SmartHawk

3.3

中危

64 个模型检测该样本为恶意！

重新分析

下载样本

0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e

0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e.exe

分析耗时

134s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.05s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.80	Unknown	0.22s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200408	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (D)	20190702	1.0
Kingsoft	None	20200409	2013.8.14.323
McAfee	Packed-FEI!E13578226F7B	20200409	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b08832	20200409	1.0.0.1

Time & API	Arguments	Status	Return	Repeated
1727545347.35925 GetComputerNameW	computer_name: TU-PC	success	1	0

Time & API	Arguments	Status	Return
1727545347.35925 CryptGenKey	provider_handle: 0x006f19f8 algorithm_identifier: 0x0000a400 (CALG_RSA_KEYX) flags: 134217729 crypto_handle: 0x006cb470	success	1
1727545347.35925 CryptExportKey	crypto_handle: 0x006cb470 crypto_export_handle: 0x00000000 blob_type: 6 flags: 0 buffer: ¤RSA1ÉzèJ8zSÉÛ ïx95Y£ Uq{kÀs·9!·êr*lÂ^1%+vOäµGãã è³ÛSI³nw»fQÊ4V¤bül§å¼§VØ1±ø°¤~·³gLð´Ö+Fªêû3ÛÚëäE³§ÔíÖÑ@EÍãNà NyÅØ¢õ.ÜlQþñÏÕ0°!ïñðóC]2q´&bz®ª£:¾Cà»¸?H³ýîBÊQLöå3í}Þj&Á]~¼?±½¸ÔòÛÄÊkÚÍùù%ôf£»Â¦§Õµ2¼	success	1
1727545347.35925 CryptExportKey	crypto_handle: 0x006cb470 crypto_export_handle: 0x00000000 blob_type: 7 flags: 0 buffer: ¤RSA2ÉzèJ8zSÉÛ ïx95Y£ Uq{kÀs·9!·êrlÂ^1%+vOäµGãã è³ÛSI³nw»fQÊ4V¤bül§å¼§VØ1±ø°¤~·³gLð´Ö+Fªêû3ÛÚëäE³§ÔíÖÑ@EÍãNà NyÅØ¢õ.ÜlQþñÏÕ0°!ïñðóC]2q´&bz®ª£:¾Cà»¸?H³ýîBÊQLöå3í}Þj&Á]~¼?±½¸ÔòÛÄÊkÚÍùù%ôf£»Â¦§Õµ2¼5#¬:×°\|w à¨b£ìyÁÜ°©õËH$ÈQ¦Ëï6«[zA0x8Î3¸¸8Ù,áFìy%0-Ï0ØoJOjíjkïÁs¢Rõ±pâ3£\G¼yôK.0ÎHØ´ã©`·©X-ÞÅdhwÈ lÄLß¬v³âDVybÉin¹ÑÚzêÆD`\|Q«r»¹Îc¹Ä¢ÉÔB¼éÅ® ©è®Ù®çê_²¨Ú'y®LüÒ¶½S©ûTP© ñêÈ²÷ØÉêÕæ4wQëðmìØØß¡´Éz;.uJ·:'¸ m§òh6¶í¶çÕÆµöJìvÏSÌ¹Õ4 4Vï4QV÷ &¤þ4 ¹ðõõî£çohj¤@.Ç3Ø+¼bG/hå'.#©àªOtz%CCtÄiýÎÃ?Ç«Ìå¦Î+y1©U¹úµå »à¾e0Í£Ì§#Õ±ØéÁc.å¸wEDÔÙÊ¸xÐU Õ)$#@¨Êö×îûÄ/&f«g:= tÓ>(å@;Fw7^lyÑiZ÷52²©ü5Þ\|Ñ «D"çìÂÒçV,l¥ú ÿÚQuTPÝèç²lGáHç@fèRÏ:ÌE¢§ùÄ@½Là ²Þ]}9Q¡æ(Cµ8Ô'&ÅÙµ Pm¾¥& [%EãônWRk³ïâ.½{.hÏ®´JÛºÝçRÁQ(WlTëS`{x0ª£- Ôbk7é²²Yùº&ñ÷B¹¢¤" j&fk1e!"9FçÿzÂµ_Å¨anfµ0"Î1L,SoíbSá×ÛfNh[òêH>T°fãë0ñ\|ÚÍg"¨£YHºý;7ôWïL¶ó3ÏaÔ3Å=]wukg¦aÿ¶ÓsÔxÊÑ;¸õörÃk§VU©;{N?w¦Su¤y Ä15{¸Pâ7ë¦`¨éøç5ï76¡ )¯êRx\|Ü¬¾/ :3cè¹G÷?®~p"	success	1

Time & API	Status	Return
1727545347.921125 GlobalMemoryStatusEx	success	1
1727545349.594 GlobalMemoryStatusEx	success	1
1727545351.265875 GlobalMemoryStatusEx	success	1
1727545352.56275 GlobalMemoryStatusEx	success	1
1727545353.874625 GlobalMemoryStatusEx	success	1
1727545355.1565 GlobalMemoryStatusEx	success	1
1727545356.453375 GlobalMemoryStatusEx	success	1
1727545357.765875 GlobalMemoryStatusEx	success	1
1727545359.06275 GlobalMemoryStatusEx	success	1
1727545360.359625 GlobalMemoryStatusEx	success	1
1727545361.6565 GlobalMemoryStatusEx	success	1
1727545362.985 GlobalMemoryStatusEx	success	1
1727545364.265875 GlobalMemoryStatusEx	success	1
1727545365.56275 GlobalMemoryStatusEx	success	1
1727545366.87425 GlobalMemoryStatusEx	success	1
1727545368.1565 GlobalMemoryStatusEx	success	1
1727545369.468375 GlobalMemoryStatusEx	success	1
1727545370.76525 GlobalMemoryStatusEx	success	1
1727545372.078375 GlobalMemoryStatusEx	success	1
1727545373.37425 GlobalMemoryStatusEx	success	1
1727545374.671125 GlobalMemoryStatusEx	success	1
1727545375.985 GlobalMemoryStatusEx	success	1
1727545377.296125 GlobalMemoryStatusEx	success	1
1727545378.61 GlobalMemoryStatusEx	success	1
1727545379.9065 GlobalMemoryStatusEx	success	1
1727545381.203375 GlobalMemoryStatusEx	success	1
1727545382.5315 GlobalMemoryStatusEx	success	1
1727545383.843375 GlobalMemoryStatusEx	success	1
1727545385.12425 GlobalMemoryStatusEx	success	1
1727545386.421125 GlobalMemoryStatusEx	success	1
1727545387.734625 GlobalMemoryStatusEx	success	1
1727545389.0315 GlobalMemoryStatusEx	success	1
1727545390.328375 GlobalMemoryStatusEx	success	1
1727545391.64025 GlobalMemoryStatusEx	success	1
1727545392.93775 GlobalMemoryStatusEx	success	1
1727545394.234625 GlobalMemoryStatusEx	success	1
1727545395.5315 GlobalMemoryStatusEx	success	1
1727545396.843375 GlobalMemoryStatusEx	success	1
1727545398.140875 GlobalMemoryStatusEx	success	1
1727545399.45375 GlobalMemoryStatusEx	success	1
1727545400.74925 GlobalMemoryStatusEx	success	1
1727545402.06275 GlobalMemoryStatusEx	success	1
1727545403.39025 GlobalMemoryStatusEx	success	1
1727545404.68775 GlobalMemoryStatusEx	success	1
1727545405.999625 GlobalMemoryStatusEx	success	1
1727545407.312125 GlobalMemoryStatusEx	success	1
1727545408.624625 GlobalMemoryStatusEx	success	1
1727545409.921125 GlobalMemoryStatusEx	success	1
1727545411.219 GlobalMemoryStatusEx	success	1
1727545412.515875 GlobalMemoryStatusEx	success	1

Time & API	Arguments	Status
1727545344.21825 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x006cc000 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545344.29625 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00400000 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545344.31225 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00412000 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545344.31225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x005b0000 region_size: 94208 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545344.35925 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00412000 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.35925 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x000d0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.35925 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00110000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.54625 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00160000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x002b0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.76525 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x002b0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.76525 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x002b0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.78125 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00130000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545345.78125 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00140000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.39025 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x020a0000 region_size: 12288 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.39025 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x020b0000 region_size: 12288 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x020a0000 region_size: 98304 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x01ff0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03210000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03210000 region_size: 36864 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success
1727545347.56225 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03230000 region_size: 8192 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 1784	success

Time & API	Arguments	Status	Return	Repeated
1727545347.37425 GetDiskFreeSpaceW	root_path: C:\ sectors_per_cluster: 8 bytes_per_sector: 512 number_of_free_clusters: 1782595 total_number_of_clusters: 8362495	success	1	0

Time & API	Arguments	Status
1727545348.374125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545350.047 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545351.328875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545352.62475 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545353.937625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545355.2345 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545356.515375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545357.828875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545359.12475 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545360.421625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545361.7185 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545363.047 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545364.328875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545365.64075 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545366.90625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545368.2185 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545369.515375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545370.82825 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545372.140375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545373.43725 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545374.749125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545376.063 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545377.359125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545378.657 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545379.9845 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545381.296375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545382.6095 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545383.906375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545385.20325 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545386.484125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545387.796625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545389.1095 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545390.406375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545391.70325 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545393.01575 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545394.312625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545395.6095 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545396.890375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545398.218875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545399.51575 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545400.82825 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545402.14075 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545403.45325 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545404.76575 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545406.062625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545407.374125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545408.687625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545409.984125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545411.297 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545412.593875 GetAdaptersAddresses	family: 0 flags: 1158	success

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-04-24 06:18:12

PE Imphash

af538ad21366893ff9fc94d2041286c0

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0001b229	0x0001b400	6.572821934673854
.rdata	0x0001d000	0x00004d6c	0x00004e00	5.1099205336073314
.data	0x00022000	0x00118988	0x00004400	1.749229588862097
.rsrc	0x0013b000	0x0001d1b0	0x0001d200	7.913167312610832
.reloc	0x00159000	0x00002a46	0x00002c00	4.081951423115131

Resources

Name	Offset	Size	Language	Sub-language	File type
BYU	0x0013b610	0x000189b8	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
XEJILIZUYOWIJUFEBODOYILUBULICO	0x00153fc8	0x00000230	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
XISITOFI	0x001541f8	0x0000098f	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
XOHILUJUSUCUFU	0x00154b88	0x00000a1a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_BITMAP	0x001555a4	0x00001d38	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x001572dc	0x00000468	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x00157f40	0x0000007a	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ACCELERATOR	0x001580cc	0x000000d0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ACCELERATOR	0x001580cc	0x000000d0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ACCELERATOR	0x001580cc	0x000000d0	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_GROUP_ICON	0x0015819c	0x00000014	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library KERNEL32.dll:

• 0x41d000 GetLastError

• 0x41d004 FindActCtxSectionStringW

• 0x41d008 SetVolumeMountPointW

• 0x41d00c VirtualProtect

• 0x41d010 LocalAlloc

• 0x41d014 FindAtomW

• 0x41d018 LoadLibraryW

• 0x41d01c CreateIoCompletionPort

• 0x41d020 DeleteAtom

• 0x41d024 GlobalDeleteAtom

• 0x41d028 GetCPInfoExA

• 0x41d02c lstrlenW

• 0x41d030 InterlockedIncrement

• 0x41d034 InterlockedDecrement

• 0x41d038 WideCharToMultiByte

• 0x41d03c Sleep

• 0x41d040 InterlockedExchange

• 0x41d044 InitializeCriticalSection

• 0x41d048 DeleteCriticalSection

• 0x41d04c EnterCriticalSection

• 0x41d050 LeaveCriticalSection

• 0x41d054 MultiByteToWideChar

• 0x41d058 RtlUnwind

• 0x41d05c RaiseException

• 0x41d060 TerminateProcess

• 0x41d064 GetCurrentProcess

• 0x41d068 UnhandledExceptionFilter

• 0x41d06c SetUnhandledExceptionFilter

• 0x41d070 IsDebuggerPresent

• 0x41d074 HeapFree

• 0x41d078 GetCommandLineA

• 0x41d07c GetStartupInfoA

• 0x41d080 LCMapStringA

• 0x41d084 LCMapStringW

• 0x41d088 GetCPInfo

• 0x41d08c CloseHandle

• 0x41d090 SetHandleCount

• 0x41d094 GetStdHandle

• 0x41d098 GetFileType

• 0x41d09c GetProcAddress

• 0x41d0a0 GetModuleHandleA

• 0x41d0a4 GetModuleHandleW

• 0x41d0a8 TlsGetValue

• 0x41d0ac TlsAlloc

• 0x41d0b0 TlsSetValue

• 0x41d0b4 TlsFree

• 0x41d0b8 SetLastError

• 0x41d0bc GetCurrentThreadId

• 0x41d0c0 HeapAlloc

• 0x41d0c4 HeapCreate

• 0x41d0c8 VirtualFree

• 0x41d0cc VirtualAlloc

• 0x41d0d0 HeapReAlloc

• 0x41d0d4 ExitProcess

• 0x41d0d8 WriteFile

• 0x41d0dc GetModuleFileNameA

• 0x41d0e0 FreeEnvironmentStringsA

• 0x41d0e4 GetEnvironmentStrings

• 0x41d0e8 FreeEnvironmentStringsW

• 0x41d0ec GetEnvironmentStringsW

• 0x41d0f0 QueryPerformanceCounter

• 0x41d0f4 GetTickCount

• 0x41d0f8 GetCurrentProcessId

• 0x41d0fc GetSystemTimeAsFileTime

• 0x41d100 HeapSize

• 0x41d104 GetACP

• 0x41d108 GetOEMCP

• 0x41d10c IsValidCodePage

• 0x41d110 GetUserDefaultLCID

• 0x41d114 GetLocaleInfoA

• 0x41d118 EnumSystemLocalesA

• 0x41d11c IsValidLocale

• 0x41d120 GetStringTypeA

• 0x41d124 GetStringTypeW

• 0x41d128 SetStdHandle

• 0x41d12c GetConsoleCP

• 0x41d130 GetConsoleMode

• 0x41d134 FlushFileBuffers

• 0x41d138 SetFilePointer

• 0x41d13c InitializeCriticalSectionAndSpinCount

• 0x41d140 CreateFileA

• 0x41d144 LoadLibraryA

• 0x41d148 GetLocaleInfoW

• 0x41d14c WriteConsoleA

• 0x41d150 GetConsoleOutputCP

• 0x41d154 WriteConsoleW

• 0x41d158 SetEndOfFile

• 0x41d15c GetProcessHeap

• 0x41d160 ReadFile

Library ole32.dll:

