1.2
低危
62 个模型检测该样本为恶意!
重新分析
更多

001fce2fa5a9c4b1ca328120b4edde62acc74a6ba7007d658d671866d03af6e9

001fce2fa5a9c4b1ca328120b4edde62acc74a6ba7007d658d671866d03af6e9.exe

分析耗时

71s

最近分析

386天前

文件大小

93.7KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN QUKART
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.83
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanSpy:Win32/Qukart.a5eab80b 20190527 0.3.0.5
Avast Win32:Qukart-AO [Trj] 20240215 23.9.8494.0
Baidu Win32.Trojan-Spy.Quart.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20231026 1.0
Kingsoft malware.kb.a.1000 20230906 None
McAfee GenericRXLZ-AR!E172180829D6 20240215 6.0.6.653
Tencent Trojan.Win32.Convagent.kk 20240215 1.0.0.1
行为判定
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (4 个事件)
section {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x0000815c', 'size_of_data': '0x0000815c', 'entropy': 7.156102169497644} entropy 7.156102169497644 description 发现高熵的节
section {'name': '.idata', 'virtual_address': '0x00030000', 'virtual_size': '0x00000ea4', 'size_of_data': '0x00000ea4', 'entropy': 7.000241553008205} entropy 7.000241553008205 description 发现高熵的节
section {'name': '.gfcd', 'virtual_address': '0x00031000', 'virtual_size': '0x00001000', 'size_of_data': '0x00000200', 'entropy': 6.869401116914327} entropy 6.869401116914327 description 发现高熵的节
entropy 0.737490134175217 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
文件已被 VirusTotal 上 62 个反病毒引擎识别为恶意 (50 out of 62 个事件)
ALYac Gen:Variant.Razy.860237
APEX Malicious
AVG Win32:Qukart-AO [Trj]
Acronis suspicious
AhnLab-V3 Trojan/Win32.Senta.R346012
Alibaba TrojanSpy:Win32/Qukart.a5eab80b
Antiy-AVL GrayWare/Win32.Qukart.a
Arcabit Trojan.Razy.DD204D
Avast Win32:Qukart-AO [Trj]
Avira TR/Patched.Ren.Gen
Baidu Win32.Trojan-Spy.Quart.a
BitDefender Gen:Variant.Razy.860237
BitDefenderTheta AI:Packer.DA4221451E
Bkav W32.AIDetectMalware
ClamAV Win.Dropper.Berbew-9106192-0
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.7e72dd
Cylance unsafe
Cynet Malicious (score: 100)
DeepInstinct MALICIOUS
DrWeb BackDoor.Siggen2.4699
ESET-NOD32 a variant of Win32/Spy.Qukart.NAI
Elastic malicious (high confidence)
Emsisoft Gen:Variant.Razy.860237 (B)
F-Secure Trojan.TR/Patched.Ren.Gen
FireEye Generic.mg.e172180829d6c225
Fortinet W32/Qukart.AO!tr
GData Win32.Trojan.PSE1.1UOHCGI
Google Detected
Gridinsoft Malware.Win32.Gen.bot!se35681
Ikarus Trojan.Win32.Senta
Jiangmin Trojan.Generic.gaoof
K7AntiVirus Trojan ( 0056ede21 )
K7GW Trojan ( 0056ede21 )
Kaspersky HEUR:Trojan.Win32.Generic
Kingsoft malware.kb.a.1000
Lionic Trojan.Win32.Qukart.4!c
MAX malware (ai score=89)
Malwarebytes Generic.Malware.AI.DDS
MaxSecure Proxy.Qukart.gen
McAfee GenericRXLZ-AR!E172180829D6
MicroWorld-eScan Gen:Variant.Razy.860237
Microsoft Trojan:Win32/Senta!rfn
Panda Trj/CI.A
Rising Backdoor.Berbew!1.AE0A (CLASSIC)
Sangfor Suspicious.Win32.Save.a
SentinelOne Static AI - Malicious PE
Skyhigh BehavesLike.Win32.RAHack.nc
Sophos Troj/Agent-BFGT
Symantec ML.Attribute.HighConfidence
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2036-08-19 15:39:47

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000815c 0x0000815c 7.156102169497644
.bss 0x0000a000 0x000213b0 0x00000000 0.0
.data 0x0002c000 0x000033f8 0x000033f8 6.501924856054455
.idata 0x00030000 0x00000ea4 0x00000ea4 7.000241553008205
.gfcd 0x00031000 0x00001000 0x00000200 6.869401116914327
L!This program cannot be run in DOS mode.
.idata
w@WsO7H'PqoCWs
=@G3$F@Wsrs@WdwH
d#iZt!?H;+@"(
{<3@Ws
s(5_=Ws
Su@W|RWs
@WsZL!Ss=
&Z+Gs\@C
"nTWsjO
s@WsK(@W
EG@_s@={?
