1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.75
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200302 | 2013.8.14.323 |
| McAfee | Packed-FAT!E24A8E90585D | 20200302 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0a2ed | 20200302 | 1.0.0.1 |
静态指标
文件包含未知的 PE 资源名称,可能指示打包器
(1 个事件)
| resource name | None |
动态指标
在 PE 资源中识别到外语
(28 个事件)
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000261c8 | size | 0x00000468 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026630 | size | 0x00000224 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026854 | size | 0x00000174 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00026fc8 | size | 0x0000003a | ||||||||||||||||||
| name | RT_ACCELERATOR | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00027004 | size | 0x00000070 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000270e4 | size | 0x00000030 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000270e4 | size | 0x00000030 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x000270e4 | size | 0x00000030 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00027114 | size | 0x000003c8 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 54 个反病毒引擎识别为恶意
(50 out of 54 个事件)
| ALYac | Gen:Variant.Mikey.57581 |
| APEX | Malicious |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Mikey.57581 |
| AhnLab-V3 | Trojan/Win32.Zegost.R244233 |
| Antiy-AVL | Trojan/Win32.SGeneric |
| Arcabit | Trojan.Mikey.DE0ED |
| Avira | HEUR/AGEN.1006701 |
| BitDefender | Gen:Variant.Mikey.57581 |
| BitDefenderTheta | Gen:NN.ZexaF.34096.kq1@a4oGSFhj |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.MauvaiseRI.S5251059 |
| Comodo | Backdoor.Win32.Farfli.AC@77g02n |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.0585dc |
| DrWeb | Trojan.Damaged.1 |
| ESET-NOD32 | a variant of Win32/Kryptik.FHSE |
| Emsisoft | Gen:Variant.Mikey.57581 (B) |
| Endgame | malicious (high confidence) |
| F-Secure | Heuristic.HEUR/AGEN.1006701 |
| FireEye | Generic.mg.e24a8e90585dcd14 |
| Fortinet | W32/Kryptik.FHSE!tr |
| GData | Gen:Variant.Mikey.57581 |
| Ikarus | Backdoor.Win32.Zegost |
| Invincea | heuristic |
| Jiangmin | Trojan.Siscos.fk |
| K7AntiVirus | Trojan ( 00521b151 ) |
| K7GW | Trojan ( 00521b151 ) |
| Kaspersky | Trojan.Win32.Siscos.zjz |
| MAX | malware (ai score=87) |
| Malwarebytes | Backdoor.Zegost |
| MaxSecure | Trojan.Malware.74330848.susgen |
| McAfee | Packed-FAT!E24A8E90585D |
| McAfee-GW-Edition | Packed-FAT!E24A8E90585D |
| MicroWorld-eScan | Gen:Variant.Mikey.57581 |
| Microsoft | Backdoor:Win32/Zegost.CJ!bit |
| NANO-Antivirus | Trojan.Win32.Damaged.ewuema |
| Panda | Trj/GdSda.A |
| Qihoo-360 | HEUR/QVM07.1.9C23.Malware.Gen |
| Rising | Trojan.PSW.Win32.AliPay.av (C64:YzY0OvuvriEvkMLC) |
| Sangfor | Malware |
| SentinelOne | DFI - Suspicious PE |