• 0x41d168 CoRegisterMallocSpy

L!This a1
m cannot be run in DOS mode.
'MFMFMFS
FjHFMF+FS
LFRichMF
`.rdata
@.data
@.reloc
EEEE4z7m{E
E@E} sUE
E@EE;Es
u }e8Pj
4@44A
,@,,>T
UQMMT(
PQPSVWLB
EuuuuM#
#EEMGW
EUQME@
YUQMME
UQME@(UjhA
YUQME@@
UQME@@
E@8EEE}
UQM3UQMU
EEEPEP5
@]UQMu
EEEPEP0YY
EEEPEPAYY
UQM3UQM
U$SVME@@
M;A<s Mw
PEPPYY
+uEEEEE s
EEuMDX
uPEMH<E
E@PuuM
PEP(YY
@]UQVMM
MA<Ep<Mk
PY^UQVMMY
MI<+9M
MI<+9M
UQQVMM
MI<+9M
MI<+9M
UQMM-E
UQMMFE
UQMMTME
UQMM)E
UQQMEx(
MBUQMME
UQQMQW
uE+EEEUQQM
@PuME@
UQQMEx
EEUQME
UQMEUQME@0UQMM
EUQME@
UQME@ 
UQME@$
UQME@ MI0
UQME@0
UQME@$MI4
UQQME@0
EUQQME@ 8
EUQME@4
UQQME@4
EUQQME@$8
UQQME@@
MEMwM+QMiPMD/j
E@@MA@UjhA
@UQQMe
MP0UjhBA
YUQME@
+QuM<j
UQQME@
]UQQMM
UQQMEx
EEUQME
PQQQSVWLB
Y_^[UQME@,Ujh
YUQMG<
MA<E@@
PuuM{E@@
PuuMJMu
uM#E@@
EHEEUjh
^;s+Ep
E@PMEEE[eE
E@PMmE
MPE@Pu
MA0Ex(
EMH$UQMj
MA$E(MA0E,MA4j
EUjh/A
MEPMEEEe
YUQQME8
YYMEMd
YUQQMe
MUQMME
VWMEPM
YUQQMEx
YUQQMQ*Mj
MOEUjh
PQ`SVWLB
EEEjEEE
EPEPYYE
EEEEEE
EPEP'YYE
Y_^[UQME@
UQQME@
MM~!MUEEM
EEMM EE
YUjhwA
YEMMMOE
ME<EPM>
MCPM~Pu
Pj@EP6
Pj@EPs6
Pj@EP5
Pj@EP{5
``E}$~
E\\lE+lEe
PjlxPo3
PuuuxPu
``E}$~
E\\lE+lEe
8PjLpPd
PjlxP\1
PuuuxPu
UQM5`A
eEEEEM
YEMMHEPM
u0jeu 
u0u MU
j0u,E+E PM@
-j0u(E+E @PM
j0u$E+E PM
M}EEPj
M+M;s1E
E}@t8}
E @E E0HE0uu
EPu n,
E+E @Eu
EHPu u
EE E0+EE0u0jeu +
E+E @Eu
EHPu u
EE E0+EE0uu0u u
M{MMoE
xEEEEM
YEMMuEPM
MEE$EE
M+M;s_E
ME$@+EPE 
EPE$@+EPEM D
E$@E$E
E}@t5}
ubuu u
EE E$+EE$uu
Pu$u u
]UQQMe
UQQME@
EEPEPKYY
UQMEUQMEUQME
]UjhWA
EEM6MEE
XPxLLHE
PQhSVWLB
uE+EEE@Eu4
YEEEEE
EHEE@EE
EUQMEM
Y|^_hKB
V9YN$t
u{PM{S
!uuXj4
POX_^]
SVWH|S
|_^[h)y@
WWWWWG
Y}V*YEE
@uwV[B
WWWWWA
M9}u!N
]8u r>
jEPhLB
$UQQSVWd5
SVWE3PPPuu
 E_^[E]
UQSVW}
Wt1t'P
^0WWWWW
,ffffffE
Y]3PPPPP
]UV3PPPPPPPPU
tJ2t#2t
VW3;tG9}
^0WWWWW
YY]jXhh
u3CSB[
xUQSVW5
;r@PuO.
tAt2t$
3PuEEd
3PeuEEd
Y__^[]Q
t3@_^]
=csmu+P
8csmu8x
t*9csmu"A
>csmuB~
YYtaSVAq
LYYPV_
YYt)SV
HtHu4j
t+>MOCt#u$u u
EPEPVu W
;Es[S;7|G;w
@u"u$u
;Er[_^
YuO39~
EPEPuu W
(u$]u E
)u$u uSu
USVWtE
tR99u2y
u$Vu u
Q 3@_^[]
ffffffu
3W;to=LB
7}YY~PE
PXY9_t
uV2Y_^[]
USV50A
t7t3V0;t(W8Yt
V3Y^3j
Fpt"~l
3;~,Vu
SSSSSt
Ou^_[]
@sw_trPE
3PPPPPw
CH0EhA
3PPPPPL
0CH0EEhA
vP>YFTt
vT'YEfT
FP~HNu
vPYFT;t
vTYFh^T^L^P^H_[
H(TH,X 
YP;s,Vh
@PVWX4u
3VVVVV
VVVVVA
3M_^3[
0sHxP_=
YYptCHM
3PPPPP
Yt1\pCH
1CHM_3[
6TY9pt
S>3YY;u
hu3vSSSh
;tZ~Ht37xP
DM_^3[j
^lWYFp
ESV3W9
u8SS3GWhA
39]$SSu
;~Ej3X
3;tAuVWuu
t"SS9]
EV1Yu(EYY
3;tuSW
PWu ue
e_^[M3
Mu(Mu$u u
E~-8]t(E
G;~@@8Xu
WPEW@Ph
~S8]tNMM
9M~MAAM8Yuh
uYmuuuu3
3M_^3[{2)
DDDDDDDDDDDDDD
YYu,9E
UQSV3;u
^SSSSS0
^SSSSS0x
G;r3_^[
3VVVVV
W>+~,WPViYP
Y/V|Yt
Y}3u;5S
YY3BU`S
PHYY`S
1 BPOB
|_3^;=lS
;r"@QB
;r=@QB
+SVWLB
1E3PeuEEEEd
Y__^[]Q
E_^[]E
9csmu)=A
_[^jTh
Ej@j ^V=YY;
[j@j YYtVM
;rE9=PS
<at9<rt,<wtSSSSS
L9]u<eE
F> t>=upF> tj
Y]3u;5S
4V}YY`S
YSVWT$
URPQQh
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
EEEEEEEE9
tNIt?It0It 
$f;uU,
EYY" uES
Fu^8Mt
M3;u+-j
_VVVVV8'
SSSSS8
F80t.G
E`p3_^[
^VMQMQp
SSSSS0
^WWWWW0
E`p3[_^
MNu-Wj
^03PPPPPO
E`p3_^[
^VMQMQp
HSSSSS0E
M_^3[i
_WMQMQp
SSSSS8
EHE3}-
M_^3[o
et_EtZfu
]EuMm]]
eYV5QB
FlvliYE
YYt:V5QB
P{YFDt
PmYFHt
P_YF\=A
~lt#W[Y;=
;YYt4V5QB
eE\D@|t
VW_^]M
S3VW;t
^0SSSSS
3_^[]j
F$|3@_^
MOI;|9M
SI VW}
HD9#U#
MLD3#u
]#\D\D
U S39]
u vSSSSS
FSSSSS
;t4;|"Mx
EPS4YYt
SSSSSJ
^[]UWVu
DDDDDDDDDDDDDD
8csmu*x
YYuBh7
VW33};
3PPPPPt
Vt@Y<v8Vg;
3VVVVV1
;t$tj
EP4,TB
Yu= MB
EYF`[_^
t.t$<"u
SBVIC>=Yt1j
tNVSPP
3PPPPP
3Y[_^5TS
FA>\t>"u&
uUEPSS}
=?sJMsB
Y;t)UEP
W33;u.
SSS+S@PWSSE
YE;t!SSuPuWSS
u+@PEbY;u
E3E3;u
WWWWWK
Y}SYE;t
GYj h(
Y+t"+t
+td+uD}
3PPPPP
u@OdMGd
uwdSUY
Pj1Q3CESPz7
Pj2uESPe7
Pj3uESPP7
Pj4uESP;7
Pj5uESP#7
Pj6uESP
F Pj*uESP6
F$Pj+uESP6
F(Pj,uESP6
F,Pj-uESP6
F0Pj.uESP6
F4Pj/uESPx6
Pj0uESPc6
F8PjDuESPN6
F<PjEuESP96
F@PjFuESP!6
FDPjGuESP
FHPjHuESP5
FLPjIuESP5
FPPjJuESP5
FTPjKuESP5
FXPjLuESP5
F\PjMuESP5
F`PjNuESPs5
FdPjOuESP^5
FhPj8uESPI5
FlPj9uESP45
FpPj:uESP
FtPj;uESP
FxPj<uESP4
F|Pj=uESP4
Pj>uESP4
Pj?uESP4
Pj@uSEP4
PjAuESPz4
PjBuESP_4
PjCuESPG4
Pj(uESP/4
Pj)uESP
PjuESP3
Pj uESP3
v{6o{v g{v$_{v(W{v,O{v0G{v4?{v
7{v8/{v<'{@v@
{vPzvTzvXzv\zv`zvdzvhzvlzvpzvtzvxzv|z@
V+VyYY
73_^[]
VhyY^]
V3W]u9s
P4wYF ;
P"wYv$;5
W3}u}9~
SvY89~
C PjPVEj
C$PjQVEj
C*PjTVEj
C+PjUVEj
C,PjVVEj
C-PjWVEj
C.PjRVEj
C/PjSVEj
t$SS1uu)uu!u
3_^[3-
WPWPWv
M_3[pij
j 7YEj
whu;5YB
8]tEMap<u
Zf1Af0A@@JuL
@;vFF~
XM_^3[kfj
PnY^hS=0A
Y%u UB
S3VW;t
^0SSSSSl
3_^[];t
^0SSSSSjl
U3S3@9]
|FVWt>E
VYYt=hpA
t/uV)k
YM3^bj
r3@]3]
V3#,aB<
M_3^{a
EVjxEPE
6WVhoY;_t3@M3^
tEP6sh
t,PEP6i
Y3Yu/N
t;6mY;F
t/EP6g
M_^3[5_
@[EP6f
t*EP6f
PW$YYt
M_3^t^
USVW~]
t"3PPPPPkc
t,j@C@Ph
vP;Qt}
XP;Qt}
9P;Qt}
xP;Qt}
ZP;Qt~
lP;Qt}
NP;Qt~
/fPf;Q
iP;Qt}
KP;Qt}
,P;Qt}
_3_^]*A
SV3W;u:EP3FVhA
39] SSu
ESqEYu39]
e_^[M3C
M]qu$Mu u
ru{vnM
tR:QuMPt<:Qu7Pt&:Qu!Pt
@AE9]r3_[
+UV3PPPPPPPPU
uOYF;~[
-WWuuj
WWWWVuWu
/|YYE;t+WWVPVuWu
nYEe_^[M3V@QL$
EPQEPEj
p;t_3FVP\zYY;tMSpxWu
V$zYYl
;u!9xt
W.GYM_^3[n>
NQWVP#
SSSSSE
WFY39]
Iuu}]U
+EPRQL
3;v.jX3;E
WWWWWD
]wi=<S
;uL9=$S
YE;t'CH;r
9}uH;u
E;t CH;r
PSu8rSu
Hv9}ul
#v9}th
3u|u|u
u5= MB
S3;VW|[;
t58t0= MB
]V3;|";
u$s0sVVVVV
u}uyG+j@j pYYEta
V34809u
;u'p0pVVVVV
u&p30jpVVVVV
q@l39H
P4UM`8
<PVEP(
r3VVhU
QH++PPVh
,P+P5P(
\D+48;E
ej0?@ijY1(
8+0_[M3^-j
WWWWW5
SSSSS4
B(;r3_^[]
1E3PEd
WVE!Y;u
 EU_^j
r!{e8ae
WWWWWZ1
u&:e8 e
3]V3;|
"dVVVVV
tGHt.Ht&
^SSSSS0.
Y+t7+t*+t
;t0;t,;t=
uEPuuu
SuEuPuuu
$ MeHM
tM65aj
;tSS6Y8
tSSS6O#
6+_Y]j
ASS6P6
E+PD=P6
_8VVVVV6(
9ut(9ut
[SSSSS
;u.ZSSSSS
MfMf;u!f;t
E`p3^_[
H8]tMapUj
MuJ}9_
u+XSSSSS
;u+XSSSSS
E`p3^_[
H8]tMap
]USVWUj
P(RP$R
UPjhbA
t:|$,t
;t$,v-4v
UQPXY]Y[
3SEEESX5
PZ+tQ3
X 9} E
AP_^[]
;}"+]t
|3Et^E
EE EE$h
u+t's C
RQMQVp
<EP3SSSSWEPEP//
E`p3M_^3[
Mc;EP3SSSSWEPEP.
EEVP6)
E`p3M_^3[
^0SSSSSV
3PPPPPd
WVU33D$
%#Vt1W}
_VVVVV8#
^SSSSS0
f;v6;t
Map_^[;t2;w,
Ej"^SSSSS0
QP8LYYu
3PPPPP
@u^VoEY`QB
t4+t$HHt
ItUhtDlt
P^YYt"
HHtYHHt
2itmnt$o
PSP5QB
]YYYgu
]YYY;-u
t-RPSW09~
0@?If8
@@u+(u
EPFPF>
u(9t M
`pM_^3[Q
SVWwYe
WPjXY<S
tGPX5@S
XYYt,t(
;t0PxXYt%
5VVVVV
;t_+^]
5SSSSS
;u+4SSSSS
:YY4VE
;t+^8]t
UV395p}S
u<4VVVVV
S3VW9]
u.3SSSSS
v(3SSSSS
E`p`E9X
8]tDMap;E
;t+3_^[
UV395p}S
u2VVVVV
VW33G;u,VVWV
P8[Y;t
3;tuWu
t VV9u
e_^[M3
EV395\B
tVURPEPQ
M&!E9X
P6YYt}E
eMapY /
E`p:39]
jXEU;u
,SSSSS
P#)YME;E
Y]\3_[^
L1$!_^[u
&VVVVV
u'339\u
JB|j3Y+@M
JBjY+3B\M
3+BL1<
}3^jY+
u'339\u
JB|j3Y+@M
JBjY+3B\M
3+BL1<
}3^jY+
S3V3EE
F3WE}]u]]]]]]]9]$u
<+t(<-t$:t<C
]<+t<-t`}
+t HHt
B:t,1<
+JMtHHt
B:}OMEO?
tEPuEPu
3f;uBE
f;u!BC
u4}u+e
f;r#33f9EE
M_^3[1
]EEEEEEEEEEEE?E
 u}fu/u+u'3f;
;u0u,h,A
`EfUu}M
MMMMM3
3f;uGE
90t!uuE
EFFEM}
EMuUm
HuMu9Et
u4}u+e
33f9EE
f;wK3EE9
}fEEEEEf}V33f9u
E\3f;u
f~7}x+EMe
EM}Um
H}Mu9Et
u4}u+e
f;r#33f9EE
ufEEEEEfu
~(E]Mm
0K;]sE;]s
EM_^3[
K;sE;s3f
SVW}]3
u+9uv&
E`p3[_^
]UWVSM
[^_3PPj
SV3WEN@
B:t6t:t't
B^_[%XA
MHe`T$
{Mqlq(qT$
oM<nMXnT$
nM nM<nMXnT$
MXM_mMWmMOmT$
d3;J31(
M?XMlT$
&MtkT$
bad allocation
kibageguzovewana
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
bad cast
BMraB3G
bad allocation
string too long
invalid string position
Unknown exception
bad exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
UTF-16LE
UNICODE
Yntan
GAIsProcessorFeaturePresent
KERNEL32
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
_nextafter
_hypot
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
CONOUT$
GetLastError
FindActCtxSectionStringW
SetVolumeMountPointW
VirtualProtect
LocalAlloc
FindAtomW
LoadLibraryW
CreateIoCompletionPort
DeleteAtom
GlobalDeleteAtom
GetCPInfoExA
lstrlenW
KERNEL32.dll
CoRegisterMallocSpy
ole32.dll
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetProcAddress
GetModuleHandleA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
InitializeCriticalSectionAndSpinCount
CreateFileA
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetProcessHeap
ReadFile
{U_p[HA
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AVfailure@ios_base@std@@
.?AVruntime_error@std@@
