IPHLPAPI.DLL
GetAdaptersAddresses
SJ+d_u
s)O09`/XyTj)
R@}"x$s
+/>cBAY9B
'0x$5!^
J\?C?i
E`a+VF|Kb3d|j
+-n$[<d
REdoZn2:
TgG1n-c
ZkTy,u0.0H
N?wp9~uA.H:=<ap(J
7TRdU`=(&p^
6Om=dIR'
`+;*wmg+
0A\MH?w
a#RHZ$h2]
0],~vt
|HLLiViso
&c=.(8"
`BEMVHmF
SAo?AU^
18m<Q3FFN Z
9F79-PBEa}jPY+hCKF[
A;#+6s!
!;Qvm?P1-
a$*so`T4
EJ)zhY
$(eLv5
M3au42
RXEk-HX/KWW
i38?tD/XSht
r;Z\ i)
3)b4L<S
s8/gxsmEy&;
m4<VYiHn(
^O@'=Y
1(?$I)
B6}6xq"bZJ_v
LqD!c~ckII^
c#aus&So
?N+1PDQ]PH
JqnQ:BMwR*
*Bh%nM
@}>Mk>_]
|x!&q&3
~uqoVu$2
l1E,6O0
"\^KeT8Yy>
:h/Cm4#1I
aQ$H"X{1f
% +c4P
O6$i1t
WE{:!c
='mZx77J
Ot'I*c
YIo(sk&
9G}>9[I
a"b>$u-
E$;nop^_#`
Mw$M>?3
?Z<TV{
,B0<l:z
X|F>1Yb
nWUd,il+3@Yz
zz&d82;Y
HCI2#$.
T;)@n5M
$T\^la
;[y*dwJ_>JN
fS@%?{
tO )0beM0#_
^MX8P*m
\BK 2$wj_%
M'ULsIMJ
;XP&q[
\-q~<<G2
" ?c?nq@
l2?/+u`
^{+# e@T@H[:V
y#q1r\
,v;,lh
]!jK|dS(s~8
7_0h61
\ZJ>bIb
Z`DC+IF
?56;"&
XNuDSBS{
o # |U
]hY &\
`2;O)'`Z"5N-Y
<dnC*%&+1x:_!(+]A
tKpesQ
9jM?48&
4| znv<dGL_K7j+aa5
=~`{01
$'h%1I|T5NTf+x!QC<
J{rS0p
yc;@G>5
oQjBd6M
J<\e*+vqq[
>Ms~;c
+=eUR~
|k@(ACYsbX
aRNvbS".G9
AP)5h zw
}[ww'=
rFQnr4Fa>
&30O]yVl
THa& fZ
E{xS4n
"!G|=3M!
v3W4faBH91
im0aY#
=]ZBU$
7`&U:*
yB^ts7l0\I
ji){[B4qfOk
hJk5O<
[`fuBX
^Wx217
BP9r //
?DuD-b
J%R`*4
#$ Jp8
1eq.0pR>,>g,
zo.TQ#
2\kp0H
JvnU47~Z5
S\L1#GJ
Ny<.Lm=
KdjK]k
~!HqX^+<
]uov{e@:6cuxZ0a
Bh=oW.
(%{!lU"I
LS8\pK
)J~2]|}
}RGT&YF
qyj,xw
T#W|Fkbk..W}.(
Ner*H.
QPH*AQR
2p27@J
JHlE)mf6
\L\Jc'OM
*jEcBv:+TTxN
B JT,r}]
!d&?qRL
pnY7dc .S0;p
,i/a,C)2b&/B1t
,Ktq[a
c^4bK)Q%
{Fxt'?
f/2`n`
@}U}Y-
fC{,THIW
ajnoa4W
_BH0e24
h_:{A!o2-
)Ha IWhGK[3K&
g@Qlo8
C*8$)-g6ce:;
9Oqr,7
de^%3_HU
/j9r0f
L1T[Q|:ni
#g(<*w~Tv#
OzT\8/kP
*|7?R*NAv
!`&,pf
E -C!v
dR"m|w`Ph?/
ab2 gGz
:1K~X#&7
5hj8lJ],
=+tQUYm
~eUx"T
a0id;eK
,`PP<X)
E";/RzR
4o"($00
,I^%P:_6>
F<.J/%`'[,
@E~xU'3
TgKD8TVa
T2M0@+()T
7|%*y_-oW2<Fq,
JgAh8Y\g.