| Sophos | Mal/Generic-S |
| Symantec | Backdoor.Zegost |
| Tencent | Malware.Win32.Gencirc.10b0a2ed |
| Trapmine | suspicious.low.ml.score |
| TrendMicro | TROJ_GEN.R035C0DBO20 |
| TrendMicro-HouseCall | TROJ_GEN.R035C0DBO20 |
| VBA32 | Trojan.Siscos |
| VIPRE | Trojan.Win32.Generic.pak!cobra |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2018-09-29 11:44:56
PE Imphash
8ecc13034f995249f931fb7b123e4806
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00007ae6 | 0x00008000 | 6.258656541224978 |
| .rdata | 0x00009000 | 0x000025fc | 0x00003000 | 4.293326951072339 |
| .data | 0x0000c000 | 0x0000eb38 | 0x0000f000 | 5.671004057553356 |
| .rsrc | 0x0001b000 | 0x0000c520 | 0x0000d000 | 5.510639899093726 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x0001b688 | 0x00000be8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x000261c8 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_MENU | 0x00026630 | 0x00000224 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x00026854 | 0x00000174 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_STRING | 0x00026fc8 | 0x0000003a | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ACCELERATOR | 0x00027004 | 0x00000070 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_GROUP_ICON | 0x000270e4 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_GROUP_ICON | 0x000270e4 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_GROUP_ICON | 0x000270e4 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x00027114 | 0x000003c8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| None | 0x000274dc | 0x00000042 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MFC42.DLL:
• 0x4090a4 None
• 0x4090a8 None
• 0x4090ac None
• 0x4090b0 None
• 0x4090b4 None
• 0x4090b8 None
• 0x4090bc None
• 0x4090c0 None
• 0x4090c4 None
• 0x4090c8 None
• 0x4090cc None
• 0x4090d0 None
• 0x4090d4 None
• 0x4090d8 None
• 0x4090dc None
• 0x4090e0 None
• 0x4090e4 None
• 0x4090e8 None
• 0x4090ec None
• 0x4090f0 None
• 0x4090f4 None
• 0x4090f8 None
• 0x4090fc None
• 0x409100 None
• 0x409104 None
• 0x409108 None
• 0x40910c None
• 0x409110 None
• 0x409114 None
• 0x409118 None
• 0x40911c None
• 0x409120 None
• 0x409124 None
• 0x409128 None
• 0x40912c None
• 0x409130 None
• 0x409134 None
• 0x409138 None
• 0x40913c None
• 0x409140 None
• 0x409144 None
• 0x409148 None
• 0x40914c None
• 0x409150 None
• 0x409154 None
• 0x409158 None
• 0x40915c None
• 0x409160 None
• 0x409164 None
• 0x409168 None
• 0x40916c None
• 0x409170 None
• 0x409174 None
• 0x409178 None
• 0x40917c None
• 0x409180 None
• 0x409184 None
• 0x409188 None
• 0x40918c None
• 0x409190 None
• 0x409194 None
• 0x409198 None
• 0x40919c None
• 0x4091a0 None
• 0x4091a4 None
• 0x4091a8 None
• 0x4091ac None
• 0x4091b0 None
• 0x4091b4 None
• 0x4091b8 None
• 0x4091bc None
• 0x4091c0 None
• 0x4091c4 None