"toAWs
p/#Ybc
W?WsT_P1
s5P@Ws<_
s$V@WsTG
2G?@@W
AWsT[N(WsEfs 5s
jT=rGq@W
N^f^6+
(5_<Ws^^Df<s
"c(5<Ws^
@^Df<KfQ
K@W8122
&OwOgy
T3W|VsnP6#
2Ws@d@W
6^RAW(@]^a^~\
cAW(@@<F
[<|S6+
U?y,s*{m
U?-s*{m
_|iDo-iLXQnEfF4+\
xWs 6/
(5_7Ws^=s@?@W "{@=s?!s@WsW'
HX@. 0
sqs^~^
@=s?$s
I|K6;I
Cf@Ws^
^EfX/q
-&^CAW
qY^~^NW
s(WsGV
s+@n6O
W#\p%rd
V<b@?(@WR(
T=shr@
+@XAWsT%sV}
@@#_^f^vW
J16P1@
VAB@=s?U s
&67BW6?
c^w@Wr*{\?S$\
#\xg@Ws
@W1@#xv1
J^V^f^
{W|gws@^W6+AWs
54H7AkGHkFD
W6WsT_/i
1?@;^f^
#w"q<R6SCy(wp*wT%sV8W@
HO@XT%sT=sR
@@WW@Ws^^
*W#?q%s
O@"^=sZ
""{(52Wso~s
s(52Ws(5%0Ws
EWs^~^*([@
@,@WR(
75Ws^^)
sH@WR(
K(Tjs@W^{@
so86+I|R5_s(
so<6+I|Re_s&iO
@Wj(@XHWsA?$
sO@W|`)
WsDq@=r@1(
T[N(WsJ{@Ws^V^=r1(
T[N(WsJ{@WsA?%
)Vs@=r1(
T[N(WsJ{@WsV
W*T[N(WsJ{@WsA?%
}@"nA?%
(r@WjWs w^{*V
}@#VA?
(AWs@Wj
E#@WR(
D-*<Qv
(s>iRs
o`6+W@Wz
)Wj(AXi@Wso"s
)Vs@G(#\
@Oo}Ws@6+I|R
+@XDWsZ
XCWsV$R@'
.WsT[r(@|@W
()*(2@*
c^w@Wr(;P
T=s!q@
K(Tjs@W^aq@
r@=s?:s
(q(R((#Z/)
TG0Ss@\)
@_o}Ws@6+@Wz
(@XAWsZ?)
s@1j((HX
@WsT')W|SWs
(#(')%
(ss@'@Ws^f^=w()*(
{()s)X
sG3$s@W#rs@W;X
@Ws\=)A?+@WE*WsTS
x$@6+(
(V@=s@@W
2I|[Us}s@X_BWs(d
@W81q`X
6'ARKx
WBWsWMO
xXBWs!E
WBWs(E/@v
qCWsVV@~
i2WsWMO
WsWMO
qwBWsWMO
Wq@W(E/@v
@Wsv2ARKx
Wc@Ws(E/@v
,PWsTEo
@TG@Ws
1}s@+2Ws?m
qAWsoOs
@r@WX01
H3B:W=wj~
$@"tTE_
@S>Psr
WJL32
@s_DBd
s^~tD3q3<F
a!WstP2(
q!Wst2(
A!Wstp2
'3~^~^v
uWsT%sZ
W812D@^
(E/@6gBWs@WVs@
Z=v@Wr
(Ws@63
=s@=wF
*V5#Ws(E/@=s(5
=w@=rZ
*P2@W,
WB(Ow}s@"G
D}s@"[
D}s@"o
D}s@"c
D}s@XBWs\
O6(Ow&1Ogy|RWs
9CeX_@Ws^
=CXVn.
TS|aDQN?@Ws
?EOd"e^T6
wTPUVs@OB"
?BOB""^
wSuWs4PN>@Wso
P7EVTSgAWskM5
pW|Qrs
TS|aDQO4YN)@WsGj@W
`A=DwAWs
KB(P~W
6>@WsT]81O&
q\|BSv
*!*(E/@X_j@W
}s@#ST%s<N
T]DH^7As^
A7A&#GpD3
s^Vc(E/@
V@|@W
.R(@@WN@WG4
8sTE/@Pj(@"b
sSXR(kv
s5UO$^(<[~
(@s^DBSv
WR(AXR(+mW|R
@W|SSsO$
(E/@4O@W
TV1Bj(
Ws(E/@;
s@?(@Wb(
s@W,@s6
(Ws@[sy
Wb(+*@3@W|a
U6BT>+[b^B
(#DWsv
(5@@WR(
pEks@KT/p
(Ws`=s\(
85Bg`3
PWs+@g
XAWsW=_smr@#WN>@WsO
AXAWs>[Vs
?CK5C'
?EK4^=<v
rQN>@WsVwAWs
@OAWs@"[W|jq@Ws^OCWs@"gW|jw@WsJOEWs@#p|a(^
Q#V(Ww@%(E/@]+R(AXR(+mW|R
_ii$86+Es
*Zu/@b@Ws
k@6-@e]CX
w<J6-A
@WWf@Ws]CX
XJ@WsV-s@WV|a
TP-D#yTR
3D6,AX
TP/E"wW
Ar@WNW@WsD6,D
+_1sOpWs5]Ao
*O6(WT|a
|aCj@W
(@Ws*W
O@"^}W|i/G7AW
ss7#?UWs
c^~^f^~^
"{@@W,
tm^~^=sWs*T
T`W8'psq*W%?]
FtWs 6#
Ws!@6+^/
$hrt@W
(s@=w@=s@Ws
=q@=s @
(5[%?