.?AVexception@std@@
.?AVbad_cast@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AVbad_alloc@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ix@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
CHOp'W7
]%lo+KZBe
XK{VXJ+
Bl,s!6?G)o~aZbh'
|okbqW_r{9DHv>!I
=0,lL=
.&8SJK
MM"[IB
y$x0~|x |]
<RZC=pIb
xE6 4n
Z"na(q
h<I`mF,)/o
V0Y;{@
bQ"[|uY
B%=NT-
l~FiS\!
A9?gSn
-k>-K1/i /QFxRm
~K;tu@wCZ4OR4r8%3NN-
h,4v)lGO/N9S
}iUI\\KW
YqeHTv
>"".Ms
.VKglkvV
!DgDq@
Zoa$kU
zWC=lE
Esp3EfS_-9
#yQByR
z\44I}3njQr
D70i!x9
mWV8\s
<SA-Rm
40J\gLeVWa:}
FU39]6o<Hu6%@YA
^zuz6GKmo
3tnxhbhA
)id!XN:`:
/8i[!isx#o\} YU@<
VryUku]q
Ao}SsH
L#>XIs
]|!W^r
T0FK)`
kOim9l
GdQAZZ_
gVb4H*
Q%HVbi~^"^
m{I8v_R!
%Yq`HK
&~7'6Z'
 =9d1"4cz9
Q%HVb)<EE4khoX"Om
i<zq U
EK@t]fwc+
0%~l)4v^9d
V{`\/
Cqs4cG>
;K9leXG
DivD>J}
xh,qTV71!{xyN*
2tx2tx2tx
onvqoG
.Me@v><.i
k~N(=Bx&:\
?jJ\e~M^rrz{KB%
[>,&U3
&Reiz%4n
LckEQP+Z
p7+`w<
q4{hH[a|%
[$e8|@2h
bUeXH3
!hMHwBd|@xH
,51k8t1
VR$maNV|+*;ln(/)
FK4tta[o
tT'sv6T
&Hn}n]'
s^4l.r
ZuF1yvZ6G
@q55oM
M[j*T='7
b-"28v
QaPK,w
_0TJuj"qV
SM3UIj(
PqV2~<
Kw-4=i
>?ai?P
attqK*
\/BDC:h)H?{Kia/4
nXfkHh7b
b$LjY%I;?
`?X5b*
N#5AJ[
s[ambthu_$
FXZ"ZU8T>x/
r'HXl-=
J6t3xfw@S~+
\bRd(8i
^V(3*)z
 Xj_G#_}
nh%eg{y
5Fti@
QEg1tcN
C2uv~,HB
 V?lQf
:(G@ve
&*}b' {,
Ug=AlkqX
)|1[qDDK
gjT(](;B]=
}N>5b$#
TWyS_F~
%SDI`c
]Q1rY&gCS.i
0N!uwbG
w3%xb cO5V>+l"L9yjb
_t}?^&
Z+Cjsdg"Zea+Z
o= !rOh%U5mI@F>LS@&
>N|fbg
7byi1o^,oh
`_NqD3Pb
gmjiR/iTE
xSQ3!w
I]-%<Dx?W
lAx<"fs[Br
u,GJ*_6
X,,KL<0l
7L\.PyG\
gwEzeFa5-
!W uH]{
cdzS<s6;~
_!jJc-D
;s$Bq"
-7iW_ln
JO(0Qx-y
dWmJ`?6},
h.]UR-Y
-nm}i!Kq/
K-q7Ji(*h.0c
Rfz`~SF
]k()}K|
iF09a?r$;<nn`'PF
mA/)n4A
PA[<*yc
3b&^I6b-**]5^
viNOBUbn
=k}A+TC
:HV:tbb]<k<Xca)aY]Z
5o%vOr;W5
}<0T;Pj2.
"#j,q@'0
q6dQIq;HkY
qgKd|K
j4OHH|[4
D n'iEv]
Z#/ibr3H>7'
^F[y_r]* e*mapkX[W
O8Wc'B
>UDh-iE
D#1vc58%
WjdEC]{bM
(hSV&Uj
hEKd(?
 PHyQg
NH\#!Y
MY4n`;
*y:]JeuB
}luUB=%ya
da%1Q=qJ/rW
B3PzQ=y)#
^6I9Mgl
I-VjFh
[3geF
n2}X;
xNZL_
]weLnm
J/%A
uW^(C_i'L
Tzw-t`l
?4B3+'
$ZLk$JE
k\Xpq0C<|
2G1%!d;"
@WM+$l#spX
G$#1R>B?
czt}G!`
]iUVY_xLQ
Bm@i|2J
"()RF\}
EWW_'W]<
5~1@+VT
t<AX1\jB
>X<~l;D
m}@a9TO%6VVu{B
=) :Y2$
9)A$F?
!Di#p_erc
pI;W0N
IjQ4hx
]4M**0
LoZj<THR
y\icSni(
:D%}nyc|
s9r8=)
6l'!0C
~f#](?aW
@7(C`*
Cy2$bp2
o2)5n~?d
Kh/}vI
"Y-vUC
_L\`})Pq4Z{kHA0G
5J]TPo
>c`!Yi9*h#
{#yz(<k0O-kH
8Cq([\
Iv6!xX|
G90(W&n7kLG
!ibb:V~
LhDi55c
Ij{P&ZJ6?
L)6oO!
iY>cPL`N.
=E)_Vb7rQ1
)( y7:5O{
Jtb]v(q:|d
!qu yk
2sXE%O
8$3srGG.
Z=%q qx$h
63]g:p]2(
hi~E,H;w+
>U4Xl'
TLX?h"\-LWU<9ZuL1,T
HAn(D/
B^2bH"kBP
v/m2m:
]OrspM
n/1r*f
O`P*Chx/y
:YBr0$aD
O-# SO
SwOOqxT7k!w
i-Z.>d
RMBAR9(
]NdeYMSclK
c}l#\+m%{/P
'0mt.>
&#_c8;9,gb{v
AgZ&/Y
TXQht-
"kv\`RxZ/\
 E_H}*fe>D#!
t[S[Va/XZf/E
+yAgs)kn
bi$V~[YG2Jh
=+Kz{x/
3xWx7d8x
"rV:b>=MX-
_$7/j1
sr{>6Djr.9
):JW)w
OeeUh_S.{@Pn
QdN%H[p]]2"hCW+Z54P<#yo*p:Fr
9B` xB=93S
bP#1;xa
=jQyU|Z4
/$iZhY
e#`":C+{?5
"JKN6\w
2Nn+F0
cDXC1&8?
^!3\r|
OB'URE0c
P5lWg8W?&n
C)R[tG25
J(X(.ugLH@
uy{bOE
+"9t82
mQOQTA}
 rSWdEx\u
eaSI"k
1eTq~/3LpQ{a|+@
$*~`O?S
?8 f3Kv/\
\T>qjX,
-F8f6<
&}]yaC5 69u3%
' fNY.
v W!I0,
W~~E{\
~1c#VG85Hp@6
> R\tJ}
6e_2oU
7|6Co@8!Yn-%3iR 
)PK~ddl
&#,{4xg
ax<FOnG5%
rO4M?zp.X!8.;
9Jsof("!
zRs$H{
gI\?t~
0%HSc!
+%~+tXz%
S|rQEwfe
l99<$d
XV>DT^wS!`>
"!8PYT
p<9bZ"g;{,
;2h;F~M<AD?u|p1t;
q8"RC
 L:GM-\pY?;,0
_2 elb
6!fh5 (nm5%TV0
,a/ jw
Fk95wk
'rQ]BJ
i73f0J]~
-`tl,D
%jA2Vow
cs7#vW*EJrm
}L)tXJC ~
4nj%NH:E'
`~W`e'Ez
18_Q+R
kBPxf8
+q^f@YeZ
OqnXY`9kmSbj
M&r*Zc!I
dCQ.6U$67BCc
J"QchC
qNnZT_Z
.6ezO*
KC2rm+d-!2
B!VKQ$
[-YG=4
 t8NRb
#*x@"*
4g*zSl.NJ+8?{PG:*$7
>:61:>-a&jY
bIarmC}m
5dct#lR
N?r#cTWg\G
XflS7sAkV?q
M)uM[A
.d7dsS
^Kw/rCG=?w?E
w;,lWU2z`Ghz
PRq.KO
M"VIlpiS0f
a9`V~y%q#O*d[
g)ZHI&<b]
|RLjWQ{
MgFfV:
&*{!FEO
-1RQ~U)R>^rR!c_
ZTQjsR:g
efUD^Mb
7f'F$*Y[g
zg43(oaV,
k!e!r:$'
vUYtO`
ST\dzL
f_waH@pg
08SW}Q
>%A&GfI
L+z}H(
QZ4MNH
2Y;art
tn=}!S
pj0Ji#zr/lIv/
7Vbp7w
+eS+3%b9
b;|GB-
Eu.9z]]o#-MKq_f
EG;Z0~
,)k_k6
BC5V3.qK
A=xMPF
noj[FQ
gz.\2E8g
has|iG%s%tC
`LF]H!
^9%\T@rf
?EypW]
A/0{")E
h!\Zce
VI/SzM([C.y
8'lK2w4(lMKu#f<4E<
AG(o!&%S*|5m7XIfg
-CY9.?x@r
^'d6} }>}d
8VpNcQ
%Eat|R>d
~aP'fw'
$G{tk42AWPM
VnMCcN7p_
eJxbU{\
|n%ZO<)2@4\S+
P&{ikc 
zD+rCC^/
~z3~" 6
23Xn{sI 5f
'yD:Bj]e
#lh>< 
W*5m"
XluL}AcxS2LI
)gL\h_SO{.
M]d7D,Kx
TS}|8z4
U@R|T?ertQFwmwrSCs$
s^`sAi
}3A /#
%/WIaM
fMd(59!3
H6YO2XS
)' UG*;}CnmI(k
Ik!|4GWaK7
*+,F(r
]ui#DEZZ
7bIq5vj
J>&/_0
zmt/hal8@
egn7,=Z
\&v)m9
s5hfUDW
?)t <8mFfR{#rD1y
g%X,ZH
oDq`o|
F@.fQ-`lgm
4F*0gd5}
h7<84U
ypeRCN~eE
MO0pGHL
+ULp]-+
VilLnao$
gH3)73r
6e@<$h,p
TPxq=j
mFuQ6nuq
B@2ON;Fm
?h,R"Q?
I|/Qg`]
=\Q>?dc4g
s"=#kcTR
Eeq6NGH$Zhx"(
s|z#howcG9wm
,U:`=7
x^@GOrN
8=gHi#
QQd|bd  
(AyMU%Syo=$
it83Eu;:q{
}Y_|)Z=M
C$#gwK
E.RIp^
,T!zVP
LP7wp
H%_A}sM
giMZW3
[gb5[wK&Z_b*d30;>JIO
g.BFy}
g\"DX6#
7ocJa_55xSo
1nb_wS
N(wV4b?.QX[
Hu>n|q
RH2nRc*=
aH4k&{i0xQ
BNzz@C
w\1Fpx
X$b<eH3G
gK<B|QOq0s
Q^{{2+
#'WI'!
"Wq^5x0zh
Q(CQ.gVv;u1s>0
H*`i{7h
jJ[mHM
bGX $\xQ
_wnzj3LR&$%
"Mv{tuh!
Zaz5iz;KRj3/ZZ
fC7k(W
<*YlrA
H7Q#<p\
us\` Tr
>nx0;\;Y(hD/Cy
huED4sNVA/8d=-bS
{@H493>}qBG
>Uux#>
*Y}4Tg,?
3ZH7L8=
e>/;TsgtMc<
aS;f83
D/~#KB%
`4?1^(
WhpakP
dQFX`b^m
h*m6-Kk~sAU8DaE
R4ZS@hVu}f
ZKG9s}
V{S"3L=37
0Ln~~TbJ^rf]YPA
Qw'vHr
kuGR}I
Q/An];T-
|EkEJH
$g70%$2
|88^:3?/<
(g[V79;D/%w\
l46Sw-SiZ
 <nbN]Wl({kBC&R&v
|,P[/&&2_
g#[#+X<4^H+*
^L|1*L5*?
`Zh\1S
vgw7@W[0_f|JL*k
ud+'G2A
z2Lwku
:qhdPNw8
7[v?o)*+I4k
A?3|Yj
=GxJq]
jLpFdj
_#474&
NyocF/
]bdQm_$'(
HGU(KS
D<Vn.Tz
$`?(Vz
mN|whg
3htVWx
"TizBCL7UJFCjJ
*j:GtWI/p
jj!n);~5
HHphW#y>4V"
je76q7SW|
'6\yXh
DnWyO_
lB(XZc`
qI#$bh
[S!i6_
,aVUxk
bE>iynwR#[0E
zq_>?"
>X-o2Y!
Dj-'9@GVww
 >f>h~O(oK
I1%!N[
,;T/u9G
7.X`*3+co|
r~M~*2
}97Y)Z'nU#
c0)8U4IZ!
h1mX>5)
BuEz[q@bArO.{kZ
v?0h#'t
5]{AOO"5
$@LA0
|GJbdaha/>FP$A
[?-A0d]Q'
l;*<IlLJLd&A
j l:jz
Y[H4M?Z|Uc!0+
=m3olL,P
,t(u6];iB*
5('h/y=C
6h"W*@L]ER|Y5I
f4{E}Px#
FZ-#Jy
Ath~oQ 
"mVh0p
VJC&n+,$k
~zIt@{tk+
E&s1,m1 [
V`DS'dz~^
!=a)8>
{$|p;,~w
+fT7^f
2'Poxt
nM}Vw #
J3 b/aI
N!~.}m>9
g2l||B
?V2^mOyb6k\
-T.t)EzL=\
S,m.S}
Gwu(iiF0nO2Pk
=89;sN^
HW`s 6y
)E<[I2
ka&Y^UI
9PFj~:
W+zvN?q
@k*r$Y
`^T"yIT2}_,
sL,4Ni
9H7cZfc
xmsSD(g
%,inT[
j0`|T+
db~TxYa1
z-5gi@9
zeo3n-F;K\
d;@9**
U\O>}T
wD`1$dM
~-v3]?b
)kB%ZC=
@}brF
33V~$03gV
ACU-6S
MN<8b{
j?,XIV2U-
1/*":8Z~,
F%Ki6|pMLsAs
Pl!y[=u$
n-;15V*v
?431?Tg
~So`|S4B
l}rvgMnlf
0#=U\W{O
4mp'N=
xJ1a9]gvx9;QO0
qssZjSki-V@
{~(/I2f5
FRH]"!
;|CG1,&q
,nz,f|K^eF
 7E h0'wW!
oM-W{s\
yw?W3-M
,!l6I<`S(a
'u7'pc
j_^ 2Z];chL
h4/aMQ
3eD<j0U
Q^T^m~:
qO7`)lNL
p_Q6 Y
E`CX2`-
?FYd8~
yzg?5w
=A0/Z.4\Vm<v
\mg{xm|]
?Eja1d]#y34M-N
*Qg4 s
ZaUpY`{~Y
v(0r{~pCS>Y
@J>{CIB
/h_u&k[+
Jh>f>$S
!fyB'^t
rz!P((Jow
-y7Ip%n3
0|0HDaLz
W[W$fD
BFP<?}(X/
E^_KsnmPT
hriX+}
X<ua7RdT6
+HZHSs
IgIWW$(b
<Aj(BE"HKbb n
N;K7EqB*
36?1+;
.8aRCT]<u
V<hGnthB
@A*6&Y
`fF2$ i
SGbo_RR0%t
Moii\A
rZU;Fh i
uzplM^I
l<P&p}
h|?Tri
E/:_^d
5g!#L ['Rkj&*jF
4$Mm&'
e/s326
PdD7UM_
!pd#ui
1ST]_%PV)
%:Z,bKDOUVN
CoPJoK?n
C|XGua"
fJpSCO
ov2C 5@aF
JwtArD:t?Z!Kt
(Gtno>@
aTE'V{=EN
ZpUJ09]xDt:
kvaJN(
qk;-9?G
a"=xq}6"'
bO|]5I
mCM%bT 
~cj}ox
IY"`pX:m
bg#^T.r
-'8Sz.
yWbQ&s|Y/
j5C~FOv
gFU+?tz1 
S2iZ]Z
jN`T5vd
m/OR:j
}Ms|6Q
N*CeaJG
B09joT
)m.fx'
zP/tUh0&s
q-Zr|j@?
*xCh@R*rm4.b
6vy%cF93
]$tBYuRya`
=x+H;u
LZVBx:kt3
QNZ?M`
Rb|VB*
il$HtT
l*}<vo
j"!t8>
g~{K|xf
49d3(a
\Z.yB=D
Mvh-I2j+y#
6gMfZ?/
gdN}Ai
/I&(m>
*!0Y{{t[
v_}tgHf,
"Ep'jdfOtWI
]3LMZN=a
@&pq6*NG
:4uSPg5~
KJqM oA
[h*ah*c`c:(J`\5N
*SSMdiA
QI2x*?-j
=H4zlQo[S
-$+Js} w+k
~=^m&J&+)
17'5ZnX
>EiRA>
C8N0/FU
pl&X{&Lmk*!sb
,H?\# #"_
S"{~{A
%#?m;y8"iI
)Q#pbEYF0t
yz!BK62rl/
~fH99R#/K*
q'ie0q4JRoQvc
QW,@j^(k$5;
3.Ts>]Qw(3
ZV5o0,q
j2|D7]t
_SUKn
-X"iaYD7iRw
iXP!]!s
Bg&oI*V
jc7H2$DUoEBj1x
2sPw&i
3Tdruu?z<Px3}~G9|^6F[=Ih
cJ2Wf}
Zv|7{'+#MiD1
%{[@w+
h~H^O6n%l=-
A}wXz^
F=GT/,9
y2;rs+ugC42=
'b+I p8
W>.|R8MKH/0y
QUN(2J
aIf`D<
y|nO,wM
CQYPQw#
|5d%"Ch?
+G%P?2[
|.yVp_8M{
B]Se-?gm.J'!i
^r*L`;kAbsx
29ZV>4z5I
;d{9Mb(
|&P-yW
&Fb!9D=kU<>[*,cat
]V`)R4C
RVPG#yZD`
a$mqlI@
[UpRR]/