• 0x4091c8 None
• 0x4091cc None
• 0x4091d0 None
• 0x4091d4 None
• 0x4091d8 None
• 0x4091dc None
• 0x4091e0 None
• 0x4091e4 None
• 0x4091e8 None
• 0x4091ec None
• 0x4091f0 None
• 0x4091f4 None
• 0x4091f8 None
• 0x4091fc None
• 0x409200 None
• 0x409204 None
• 0x409208 None
• 0x40920c None
• 0x409210 None
• 0x409214 None
• 0x409218 None
• 0x40921c None
• 0x409220 None
• 0x409224 None
• 0x409228 None
• 0x40922c None
• 0x409230 None
• 0x409234 None
• 0x409238 None
• 0x40923c None
• 0x409240 None
• 0x409244 None
• 0x409248 None
• 0x40924c None
• 0x409250 None
• 0x409254 None
• 0x409258 None
• 0x40925c None
• 0x409260 None
• 0x409264 None
• 0x409268 None
• 0x40926c None
• 0x409270 None
• 0x409274 None
• 0x409278 None
• 0x40927c None
• 0x409280 None
• 0x409284 None
• 0x409288 None
• 0x40928c None
• 0x409290 None
• 0x409294 None
• 0x409298 None
• 0x40929c None
• 0x4092a0 None
• 0x4092a4 None
• 0x4092a8 None
• 0x4092ac None
• 0x4092b0 None
• 0x4092b4 None
• 0x4092b8 None
• 0x4092bc None
• 0x4092c0 None
• 0x4092c4 None
• 0x4092c8 None
• 0x4092cc None
• 0x4092d0 None
• 0x4092d4 None
• 0x4092d8 None
• 0x4092dc None
• 0x4092e0 None
• 0x4092e4 None
• 0x4092e8 None
• 0x4092ec None
• 0x4092f0 None
• 0x4092f4 None
• 0x4092f8 None
• 0x4092fc None
• 0x409300 None
• 0x409304 None
• 0x409308 None
• 0x40930c None
• 0x409310 None
• 0x409314 None
• 0x409318 None
• 0x40931c None
• 0x409320 None
• 0x409324 None
• 0x409328 None
• 0x40932c None
• 0x409330 None
• 0x409334 None
• 0x409338 None
• 0x40933c None
• 0x409340 None
• 0x409344 None
• 0x409348 None
• 0x40934c None
• 0x409350 None
• 0x409354 None
• 0x409358 None
• 0x40935c None
• 0x409360 None
• 0x409364 None
• 0x409368 None
• 0x40936c None
• 0x409370 None
• 0x409374 None
• 0x409378 None
• 0x40937c None
• 0x409380 None
• 0x409384 None
• 0x409388 None
• 0x40938c None
• 0x409390 None
• 0x409394 None
• 0x409398 None
• 0x40939c None
• 0x4093a0 None
• 0x4093a4 None
• 0x4093a8 None
• 0x4093ac None
• 0x4093b0 None
• 0x4093b4 None
• 0x4093b8 None
• 0x4093bc None
• 0x4093c0 None
• 0x4093c4 None
• 0x4093c8 None
• 0x4093cc None
• 0x4093d0 None
• 0x4093d4 None
• 0x4093d8 None
• 0x4093dc None
• 0x4093e0 None
• 0x4093e4 None
• 0x4093e8 None
• 0x4093ec None
• 0x4093f0 None
• 0x4093f4 None
• 0x4093f8 None
• 0x4093fc None
• 0x409400 None
• 0x409404 None
• 0x409408 None
• 0x40940c None
• 0x409410 None
• 0x409414 None
• 0x409418 None
• 0x40941c None
• 0x409420 None
• 0x409424 None
Library MSVCRT.dll:
• 0x40942c _except_handler3
• 0x409430 __set_app_type
• 0x409434 __p__fmode
• 0x409438 __p__commode
• 0x40943c _adjust_fdiv
• 0x409440 __setusermatherr
• 0x409444 _initterm
• 0x409448 __getmainargs
• 0x40944c _setmbcp
• 0x409450 __CxxFrameHandler
• 0x409454 memcpy
• 0x409458 _CxxThrowException
• 0x40945c memset
• 0x409460 rand
• 0x409464 sin
• 0x409468 sprintf