CWsoAWs
"c(5[%?}
H6+H1n
'&@?H%
D|aDI#u1
&+qkM5S~y4=[
_L6+51
>:K:Wsf1
^1VsT%sT%sT%sZ=
)B"wT-qoYs
W-rW=s
_|`R~:r@X
Gq_G3GG
G*i3zc
W\XG;\
_Gf`GTSGnG
TxWG"GG0dAP
sG*SG,GG
GGGGG
0GqgGr/GG
GGGGG
GqgGr/GG
6&6eZh
@@W<D;s
s<jD@W
Q6A3G|a
GHXFj@W
1WsH?@W
y|UN(
cVz@<@W@T
WsL=s^Tv
Ws^T6+B
\U@fc^V^6/D
4@WL@WX(
Ws\=|`
5P^^}@=31
Wb^T6'B
s^Lm!i s
VE/@s@n(
sVX@@W
_j)Vk{
)#1(@,[>@=s@=q@=s@Ws
*#AMs(@#?A
Ws(E/@
@,(@((Ws>@W81(@?&
@Wso's
,1(*@?q@
%"gh|@W81
T3W|Vs6/"*V
;@=r"g(5GL
$h4$<@W
"{?NWs
VWs 6#
@Us@=s@
q"k(5C\=s(5GT@Wz
@@W ~Ws 6'
TG%"g\
Ozg^V^v@W0
(Ns@=s(5[H
%@=s(5G@Wz
1 Ws 6#
q3<~=sWs*W
s?IsW@
Sq:A'Ws^
G@0@W6/
z(4J'A#(5G
@f<VXs
2&6)@WO
&6)O6){
@Wr(@;
%x@/5D ?M
sqKWs^f^
Zms@W$
@WR(/@WH?w@W
WsnJWs
@WsN!\)
WsnJWs
WsnJWs
(O@+?]
{V9@@W@WsN-E*P?
WsTGd?a&
@W@WsN-E*`X1
H0@W@WsN-E*`X1
fs(T@+?
@WsN!\)
7@y@W
Wsn#Ws
Wb('7@
{7@y@W
s()8@W
Ht@W@WsN-E*`X1
WsT_!0ts(@
@W@WsN-E*`1
WsT_'R(
WsnJWs
@WsN!\)
*SO@Wr(@+@WR@W(@
kH^i@W
Wb(31@
w1@y@W
s()L@W
H@W@WsN-E*`X1
WsT_R(Ws
(AWsWWs(W|S
Vs@W\Rs@WJR(O!@WR(
L#T3W|Vs
TSR((X'\
WsnJWs
+3@y@W
(*p@WR(s
T[R(I|R
((m@+?
WsnJWs
(@+?hs
{?hs]s@
(e@+?hs
WsnJWs
c?}hs]s@
OL@y@W
s()D@W
^@W@WsN-E*`X1
~WsnJWs
(i~WsT_'i
#M@y@W
kM@y@W
s()(@W
Wb(M@
?js]s@
Wb(CM@
N@y@W
(m}WsT_}WsnJWs
(O@+?js
}WsTG'A
wN@y@W
s()L@W
Wb({N@
O@y@W
s()t@W
SWs?ks]s@
@WsN!\)
(@+?ks
{@=sB=s@?s@
H@@WR(
b(J@=sZ)
#()??ns
(xWs()@W
KWs k^
@(H@=s
)#AWsW
sAWsWu(?9
s1(Ts8
_EVs@[V4@f^
,@WH'E
*JRBV1^
xWs^#(w?Eos
*JRZ0(
s?as*/i
*#?Mms
zWsDVs*#1(
5D%?asqBWsV
(Sr@+*#?!bs
5D%?}as
]yWs?t(*/i
)#?Ins
o^f^o@Ws
(Vs@1R(@W/R((
=s@=S@=s@+*W
@Ws((@W8Wys
WvWs^^[?@WuWsW0(VR'(|R
fs*sJ?s'@WuWsDVs
)#F@=r*1
(+WsZ(
uWs^^3(
G@=s((@W/A
*UsWs\
(5G]tWs^1
G[*WEsWs^
s@=s?ds
*%?9ds
t@W%?qes
-&^;@WqWs
*Ws o^V^k_WsZ(
WApWs^^s@
7uWsT_z
"MWsZ(
#]7uWsT_z
AWs?afs
1s7#?cs
{?cs]s@
?G@y@W
=~tWsn#Ws
c?mcs]s@
?ds]s@
H@W@WsN-E*Z?ds4s@
"cR1s7#a1s7#?ds
@W@WsN-E*gX1s7#?ds
{J1s7#?-ds
{V#Z@P@W@WsN-E*gX1s7#?
{C1s7#?mds
{?es]s@
@WsN!ZW(
Ws ?^@W@WsN-E*gX1s7#?es
1s7#?es
?Qes]s@
s7#n1s7#?fs
c?fs]s@
?fs]s@
@W?CWsN
c@W$ZW(
qWsTGqWsnJWs
C@y@W
pWsnJWs
H=s@=q@=s@Ws
H@WR(@WR@(
$s7$((@Wb(g_@@W1
*s^V^f\
@Wn^f^?w?
WlWs^(=c@s
\@?w@WR(
sBWsW(
I|SUs(Sr@+*#?}s
I|S=Us(@+
)#?qxs
(O^V^=7@o]@
)r(@WR(
=s@=S@=s@+*WMkWs
XYAWs(((@W 1s
((W@WR(
kWs^^[?@WkWsW((VR?(|R
I|SUVs(W@@W/A
(=@G\(
Xm@Ws@CZ
=iWsV@x@K*
Y@KTm ^V*
uWsZ@K@WsVs@c
*yhWs\
5WsZ@6/"
@W ?~s
s@=s?~s
MWs 6#
T[N(WsD
AWs(u{
xDs&6)O6)
(r@=s@=uP@W
@|@W/q
*V%pFW
s*V%pF
s*V%pF
=C(u@@W
ss*V%pF
s*V%pF'
^=r*g1
[@=r*g1
X*D`^f^=(u
WgWstd2(@=(u{
WgWst@3(@=(uK
WgWst81(@=(u
@l@W8^s*`2
s?qs*1
W jOs*W#?qs@W
%?rs*Wt2*W%\
s1(Wq@@W
@#1(@=s?5qsS
s1*WfWst 1*W
kBWs@=sH=g?1qs
eWst<1@W
s1*WQeWst1*Wt2*W
AWsWs*
@W#1(@=s?