E8]x0R
6`+g?bp 9Y
mBKiq*
"_Q|Xh\P0:/{ Yt4"
s>||-Pb
eCWBKjUC
Q&Q,-J
"tDnJ(
36sHJ&I
#ik"2L@KE9 "W
";RvR Lv::;
`g~g*.eP'
~Ryv^c0u%$)P
06Ut[t
xT?f4K
-A9|E<
n:+,`;>
~;{G'2&0Kl
hc:1M4&
{bAr YT|g>SMZQ
'b[DR-|
Mq?9&yp1JMYOK29(M}>G
joa@(pgE
VW-|v\
i HI59+W PV
X:D=adWn*
?&~,k~~*
%sGopga
%6G *>{4O
CcH{Jn
$#;tFw&
GKh3jb
6G`qV?
zz@z]Q}35Kl)
NWW>U7bWb.
fGsMcZ1~r1KJ
TEojmBn
-q4hyhA
w+xH[.
sQQL`[$9
~ia:NKl
SLg8UG
zg/KUpKw
k+|J`vUj}+[]-]e
/j5?E_
[K&7d&
Exem):U]g
k!:LYwa%XEe:S#y{djW
(ERd1a9y41
+~mc&%TQua
5u4k3<O^sTU
t{I/d/
tNbU?xu
'U#6+vr
:c7?]d3
k<8A<ez3]$P
d`8*`(
~,A`/;V\
GHQ_DD
@m$kqN
~)4 <lQ8JE/(
(l#X}KQ9/'
;!:Q0W*
b+.$kd
xIoN'Rq
4)X_ypO/
]`?p2W
e2;pm|,
.{=F}?|!
hv>Saz]lh
N|QrW;{c
f5,+;"ux'(
7!y>Ti
G>aWZk;
Wi?_)Ez
LrEbc4u[@F
Ji2 $r
v}%}"'2
\7#]wmp
ETW#fV&
&<CzZLIW
AOr4H.Q7>TjJ
9uX8}"m F
?ZQkp&
;PG/j &k
3m)B69/E3*
gcQS^>{ osM
AHy_|9
R?Z}|"S!7&iZ-*O:l(w_9(s.>N,
Dz]l2V}XDUHVg
,{KMMF+h
]U6CRXm
Z6/&dv
tyV q=||~V5nB
<G$Xb^_
F{iBNAT,,
cq(Xu>
1rIV;Xg8
d_[xjv
*$*Baq+NF
>@t>x\
cbP#1 Yb
bzZ:{~
u[lvi?tr/
Vrje1EA
hSOr4t
`IH2qHq
hO<",C}E,Q
Y`N`tS
sw?reO&3z
,CWh22
7Qh20\\f
$+Y0kr?P
F;^#C{^TT
qT)p!pb
*%^<sMhg+
#640jCo(
GjXQmv
k"W7Z1<*
a=;Nn:
;fkWekZ3
-0U'-K=b 74]
9'(ge;0ND
?cP/{Zk
?PH2[9
-h+P)E"e
|}fL*]jq`5
gBi95np
B*+TrI
=)Oy&s!a
lGL,ja
\xDj=z'R` )i
`JHa[$$}c
l5V%$>["E
;WQ&_e8pk>MK1P
x574RfZ`
qmpPK@}x
P.w`.)2
i6&Hnh;xE
Z*fvO
7\^Vs8L%4|J?
.H\&js
Ny;H8o
{H%$!t#
G]`=eDN
EA4*AE5+SO 7
o9jP\
",qnq_ A+~c'
LsEM7\uKZ6rT
-2v<ma
;Dfe]9$y
az(*usz*
+X-2tl H%r,2
k.NfA=o/Ii
sH|u1c
Rk<2G2&
e)TK+y2
J-^m@r5
/?_d=A@
R7LKq
p0!DA<
(2SN[zZ
mgK|Q,#'`
wK4a:pD%
Co\h~%oLC
.,8]1}i1
Ux(Q!b
ON..X|>
]]'MRa
jg mpiCA=|N+r",>
[BNS>?.)w`9$
WvRn:0h;pw;6Jt7
hG1ftG,
<nd J6Mp8^
@)<0Nk0
z/b3($y('{
Kx.IEfoz
%mr{382
Z')$\,@
+)F1e}
!BLx^sC
pI@qX#c
DoG$cs!-0p}Dh.C
['uFz$K#
DLue~q@<spKV{}"FQ8'
mS ]}[
Mo([RVPtG} O
AER1p"T]p/Q)NMW
aoqKi90bM
:XGgESV}
=ejy\`
FuDbI2^
/xAqIy?e
e<7Fxo+
$aci'z
f=Pkm.~dj+i %E$eB8!'