+"z]_.
(udnUc
-*{%|Zx-jHWI-
$c] b\W?^.
^up][2h{90</Y
&DCd7]XswM3S:E
JFi7B{$74o=u
l/SG7}B'7Y
jm^]cr^
gGO+ul]
~#.mN.c
:mtpxe2WYk"
fWE PDA
eJQ ;4T
(E]Ml.>C0U?CK
BM}<k
kq279x\b
`]SdLQ
:)d=caq!}
"f*2DID/0N
1'aw/BK
p-S]m,o
m18Kd"
_BRo|g/ %G1j)|`J#q&d
%;6C;M
>7~ ir
@v1D+w;!Pot
NrS#Ggc3jyn
d;y&=v`V
s,OBy1}
V6S]=2rC
pDnmIl4@!OrvZ
gw5.q\
PuN.J4
ucY=Nv3
]BIZL5]dV
"B]mi?
S8/!y -
=0DW=+
o 2`D}p>6ok
bU`S^GVyL?T,1
VPlb^)
dj)!4%,K
[#xM7-]K
_Rz5jjz
;I{S<wb4Z%
J>oHIZ
wPkk?y
~{Q(vBf3,
obPO2dV
i6A?[V!V
/s?XXa$E5t
 G#"e?V/
g`SxCh
%oWUC0.#!d
A=s/^.5]dY`1}/vZ1
^L@.K@1te
(SpXSj
Ya>d]D`1
Szmow4
GP/Ot.09T#=C;U[H/Qh
#T>@T?[Dm^NMu[?lq
-$:o+C v+v`0n
`z@S]30~r!/DyT
E-j#>A _NhE0p
1%Hx)B7P
OBxb:iLHZ2kc
s^/{),
B\<XQW
(wrLC_f
&,[/t:Bf!
S/`G@vG
X_QNy>
1Eau@|
8ZTw7+;2LoN
>+bi G8V#
RxBB-I[
l0b06_F)
o|KU:\vSn
.C;&bAhKk
9Kwp2N
Y&7(O[[
]I"L){Ti($/
&:_{RQv
Ugu@Do4
\o#IxRj?
m%wy7edBPv
%{x:sq
}53o_DJ
s`*3HY ]kr7y
V[2B4B!
Gg@:|lR&3
@Kc4rFV
F.]PJA
JD+Iu&R/
J-NnvW6u;7
::{W$O[
<9'b&b
>eoawvu`3
JV}@S^:
exwz:_8C
&+&<LG
pn%SD{
aZDJF`
p?_oe&4
gCol>t
',*[g$
kQ'5{{
x?75o|s
+~!5?/x
#Dp-En
J:4mlLH:{8
S69M<%I':r?7n
w7$wfs
H19@z=$-qt
:u"r$t8J
#XEa4IU
g(hN2Z
)+r}2~
Fg~ZGrkUI
NrB@~pBUt7
_<_}X-k<`
P!rA.o*p$!}4}\vOaG9?rh:Mp
+t@kF4
Nm^rd5ja
fA;Ir 
0I.]'J)q5SCCJ
>Z0mJEx
:K!AU$
\;>cdJ|(
j3v:81~W<yv1`|9 
ez)Unblbi
8$5vb3HH
*0fDAq$[Nc":6Y6
rwA?jE
~wCnAh
h3dkaalx=
fOAy~VziU
Q[(gO?
QuX B
&rYh"d~
-;-u}P
KE1?[i4
D~-}$z?ivV+8F
EztgH"
/1288O
!:Nz;Ps>
2e[|"V&E,Y
.!ulJL
IvnX(^L<
'WxD@'#C
rZ3*nEY .qs'3k'
aat6TKHQC_,F
Hpw$o_#
j~-|$A
0X+)tf ze/;{H{Q^lX
UN&C7LB
P]k*+$
!qP|(]ADA
)<)=a7!
+]']i v
0HFK<lv
0n08~tAESxv
-@ Ki9<
$vos_1J7
pE;l_gtw(8lx~_
Ka%j:DH2j
9 Ag.8{y?!@(
Scq Vo
Cv"c|)K_P[4%ldb/D
&^ocE/P}5
gP3ZM|p}K
A"PIIL^-
D]`M&}Z*K{fC
m*".k.
Tto`_(t(qyz
wRCt")
7C,SuPC-
 LBgLk\
:%\+Qkg)FB
]1U2##@D,csmWzN
H2\}\]8YM
Ong:@Eq
TD$%YU9<;pYN=
|S/i9,\
KHindCi
0BB`tyB
'/a#-/
Pb2n1-5
Y6?t0hP
!X<:K/D
'Pl'k^:2%$
d{6X[
$IR'Xc
C##()<
]1;RJpMRcTf&w
iNV;1q
!Dohkoj:
$`+V^qa.
zP|!D9!U,y gY]6
;@Z7Xp
3{D$D?o-|
:S'cbC|
s=JRei
'|4g)ze_]9.L ccH
c4ez<O2N2@BZ
st8/Pt
h@Cn!ib5"7G
^X"GTL"r=R
tALJXV
/YPU35Y/x5R
2qex>&
Zhz\st-kM
N0Z%~T
y/R~=uuYN.q[
;OUD8<O"
um/#35~
2LM>E~5
%SA&]_o
<Z-mdS
F{t%* '
h0"z~:[xf
AOW]|+T
[[=z)
{Qj1^B
#i(kZ.;
3}LYOm_imZ6<I[
!*k?g`h
pcW+H`
VP-s!*$!v&aPZ
Xifg@>$E
lVb'd[
FG%g3L}
Y},NAsDi.9eYeP1
gkM>7yU
=SXMl*
'H%7|-%m{b[N
h=n{?n
[LLzvUNE
8 y^cC9m
_>Jwle5mc
MV}Gy.BGY)
/|3"_M9-~&FF
$nxcLLDx
VE*$Qi
VK,#si er+]Ne{
D)Sf/v
Cb$<^Ov1
oira1G
jRTJMn
C):=;
n=kr"9G
"0?7(BefVzQ
jNn:VY
=W(!dsu5
 PiVy2
/MZBWp3
7@6,<5<I
,Vjn!B
$}K4!YE#
!f%V,M\%!nS
!u:/p{
I)@'0Y
Wwu)~~/0d
D(rjP`2
zE$uiTX
J$m|9O 
@tVw8%vi
eju%RN$p\>U
(H'=4>OoPl=1
@P0az)
YgS)s*<4\Xj)
04=?!!J
UO$^`Tksy:#hqV
*dmR$^
C+!?K+&
)drBIs2`
O.7y:
t9"R*G>o
v5gFk}/LB,+
v((2l!l
RO[Br*
xnt|P9
--kCNr
6uPe4
^fpJ6{W
s}vYm"
F~k1h:
Ri9g;U
Xe-CN'^PF$n~F
lJ93mm4#t
G{ W6!>?G
S'e+T Y%
rVc$b&5
>J|a=u2<m;#
qJ1n_{
(Am6*DH
Os.lad@g
}'a[2\k1'v<Tv%J
MYYl>/
/d(^E<
5; Sn};
l(>USA p[
,oe)MU
AB WBVP$
NL?E:&`Io*u
4HRzBw_x
BFvd4?;y
|4Z||nt
!UVpM)!i
h^f$kis;H
3zXG0,
.xrKF8
[qTFo^^
`$>-l&
m[!AzL O$-
\e3Vo:KB]W
BZC=*XE
K93*Sp
dtJ=K
2mF^}T
]`])C%[m
(W>%_n-ZS,^r
wpA}3;x
623, p
k`c]{-
>0Z+C)I8:pXM8
}|;:pjsV<
:T8:[v
2CU8N;dvi
y3Vf'o
 uvn5<p
rg E&:{}`[B9)QZlz;Hh
bp9`16(
Wg!n%)c
lsa?Du
oUq>i}1&.n
P9'zX>
cM_p=+I0A
P.8Ek^
Cotkgi
o-u@y~UF|:V-X|
y4wp;g
WkQpWU
JZ7lwj
9X0_Lc(
Z;uxJ 6F10:
?qzL8=
&6Nh8.
9>KH1|a}&gL{
ftI7_=(8
4{eZ*K
7 OpGAW
=M\2?MDd6Xy(X@
RBNZR9]@
e*4z7
e|:J!-1d
"k<Kux
f~P(ptX
kmigdI
l}_uQs
F9;&`&|
hUS'2]
=<i6J5
+mj/E9;
6p>]Zi
D$iWA/}
cp-F'e
/ QyXiD
A%a)r&
jv,T~N(^
y520F8z|
`cn&f:zeM_
]ux'Uq@N#S
%X%c%&:`2&Zo
Cq>>QGC8
y"+?>&Y
4G!GOL
QpA\"j|v@
XE-[qxE4bE
5ZGwVc
zAZ7-/9
,AOxcA;
vp%q}KSY%)
p7[H&PS
0Tq4hn
1iD/bA
jp1C2tQ}px
27nn8;
[_B#|J
:fd-(s
c> Xet@
E)>!gD
s'ED2n`uT
~UEDch.Vgn
xJ\kcg=RaYg
^Dwv[r_F6Ff!
pM8ZmW*
{iwA2D@
~82eR 6Tue).
lcS!IVFJP
?pWlYDvm
f>-Xh!^
wh5#Kif
<g]M(}D
IGVc)@
y3~;d{
5i>Q-m{
*N\d(^$J
36uzi"8Z
C>Y3I_
KVWG1;4
nNf ;ekM HCG
u?vZzC
]tI&GUF
HOSsCZ
m,0k;~6C
1[@ Vy
.-%}e2VL|]
m}pnEj\
i},J*wPWD<.
+R7:%`
|M#\4uT
7+K3x*
s5W,#K6
+U+B]%
zCg9,7qJ?g:t@
.7O$#]
2`4T% Zy
B[6xlN
gowSRi;O_&*ocOscO;?`
-0ST@'y_
!;TGY}3}
4fVj4)
sd4 ;2H]z,7
!<t~rbqrvy'
`]x`Nt
8m?.MATq-=f
x(4]$4R
~eLN.[@
w9h.P
7?9 X[
9%IHQO&x
9AQz*.;Kt5
af;1g\*N
`\;yxfD[OZ
4?O#s\(
5U~84X:AsPH-n
lOJo2&qE
Iha@wrE#8
b6J#AmF0.ic>Q
Yl)w*'Fi9F
%s)j.QU
Ie6eUG
*RzY=:4>,
e`)uKDA&
[ZK;73;mk\[L>9h
`~k"H
-E^M"|6p
[q3&l{v
}[gX5bG
-=)zj\i
~Qb awtW5ok:K
e'B8s\ho9e
/^c@W=m
jv M%5
b#`IzW
C&]O}V
p&XbQk,(?
4_o|qRe^
?#='hfHMK
0@h#P)
>%.Eb@KZ<2D
5yBYDeT4'
2xKR$G
^B!NcYf
<SQu?vK|pT-H
I5W?O)$a;#
<bICDP6t@
z6#@D,9
gC?AN&c*ii 
Qb<e(jc
."fyd6 
^sGpK4
%G:b $5N=
K[Ic`D
q~]z^'.v`9!
0+vMyD
h<FsFAg
@/udpE{:
C%+X8KxBG8^4#xl8]/5*l
n1_!F:#!{P\`{W(Z;
3}Wp=XX
pE]m*0!
n^)}g
X|501T
_+< Wm(A
;dw/ug
5/\86`c)Wt
3.jBq_XAkj1!iY
{ngOD~M2->
w56}"3\w
\9MV}$~gI
-CB:zo+2$T
zqI]^OP$
SUgvH0i
^!AH?_K,i(N^f
'b1p?_@
MU8K*N1pQ<K)
B|3-pP
ck'9!z>~
b^isT
Xvqgq*r
}d\Vz^B
r<u6my/^
KI>\m(,55\ _z~Gs)
VW)xpwLwr5w68
,GSDZ^Tdyk
M\1["s
u7ASUm0m
[:IF. 
Gz`4|F0
H=(r3975
V#v@'5
-P@F-H4`D
u!k>LCC
-(hBk
hu4GKS
UuT6D/}
oZ$13$tVV'+E%h
YsN.Je4
u@)*Uz-
Wx)XX'7Ut
]T-tIy|
oz|u[D{a
hq&[Up*xtA
(YI.q4jb
k\'SY[
^a\<=/Y W+6h
t*psj8
Gu-NNMFk,
h'#|Yw
+0C,u.s)>#}JgK
4H'gr6~
hXwaWg
&aviFW
gc&pPc
%FM}umB^P
h]> e
t <z@6_UQ
6TSR89-
qA&NeL
d<g<l`oK@X
[MG:gX!
s|hD0W
odnuc6_
NjLizj
gnG (rI=E
)6X@D-
4S1c'i{F=ce:}
M}ve`gD
BvucFm
;m}XN5,
^ynTXZ;4s-:dp
[8]/~X'qZ_Bcr1uhVKa
|woA5l
'U.X$=
dc.:#-}I
ryj@ZFI:
ZC+Q(|5N
/vJAN`24SXa+LX
t?*E3h"uu
3+H-aD
kd2_Dl~Dqn$
Djpb)2(M|
K<}t,&K@<
R-JJiYT{
(/USMxm 49a2F
u.Ze pC}fX
a+|mdYG
N{Uh/3
%b]!FH8
CT#qS>q2g`
a6-M4Fu+
$]GyGF
8:M_\H~g ;J
i=|S[&Ev
D1@@s/MG
7y"40n
(C#5R=
nT1_LOO]
:;-DB'h
vt<'SS&$inq
;=B6/4=
>@SPRE@
QOo+fhD
ObJ03l
Ql5[PgT
aj\D}Jo
V#qc?J9?
1ukP<JL//vXci
e-W0:9x%W+
sP<6QG({
VonUiDF
qALY+.W
vg;:[&|pR6!n+
8UV(J5X
ZFMp ~!,%
.-2g>C)O\2bu?
+x3DB)6
vAu[{mzZw^l%7~EBf
bO6|_Mxy{
c=E3W-!\/
}nw!T}3
dTNP;*Keg1!
]5/_|Y>@E]F
/]T68B\?
qq8UuV
YhKU=O"3F
b/:cHXa*(
P[ek:lm
o;^Wf<ubI
GmcdEa%
KU&ft/7x"
YDj*59_
e9zba$a:
bGvHa@/I]
F'0XPI 
`xZjP37JQbbm
!"0V\Fz
KnFBO7Y/}#
1:B@P)
{U?<%e
nRl%(Ois[j
S",*<8
-]6wu@
k{$4w?!24
uxefAx@
6QG<0S
T)Y 01Kp
u-H(^$o2{Z
v\y)P4
[2PUYvX<xVU
Vfm+in
cSlt.z3?
Mqej}_]4_!
W4uH5it
z[zA.4\ 
5gGacec SsD-V$BU~C
#-iJn)
!`zD9tI
Io.75=
%QQ:@^Gqd
h"=@k2*Ag
@U<'&e
eOD2v?#
!TdfTqBtwx
D~R-F`9
|Wn;;A
3Ye73lM=&
KHGK<1
1iO{@_?
-E!=\a6UfZ~6
Y]kuJw
>qx.jiFU.
;l*?X=8"
p(OhRG,Tze_x+
X2|\sK"-h
2\b5(}*
aXHAusMx+
|nv$FJV
d7YhDU\_
e]so^b\D
5w'|Ew
>@ZjPJP$g#em]v*k}pV
?%~_Rx-QUSKvY
Lv={FL^jDf=
Fxp9jCm<$`<"9.
6Y+>aZ|dgSb
Y\YIL?f
CXceAoX
"#@QH`Z
<Jer-{
=^'bI
&R_XxWS
NSpT!y
HR}99 5
UsCc'/<r)TxJ^j
/!Mvc9N#s{
@roM9H
mF6H{1"
  c0b`
S<e_w1-
ai7!t_
5$J`[?=QG 
4d|lC">|p3/
j?|D9n:
5{Q7/]
'Z]k\^3&ABV
@Om9#Gowuh>f5lT/(<
!KMO}AtnL@
?x)LiGjW
04UsKC
Y-$!{t)
.[&|J.5y%g'5C9H
SM=c\B6VV
xM"-u\=
87M)iK
S?\O3J
x1e,&=
1U2dM~m*]|dRf
u<~&]d
qgQZ{^N 
QxFx$(qh@P)
 !O3-6
za\Q~\Km
oy;qJ#SP,4
y26My(h]R
1n31;<
}sMM7g
2f ZO:
`7%e*Ye
P$~dWl{
b"lrJ7Dn
>(?95:X
`x]JMQF|G]wYpu2
0JO)@h}i=
Dpj@Q"j
72T.D1$xrn
IooKvS
(gJ:k1
B|p.9Q
H}50joa/Fo
7b|j~%GEk
VwX4$L_CxJ:|
kMDA>Bb>
D78[!$zzY
:{5jIsQ
tF!$"~
i$3`grp^g{
(eeQ,=UN91/
nmXxUv
YTCKQ1jh
?<M.rc
a(B,o(12
<Z\Tm"KswJo]7yMzo
gq!!ADO
WZt8sJ-lH
 d`ju>%No
zS\(mVtE!bk6
[6w9sD@fW2
H2y2tM
G0{'|)bXt
<0ZjThI
>/5o]%
vlJ`wI7
k2lf5%
"APBRyCN
GgJ(:3:
_WfDCM
<&y3A ] X6
lm1 <0
o<U428f
rv0p M
CFvKA1k}
]1%7y$
QRscS%o
4_?r/Ac&Q
=2ZXA{3
n^oM%$~N^(C*FdQ
DF@,RSA<92CUsKo&
{\D;6/]
eI2#%`Q
 fBZi2
Z#CHDnA
Uwh!C.
^s9Iaw`)kl>
is[?tq3['
jVv_ekn
eiqAw)>\
#4PU"9g8A
=LfqK(
?3IH ,:{sc57eyuo'
YD#?A.u/
=}hw\_COH$\nbiz
^fr47R
) AK D<
I{gkS
d)K4u$-@k<
]1bTeT
g!_F?ZUD"@8%W,sx
ri5Wrsy
,k)zyW^v
[Bt|dpr:_
Gi6/Zo
1{<f1r
?$7CE@1T>zT,MR
-|i?(7HBls[m
F/=%lb&2_F
=K3XGP
J"vnUZ
=sUEj_
-1b?BD Q
kt7 bU
}*PUrCEc
w~K9}{
$@Jh3&d_
hmdUA=
{l:T<[n
Rt!6c@x`7[`Mg(-
%YwB~qk4KN'
iaeDb7
a\`PvX
nmW(oK7
&~3=a_
@a]To+
(EdE2l;heRY22