@=s(uc
@=c8Vs(s@=[@Ws(@?:
}@WsT?p
dWst2[@W
s@?0@W#?ss(*@=s
WQdWs@F
slVs*e
}@Ws:?p
1*WdWst1*Wt2*W 1({r@=OWs(s@?p
1*WdWstl2DD@^
U(=s(uc
@=c{?@W
AWs@Ws($@?:
W8Ts*Wt2*W
V@WsWs(Cr@?s@
s1*WycWst41*Wt2*W
(Or@?@W
1(@=s?5tsg
@=s(uc
@=cWs(fr@=
@Ws(L@?:
*Wt2*W
@W#N1(@=s?us@=s(uc
@=s(u7
@=klVs(s@=g@W(@?z;
BWs?us
@=s(uc
@=s(u7
@=kWs(s@=g@W(@?z;
BWs?usK
sX=[Ws*C
@#1(^@?s@WbWsth2*Wt2*W 1*O
(s@=g@W(@?z;
BWs?Musw
@=s(uc
@=dWs(r@=m@W(@?q;
TO%fhh
s1*W9`WstD2
s1*W}`Wst 1*W
kBWs@=sH=g?ws
s@?0@W2
s?Hs*Wt2*W 1({r@=AT=
CW(@?;
W:"Ws 6?
AWs|=gWs(TsW
s?s(*Wt2*W
V@Ws.?g@W
1(@=s?aHs#
-?Ws@F
Ws(s@?s@
s1*W5^Wstp2*Wt2*W
*@WsWs*3
@W#[1(@=s?Is
QKWs@F
sP=%Ws(s@?s@
s1*W^Wst1*Wt2*W
3AWsWs*I
1(@=s?qIs+
@=s(uc
@=cWs(s@=m@Ws(
(s@=^T?s
sI1(Wq@@W
s^f^=s(uc
@=s(u7
@=kh=5T?s
sI1(Wq@@W
=g@W(@?z;
@=s(uc
@=dWs(
r@=m@W(@?q;
W^f^#,&^
(s@=p@=p@WsW"{?Ms
)XC@Ws@
BrWsWi@
+@6#DWs@W
s(5[HI1
@W]WsnOWs
^.(*5F
XWsW=qQ?
XWsW=wQ?n
WsW=uQ?+
(H"b1s(#?@s*5F
aWWsVQY@
(J"b1s(#?@s*5F
UWWsW=
@W!HZs*5F
WWsW=}Q?
1s(#@2
(?IW[WsT
$\5_D/2oO7s
Wsk@'A&+
VWs?MsXs@
/j(A"bg1
#?qAs
#?QAs/pQ?
@Wj(D"b<1
#?BsQ@^
@:f@$5F
MUWsW(P
($@:7f@$5F
UWsW(]
(@:[f@$5F
%TWsW(Z
(u@:g@$5F
iTWs01
#?((@W
j(r#gT(W
>Ws^f^f@?
WT_R(I|RUs
q@+O@Wj(zXAWsW(m|RhVs
+s^f^/(j@+k@
Hj(OL@W 2B"D1(e@+
AWs1(p@+ok@
TWsV,@+(O@+Sk@?x<
f@+TS#Z
O @WR(
R(v@W/KXAWs((?f
)SWs\(
*WqSWswa@+
^^w(;?Es
7Ls?Bs
23`@t@W
s@?r_WRWs^(^T
AQWsA<@W*VJ@6c
sC@Ws^V^?#z
WyQWsWs(
@WUQWs;f@
DVs9#(5_QWsA?f
Pj(@W|RmVsR
aaTWs:
C}(`:O6R
rNz:AV&@p(
EPWsZ(
*VOWs^~^?=
@@Wj"(b{?
W@Ws$&<
'`@5Zu
pWs g^=s@=w@=s@Ws(W
rWsB=s@
b"?Xs*W
b"?Xs*W
cs}@/@W4:R
?Ws@@W?p@W
@Ws^~^=s?Gs
p@WWs@
qOWs@F
s@=s@=s@=s@W(@?:
Ys*WTSQMWs@WsW2x
s?mZs(
?[s*V#(({@WsV>@o9#01(*@?!