• 0x40946c fclose
• 0x409470 fread
• 0x409474 fopen
• 0x409478 cos
• 0x40947c _ftol
• 0x409480 __dllonexit
• 0x409484 _onexit
• 0x409488 ??1type_info@@UAE@XZ
• 0x40948c _exit
• 0x409490 _XcptFilter
• 0x409494 exit
• 0x409498 _acmdln
• 0x40949c _controlfp
Library KERNEL32.dll:
• 0x40904c ExitProcess
• 0x409050 IsBadReadPtr
• 0x409054 VirtualAlloc
• 0x409058 FreeLibrary
• 0x40905c VirtualFree
• 0x409060 GetProcessHeap
• 0x409064 HeapReAlloc
• 0x409068 HeapAlloc
• 0x40906c lstrcmpA
• 0x409070 GetCurrentThreadId
• 0x409074 GetProcAddress
• 0x409078 lstrcmpiA
• 0x40907c lstrcpyA
• 0x409080 MulDiv
• 0x409084 GetVersion
• 0x409088 GetModuleHandleA
• 0x40908c CloseHandle
• 0x409090 WriteFile
• 0x409094 GetStartupInfoA
• 0x409098 LoadLibraryA
• 0x40909c CreateFileA
Library USER32.dll:
• 0x4094a4 SetWindowLongA
• 0x4094a8 CallWindowProcA
• 0x4094ac IsWindowEnabled
• 0x4094b0 GetSystemMetrics
• 0x4094b4 GetScrollInfo
• 0x4094b8 ClientToScreen
• 0x4094bc GetSysColor
• 0x4094c0 GetDC
• 0x4094c4 SendMessageA
• 0x4094c8 PtInRect
• 0x4094cc ScreenToClient
• 0x4094d0 GetClientRect
• 0x4094d4 SetRectEmpty
• 0x4094d8 SetRect
• 0x4094dc EnableWindow
• 0x4094e0 InvalidateRect
• 0x4094e4 IsWindowVisible
• 0x4094e8 SetWindowRgn
• 0x4094ec RedrawWindow
• 0x4094f0 InflateRect
• 0x4094f4 WindowFromDC
• 0x4094f8 ReleaseDC
• 0x4094fc GetWindowRect
• 0x409500 OffsetRect
• 0x409504 GetWindowDC
• 0x409508 DefWindowProcA
• 0x40950c GetCapture
• 0x409510 GetCursorPos
• 0x409514 WindowFromPoint
• 0x409518 GetParent
• 0x40951c SetTimer
• 0x409520 GetTopWindow
• 0x409524 GetWindow
• 0x409528 UnhookWindowsHookEx
• 0x40952c KillTimer
• 0x409530 SetWindowsHookExA
• 0x409534 GetWindowLongA
• 0x409538 GetClassNameA
• 0x40953c CallNextHookEx
• 0x409540 GetFocus
Library GDI32.dll:
• 0x409000 CreatePolygonRgn
• 0x409004 CreateRoundRectRgn
• 0x409008 CreateFontA
• 0x40900c CreateRectRgn
• 0x409010 CombineRgn
• 0x409014 CreateSolidBrush
• 0x409018 FillRgn
• 0x40901c FrameRgn
• 0x409020 GetTextExtentPoint32A
• 0x409024 SetBkColor
• 0x409028 ExtTextOutA
• 0x40902c CreatePen
• 0x409030 SelectObject
• 0x409034 MoveToEx
• 0x409038 LineTo
• 0x40903c DeleteObject
• 0x409040 SetPixel
• 0x409044 CreateEllipticRgn
L!This program cannot be run in DOS mode.
`.rdata
@.data
@t1Ej@Pv
SVEWPu'=p@
EPEPEPi
EPEPEPi
DS\$LUD$PVL$
_t&D$T
HSV3W9u
MP3M_^[d
X333UQSVWj
UQEVPA
u-EP5$A
t?EP5$A
_^UQEA
++MEE+PMN
+EM$t+M
UHSVWMj
VPE+EP
^+EVHPVVu
EW+E+EHPVVVu
t>Ej@PS
5_^UVW}
UVWj3v
SVWjuv
u]uEM}MM}MEu]uE
$(,04
dht%uu
u;uNuu
PuuVStPuuVj
PsuuVSI]u
PQutSVj
P<uSVj
P'uSVj
t$$t$$
E@tH}M+u
U'G}M+u
U`SVWF
EE;E|}
}3EWPu
UHSVEWPv
t$(\$$PVSc
\$(PVS
D(P6St$
HHPSt$,V
|$(PVW
HUHP6W
HHPWt$
HPWt$,W$
\$(PVSD
HP6St$
D8PSt$
D8PSt$,
\$(PVS2
D(PSt$
HHPSt$
D(PSt$,S
taEW}+}EEEEPj
9]~gEPSh
U0SV3W=
9]~CEPSh
u#EPSh
H9Et[j
PVuSuFPu
H9EtXj
PFPE@Pu
PEVSuHPu
EPVSuu/
H9Et[j
H9EtXj