@G\%=4{F{^6O
pX"uyXY8fn
%wzyn&og%o~
2K]~8N
RrGC#(
k+>JDjo
K*U0`Cd'l
"8!4O(
|L~4y^
n >8bT)nP,
c{X($*
x? B<Y
OEHa[
3m{|Y&|=@LC7<Q
(=VG*]>s}
.@4e+]
-*D}R9L
SGCI&Zv#uN
z5aUAd
ic79hC*
ny<[ZA,Nu;r
Fp$[GP
f<QlE_
OuO9V*FBR
QG5(l(1qd
UMe"xb
*k9U2:
`Idj~JWR-A
f=GvefL
]f)L}fiah{L
Kol,fx
R:@{?7lYxj
hAvV)HlYX]RW
{W&2`Tux
NEC*Ia
\Agbk'm+
zpH^[_z
#UcFyTInlC-
<F|S#9VSQ,
M4O@.4zW/K
;gl6Zo
-vZg}x!!kPN(
M1\}>NFZ7
]"x"M|
j1p$D! nGj
z/E$da
cRzVm-
8-Zd2[
HdDfe;a
R`MqOqQ
bJpEs.
wNs`QJ<BobR
"&+4^`-
j<QN d_
IV7'jT)i
.Wh5f3
y2Ch@u``0
-t[V>|
y`e=OF
XeY UD6na
DbVw6o
Y|EG<3
T%$bcO
s AG/@r
bW^;A(l%*1:
j3E.eMro
8G$,Yr1)"
{Bf.;y
4<DP.p
v/,ZE<[T
@v4-G$i(
HQvH{]
qS,bBY@<,
6,r*/[
U!Leu=S
7w+g~q+a
c^m=5}y
rD9^_<<
08YZV}
>Go$Jc1r]#?S,
8";VV Z
-1o&$Vqa1i
NEkoQkS
- }5*[g
b)=WD*
GL7m.A
9y,7-V+
s/@C<x]
+X1y?}1c!~&qM
L5{y{D:
)ZEcfs
'N;U3e
)t4r0Dqi/
/tKX1So
+l*Vyf
/6AF{}
j]q]R6
n&`v<Z,bl@
^:p+5w
YQ(p/wy
`L{mf>P
nR"pv*
-]CGvh
P>O?s1kj\F
DV bdqs#)VAS
p_)`Q*jq j}(
,QuY(K4pf
o,&A&~4
q8/w${R
Z 9##\-<<cyA
R{T2{qjaKQ
f^1/TM
]$r%mpc9I
e{&Lsw
v:<5T~`
eI]j=$m
6}="dv
vQtxYm
'0*H+%
04xs 8);
4)zI}k
6cx+Im35P"yiv[
ynol<EtUV
;x2EDt
NdP"6Z2e2-T1)q@
@5bBk^fa8
Fo0v&0~\=X
c!+V$E
nv~P;0ADA
E3i<`>g
Bse2X*8
+F~}~t#P
m!~k ^
0}pA zh^#7Qe^A
,\DnO),SA
K`3XL{
7Lt=W}L%wt
my!1(I)6Yv
'|L)O8 ]o#D
9d\1Tarm
vp{.>T_
B8(qT}|'Dq}
i0Mh;_-Tx[3"{
mg2BKRWM;o
G(jMsO
T,d:g,
Oo$u<
rcMH%!S65su
Iq8Ar*T
~4=|C@_&yf
SjV1DV(F;
CzClRzwE
:,JJq0
f0)~E1Xk#DF
ll(a&It%]}|UE
1A u*n-!ZM/H
9rxG\b`XB/
+lel1:
N<\~X/=P
?gr9-ib
){_ (#Gg|
6HZTIqf`
qdiE{jE_lX
d$8?~X
7}!"Bfa2:
<-W< s|eH
7E,cNfNB
E~hgxL]%!o
HOe@9Ia
,W.YYl */
4mXe`YwMi
b\G=Fo (
)>3<8#
b1pgj%
fTdv>>
?OgiQQ-he
Fqmi_~oWyAP)+G
E#*'m
SS)J6xQT
X~a?&lx qt#nI
;FR;LOG
N<G:M X3
6p"!)s
M3p&tdjT
;$c^5tO6F!