"tTe'@W
@=s@X@W#?[s9#@=s"3*W
QLWs@?@W
WNWs<X63
}@=s@=sZ
#?1YsI
$hy*l@WL
q9r@@WNAWs+q@j`@W
}Fr@X`HWsxVsO@WpHWsT};@W|SWs(@F
??mZsI|SWs
T}?@W|SPs?@
WsW}#@W
<*W}#@V
GWs^f^sx
WJHXGWs@h@WGWso
"{?UZs
H414kHp24cH
24{H14sH<14KH14CHL24[HT2O
)H<14GH14_Ht25Z
gPGs(5G
"c?[sW@Wr(@
WsWsr(#(u
@@WjA(@"S@=s
1*WKWs(u
@d@W.EWsV
Wrs@?@WRA(
s?]sr(
1r( ?l
cWsr(#(uK
@@WjA(@"S@=sR1*WJWs(uK
@d@W.DWsZV(
(@=s?u]s
W5IWs>Ss
s(s<}XR@(v
p+wy)S@=s1*W!IWs(uK
@@WRDWsWW(VR@(|G
"(f@"x@
WIWsWV(W
(@=s?=^s
WIWs>LSs
(@WsZV(
s@|@Wl2
{@@W/i
(@WsZV(
s@@Wh2
{@E@WZA(
kr5/C#S@=sp1*WHWs(u
@l@WCWs
(WO(]Rr(O<SO>w
s@@@Wh2
t@@WR(A(C%^~^
cWsr(#(uw
@<@WjA(@"S@=sU1*WmGWs(uw
(WO)]Rr(O<SO>w
t@y@WR(A
T3W|VsXB(y
;@WRA(
"(f@"Kz@
(7^=q@=s((@W41@"4ZMg
O@"^=sZ
)=EWs@'*U
s((@WZ(
* ((@W
*#B?k$
0xWs((h@W
u@=s@=w@=s@Ws(w
DWsZM@
O@"^=sZ
)EWs@'*V
s((@W/A
E'@Vs@
rWsD=w01(*@?!
(5_!EWs
$\5_+|y^^
@WH15\2
@@WH15\l2
H\35\h2
s?}Ss^@^
s?USs{bSx
qH25Q`3
H15Q|2{b_x
WHh25Q81{bSx
WH15Q\2I
"g(5GL
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
i@Ws^L5t
;@GsmWc@w}Wc@$ws@'Hfn(
y7HdSs
HWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VC
sGWs@VWC
sGWs@VSC
sGWs@V_C
sGWs@V[C
sGWs@VGC
sGWs@VCC
sGWs@VOC
sGWs@VKC
sGWs@VwC
sGWs@VsC
sGWs@V
sGWs@V{C
sGWs@VgC
sGWs@VcC
sGWs@VoC
sGWs@VkC
sGWs@V
sGWs@V
sGWs@VC
sGWs@V
sGWs@V
sGWs@V
sGWs@V
sGWs@V
sGWs@V7C
sGWs@V3C
sGWs@V?C
sGWs@V;C
sGWs@V/C
sGWs@V+C
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VD
sGWs@VWD
sGWs@V[D
sGWs@VGD
sGWs@VCD
sGWs@VOD
sGWs@VKD
sGWs@VwD
sGWs@VsD
sGWs@V
sGWs@V{D
sGWs@VoD
sGWs@VkD
sGWs@V
sGWs@V
sGWs@VD
sGWs@V
sGWs@V
sGWs@V
sGWs@V
sGWs@V
sGWs@V7D
sGWs@V3D
sGWs@V?D
sGWs@V;D
sGWs@V'D
sGWs@V#D
sGWs@V/D
sGWs@V+D
`fP`wA cI
|fP`wA cI
`vMlrR a
g}\v=Q~
v=Vc<Wjv
~{9fgI4<NydKkwP`vK{<Wjv
~{9fgI4<ZxeK{<Wjv
~{9fgI4<Qop\|`Ux<Wjv
~{9fgI4<_kgX|w[giP`wA cI
maMacK{<Wjv
~{9fgI4<Ro`\|`@ a
g}\v=Q~
!pUaa[o}
|fP`wA cI
owUz>T~z\ pT!z]kkIfcQzg
k~P|vZa~P`wA cI
xzL}>P}gZa~P`wA cI
zaSo}K{<Wjv
~{9fgI4<Z|fV~=L!z]kkIfcQzg
g}\v=Mc
!xWhzRogV|tP`wA {T
~r\v>X`xK{<Wjv
fg9fgI4<_kgX|w[giP`wA {T
bwKe=T a
g}\v=Mc
!tC#cVc=L!z]kkQz~Qzg
|fP`wA {T
g}\v=Mc
!x]kgK{<Wjv
fg9fgI4<ZxeK{<Wjv
fg9fgI4<Z|fV~=L!z]kkQz~Qzg
!<K{gI a
g}\v=Mc
!xJ~vJejK{<Wjv
fg9fgI4<RgwJ#qWe=L!z]kkQz~Qzg
!<XxxC a
g}\v=Mc
X|xWc=L!z]kkQz~jauNoaeCzKa`_z
VhgX|vtgpV}|M
(59?59'49'49'49'49h49h49:9:9'49'49'49'49h49h49:9/:9'49'49'49'49h49h49:9:9'49'49'49'49h49h49:9:9'49'49'49'49h49h4949:9'49'49'49'49h49h4949:9'49'49'49'49h49h4949:9'49'49'49'49h49h4949:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9'49'494949*;9X;9;9;949;9:9:9:9:949494949494949494949494949494949;9;9;9;9'49'49'49'49'49'49'49'49'49'49'49'49:9:9:9:9:9:9:9:9:9:9;9:9:9:9:9:9;9;9;9;9:9:9:9:949;9:9:9:9:9:9:94949494949494949;9;9;9;9;9;9;9;9;9;9;9:9'49'49;9;9
:9:9;9:9:9549:9:9'49'49'49'494949:9:9'49'49'49'49'49'49'49'494949494949494949;9;9;949:9:9:9:949