PE@PFPu
PESHVPuu
H9EtZEj
H9EtZEj
H9EtZEj
SPE@Pu
H9EtZEj
SPE@Pu
@9Et]Ej
PE+EjPuuu
PE+EjPuusm
PE+EjPuuu
PE+EPjuuu
PE+EPju:E
PE+EjPuuu
PE+EPjuuu
U+IIQM+JJ@RAPQu
E~\EPuh
;Et4uEuP
AEE;E|j
PE+EHHPE
PE+E@@PE
X^3^UVW
3MPPPQj
3PPPt$
u jVSu
++VPQRt$ j
^USV5@
+IICQ@SPu
_^[]USVW=@
+IICQ@SPu
u$Pu PF
$SVWu82
;FHu*;
]PF@]p
MM+SSUEM%
FDNFN@;
PEPSSWVH
RQQQQQQPVH
US3VSSj
3_^[U$e
EKEEERENEEELE3E2E.EdElEl
EPEPEGEeEtEPErEoEcEeEsEsEHEeEaEpP
PU_^t$
VSP_^[]UQE
t8~ ^$
H<QPuw0
E(uIM_^d
[UQSV5@
PRvvUu
SVWeEh
SRY_^[
2 |_^[U
EEvcSVu
PEKPEoEtEhEeErE1E6E8
~P~T_^
FDFH~H0u
E^hveFxFhVhfp^`TFH9^TQQ
FD~Ddu
^DFH~H0u
ULSVW39~Lt
]j1YEBBUEE
]j1YEBBUEE
]j1YEBBUEE
|Mu_^[
|Nu^U<VW~L
]j1YEBBUEE
]j1YEBBUEE
U8SVW{L
;u|9]t
j1]^]EQQ
`]]EQQ
`]]EQQ
`]]EQQ
`]]EQQ
VW39~Lt
NuOu_^
~PE~TPv
V`FpvL^h
~Dv ~H
~TP~Pv
jdW~Dv ~H
uEEEEh4(@Ph
]^PFL^XFT^`F\^xFt@
M^D_^[d
EPEPEP+
;t(h,A
E3P]v
FLN\;u
;u SShHA
PpQVpPpWpO
P3PPPPPPPPPPPPQ
U SVW}
PEPEPr
FDEPvD
SVEWPs
VVs sPs`sX
uE+uuE
+uu+EuChE
sdKpsL
}PUUM{\
EMsPs`sXEp
usLu+Pu
}MQKpG
+ChEPuPSlW
MCd+M+u
uuuWPM
E+Ps\uuu
P#MQs`
u>PPhdA
+EYu}Mu}+
u{Tuuu
u6PPhHA
{\uuuP
u{LuuuP
u{TuuuP
s\uuuP8
usLuuuP
u{Tuuu
ChEClECpt
{\uuuPx
u{LuuuP_
usTuuu
MShKpt
3M_^[d
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
XMLMLMTM\Mt_M
MMLgMT\M\QMtM
hpMM9M1MMMH@
MM~MYMQMIMAM9M1
@L=Q>$F?
Q?Q=Q?
#>p=?L>
MFC42.DLL
__CxxFrameHandler
memcpy
_CxxThrowException
memset
sprintf
fclose
__dllonexit
_onexit
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
lstrcmpA
GetCurrentThreadId
GetProcAddress
lstrcmpiA
lstrcpyA
MulDiv
GetVersion
GetModuleHandleA
CloseHandle
WriteFile
CreateFileA
LoadLibraryA
HeapAlloc
HeapReAlloc
GetProcessHeap
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr
ExitProcess
GetStartupInfoA
KERNEL32.dll
CallNextHookEx
GetClassNameA
GetWindowLongA
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx
GetWindow
GetTopWindow
SetTimer
GetParent
WindowFromPoint
GetCursorPos
GetCapture
DefWindowProcA
GetWindowDC
OffsetRect
GetWindowRect
ReleaseDC
WindowFromDC
InflateRect
ClientToScreen
SetWindowLongA
CallWindowProcA
IsWindowEnabled
GetSystemMetrics
GetScrollInfo
GetFocus
GetSysColor
SendMessageA
PtInRect
ScreenToClient
GetClientRect
SetRectEmpty
SetRect
EnableWindow
InvalidateRect
IsWindowVisible
SetWindowRgn
RedrawWindow
USER32.dll
SetPixel
DeleteObject
LineTo
MoveToEx
SelectObject
CreatePen
ExtTextOutA
SetBkColor
GetTextExtentPoint32A
FrameRgn
FillRgn
CreateSolidBrush
CombineRgn
CreateRectRgn
CreateFontA
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
GDI32.dll
_setmbcp
ScrollBar
CCM_CallWndProc
#32770
SysTabControl32
ToolbarWindow32
SysHeader32
RichEdit20W
RichEdit
msctls_trackbar32
SysIPAddress32
msctls_hotkey32
ComboBoxEx32
ComboLBox
msctls_updown32
SysMonthCal32
SysDateTimePick32
SysTreeView32
SHELLDLL_DefView
SysListView32
ListBox
ComboBox
Button
STATIC
user32.dllUpdateLayeredWindow()!!