PVGU8:Z
.83"eI
O\J[I<
'(ZgR(nn?
e%>wSa uC
H=wHzQ6
\tNb#.Y2o@w
Sq7'pSh
RXA\-+
MBg0N}!(+-?
:1H*tiP
4o??{Dg
P`%V[dBj9
<[!9)hDKr
SktO]g{.rw
j<HFqkH 4
o^}Mp&)8:
`$=!mx
!u;_2$(s{{aH9vP
fL0[irV~z
R.e6oOuj
|A1GUD-
PEK1gt
Am9Hy)`'Lr5u
K2KKid.
}{0kp;
42q%Qqh
5VeZmyFxT%+
=jZPf7d\
evCEyq
dnJrx%KX\[y0eq"Z
>QG^S&@:
Rj5iZu
yj'zDbbdnrT
c[._8]ND{a
6G(x<:w
%y8P+<?!%
zB{~o\^M?
~,3_jM~
ut"9j-
&4}eFg
,Y)`:{if
p~u..q:
P,POI W8=~?zOq2
xmrg
dP"4>5QSfE
}k;|@'lX_
W+nlB+
#2cPG|Z^vbrd
?TfUJUiu
L.YG-gAb9
'0wklV
Gc&U'6<
&&I4D@212~
wooeo&N
iI&WIa
U|bjnS"
~_h\Jjr
dm0A(g4
3_ $E@4Am
DNjAg{dl#7,
5asjg^|#]1l8
/>G[wj))
BHdEh\
4>}~c@<=
8hOCdCA
L+T*a.
`C)'yn
{,aAnvi&:
Z&~8HV
[QTkQ[y
8C{uD8
Yl6FLO
9kR<@U$]
|If2Sn
NZ~Jp|633
rf^-oSnO
_4wV*x#!V
yPD:?-JHX
5>Uf ]
kqLa}$R
#t+Lgw
j+H*p`S!
|]0Tc9
,7Z)l!y
oQq5\4s
g.D++u()
1<^L;5jJ,d
3?s#Rm!.
9xwUUw\^
s(&Rq(
#60^%8.65}_
N`,b2]Ihi3>}*t_K03hO
Rdg: Nh
Nn:{;>gvj,P
>pfrs@
G)$U'n'DU
r$(P\Z
6,)[)av`Qj :
([@DKT
-Dd>Q_k)
doC[$OAK6^*T|
]nnZKby
lHP/yc
k?mv9f
cp[kWg7Xy
\viP\s?
#=>]e-
u6f$+yJ[
n` 'us
pL*~1&Ulmh
IzRm*@g7/k
^SEO&+
!,~7o{
m0>^s|IMJZ
t@yq|=+CO
,`$U''{
?"<{lK!z
ZCOzv^
N5QFN8W |}nzs`t%bgh
;,i<8n
E^+yZ21hXUcGQ<g
A/2B;k"K
HPPuK^
D1?aLuC$ysz
`hL"xu1 y
5}^&=4y
}3PSyT\_q
$.[clj52c
&C*2]tW
C9%Y ^he
2p)KGZ
QO|n)}TA
%)rohbx
$Hz)[*>CN;GX
tPZ(rq*~q
"+V0m"
i[8-6_
=E|w)YB
=Iw@Q{O
"-/?%+V*
H$?N&U6oDcV. *i9E?I'
FZ/8 N),<*b
B}=4)s
y.[Dzi RL
*5!~NRPzB5
D?$])TG
;.*otdU4>x
{ Iu98
6SX|^,r
``#V,]
U? :O8kx
!'B3QV#
rrByIIm+
2fK@CRP
s{7K!R
/cOvwh
-yVYF\>`U
jvzre4
7ex[bK
RDjv4Dc<e>>x4
V8-{WW
?>~sL6e.zua
~S%!Oo:o
WZcY@j)
aU~v'A=
/*}yl8z;v/>O%
>M|G"I
+:(|-d
W|Mk$3aWBj
VH,)w}u
&~X0Wl
X0Q$6BbH
R,vhor:hqvQ/_
ab" w`SIRN
0'JX/8`
R*e8e2Pu
WF5'H|W
?4T"}Q<v!