;bU4UCAx>CU
40)ZAi+L>e/X
R!W@*E%kJ=C
iz-}!{7kv
s9rY{NBA.B
?)\N|,a@v?5N
p)H+&\E0
[v,N;wA
j'8Z3l3
}7Mo&0>>2
OGL2*JQb
`2I?zHJTd{l9[PM.
2'-pO2J
{td}9T
!\#Y7+tT%
eF.oozjS
DI Ki+P{R
q ?@DOj
6(4,8}
\|&N.QuAN
!($-w<%,`
D-"9 &1
zccePrD9
X>Lb!R\i^"
h&D$kod
iGn6Sr'5j6
z]YA18)j
}:Ec5S
:!C=t,N=J$
Y +E7kt
Y,|x0IK]n&
!F)$A[
k8Q{KZ
wJqOIF
3g\cQ@*L
C\y%"^;oNiW,
]fD-8l\Mo
l5\;N2
,_9-G*
G{?Y%zFeyit
u<hFnY
=QWBce
&.5(uB0Wm
3g=I%W[V]
[\8bumnA
/HMf$G
j[ho2NA9
Me.CE9
0#mT8@>~yv
)ibaZ{
ibPS7ER,a
1NL+X/:"
I+^]aizr
%`Jw*=vMrq
[2k2j^#
P@07@@4,
RTq1KV
^JBtK<*\/tK.x9
C?}ABv
Ve}eHb]
B7m0Lkz:r]:
v_yOG3
$Z%\+y0xZT
}T/FMMN=75xF'
le51>-
42"^mvj%
j'O>1u*(C/BpPa
un@H!B!
SD%r>}:6
4tY_#S
,?kZ<\@\4u
e\g*P:
x]71%q
BX~69m
9E3LpHW
T:ANX+5
<]`iE`+UC
eLe0z"vjt
XIJL#o
?Q**CAWv6|u
+.opuvIQIr
WzENw:
0ARI5r
j>xc^#jy
:.p]fw\
0sSGocz
!eInl)
FGBQN?.
>_-Ag\
3}L}WOu
jVO*@8
sr+~l+.()~J o
a2g)S9_0G}
O\w"k@,B7
-`-NrN
8.@_a;g`:^I
}OT"'X
\`].x[Z
pS4:n%Ia! 
vJ[?xIU
kSbDFF
,t=c<5&
Dg%R*(
?<!4u)c
a};ZYd
,gH5:1J4
aw<g)T*GF<&
W(|C_rd
m!p8v;>)wb3?d
Q+"Om}M$+
`fU^okf
Y;Gyq*,
6C{i@$0
@'xwi){*Tcb.
S&j_Z\
skhhE~{6_% <TG
9IB#SeU
?"~?Cd)!&yD
`(/'|`=
t8c;~XWV}H,0
i6y-JrnAA
[zumXs
_)*Ck:
p#MdQ.z
LIFE[a
OTN7II7q
 2{VLc"GB
~SxGI)E
t} =q?M
!A0vP#7
J=2#Fr!B
;^O0!$Y
zx\?sx#ce
hL]-Vi
&Ec6:M7
v_+oj7?~3
:}M`hd
zz>D$4
jL&^]k
>w -S&
#~Bv,MX
!Y%d:QY
S\i-(b
D|En3S
fRnpZ_GZ/T\
[Ps^~MeKQ
{b`83NZm}
SjD]jWV3z
kCx %%aT
AFwN;7
"]gA])
6<[e@
?[RqUy;V4$sd
Fiv:bv$uCj}$H
!qzJ0P
57sJEs
pfv20k^R
"(t5-j(xDe>
t?PUfKJ19UpG\Lvt:>
6b%<j*
h3 Afs
0rw],m
?36b05F
P:n(#a"E)(!|n
B2;,yv)r
Q6U$Do
,5`Vls
3$W%MMiVhL[Jt
[fWt3+prf
CiSJ/T^+
,{*(m]
suv9(5;cx
k!2Os~t
wt%*,JW<)
=s-t*i
jn/T/I)(
h^+Sn9!
`r:GrJP
pAK&]Uj_~<\LkOE^
\N"KE_
l;LGC4
!lIm"xpPD.L'Qu{\T
9,'GSfjMd
gnk+k~
{m b^Ev
WGtsUv6:
us.J;`$
8{r+VS5
3n$#i.
>8HfPG">xF
@"ORzo"2l<
4%{I}MRA
-Ee8/jf
g$[XOy.
zs9&WYT
58!8}jj
AyfxL#
f;kUTMEO i
^=y91ywy
\o=Ny5^"|G
]\U.\8
3]e&;wh
sthzk&X*
r)#0l#(
?Z9j^f
xB05*l
<rT-!V
%hL-4-P$#aX
w>b\fXuX
kJ<Yn=
>0Vpx-
I;kr&H
Rl|*U/
T_{d+^/YL
%/#%gPr/Fq
:#`F+bp'm*x0vYUV&x i,D
wCr]$6q
ZBy@]ox
1@d5[yu
BAk/}>
Gid@NW4Ouf
^bb]7);3
:L0^5m
~V:>j&+`
i"j)W},!Q
4Fjlw~
&Yg(5|Om
~yNoTL8R9>b.
8ftZt8#8'.<k
>3$`%mI
um<Vg"`MXFx
4!hYU\
vn$:R__
B5d%W%Up
do|HcO0R
fZexHV
(ul+iRSUK .%`|kh>2P<e
z.5ORUD
d97Z?!Vv}
BP#~2),k
*/rU>0MIM
H1ew?o]
rZbdL&
b4#zTcBXq
]+!{Pzln!I
-qrQUB
~!&&|2@Mi@W@HJ
@O-}(bR`
rC},)jmGV1
%{86n7A
#e+9jz
cyqPf/fZ2; 8
*iejU'
t/s2AO|p[)J
Vb%|C 
`yN<o}
9!Qd;`]CE&1u
x8:f(ZX M/.
zA!~S^'PdGt>-W
VcMSo9#
CiYQ21<
z:-18SlH?q'5B
\I)>Y,b
{/~#\cm
x,BiSx
266[)$`
(P(H/_M2F.;bQ h'E\Q
8(+GHMP&
ERr{y4">sms
J}-_L}**I
!Ed}~
G9]|U>I
?_Gocpsv
5ALA:QoR7
o=Hrng/
> Kj1I
8AeqRN
T9uCm|
dV fHCo+
I1uTm#BHK$
qM0H96
:I[VUr
^+x'RBBh=5oDQB`Jz34
8|Jivahi madaxucohecavu lilado. Xunapibifuzida. Gosose pudaheme libuze vahilipezipaxu. Rotocomupe ko. Feridimari. Joyaneyevetu wipufebedopiyo. Comu. Jiyezejo susutimevu mavizasehape. Zofogijuxonuco. Se gogilibo bixayogaciku. Yiletozoyihebe zobuwuciwudoca. Duferoju dewoce kodikicisu. Pi zipi karebegivine nasabugakuku cehaliso. Zazelopuguye wotunedobedu hixotiwirozaco. Yemibatiyu piha. Loxudelihe. Bomiwaro tijaxosu hevo yecami bezivehu. Dunine xawuvofapexawi xusuka zereraco. Su. Gobalixiwezo pizusumo kotucawozibiyu hureno. Su xipamenuponaga rozukafotovi. BibSusabohe nihide yadizeruleviya hudejitafe pijiwagekuwi. Zumede locifucavoxi li tuvabujupexoyi. Xuhapikosihe mukuxabiku gikijabe sogutuyozukoni pihowusoceguto. Sixuxa cojofo dagolu. Hitokiho nizezigesojevi lohamocugoro zota. Hujamijuru ku. Kiyi. Pucajetuto lorubewomape. Bokazumi ge. Saku kixoye fepuwahujecuge tutunivileralu. Wafujojoxaru kulu. Razapuneku ce dolapedubojire hebetaje daragu. Luyoda wohuracu rema xojosewumajame pozote. Ramexi zosi make. Luxe puvemi razelerinekaba tigisojerojezo. Tolupasisuli murime jozuzuyuwako. Capava yifirebiguhe yihemesuju keyupo. Cunucipoja. Fiya ya mapinonebaza hinojagohoxo. Gameki. Xituno dole koxosi. Zevekececu. Dixetixakehe reseyetasohora benu se. Revatake nevagumege. Da gupegaleheruwa gobuki redexu vuwajeyowujovu. Tuzudi posuxe zoyirudipufopi. Civehopowegigo. Rerivekeka ri saruginile. Vusubonaxiwi yovizice sehizujizayoni zinukisihini tufatotovo. Hewimipuzigovu joziluwiba duyoxitiji gude su. Hanudiwutogo gidife gori. Biwi xelozopovu zevokubomuna vepoxarozu. Hifurajoda cirari civuposamizeza homa sowakuzu. Kakupi kikumujagubo lagijonava jigoyupo. Ridu kafe. Rahodoma femiroci darejaxula dawimidu vitanamiro. Gi fu noha buzono. Vitekicolese nimupezumoti. Bopi necesaxikulate butohuteji jo. Bodu gorekoso recu sotubatarikiya. Havixu rifizakixu hika tipucaxegecava. Puba xaxihibofexeme. Dapiposije. Pafinaradolo numuwiwi toweporeje zalefewuxamu xetajovowotaxa. Yulawuze juvinehisivi hohicefogavoha zobugu. Kuwutike. Fevasuke naheweho vemariwikuji. Nucewuzaza ludavakofa. Fahofecuzaloci totebosi. Nimusebuyu bepijepapu hasovocoxu vazegesucidula saba. Hohome gevulaheloyeho. Zo jikilovaxa rujufurodehu hamovetoke tumodife. Jigefaso zamoluyugihepi. Pigudisirabuzo gasojisorizo. Sexaboneramuyo keza. Nibo rukikeki muxurupovo juro. Tavu goyi yiyugosekadoha jedumiya. Bedaseye ruxiyehoxi. Decekaje gexozayagope giyutusuwo. Foboli kuhubujojuka lolijogagulucu rukeyuroyupo. Hevelivudu biyuyi naxodeya dosa wewe. Cari xagevirehu. Husezo yifu wupivizi. Maja kacanaluhibuzo. Lufafora fodujugifoyuni ceki nobemi. Tokuwaciti xaha. Lu xu lugezeloka xefa. Molali yevexefakiwobe koye tepezesoka xovovahoteri. Bewivojohiki noniwo helagobajirasu. Larulegafe fo ji xejalu givocifawizale. Texirubodoxuye budamo. Zigoha xafazenevidiza. Hokaledeticego dacegudo hakomojewehogi dipokafusuco jaxifogujeyita. Bemojeyuzeba zobupuyobume tela wefibudi. Wuzahibeliga caku. Jakaco zazususe zebonulisetusi dafohixeka hotiyi. Wifu v
Yuhurenosu xipamenupo. Nagarozukafoto vibibozuvema. Yuzutedora juxejili zuyowijufebodo yilubulicokiba. Ge guzove wana vetogi. Sadayaro johefaja goma tecawi. Ja tazepuredu neyijomocugaga hufisenogi fakekuhoniva. Sowomazajite zapuva. Yito lo. Hure jevutusibebi cixidusawerice cizaxafixoba moyeveti. Zababagewo. Xodocesapaja. Ye yaze dexisudo yomuhosa degumo. Fipa sicajocoweno. Dipe cecidujuci yexawe ko. Zari xecufazuko fatepaxudocagi giyovekesodoxo feza. Vuyubo kejuni kudihube kopuka. Folozepiyiwaya yehacubenegiju guda nepikotigo. Dimuwuso cudiwu zemikevaso. Hirovacopisagi bepisatoxiwu catojosutuyado. Lezosiwayuhumu. Nicidula. Dipibawesacava. Wice we cotu wijaharora jucozibu. Bajo cejedamacaviye yoje. Lefuwahokeno nohuwu mi putedimabozo. Deseyile mejevu xotipufiteyiya. Pelitayazukesi javo bohisabiyo ho xucojanu. Kaza. Havi we xepeniwanegiki. Cudo soyi huruyadeya fipihajabonore. Xokenevekivu baki vekesaxu lucivavuhufira zepibomi. Gifuzihuhikeba zukilajatovi ta co fugo. Rakoja tobuyu koxu hiru. Rena gepu xakenihifezace. Silotamomoxihu lonexe sodameru reladupadocatu zumuru. Yaje huzika fupodecigosase tidiyo jeyu. Xamilodedoneku tiguyiloyoji. Mide tavugosu gugozebe jegikivejoxega fuvemida. Xazike lize doxirivixa. Vi zoze safacane ma ficavere. Nixadate bicofutiwefogu cubo hexuviyi cayanemoyi. Cehijetudexi cawo. Mu tegafefopiwo. Zemogigaxuja zajiyanivoxazo wiwayepaxo. Liwuropi yenazi zofoco naleseyimuca yedupo. Xiyonicemibeha hasepawudehuku si. Dadaga raterisovuhi hiculi. Coyamiyobewija. Yerosoro reroju febu suyiyo. Fakita wevileretixa ha. Weralu zujice. Howodizo duremefulebiti. Ne katixe. Balewu. Fevujokagomiha ciceyeyeva xudi zerafasumate. Vakuvoko gumiwubotahu tucozamevijiha rabemebo. Pobo zeharu puyucitefuvuku yide. Diyejuyi waduto xazepayuwene sihuhosi. Ce. Fulecu zidatobojoseya tutalasuyi dofedapobuwo nayaruta. Pe rarupixoyowahu lepokikuwu cetumagi. Kezacacudi cuzodaneco. Lola rumalivuzawuju. Kigisunudoxe fesepe. Xujeri vugelavomejuca lo woxuwuyelepena. Darajuho joji nupucayiru redopofo xoba. Nijodirivufe ma xusunutavecehe nubepu huguwuje. Jixafupacelunu yifunogacebo racoye nusaluwa hozepumojuhogo. Runufigu. Natoduhokeje. Kayilakadolipo welileba xupewu rixazonano. Talefebu hafucaye pecaxu bofoserogati. Difevi cezakowukewo fejavehebaji givihazifuyaci. Zogizanugipa yacucipiwete wavasalogeju xosidi. Joharu xa yogo rayocicenehozo. Go. Lehejosazo. Bilono ziwova zefabo fa visefu. Notudovozawe. Sojimeta suji nefegeci pano luyifozobe. Rifezida. Wazugeniyoku. Luyesepu hezimosafodidu sepejacudagemu vafa. Lo miseyicuwa titakoneyepijo. Sudotakupo vetemu la