UpdateLayeredWindow
user32.dll
II&BI[
IIN"BIZ
IIN"MIZ
IIxEI[
II{BIY
IIxGI\
II{CI]
II{MI[
IIp{BIR
IIp{MIY
*`PI&YDP4t
H "k38Si(i(i(
8Sk)et
k|;kvm4;sm
.k)et!jh*.)uk)et!jh"')u
;vk/ket
knk-;s3ac
XPkeuc k<ei%v
i~i&k
kk-;r1c
XPkeuc;koei%v
vTPk%i
i~i&k
m}m%EEE
HPk5DPkme
et-etme
%)%#%!%,%$%
i%$Rkcu3&m%
Rk5Ped`E
eu&ct=czeme
Reu%m%
@Ret?pRk$
ium.03m.i
%m.4%m%
%xc)(i!,h
Pc~(tk%v$k=Pv,
Rm.4%%m.
c-m.k-
k39u~3e~k%mj:u!;|;t&;u|c
k-;~3<
dtj( `um(;rc0OmR);se|a
|cuc|k `9u]
R;tk kki%
c i%u
Sci&(t u
Rk;t1u
kki%m%
v(Scu2Um%
v(i}Reu3m%
Xi}v(%%hS
k$39,~j`z`h!;,|
k!(eieddW
Rk;~1me
4k-dexk-
i}i}i}
Pc}u&m#
ceu1ms4k
cetm%
k(;%b m%
ki}ok%mx
i%u c}
i%t et
c}u1mskp
%Rv(Qm&
Rv,Pc.(
m#ci%m&
4ckuku
k$39,~j``zh!;,|
iu;k5R
%c}|c}t$%
#c|ct%k%;%tc
Pk$C@cFk
P#c;^r k,
QedmeH
Qedme@
PQedmeD
Pk5PmeH
m}Km}i
/knci$nf
XP;i%dm+
hcpodc
i%XP;i%d:u#
4.knc8i$nf
i%XP;i%dOu#
cutt((t7(uu
^-ckni$nf!
i%iu<Q=s
u8Quk5Pk
h /um%
C|R`E3mKc
c %ACk%
3eDmHiD
Pet/Vet
etc~c ~c
ete}c ~c
dDdDBkDmdDedlccu
euk%meD
Pc%a}Tl3
`Ek3m`EK
KJk3mcK
JTRei%d`E
uq9%tme
(` umd
3m}]kuK
kcc=ek%
%x%y.c
?cCetm-
M$cc}
m-Pn5@c
Zducm%Pm-
m-P%Y`
3c-m-P
ducm%lm-
m->3c-m-lDk-k
z,k%c`
%(t(t(t(u
%#%u%r%r%
u%s%tc
%t%'%r%
%u%psc
k$k`8t k(;j,
t8tk(;uj
uBc;i%d
(;~`<8u
V'cume@
`$cett
$c$eu2meD
$Qk5QmeD
uk5PmeD
m}K%$t%x
'c33mY
Pkctm%
t(t((umeX
kauLRetw`E
Rc=tk-m%
!cetymeH
m}K%$t%x
%%Pk5Pk
uu;i%u;t
Pci%tr
gkc&t/
3m}Km%%L$
3m}Km%%L$
kuiu&3c
?k3k-k
Pci%t%
u,Q;v`43
k`>u`>
uk:2`>
%tRcXme8
`!mcEEEEmkEk
`_!k%m
um-nk-%ety3
mmO ;f
we(s e,t
edtehuelviPiTiUXim\ie@i]DeH
eueviiiUimiei]e
eviiiUimiei]e
i8i<iU im$ie(i],e
e`pedqehrelsePteTueXvi\i@iUDimHieLe
epeqereseteueviiiUimiei]e
epeqereseteueviiiUimiei]e
epeqe0re4se8te<ue vi$i(iU,im
septiu`iu
exvi|i
di-hi%li
%@r%Ds%Ht%Lu%vi}i
s3;;$]@u;#3c}k
;dU(u`0h;!