1Y)37vG
|YAgd8Q
|/",!-
y[EB2?
/L}W!c
/m?\q,av
~8H5&2C
^Y\:P"cNE@
^A'dnT
ecMy8<C6C;<
jh(eg_g7@g9Hn
k:)s(D
&d^}OMK Hw;
CLyVgpt
:G f:
U%Jl24n.
-"xS7Pm
?a1?,[jo
v])N3o[
g~n&p'^
a=|Y<I
$xd!dEM
17hYq8#u~
/x>P"Oeqv-oy<
cq<LtzZ
8<d<'")
@l"6f
:816aHw
M%iC8!
.j Wn\U
(Eq&kLpn
pjaq~c
b_n<V}\\
)p" e\
'}_\:9
>^C]/u0@#
&4##|y
oS{.C?jgo
m=51sX!=
o>A7HElF
Xetfi-Jk^";Q
jJq/}$!vt
+.f<QK*-gF 7G
v,iwoZgVB
v&>+KW0ER
)uH7yFT
k~4_S{=
US N${
q=$.\4YNo
cbrW~8
czx,DI
1H,)]fvhdD2+V
<s[m0Hr
))'*z=)C^
&$Pc(qV5xdd_
]a1=gc:
:sQdRk
V6 VyKZ
%-omdH
k\@6|:7
}-vM2Slu
=}IB<cJ$W]V
|CYLH0
D6)uSvHa3
$iWW43%bc
HPcu"3c.
_0_!IU(y!k*p
]It,g ?e\\$
BtQn*y/E
y[pb7P
CU=H_GGRj
xK8s31
4Cwfe/u
}/20Yz(]
ObK2E.
K6!inc
GC!;'I
_"c(jS'Z
`fSLs`^D0
X4[ABP"U$o
/\3_%K
(fu\H?
zIXi?Xlmx
nD(\GB?I
S$BfZ<=
e~:qjeceM;YW
8pR`p.
XN<Fg~Or/boF)
m/6F=^$
CMq%H@>
05Umyl6
pjD2w906FQNnG&hr]pNH^k
p@+R|zio%
jtoZ(G
h &zbgE
`^@H~sz>
Ro5!]i)H/XBF(
|""R^
4l+b+(
4s3b/s
1ud,P kc?B
%Em^>I
jF7_*V
E3/c/SE
QC#sTSmZ
p`[-kd
2)80Lnt0yOMO\a
aOL]>}9t$n
O."tte
,-66&f
H[dRKN\
[hD!}G
)_GX<V
Z}OFD6P!`j(
wXk"0l
V}9spZ
~Ig2vSnh6
{$.\0Zg
nR.M[<w
j<\dk7xj
ec6AZ,
!q3]Z^'C
1rW mk+
RPjNE;
U}D1YP
Mjn0R@
hBx3b+qFBEw5 1m&U48
B8}EHphW9 `qC~.t
)4][gIx
^X2XC^
P,Y"CA9g}}%
qzitD@Q+Rz
Dx*)#A
I]Q:X +aAMuf
/\ Yy<
/vt4[`l
\,ngfa4dL
VEdd/&GY{Oc
#xHYYH
b5]Dhaovh ?
f]`SpY
9~]BTVPC!pG64
BblVoE3
SvRi>]\o[k\
m|PwG@
Gm'@m8,
$m9341j
{y3FVs
B)#6}1
yg3g[&}ba
-0*(m2IVGw^|+z/X4~Xfu
s*6Bkv
9HB>qA\K}o
M=fu,c/.l
9!s}jF
o+Zh&<
$KLR,K
/2EKDw.
D>rVZ*Q
&DW?>S
TQ9h'a%h
^Q).4"3J
z)~U,u@_
Ilyd^/wQa
ks|uHT
Iz$#u,
ynH|tI6
jw${P$L8?
dp>aM6
X{.+ctFh,.
yWv'k^
CzMd%f
PWzJ3-Oh8
4:l8V~yX
+}m~<r
7cU}I$
j^9HI7
m/.a9XV
qdpV~t .
bdu `1
L_W<80OY
MlrB3S:
1'&|OBI
w*WnX=
6X]zZSv
RWI0 p
Wxd "46YOu:~9
C}vb`bX
H90:TU
`$GPF!
pavHsw@+?vD
,jty:W-)1s
@ )=(p
*I^5yNoZ?