U[[[[[[Q4(Q4(Q4(Q4(Q4(Q4(Q4(i
U[[[[[Q4(Q4(Q4(Q4(Q4(Q4(Q4(i
U[[[[Q4(Q4(Q4(Q4(Q4(Q4(Q4(__i
[[[[Q4(Q4(Q4(Q4(Q4(Q4(___i
U[[[Q4(Q4(Q4(Q4(Q4(Q4(___i
?????SC
[[[Q4(Q4(Q4(Q4(Q4(____i
???????SC
[Q4(Q4(Q4(Q4(Q4(Q4(___i
?S????????
[Q4(Q4(Q4(Q4(Q4(Q4(___?S?S?S???????
Q4(Q4(Q4(Q4(Q4(Q4(___?S?S?S???????U
UUUUU)
Q4(Q4(Q4(____?S?S?S???????U
UUUUU)
-W-W-Wi
___?S?S?S?S??????UU
UUUUU)
*___?S?S?S?S?S??S?S?SU^
UUUUUU)
*?S?S?S?S?S?S?S?S^
*-W-W-W[[[[[?S?S?S?S?S?S?S?S?S^
*[[[[[
?S?S?S
-W-W-W
??????
-W-W-W^
??????
`-Q4(-W-W^
**n*n*n
Q4(Q4()
**n*n*n
Q4(Q4(Q4(Q4(Q4(Q4(___?S-W-W^
**n*n*n
Q4(Q4(Q4(Q4(Q4(Q4(___?S-W-W?S?S?S
**n*n*n
UUUUQ4(Q4(Q4(Q4(Q4(Q4(Q4(___?S-W-W-W?S?S?S
L~_2~_2~_2~_2
UUUUQ4(Q4(Q4(Q4(Q4(Q4(____`-?S-W-W?S?S?SB1B1B1UUUU
L~_2~_2
UUUUQ4(Q4(Q4(Q4(Q4(Q4(___?S?S`-?S-W-W?S[B1B1UUUUU
L~_2~_2
UUUUQ4(Q4(Q4(Q4(Q4(Q4(___?S?S?S?S-W-W?S[[UUUUUU
UUUUUQ4(Q4(Q4(Q4(Q4(___?S?S?S?S?S?S?S[[UUUUUU
L*n*n*njL
UUUUU,
Q4(Q4(Q4(B1___?S?S?S?S`-?S[[[[UUUUU
L*n*n*n*n
SC?S?S`-[[[[UUUUU
UUUPPP,
UUUSCU[[[
L*n*n*n
UPPPPPP_
g[[[UU????
gPP_UUSCSCUUU`-[[[[U???
;hPPPPPPPPPPUSCSCUUUU[`-[[[[???
L?jLjL~_2
PPPPPPPPPPPPUU)
U[`-[[[UU???
L?jLjL~_2
PPPPPPPPPPPPP)
U[[`-[[UU???
L?*n*n
PPPPPPPPPPPPP)
UU[`-[U????
PPPPPPPPPPPPP)
UUU`-UU??U*n*n*n*n
PPPPPPPPP)
UUU`-UUUUUUU*n*n*n*n
__PPPPPPP)
UUU`-UUUUUtn}tn}tn}tn}tn}tn}tn}
____PPPPPU)
UUPtn}tn}tn}tn}tn}tn}tn}tn}tn}tn}tn}
___?S?S?SPPPU)
Utn}Ptn}tn}tn}tn}tn}tn}tn}tn}tn}tn}
___?S?S?S?SP?SU)
PPPtn}tn}tn}tn}tn}tn}tn}tn}
___?S?S?S?S?Stn}tn}tn})
PPPPtn}tn}*n*n*n*ntn}
____?S?S?S?S?Stn}tn}tn})
PPPPPPP*n?????
tn}tn}___?S?S?S?S?S?S
SPPPPPPPPPP?????
tn}tn}?S?S?S?S?S?S
SPPPPPPPPPP????
tn}?S?S?S?S?S
(PPPPPPPPPPPP??
tn}?S?S?S?S?S
(PPPPPPPPPPPPP
tn}___?S?S
(PPPPPPPPPPPP
___?S?S?S
(PPPPPPPPPPP
?S___?S?S?S
(UPPPPPPPPP
?S?S?S?S?S?S
(U*nPPPPPPP
?S?S?S?S?S?S
SUUUUU
(*n*nPPPPPP
?S?S?S?S?SU
(*n*njPPPP
?S?S?S?S?S?SUU,
(jLjLjjPP
?S?S?S?S?S?SUU,
UUUUUU
(jLUjUP
?S?SUUU,
UUUUUUj
(jLUUU`-
?S?SUUUU,
UUUjjjj
?S?S?S?SUUUU,
UUjjjjjj
UUUUU,
Ujjjjjjjj
wP1PU7
[e|ukE{J\pC
Yyx^bA]AaQoF
6|wW~%
JXNLv9&:|dRQJB=b}`T)^dAcKxu
]a~a0p+2
N]_o^`pxepf-NXBSC}guvJ~|/i,G5ml~Mo_xKU1YqN
TQ3VP_tnYqEvR^uWvi^r|P
_{;}BzI
J~eCS,KO
}d;awW
ig4r;A
|*8>U\
IM]I[~bweljp@}S/{rv,?8X.;6W
:tErvJUVIQ4wr^Jot
N`tVOJ
j|ee;VqkKjM_*}K
^`@c|b
icMmaVdWySO
4?JdrXN~afzp~_i~({j
K6:_Kb@Dt~~
xy|a_ts~J6
r?b=|n~kieRtfm~e
61F1P1V1k11
2'222222222#3)3.33333333(4-4>4C4I4m444444444D5J5P5\5j555
788(969X9b9999
:7:D:g::::::/;
3*4444E5586B6|888
9M9s99999#:::::
;<;;;g<)>>>
1#101T1"2/2k3x3B4s6666
7+7o7777748C8[8:
;;;$>3>>>>>*?7?P????
g0y011Q2^2
3=3y333366C6[66
:':/:s:::#;U;l;;
<`=m====
3%333Q3m3*4585F5d55+6B66677<<>>
2*33z6f7u77777
8P8b8999:::;;< ===>>>>>>>
?#?@???
0$0-0000$111D1s11111111
2#2G2l22
3&373C3K3Q3`3i333
4"434d444444
5)5n5{555558888888
99/989_9j99r:::
<b<<<G=\=e=n=
====================
>n>'???D?
2q2222
3;333333
4A4N4~44444A5S5%6/6<6W6^6v666
7+7g8o8~8
9a999999999/:4:>::
;!;;;;;;<&=k=x==S>y?
7(757390:;:^:";/;S;
<B<<<(=p==
>$>`>>>>>>>>>>
C00<1^1111112J2[222|3}4.5
7A77770888
9B:::*;4;@;I;;
<!<_<q<~<<<<<<
==N>q>>?
L0T000@1L11112{4C5U5_5i55555
6?6X6_6g6l6p6t6666666666
7N7T7X7\7`7777777
8!8K8}88888888888888_9h9t99999
:1:M:p::;
<,<U<<<5>X>c>>>
?6?E?R?^?n?u????????
0&0Y0h0q00000B1
2$2<2T2233#474X4^4444/595a5z5555O6U6}6H8u888
9@9b9m99999
:):.:::;;
<x<<<<
=%=J=S=\=i============
>G>K>O>S>W>[>_>c>g>k>o>s>w>}>>>
1V2278G::::::::
;#;*;1;8;?;F;M;U;];e;q;z;
;;;;;;;;;;;;;
<2<9<M<T<{<<<<<<<<<<<
=#=/===C=O=U=b=l=s=======
>L>R>|>>>>>V?y????
0/040<0B0I0O0V0\0d0k0p0x00000000000000000
1'1-1:1Z1`1|1111
22233E4K4k444
525O5T5b5o5v5555555
6$676[66
7#7f9t9z99999999999
:0:6:A:F:N:T:^:e:y:::::::::::::c;>
?>?d???
1112Z333333333
41484<4@4D4H4L4P4T444444
5!5<5C5H5L5P5q55555555555:6@6D6H6L67777
8*80898@8b8888888
9!979B9\9h9p99999
:!:?:::
;Q;i;t;;;;;;;
<C<h<{<<<<
=|====P>]>f>>>>>J?U?_?p?{?
.1?1G1M1R1X11111
2"2Y2222
3;3@3f3333333333.4q4w444444#515x5}5555555N6W6]6<<
=*=<=u=>>>>(?:?L?^?p????
3#344444
5M5X5b5{55555(6;666
8/8A8\8d8l888888888
949E9::
;(;W;g;y;;;:<<<
0%0s000
%8)8-8185898=8A8E8I8M8Q8U8Y8]8a8e8i8m8q8u8y8}888888888888888888,99::;;
<;<H<'=6=>>?
2F2L2X222
4'4[4a4m44u55555
6$6D6666
7]7h777777a8n8888
9T99m::};;;=m>6?g?}???
z000V1111172X2d22222x3}33333q4~4444"5596f66666x88c9v99999
=-=e======
2-393333346A8\8r8888
;X;i={======y??
O0s2u4455
7777_8s88;<`>>>
02222222222
3"3:3@3O3U3d3j3x3333333
4'4f4m4s4
878A8H8c8k8x8
899X9999999
:(:/:5:K:f:
000R1_172A22J3W3w33x445567+81888899C:9;A;;<o=u=
q22555555555555
155p6v6{66666P9v999
:':c::::
;1;T;;;;
<A<d<<=n=====f>>>
?F?i???
060Y0|0000
161c1~11111111111
t1x1|1111111111111H3L3P3T3X3\3p3t3x3|333333333333333333333333333333333H4L4P4T4X4\4444444444444444444444444444
5L5P5T5X5\5`5d55555555555586<6@6D6H6l6p6t666666666
7 7$7(7,7074787<7
1>>>>>>>>>>>>>
? ?(?0?8?@?H?P?X?`?h?p?x?????????????????
0 0(00080@0H0P0X0`0h0p0x00000000000000000
1 1(10181@1H1P177777777777777777777777777
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|888888888888888888888888888888888
9::::::::::::::
;(;,;0;8;P;`;d;l;;;;;;;;;;;;;;;;;;
< <0<4<8<<<@<D<H<L<P<T<\<t<<<<<<<<<<<<<
= =$=(=0=H=X=\=l=p=============
>(>,><>@>D>L>d>h>>>>>>>>>>>>>>
? ?8?<?T?d?h?l?t?????????????
0(0,0<0@0D0L0d0t0x0000000000000
1 1$1(1,141L1\1`1p1t1x1|111111111111
202@2D2T2X2h2l2p2x2222222223333
4$4,484X4d4444444444
5(5,50585L5T5h5p555555555
6$6D6P6p6|66666
7 7,7L7X7777777
80888@8L8l8p8x888888888
9$909P9X9`9h9p9x9999999
:0:<:\:d:l:p:x::::::::::
;$;0;P;X;`;l;;;;;;;
< <(<0<8<D<d<p<<<<<<<
=$=0=P=T=X=`=t=|===========
>,>8>X>d>>>>>>>
? ?@?`?|??????????
0$00080h0p0t00000000000
1(141P1\1h1111111
282D2\2`2|22222
3 3@3`33333
4(4H4h4444444
8T8p888
9X999$:H:h::::::
;l;;;;;;;
<(<0<<<<<<<<<<<<
=0=4=X=\=`=>>
11111111111
333333333
4 4,444<4D4L4T4\4d4l4t4|44444444444444444
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5555555559:
;$;,;4;<;D;L;T;\;d;l;t;|;;;;;;;;;;;;;<<
Mzk7MjE2test
@I@@@@
@@@@@@
AAAAAA
kernel32.dll
pureduneyijomocugagahu fisenogifakekuhoni mi
vetogisadayarojohefajagomate cawijataze
vasowomazajitezapuvayito lohurejevu tusi
kernel32.dll
         (((((                  H
         h((((                  H
                                 H
KERNEL32.DLL
(null)
mscoree.dll
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
AAAAAAAA
AAAAAAAA
AAAAAA
AAAAAAAAAAA
XEJILIZUYOWIJUFEBODOYILUBULICO
XISITOFI
XOHILUJUSUCUFU
TBolagijona vajigoyupori duka fe rahodoma femiroci darejaxulada wimidu vitanamirogifu
=Bepi jepa puhaso vocoxuvazegesu cidu lasabaho homegevu lahelo
Novi tekico lese nimupe zumo
Yehozoji kilovaxarujufu
*Vasukena he wehovemari wiku jinucewu za za
&Sekadohajedu miyabedaseye ruxiyehoxide
?Cekajegexoza yagopegiyutusu wo fobolikuhubu jojuka lolijogagulu
SZalefewuxamuxe tajo vowotaxayula wuzejuvi nehi sivihohicefo gavohazobuguku wutikefe
$Tibopi ne cesa xi kula tebu tohuteji
MJobodugoreko sore cusotubatari kiyahavixuri fiza kixuhika tipu caxegecavapuba
No ha buzo,Rodehuhamo vetoke tumodi fejigefaso zamoluyu
cGihepi pi gudisi rabuzogasoji sorizosexabone ramuyokezanibo rukikekimu xurupovo jurotavu goyiyiyugo
,Xuposamizeza homa sowaku zukakupikiku mujagu
;Xaxi hibofe xemedapiposi jepafinarado lonumuwiwito weporeje
-Ludavakofafaho fecuzalocito tebosi nimusebuyu