mm2k-et
33mAh]@Kuk5tR
%#%u%r%r%
mAh]@%K
cme@%-%
uQc;dlm-
` Peurm%
uk=$Puk(P
` Pet2
5cm%iu3
uuk=Qme@
uk=Pme@
m}HK%D$t%Lxm%
tRc3me
{9; ume
3k7kkkk3
Pkci}dZ
<Qk;vu3mh]K
Yk%%9}hT|m%
P%9uru
kcLPm-
8Pedbm%
Qk;u3?
Rccume
tm%hmmp
mmp%ommph
xCdi5x
||Cheu
i%C`5|eu%i`h
t#`}t=3me
P';|m-hY
PA`;u#
4QAxi%k5
du c}t-1cu
Pe~iu_9
u`c=`ri`i
mmpdtm%h
mepm-h
k$eCLm%h
ccmmpe|qdu49
u`c=`ri`
P;t;t;tm-h
iuiuiuiu
Gciuiuiuiu%T$%\xLPm-
u<Puk=Pk
u39utu
d|Qk=0Pc
pQctec
s!9=tt
i}i}Qme
ctct9=
t(de(t'((u4
PQk5Pme
i%mei%
kfCjfB
CkfCtkfC(kfC
c@:d<eK{et
k5tRmet
Qk=Pcuwmet
"3mh]K
%t%'%r%
Rcedme
`Qi]i]i]i
ex$mex
Pi]<3m KKKKi] e<`
i]tipe(me
ie,i]$me<
e#euerere
e3re4ve5
39]tP9]tP9]t(P
%#%u%r%r%
` Pe uu(P
kk%%etk3k%etk3kuckcEEEEkukEEEEkuckkEEE
k-etPk-etdk-k
uPk&m6ck
TQeuk5Pe
Se|um%ku
uuuSe|#uSke|k%
huuuSkk
et3nk%
euu%k%
9utuk%
33m}h-
lutRc
u33mh]K
%#%u%r%r%
%s%tk5Pc
%t%'%r%
i%ei%dkD
7\Qetme
3@Qket
k5Pcmee
gcm%i}
k%p(Rm%
cmetet
PPke|k
HQcum%
%c}|Ok%itie
3ki%k5tR
k%3`6kk3i%
k-c$me
etuP3c-ieu
3c-ieu
&eiu9$t
&4Reiu9$t
tPeuetk:
kc~u6ei&u9t
0Rkvet
i%k-k%
ekp<a>
v4ei%u
hPkk%3
i'i/i/i/v
i%k+<.
ok#<k-k-
k etet
k(ki-(
cxmtfa
c>uk%k 8ei%~)
k.6-i%
Sk%ci&k%%ck 9%|Q
cxm,fZ
'm.m/k4m tak+eu tk(`tk(evm%
s`Pk%%ck(9-l
kpk@cxv
m<1k(m
ak(%c""9-r kewN
%k'k7i%a`P
Pc~i%fkku
eekuk#ed
Pei%dYk'me
ih'ketksui%k#iuk%ket3I`tk-c
Peitc%c
kt&c!|c
c"c!|c
t*k0k$;t>9
t%ck%##;&r3
ct;&wk.mak-k
~k&kct
P';~|vR
i%k-k%
i%k%i%3
Pui%m%u
uuuRck
k%3i}m%
etuUeui}
c-k%k-
dui%%3iu9u
tui%;t
iuc-k%k-
Pk5Pet
c}tu%
i%ket!mee
u\Qetme
k$k`8t!`9u
k|k/etktjh!&dtk/eu 0
k$jdt:,t j,
etc-&9
e=k-;f2cfcdN
;twcei}m%
eemiu8t
c kmeTQi%m%
k%i%m%
utRc3i}m%
%c-9]@t@
3uUPUk
k|etk,jh'!dt*uk*etm*3kKkcJk$
(tw(t0(em%
eu&ku;v?cvctct
eu%c-;t
=m,rae=s
kekkk
` s`sMk3`
33k$eu9l~lkQckiHu?