AYpFY=B2;
oZ$,u4+
Qm~D"#Elu>"
DJf,0Q
Q/ _)z
,(XJc#=9
P)m|w_!ciUXz'`)
q Tr&c
hdAcQo
$&@2l)
te6}a)P&L1
o;\&?X\N
lH4{xBLb]
zEea:n
__+#*=WT66lGk<
s1JWlN1o 07*
AAPQPU
ua9U03@}
MMM:M}
UUUUM3
MuM3BM+
eMuG}t.]
@�I�@�@�@�@�@�@�@�
U�T�F�-�1�6�L�E�
U�N�I�C�O�D�E�
m�s�c�o�r�e�e�.�d�l�l�
K�E�R�N�E�L�3�2�.�D�L�L�
(�n�u�l�l�)�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
f�i�o�t�r�e�.�e�x�e�
1�1�2�.�1�7�5�.�8�8�.�2�0�7�
1�1�2�.�1�7�5�.�8�8�.�2�0�8�
d�o�s�r�e�t�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�W�i�n�d�o�w�s�
T�r�a�y�K�e�y�
%�s�.�e�x�e�
\�H�a�n�g�a�m�e�\�K�O�R�E�A�N�\�H�a�n�U�n�i�n�s�t�a�l�l�.�e�x�e�
\�N�E�O�W�I�Z�\�P�M�a�n�g�\�c�o�m�m�o�n�\�P�M�L�a�u�n�c�h�e�r�.�e�x�e�
\�N�e�t�m�a�r�b�l�e�\�C�o�m�m�o�n�\�N�e�t�M�a�r�b�l�e�E�n�d�W�e�b�.�e�x�e�
\�P�r�o�g�r�a�m� �F�i�l�e�s�\�A�h�n�L�a�b�\�V�3�L�i�t�e�3�0�\�V�3�L�i�t�e�.�e�x�e�
\�P�r�o�g�r�a�m� �F�i�l�e�s�\�E�S�T�s�o�f�t�\�A�L�Y�a�c�\�A�Y�L�a�u�n�c�h�.�e�x�e�
\�P�r�o�g�r�a�m� �F�i�l�e�s�\�n�a�v�e�r�\�N�a�v�e�r�A�g�e�n�t�\�N�a�v�e�r�A�g�e�n�t�.�e�x�e�
W�i�n�S�e�v�e�n�
W�i�n�V�i�s�t�a�
U�n�K�n�o�w�n�
g�o�l�f�i�n�f�o�.�i�n�i�
g�o�l�f�s�e�t�.�i�n�i�
H�G�D�r�a�w�.�d�l�l�
%�s�%�s�.�e�x�e�
\�\�.�\�%�s�
\�\�.�\�P�H�Y�S�I�C�A�L�D�R�I�V�E�
%�d�.�%�d�.�%�d�.�%�d�
'�(�,�,�-�-�.�0�0�0�0�1�3�
1�6�7�8�8�8�:�=�>�=�@�?�B�D�E�I�I�I�S�^�
;�@�Q�b�c�b�b�o�
!�&�'�*�+�-�
*�/�/�3�3�5�6�5�7�7�8�;�=�?�
x�$�&�*�+�+�,�-�-�/�0�4�6�I�
s�s�s�s�s�s�
s�s�s�s�s�s�s�s�s�
Y�L�F�C�E�D�E�C�C�C�D�C�C�E�C�C�D�E�E�E�C�I�S�@�J�I�B�
f�k�m�k�n�n�n�m�
n�n�m�m�l�n�o�o�i�
d�i�o�k�f�h�r�t�
P�L�K�S�D�E�O�J�O�F�J�E�F�
'�(�,�,�-�-�.�0�0�0�0�1�3�
1�6�7�8�8�8�:�=�>�=�@�?�B�D�E�I�I�I�S�^�
;�@�Q�b�c�b�b�o�
!�&�'�*�+�-�
*�/�/�3�3�5�6�5�7�7�8�;�=�?�
x�$�&�*�+�+�,�-�-�/�0�4�6�I�
s�s�s�s�s�s�
s�s�s�s�s�s�s�s�s�
Y�L�F�C�E�D�E�C�C�C�D�C�C�E�C�C�D�E�E�E�C�I�S�@�J�I�B�
f�k�m�k�n�n�n�m�
n�n�m�m�l�n�o�o�i�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.