:94949:9:9X49X49:9:9:9:9:9:9'49'49j:9j:9j:9j:9:9:9:9:9:9:9:9:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9{:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9j:9:9:9:9j:9:9j:9:9:9:9:9:9j:9:9j:9:9j:9j:9j:9j:9j:9j:9j:9j:9j:9:9:9:9j:9j:9j:9j:9j:9j:9j:9:9:9:9:9:9:9:9:9:9:9:9:9:9:9MAiZX`
WggWgp]k@Kg}9@gWcrogvvh@ZzzW
]v~vjkpPa}wz^IXzNAu\mgV`
Mb]jzrL}G}a`K||9MFkK]f[@k
kWC|@Wlr*
5W5o1O=f:7
P`^G|W
KapJ} wkk9
9@gLkajw`\cZ_aaXzzW
WzwU wU
9y`Ze
Rka\b
\|}U=!]b
9{`K=!]b
Rka\b
P|gXbCVzvM
\zPK|vM^aZk`pj
P`wP`wNO
\`w\}`^kR9
JLrkkriza9
\|}U=!]b
z\JmK]9
-9-9l,9
9R9Y`&y
/u2Qg`I||Ko~Zo}Vz3\.aW.z
Y aXzr9Z
zXzr9b
aUap9
; vXzr9J
]EJ7id9
x_1[r9{
@n[5VN
JgG~=SMzd
5=SLb[
gU29Fx
p89pdz9H
p{x9pG9p
")"):)
p7F9It'
"1yQM9^
7:965y
9oq]kuQgyUc}9+`
Q9S9S9
96Q9S9
R9*R9NR9^R9fR9vR9R9
9R9R9R9R9R9R9R9R9R9
R9*R9NR9^R9fR9vR9R9
9R9R9R9R9R9R9R9R9R9
AggKapJ}
\zVOgaWcvM]gP`tx
Ua`qo}Uk
\z@Jzv}gaZz|@O
Ik}Lzvx
MbFNg}9
V~vfa`Qo}Uk
9EVwK_
S)MA}B_}B_9
L!This program cannot be run in DOS mode.
.idata
kLZ;KJ;S
*HH=:
wCi^'+Cy
Cy[gYGKn
kcBj;g
,t)yvS9
k>/K(iZ
uHE`CyKpjb
q*S\`C
O';Cy
)yt+Q]C
y*g\L>
y:W\1gC
rR)==y
CfCyMI
)yt)zt)yvCywc^dC
NwK5
NLdC6y
LgCHuB
yv)6By
)yt)yjOk
._6ajWk
)yjSkbC6i?y
pkGHpk
kybCpkGHHH_
;\r[<
j@jS[<
bCyz[<X
9#Bykzl<
q_E6'Zvd
q_E6'5p
[yj+,C&@DK(MI
k9BZCC
GAjROv
R@kFH_hY&
)B:MIe;ux{y
t66qY4y
.jK5^C
<O+A]ClCy
)yZ)m0y
ZpjFH_vr
G.&@DK.By0y
6u:\C|
Cyr<O<
FCcCv*By
%[AyZ[]C[
<}I|I?<
`}Cpj
O]C)'CyZ:y
F]CC[
FCy"\C
CpjT[By
BE*kKE+kG{C[
{CHa'Xy
:C?ZK"/Cv>&
+I_CoCyCy
)yt)}t)yvCy^wC_elC[){t)yNr
t<O){v
enC*HHCGZ
+u]C}pCy
D\CytYjCAmCy
OAH;[J
-]C~Zy
OAH?[J
F)^CyCNCy
wC\+)^C(
ODCyj8)xv;
w\+)^C
ODCyj8)xv;
w\+)^Ct
ODCyj8)xv;
w\+)^C<
)'CyZ
CytpC6
CC
C. .j
C+KvCy
1sCyO6uG
DdCOIIK
CyN{\
Cy[*HH
fb.k<Cy
CyZz[Hs3
rVIC[
CGyHH#WU.w
\)yt+;_C
{_q_C
?9^Cv
;\r!cv
F9^Cxj
y7Fa^C}j
Na^Cq_8
Fa^C{j
Na^C{r
{_=.C
FA^CzCy
?)]Cv
FA^C6FA^C.
]C\CyZv
Fq_C?sy
Fq_C#[8
6lbykG
K^AW>
Fq_C}~
O^A^C@
G^r^E
yj+U]C/"y
S_+8]C/"y
_+6]C/"y
yAA,jL
\<OlB
Cy<O+y
uEk}C[
k<O)x y
6t)yt
<&@DK7<
N6t<O)jK
'<L[L
O@CvJ
<tm#F]Cyj
z#E}k*
EEvkQDCyj
{1#E{kC
7~#Cy
""7w#Cy
kDDCyk
e/~#}yk
lQ?ZOT
Cy'5Cy
\DCyj8~
<G^z<m9Gf
]CjK]|
CDCy#CylD
_QEC
{#VY_Cy
Cy^/XvSy
uZpk!]r
uLwNy|f
c^vSy
F&7pP
S>%1Bv
j]""@y
jI""Fy
V&@DK#
Z6KByjO:Zxr;
>CyZyCy
b/v\B\Cy
^bG[Bv\B]
rJv\B\Cy#Cy
jG[Gs\
6s\BAk
sZxb~l<
@DCyk
GBjDZ(By
uCJCyAB,
)zt)zvCy6q-
6obOyj
r|)yH^*
B)ybOyj
ILC[p
8Cyt+
IMCF,y
u_E6)yJ+M6uH*
)yZ)t
I!LCm@y
)yt+y
r,){t)yH+
NCyjr^@
.jK[K
GgNwv\)KC
}WY$>ub
qjO[6cY[C{<
we\JC AA
s*HH6A#liCy<
CiCc
rxbyk<
CvJvB<
JKvMEP
Z'Cy<
6x[<E.@
%_Cm#]
m#]rI
.6y<CCyG
i)NCyZ`Cy
EEnmVEahR[
EDCyk
)ZvJxO
NC6uE[
CQOCy
l]C[n@<V]CH
\z<mYPCyZ!PCybv
qt)yt
)yt+y
MCyt<O
/I1}<PC
5CRCy
SCvbR!iO
USCxk
Nw\+]C
P6Cyt
;\+]C
Mw/\+
)yt)yjOk
C&@DK.o
ktmUCk
)}ZW)jSk
<O<O)yv
6ij9UCy
7ujVCy/
njVCy}y
6ujKVCy
OZ[)HuC
6ijVCy
7ujqVCy/
~y]Cyj6[C)I
)yt)yv~;
^CyA#}tk.