Process Tree

0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e.exe (1784) "C:\Users\Administrator\AppData\Local\Temp\0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e.exe"
- nslookup.exe (3040) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2960) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2676) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1588) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2760) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1448) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2236) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2908) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (3196) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1920) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2124) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2608) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1788) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3132) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1700) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (904) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2732) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1420) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2964) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1884) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (3324) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (488) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1916) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (848) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1192) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (920) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2228) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2804) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1852) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1988) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2180) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1924) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1640) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1776) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2464) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (744) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2852) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1144) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1464) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2508) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2316) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (844) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2448) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1532) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2976) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1136) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2184) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2952) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1844) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1828) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2412) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1404) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (944) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2164) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1040) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3260) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1280) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1980) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (3016) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1836) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2552) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2192) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (3388) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2652) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2636) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1152) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1932) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (3452) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1304) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (324) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2892) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1840) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1164) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2468) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2036) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2296) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (676) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2860) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2040) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2420) nslookup ransomware.bit ns2.corp-servers.ru

0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e.exe, PID: 1784, Parent PID: 2600

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1640, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1464, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1836, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2636, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1700, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 904, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2180, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2164, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1844, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1916, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2464, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2760, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2892, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2192, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1144, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 920, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1852, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2552, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1980, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1840, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 848, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1776, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2852, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1280, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1304, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1588, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2184, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 844, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2228, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1920, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1884, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1924, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2860, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 676, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2316, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2040, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1192, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3040, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 488, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2908, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 944, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1404, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1932, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1828, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2412, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2976, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1448, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2236, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2804, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2508, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3016, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2652, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1788, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 744, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2952, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2448, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2124, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1420, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1136, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1532, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2468, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2676, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2296, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2964, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1040, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1164, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 324, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1988, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2960, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2420, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2036, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1152, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2608, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2732, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3132, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3196, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3260, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3324, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3388, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3452, Parent PID: 1784

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
ipv4bot.whatismyipaddress.com
ns1.corp-servers.ru
114.114.114.114.in-addr.arpa	PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com
zonealarm.bit
zonealarm.bit
ns2.corp-servers.ru
ransomware.bit
ransomware.bit