)jSWCyO6K
C>#}ykJj7E 6[
iC]4Cyz[<
7dBN6i
Z&@DK3
qZ41r[<
z[<L[C[
gCHUv
,oGJX$6l%[CyWLcL"$
".b.vE;
%[L[x<m[<
6jMN=
B{CyjK
b`AYCy|Cy
TCZCy
H+G]C.
~CeZCy
ZCyK]ZCy
b`[Cy|Cy
M+]CHZCO
OZC?ZC
\CyW\Cy
b`I\Cy|Cy
!]CyK^Cy
.CyZ_|
!C}Cy+
|c< C}Cy+
H+]C.Y~y
"CyKMPy
b`#Cy|Cy
C9jK-&Cy
'CyhHy
qC.YY
c.@KAy
A'CyJKJ
KI|KAx\/
(C)Uyy
Nw\+]C
r+}C
|lJjD+yfC-*CyH
jK+Cy%K
J*awy
i6O)ypy
[E|^O/Ck
-CyHrK
Z&@DKV
.BKcMV
C6L}vy
.C*HH$
_E6)qBL
)+CyK.J
+CyK,Cy
H+!]CH-C
C},Cy
7C=,Cy
bj-Cy|Cy
Ly.vG;
E-CyK6RK
1-CyKk
.CyK.H
.CyKy.Cy@y
8CyIy.v
+a]CO-/C
+]COM/C
|c6.C}Cy+C
2CytIO
C*HHI>
uCO%1C
+}C
O=1CO
ZuCO0C
+yC5CyB+}CO
~CvCy
7wH\4C
CO!4C
M9C*ey
NuC/v#9
Y6CyZ)H^
8Cyr<@
Y9C/I
kGQ6uA/%jy
NwE\<O-5C[
<zNw\<OQ5C
<O)yv\By
vU^C6Cy{j
t){t)yt
)xt)yt+C
6Cyr)xHus+;
)xHus+38
)xHus+
.vQ^C7Cyt
.vY^C7Cyt
.v]C7Cyt
)xHus+/8
)xHus+8
I)I*\-6C
I)I*\=6CNCy<
v^C8Cy?9
w^)*_9C
v]C8Cy#8
w^)*\9C[
g_+_C
vU^Cy8CytL
C^+_C
ve_C]8CytL6
;\+_C
)*c_y9C2
)*\8C
$CyZ)H\
)y*w_)yH
5Z)ZR[
C9Cy[8
uC)t#<4
)mvCNw\+]C
w\)y1ey
#\)yt
)yt)|t
)yt)yvAy
.v}^C:CytL*
C)vk;
w\)yfy
*CytL*
C)v?;
w\)yfy
\)y*w_)y*
_)ivBy
)QvCyNw\+]C
ytm;C
\)ygy
6zCyv;
)KvCy
\)yigy
\)y*w_)y*#\+UC
\)y%gy
o_j)C
CyvwBy
yt=C
)y*w_)y*
_)ivCy
+mC
C)vD;
w\)y`y
7\)y*w_)y*
_)itx+aC
CyvCyNw
+HC
ytE=C
yr)y*w_)y*
_)itI+3C
CyvCyNwM\+]C
wCyO+]C
wCyO+]C
e_C6uC++8
)mvCNw\+p]C
k_)y*w_)y*#\)at{+
wCyO+]C
wCyO+]C
yt?C
q^C6uC+
uC/ZR[
[h<O)yt+y
]?CZ
w\)ycy
w\)ycy
#\)yt
)yt)|t
)yt)yvAy
.v}^CU?CytL*
CNw\+]C
w\)yv\By
+6ot)xvQBy
)yt+7C+8
)y*w_)y*#\+UC
dw@yO+]C
p)y*w_)y*
_)ivCy
CyvCyNw
C)vU;
w\)y]y
s_)y*w_)y*
_)ivCy
vCyNwX\+]C
w\)yu]y
\)y*w_)y*
_)ivBy
)gvCyNw
wJ\+y
wJ\+y
wCyO+]C
+9C
wCyO+]C
C{C[Gy
CyZ)Z)Z)jS
6ujK$[[Jj<)}t
w|\+x
}C*Hs#NLC
+D]COa
Cyt)yvU;
NwC_>
8Jy%Xy
/I6q G
EKCyvo;
uC1=y
Cyyv*By
Cy"#_A
)w\+K]C
w\+^]C
CyHv1By
yt)yPy
8NCyv;
\yyQy
pkW)Ry
CyGdrC[
jM,,KCO+]C
CytN)Sy
Cyj)xmLy
w\+9^C
C7v3]C
Cyy@Cy
Cv]C=Cyy
w\+]C
Cy_E6t
)yZ)t
Cy_E6t
)yZ)t
CB5Cy
\<w_<
CyZ)Ly
wCy+]C
+]C)%Ny
SCONw3\+
O)yt+
^)ytu
~hCvKy
+]C+s;
5zj()xh
O)ytLZ
y'ZKvwDy
7\7E%
s_7M%
?\7e%
O_7u%
?\7i%
w_6tvSi
\)yuHy
6Yt)yv(;
wQ\)yuIy
ij?)yt+]C
w\)yJy
xyk?)yt+]C
x)*o_
6Yt)yv;
Cy*o_
x)*k_E
6Yt)yvp;
Cy*k_-
CyB_E6@
ws\)ymKy
"/?}"&=Yt)yv/;
Cy*k_
NvY^CQ
wV\)yDy
"/?}"&=Yt)yv;
Cy*c_Q
)yt)}t)yvCy^w
Cy"7\C
+Mws^
Cy_E6t
LCyr
LCy%*\6r*_
C6$v^C
Cy%*\6r*o_
CB+38
%*_^6r*k_)
CB+78
yjP+;
jr%*_6
y%*k_6
;\xL>
y%*\6
6ijO/M6}
C;?@:
C;3@:
C;/@:
C;+@:
!=6Zt=
Yj)yCy
CJ;KH
VZ;Kcg}
C;_@:
C;[@:
C;W@:
C;S@:
C;O@:
C;K@:
C;G@:
C;C@:
C;{@:
C;w@:
C;s@:
C;o@:
C;k@:
C;g@:
C;c@:
C;G:
C;?G:
C;;G:
C;7G:
C;3G:
C;/G:
C;+G:
C;'G:
C;#G:
C;_G:
C;[G:
C;WG:
C;SG:
C;OG:
C;KG:
C;GG:
C;CG:
C;{G:
C;oG:
C;kG:
C;gG:
C;cG:
}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}mL&
TSLSCRH
&}&}&}&}&}&}&}"
}t-m$H
I}s/h"u/&}&}&}&}&}&}&}&}&}&}&}&}&/v8b(T
qTbqTZuTzyVS
m 6"f}Xe
Gjvu'|R.u\
|'z'|S$
amuV{.
m ."~e$r8&
3^}&}&}&}&}R
&}&}&}&}&}&}&}&}&}C
&}&}}b}'x.wH
SJ}&}U
&}&}&}&
H}&}&}&}&
G/G-T}&}&
t8f<bh'L
|'|'}&}
}a}}"}}8>
&}&}&}&}&}f&}|
}&}&}"
}e&}&}&}&}&}&}&}&}&}&}&}]&}9;s
+w&}&}c}'}7f=&}&}=&\'J.}*}&}M7}6}
}&m6}$}&}&}&}&}V}"}&}&}&}6}&}6}&}&}F}&}f}$}&}&}&}&}&}&}v}M&}
}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}R
&}9!}6}9!}"}&}&}&}&
}&}*}&}&}&}&=B
}m&}(}&}&}&}&O
G}$}f}$}6}&}&}&}&T
E}E&}v}E&}0}&}&}&}&
G}&}F}&}>}&}&}&}&=&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}
"}&rVbuVrmT$9~&p
YuVV#]RY<
IVjuVn}~)n.j}&
*#8u*L
u*qVc"}&j&}Tcy6
V$"E&""A&+w8i&f}
uP*h"~L
}&jd1*
Lwy#}Tcy
LtE#}Tc}
LuQ#}Tcu
m"Sy#}~.}NM6~
!x&"y&
m"Su#}^
}&@%~8)^L
!`&}Ri&$VSy
}&$jG"
`&}S#Fy&}&}
\|&+Un!
dA}eD}bX
w}"i"i&
Q}TvTA"
I*}\7B&9&>
A'}\w/&
]}Pm"X
"vi&.}
s}TT90&>
*}YV"rg
&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}5m&}&}&}&}&}U}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}D
&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}f}&}&}d}
f}If}&}&}d}5f}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}g}g}g}g}g}g}Yg}&}&}Mg}Ag}mg}ag}
g}=g}5g})g}d}&}&}g}g}g}g}g}g}Yg}&}&}Mg}Ag}mg}ag}
g}=g}5g})g}d}&}\&
&}c3jOb1&}fmfmfmfmfmfmfmt9j9j}fmfmfmfmfmfmfmfmfmfm&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}6}>}
}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}6}&}
}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}7f=&}F}&}&}&}F}F}F}JSJ}5}F}&}\
&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}N
)`]G]I
R]t)v3
]g9i8e3c)e4b-t2j1r.t-&8j>uQt<
]t)v3&}&
E]r]oQV
S]r]o}H
@SG}MN
<k-h>B]U
&(r3c4&)
T]ST>T]
RQQ]T]H
&)r>m}^
O&SSAr1
P&S&PM
USc<j!i)g8k
.`*t!O
CZUCDC,AT}U
C_UC@SSAI
C}e.bXz
8e;`>
OSU}CSG
K.A]HSG
GSI}&}&}&},0E
T}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}&}bN
Qlid"MhNlf
Ov*MhNlf
QlidOJHkNlK*
&}&;0rQlW
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
SysAllocString
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA
GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA
GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
__GetMainArgs
_sleep
_stricmp
memcpy
memset
printf
signal
sprintf
sscanf
strcat
strchr
strncmp
vsprintf
ole32.DLL
OLEAUT32.DLL
WININET.DLL
KERNEL32.DLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
CRTDLL.DLL
L(C(C(C
<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C
PCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPC
dCdCdCdCdC
xCxCxCxCxCxCxCxCxC

Process Tree

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.