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	57666	114.114.114.114	53
192.168.56.101	57667	114.114.114.114	53
192.168.56.101	57668	114.114.114.114	53
192.168.56.101	57669	114.114.114.114	53
192.168.56.101	57670	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	51759	114.114.114.114	53
192.168.56.101	51760	114.114.114.114	53
192.168.56.101	51761	114.114.114.114	53
192.168.56.101	51762	114.114.114.114	53
192.168.56.101	51763	114.114.114.114	53
192.168.56.101	51764	114.114.114.114	53
192.168.56.101	51765	114.114.114.114	53
192.168.56.101	51766	114.114.114.114	53
192.168.56.101	51767	114.114.114.114	53
192.168.56.101	51768	114.114.114.114	53
192.168.56.101	51769	114.114.114.114	53
192.168.56.101	51770	114.114.114.114	53
192.168.56.101	51771	114.114.114.114	53
192.168.56.101	51772	114.114.114.114	53
192.168.56.101	51773	114.114.114.114	53
192.168.56.101	51774	114.114.114.114	53
192.168.56.101	51775	114.114.114.114	53
192.168.56.101	51776	114.114.114.114	53
192.168.56.101	51777	114.114.114.114	53
192.168.56.101	51778	114.114.114.114	53
192.168.56.101	51779	114.114.114.114	53
192.168.56.101	51780	114.114.114.114	53
192.168.56.101	51781	114.114.114.114	53
192.168.56.101	51782	114.114.114.114	53
192.168.56.101	51783	114.114.114.114	53
192.168.56.101	51784	114.114.114.114	53
192.168.56.101	51785	114.114.114.114	53
192.168.56.101	51786	114.114.114.114	53
192.168.56.101	51787	114.114.114.114	53
192.168.56.101	51788	114.114.114.114	53
192.168.56.101	51789	114.114.114.114	53
192.168.56.101	51790	114.114.114.114	53
192.168.56.101	51791	114.114.114.114	53
192.168.56.101	51792	114.114.114.114	53
192.168.56.101	51793	114.114.114.114	53
192.168.56.101	51794	114.114.114.114	53
192.168.56.101	51795	114.114.114.114	53
192.168.56.101	51796	114.114.114.114	53
192.168.56.101	51797	114.114.114.114	53
192.168.56.101	51798	114.114.114.114	53
192.168.56.101	51799	114.114.114.114	53
192.168.56.101	51800	114.114.114.114	53
192.168.56.101	51801	114.114.114.114	53
192.168.56.101	51802	114.114.114.114	53
192.168.56.101	51803	114.114.114.114	53
192.168.56.101	51804	114.114.114.114	53
192.168.56.101	51805	114.114.114.114	53
192.168.56.101	51806	114.114.114.114	53
192.168.56.101	51807	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51809	114.114.114.114	53
192.168.56.101	51810	114.114.114.114	53
192.168.56.101	51811	114.114.114.114	53
192.168.56.101	51812	114.114.114.114	53
192.168.56.101	51813	114.114.114.114	53
192.168.56.101	51814	114.114.114.114	53
192.168.56.101	51815	114.114.114.114	53
192.168.56.101	51816	114.114.114.114	53
192.168.56.101	51817	114.114.114.114	53
192.168.56.101	51818	114.114.114.114	53
192.168.56.101	51819	114.114.114.114	53
192.168.56.101	51820	114.114.114.114	53
192.168.56.101	51821	114.114.114.114	53
192.168.56.101	51822	114.114.114.114	53
192.168.56.101	51823	114.114.114.114	53
192.168.56.101	51824	114.114.114.114	53
192.168.56.101	51825	114.114.114.114	53
192.168.56.101	51826	114.114.114.114	53
192.168.56.101	51827	114.114.114.114	53
192.168.56.101	51828	114.114.114.114	53
192.168.56.101	51829	114.114.114.114	53
192.168.56.101	51830	114.114.114.114	53
192.168.56.101	51831	114.114.114.114	53
192.168.56.101	51832	114.114.114.114	53
192.168.56.101	51833	114.114.114.114	53
192.168.56.101	51834	114.114.114.114	53
192.168.56.101	51835	114.114.114.114	53
192.168.56.101	51836	114.114.114.114	53
192.168.56.101	51837	114.114.114.114	53
192.168.56.101	51838	114.114.114.114	53
192.168.56.101	51839	114.114.114.114	53
192.168.56.101	51840	114.114.114.114	53
192.168.56.101	51841	114.114.114.114	53
192.168.56.101	51842	114.114.114.114	53
192.168.56.101	51843	114.114.114.114	53
192.168.56.101	51844	114.114.114.114	53
192.168.56.101	51845	114.114.114.114	53
192.168.56.101	51846	114.114.114.114	53
192.168.56.101	51847	114.114.114.114	53
192.168.56.101	51848	114.114.114.114	53
192.168.56.101	51849	114.114.114.114	53
192.168.56.101	51850	114.114.114.114	53
192.168.56.101	51851	114.114.114.114	53
192.168.56.101	51852	114.114.114.114	53
192.168.56.101	51853	114.114.114.114	53
192.168.56.101	51854	114.114.114.114	53
192.168.56.101	51855	114.114.114.114	53
192.168.56.101	51856	114.114.114.114	53
192.168.56.101	51857	114.114.114.114	53
192.168.56.101	51858	114.114.114.114	53
192.168.56.101	51859	114.114.114.114	53
192.168.56.101	51860	114.114.114.114	53
192.168.56.101	51861	114.114.114.114	53
192.168.56.101	51862	114.114.114.114	53
192.168.56.101	51863	114.114.114.114	53
192.168.56.101	51864	114.114.114.114	53
192.168.56.101	51865	114.114.114.114	53
192.168.56.101	51866	114.114.114.114	53
192.168.56.101	51867	114.114.114.114	53
192.168.56.101	51868	114.114.114.114	53
192.168.56.101	51869	114.114.114.114	53
192.168.56.101	51870	114.114.114.114	53
192.168.56.101	51871	114.114.114.114	53
192.168.56.101	51872	114.114.114.114	53
192.168.56.101	51873	114.114.114.114	53
192.168.56.101	51874	114.114.114.114	53
192.168.56.101	51875	114.114.114.114	53
192.168.56.101	51876	114.114.114.114	53
192.168.56.101	51877	114.114.114.114	53
192.168.56.101	51878	114.114.114.114	53
192.168.56.101	51879	114.114.114.114	53
192.168.56.101	51880	114.114.114.114	53
192.168.56.101	51881	114.114.114.114	53
192.168.56.101	51882	114.114.114.114	53
192.168.56.101	51883	114.114.114.114	53
192.168.56.101	51884	114.114.114.114	53
192.168.56.101	51885	114.114.114.114	53
192.168.56.101	51886	114.114.114.114	53
192.168.56.101	51887	114.114.114.114	53
192.168.56.101	51888	114.114.114.114	53
192.168.56.101	51889	114.114.114.114	53
192.168.56.101	51890	114.114.114.114	53
192.168.56.101	51891	114.114.114.114	53
192.168.56.101	51892	114.114.114.114	53
192.168.56.101	51893	114.114.114.114	53
192.168.56.101	51894	114.114.114.114	53
192.168.56.101	51895	114.114.114.114	53
192.168.56.101	51896	114.114.114.114	53
192.168.56.101	51897	114.114.114.114	53
192.168.56.101	51898	114.114.114.114	53
192.168.56.101	51899	114.114.114.114	53
192.168.56.101	51900	114.114.114.114	53
192.168.56.101	51901	114.114.114.114	53
192.168.56.101	51902	114.114.114.114	53
192.168.56.101	51903	114.114.114.114	53
192.168.56.101	51904	114.114.114.114	53
192.168.56.101	51905	114.114.114.114	53
192.168.56.101	51906	114.114.114.114	53
192.168.56.101	51907	114.114.114.114	53
192.168.56.101	51908	114.114.114.114	53
192.168.56.101	51909	114.114.114.114	53
192.168.56.101	51910	114.114.114.114	53
192.168.56.101	51911	114.114.114.114	53
192.168.56.101	51912	114.114.114.114	53
192.168.56.101	51913	114.114.114.114	53
192.168.56.101	51914	114.114.114.114	53
192.168.56.101	51915	114.114.114.114	53
192.168.56.101	51916	114.114.114.114	53
192.168.56.101	51917	114.114.114.114	53
192.168.56.101	51918	114.114.114.114	53
192.168.56.101	51919	114.114.114.114	53
192.168.56.101	51920	114.114.114.114	53
192.168.56.101	51921	114.114.114.114	53
192.168.56.101	51922	114.114.114.114	53
192.168.56.101	51923	114.114.114.114	53
192.168.56.101	51924	114.114.114.114	53
192.168.56.101	51925	114.114.114.114	53
192.168.56.101	51926	114.114.114.114	53
192.168.56.101	51927	114.114.114.114	53
192.168.56.101	51928	114.114.114.114	53
192.168.56.101	51929	114.114.114.114	53
192.168.56.101	51930	114.114.114.114	53
192.168.56.101	51931	114.114.114.114	53
192.168.56.101	51932	114.114.114.114	53
192.168.56.101	51933	114.114.114.114	53
192.168.56.101	51934	114.114.114.114	53
192.168.56.101	51935	114.114.114.114	53
192.168.56.101	51936	114.114.114.114	53
192.168.56.101	51937	114.114.114.114	53
192.168.56.101	51938	114.114.114.114	53
192.168.56.101	51939	114.114.114.114	53
192.168.56.101	51940	114.114.114.114	53
192.168.56.101	51941	114.114.114.114	53
192.168.56.101	51942	114.114.114.114	53
192.168.56.101	51943	114.114.114.114	53
192.168.56.101	51944	114.114.114.114	53
192.168.56.101	51945	114.114.114.114	53
192.168.56.101	51946	114.114.114.114	53
192.168.56.101	51947	114.114.114.114	53
192.168.56.101	51948	114.114.114.114	53
192.168.56.101	51949	114.114.114.114	53
192.168.56.101	51950	114.114.114.114	53
192.168.56.101	51952	114.114.114.114	53
192.168.56.101	51951	114.114.114.114	53
192.168.56.101	51953	114.114.114.114	53
192.168.56.101	51954	114.114.114.114	53
192.168.56.101	51955	114.114.114.114	53
192.168.56.101	51956	114.114.114.114	53
192.168.56.101	51957	114.114.114.114	53
192.168.56.101	51958	114.114.114.114	53
192.168.56.101	51959	114.114.114.114	53
192.168.56.101	51960	114.114.114.114	53
192.168.56.101	51961	114.114.114.114	53
192.168.56.101	51962	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	51964	114.114.114.114	53
192.168.56.101	51965	114.114.114.114	53
192.168.56.101	51966	114.114.114.114	53
192.168.56.101	51967	114.114.114.114	53
192.168.56.101	51968	114.114.114.114	53
192.168.56.101	51969	114.114.114.114	53
192.168.56.101	51970	114.114.114.114	53
192.168.56.101	51971	114.114.114.114	53
192.168.56.101	51972	114.114.114.114	53
192.168.56.101	51973	114.114.114.114	53
192.168.56.101	51974	114.114.114.114	53
192.168.56.101	51975	114.114.114.114	53
192.168.56.101	51976	114.114.114.114	53
192.168.56.101	51977	114.114.114.114	53
192.168.56.101	51978	114.114.114.114	53
192.168.56.101	51979	114.114.114.114	53
192.168.56.101	51980	114.114.114.114	53
192.168.56.101	51981	114.114.114.114	53
192.168.56.101	51982	114.114.114.114	53
192.168.56.101	51983	114.114.114.114	53
192.168.56.101	51984	114.114.114.114	53
192.168.56.101	51985	114.114.114.114	53
192.168.56.101	51986	114.114.114.114	53
192.168.56.101	51987	114.114.114.114	53
192.168.56.101	51988	114.114.114.114	53
192.168.56.101	51989	114.114.114.114	53
192.168.56.101	51990	114.114.114.114	53
192.168.56.101	51991	114.114.114.114	53
192.168.56.101	51992	114.114.114.114	53
192.168.56.101	51993	114.114.114.114	53
192.168.56.101	51994	114.114.114.114	53
192.168.56.101	51995	114.114.114.114	53
192.168.56.101	51996	114.114.114.114	53
192.168.56.101	51997	114.114.114.114	53
192.168.56.101	51998	114.114.114.114	53
192.168.56.101	51999	114.114.114.114	53
192.168.56.101	52000	114.114.114.114	53
192.168.56.101	52001	114.114.114.114	53
192.168.56.101	52002	114.114.114.114	53
192.168.56.101	52003	114.114.114.114	53
192.168.56.101	52004	114.114.114.114	53
192.168.56.101	52005	114.114.114.114	53
192.168.56.101	52006	114.114.114.114	53
192.168.56.101	52007	114.114.114.114	53
192.168.56.101	52008	114.114.114.114	53
192.168.56.101	52009	114.114.114.114	53
192.168.56.101	52010	114.114.114.114	53
192.168.56.101	52011	114.114.114.114	53
192.168.56.101	52012	114.114.114.114	53
192.168.56.101	52013	114.114.114.114	53
192.168.56.101	52014	114.114.114.114	53
192.168.56.101	52015	114.114.114.114	53
192.168.56.101	52016	114.114.114.114	53
192.168.56.101	52017	114.114.114.114	53
192.168.56.101	52018	114.114.114.114	53
192.168.56.101	52019	114.114.114.114	53
192.168.56.101	52020	114.114.114.114	53
192.168.56.101	52021	114.114.114.114	53
192.168.56.101	52022	114.114.114.114	53
192.168.56.101	52023	114.114.114.114	53
192.168.56.101	52024	114.114.114.114	53
192.168.56.101	52025	114.114.114.114	53
192.168.56.101	52026	114.114.114.114	53
192.168.56.101	52027	114.114.114.114	53
192.168.56.101	52028	114.114.114.114	53
192.168.56.101	52029	114.114.114.114	53
192.168.56.101	52030	114.114.114.114	53
192.168.56.101	52031	114.114.114.114	53
192.168.56.101	52032	114.114.114.114	53
192.168.56.101	52033	114.114.114.114	53
192.168.56.101	52034	114.114.114.114	53
192.168.56.101	52035	114.114.114.114	53
192.168.56.101	52036	114.114.114.114	53
192.168.56.101	52037	114.114.114.114	53
192.168.56.101	52038	114.114.114.114	53
192.168.56.101	52039	114.114.114.114	53
192.168.56.101	52040	114.114.114.114	53
192.168.56.101	52041	114.114.114.114	53
192.168.56.101	52042	114.114.114.114	53
192.168.56.101	52043	114.114.114.114	53
192.168.56.101	52044	114.114.114.114	53
192.168.56.101	52045	114.114.114.114	53
192.168.56.101	52046	114.114.114.114	53
192.168.56.101	52047	114.114.114.114	53
192.168.56.101	52048	114.114.114.114	53
192.168.56.101	52049	114.114.114.114	53
192.168.56.101	52050	114.114.114.114	53
192.168.56.101	52051	114.114.114.114	53
192.168.56.101	52052	114.114.114.114	53
192.168.56.101	52053	114.114.114.114	53
192.168.56.101	52054	114.114.114.114	53
192.168.56.101	52055	114.114.114.114	53
192.168.56.101	52056	114.114.114.114	53
192.168.56.101	52057	114.114.114.114	53
192.168.56.101	52058	114.114.114.114	53
192.168.56.101	52059	114.114.114.114	53
192.168.56.101	52060	114.114.114.114	53
192.168.56.101	52061	114.114.114.114	53
192.168.56.101	52062	114.114.114.114	53
192.168.56.101	52063	114.114.114.114	53
192.168.56.101	52064	114.114.114.114	53
192.168.56.101	52065	114.114.114.114	53
192.168.56.101	52066	114.114.114.114	53
192.168.56.101	52067	114.114.114.114	53
192.168.56.101	52068	114.114.114.114	53
192.168.56.101	52069	114.114.114.114	53
192.168.56.101	52070	114.114.114.114	53
192.168.56.101	52071	114.114.114.114	53
192.168.56.101	52072	114.114.114.114	53
192.168.56.101	52073	114.114.114.114	53
192.168.56.101	52074	114.114.114.114	53
192.168.56.101	52075	114.114.114.114	53
192.168.56.101	52076	114.114.114.114	53
192.168.56.101	52077	114.114.114.114	53
192.168.56.101	52078	114.114.114.114	53
192.168.56.101	52079	114.114.114.114	53
192.168.56.101	52080	114.114.114.114	53
192.168.56.101	52081	114.114.114.114	53
192.168.56.101	52082	114.114.114.114	53
192.168.56.101	52083	114.114.114.114	53
192.168.56.101	52084	114.114.114.114	53
192.168.56.101	52085	114.114.114.114	53
192.168.56.101	52086	114.114.114.114	53
192.168.56.101	52087	114.114.114.114	53
192.168.56.101	52088	114.114.114.114	53
192.168.56.101	52089	114.114.114.114	53
192.168.56.101	52090	114.114.114.114	53
192.168.56.101	52091	114.114.114.114	53
192.168.56.101	52092	114.114.114.114	53
192.168.56.101	52093	114.114.114.114	53
192.168.56.101	52094	114.114.114.114	53
192.168.56.101	52095	114.114.114.114	53
192.168.56.101	52096	114.114.114.114	53
192.168.56.101	52097	114.114.114.114	53
192.168.56.101	52098	114.114.114.114	53
192.168.56.101	52099	114.114.114.114	53
192.168.56.101	52100	114.114.114.114	53
192.168.56.101	52101	114.114.114.114	53
192.168.56.101	52102	114.114.114.114	53
192.168.56.101	52103	114.114.114.114	53
192.168.56.101	52104	114.114.114.114	53
192.168.56.101	52105	114.114.114.114	53
192.168.56.101	52106	114.114.114.114	53
192.168.56.101	52107	114.114.114.114	53
192.168.56.101	52108	114.114.114.114	53
192.168.56.101	52109	114.114.114.114	53
192.168.56.101	52110	114.114.114.114	53
192.168.56.101	52111	114.114.114.114	53
192.168.56.101	52112	114.114.114.114	53
192.168.56.101	52113	114.114.114.114	53
192.168.56.101	52114	114.114.114.114	53
192.168.56.101	52115	114.114.114.114	53
192.168.56.101	52116	114.114.114.114	53
192.168.56.101	52117	114.114.114.114	53
192.168.56.101	52118	114.114.114.114	53
192.168.56.101	52119	114.114.114.114	53
192.168.56.101	52120	114.114.114.114	53
192.168.56.101	52121	114.114.114.114	53
192.168.56.101	52122	114.114.114.114	53
192.168.56.101	52123	114.114.114.114	53
192.168.56.101	52124	114.114.114.114	53
192.168.56.101	52125	114.114.114.114	53
192.168.56.101	52126	114.114.114.114	53
192.168.56.101	52127	114.114.114.114	53
192.168.56.101	52128	114.114.114.114	53
192.168.56.101	52129	114.114.114.114	53
192.168.56.101	52130	114.114.114.114	53
192.168.56.101	52131	114.114.114.114	53
192.168.56.101	52132	114.114.114.114	53
192.168.56.101	52133	114.114.114.114	53
192.168.56.101	52134	114.114.114.114	53
192.168.56.101	52135	114.114.114.114	53
192.168.56.101	52136	114.114.114.114	53
192.168.56.101	52137	114.114.114.114	53
192.168.56.101	52138	114.114.114.114	53
192.168.56.101	52139	114.114.114.114	53
192.168.56.101	52140	114.114.114.114	53
192.168.56.101	52141	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	86944b6acd5933da_xdobzq.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\xdobzq.exe
Size	274.0KB
Processes	1784 (0bde089187480e5d2e040f241c047984cf1c60af48979083ff6d54ee28bb197e.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`7c93b21b36831da065c299816404f453`
SHA1	`7e86f1de3b5bd606f972650c507b1eda53555052`
SHA256	`86944b6acd5933da434fb9572031cce36cde497e1e6157c8eb264f1358680200`
CRC32	`6B87144C`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.

ALYac	DeepScan:Generic.BrResMon.1.A47F276E
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	DeepScan:Generic.BrResMon.1.A47F276E
AhnLab-V3	Trojan/Win32.RansomCrypt.C2473225
Antiy-AVL	Trojan/Win32.Chapak
Arcabit	DeepScan:Generic.BrResMon.1.A47F276E
Avast	Win32:Malware-gen
Avira	HEUR/AGEN.1102756
BitDefender	DeepScan:Generic.BrResMon.1.A47F276E
BitDefenderTheta	Gen:NN.ZexaF.34106.ruX@aiW8g4h
Bkav	W32.AIDetectVM.malware
CAT-QuickHeal	Trojan.Chapak.ZZ5
ClamAV	Win.Packer.Crypter-6539596-1
Comodo	Application.Win32.IStartSurf.PS@8c4m91
CrowdStrike	win/malicious_confidence_100% (D)
Cybereason	malicious.26f7be
Cylance	Unsafe
Cyren	W32/S-a66d0039!Eldorado
DrWeb	Trojan.Encoder.3953
ESET-NOD32	a variant of Win32/Filecoder.GandCrab.D
Emsisoft	DeepScan:Generic.BrResMon.1.A47F276E (B)
Endgame	malicious (high confidence)
F-Prot	W32/S-a66d0039!Eldorado
F-Secure	Heuristic.HEUR/AGEN.1102756
FireEye	Generic.mg.e13578226f7bea98
Fortinet	W32/Kryptik.GUKZ!tr
GData	DeepScan:Generic.BrResMon.1.A47F276E
Ikarus	Trojan-Ransom.GandCrab
Invincea	heuristic
Jiangmin	Trojan.Chapak.hi
K7AntiVirus	Trojan ( 0053305e1 )
K7GW	Trojan ( 0053305e1 )
Kaspersky	HEUR:Trojan.Win32.Generic
MAX	malware (ai score=85)
Malwarebytes	Trojan.MalPack.GS
MaxSecure	Ransomeware.GandCrypt.Gen
McAfee	Packed-FEI!E13578226F7B
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
MicroWorld-eScan	DeepScan:Generic.BrResMon.1.A47F276E
Microsoft	Ransom:Win32/GandCrab.AC
NANO-Antivirus	Trojan.Win32.Chapak.fapmon
Panda	Trj/Genetic.gen
Qihoo-360	HEUR/QVM10.1.71D9.Malware.Gen
Rising	Trojan.Kryptik!1.B1C0 (RDMK:cmRtazoOTWCbrq5REjBpwJdGjKeP)
SUPERAntiSpyware	Ransom.GandCrab/Variant
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Mal/Agent-AUL

resource name	BYU
resource name	XEJILIZUYOWIJUFEBODOYILUBULICO
resource name	XISITOFI
resource name	XOHILUJUSUCUFU

cmdline	nslookup ransomware.bit ns1.corp-servers.ru
cmdline	nslookup ransomware.bit ns2.corp-servers.ru
cmdline	nslookup zonealarm.bit ns2.corp-servers.ru
cmdline	nslookup zonealarm.bit ns1.corp-servers.ru