=eu9Aet0kL
mq;rketAc
k}euc=lctcuAet
Xci%ueu7
eu%c}tAet
RRc=ut
(c|uc=utxP
uPk&m6ck
TQeuk5Pet`3
hlPeuk=Pet`3
k$i&k
m-uum%
i&k$Tei&t`|tk
kk(i.k c
i&eTtk
kk&Tetk
kk-c4kU
_kk-c4TkhU
m-PTm-xV
m-lJTm-AnHV
m-mm8mk-Tkm4im-amm)TW
wm-h6Tmmp$^mmp9^hW
.m-;m-3W
ZFE@GjGrG
G*G<GGGFFFFEbFrF
F"F0FFFEEJEnEzCCCC^CRCJI
C^^^^^__4_"_*_
_v_d_T_@_______@@@8@&@
@t@f@V@H@@@@@AA6A,A
AtAbARANAAAAAABB0B.B
BtBbBRB@BBBBBBCCC<C
CN^@^P^
]@IVIjI
]b]l]V]@]H]]]]]]]^^^^d^
^.^&^<^^,]````BHH
H&HHjHGGG
DDpDbDXDLDDDDCDDD>DEEE0E&E
EvEDs`t`````4``9```H``<IHH2III
rkA<>
T`T hTSTdhTTS0U
U8d#d.d
dxUSHUpd{dfdQdSUUV
VSXVddSVddSVdSW
Weeee2e:exW&SHW
eSWxe`eSXTeS8XHeS
pSXXX,v cXcY
^QlZCtPh\bEpRdZ@E
PZGPx\G
\H$R\HR]
I0R$]~ISZFE@GjGrG
G*G<GGGFFFFEbFrF
F"F0FFFEEJEnEzCCCC^CRCJI
C^^^^^__4_"_*_
_v_d_T_@_______@@@8@&@
@t@f@V@H@@@@@AA6A,A
AtAbARANAAAAAABB0B.B
BtBbBRB@BBBBBBCCC<C
CN^@^P^
]@IVIjI
]b]l]V]@]H]]]]]]]^^^^d^
^.^&^<^^,]````BHH
H&HHjHGGG
DDpDbDXDLDDDDCDDD>DEEE0E&E
EvEDs`t`````4``9```H``<IHH2III
) #xx&r
t! #xx
tstrstr??2
??1typ
t-*$,,c
ry!m/utput$
s!S$up
tus%x)
t'$)32
y%x! #r
(%,,32
struprw
{4$36%972%32511#%"𚗢"%10318}
#)S(pt
T@LHD@\X\TPlhd`|xtp
@Th`xp
@Th`xp
pqrstuvwxyz{1234567890
$&'(*+,
IF?><-."
:,+*('&$
=0987654321
!"#$%&'()*+,-./
pqrstuvwxyz0123456789www
123456789
2017$
t123456
rstuv$
AGml)#QD/y
ttp:us
s=s-sx
s-(z(!
0~-(z$
H14331433
)#+(%!,
360360s
360K360tr
y%x!S?!
r 020'0x1^1112
2@2233(3_3M33334<4p4m4S4445A55555666606/6
6 6}6k66667
7X7J7777748
8{8d8T8]8C8N88999
9o9B9999L:
;F;;;;;;<<)<
<]<N<<<<===&=
=i====t>C>>???0151>1*1
3q3z333334<4
4t4g4n4T4O444555$5
5z5d5k5R5D5556:6
6A6677>7 77778,8
8c8V8\8I88899999999195999=9!9%9)9-9
9v9g9X99999::(:
:i:o:X:F:::;;;u;e;R;D;;;<<<<F<<<<===@=J==>=>&>
>z>f>>>???B?O????00%0H00000111c1Z1F112
2u2|2c2S2]2J22223344h4
5@5G566616 6+6
6c6L677=7
7g7788898&8
8n8990979'9
9m9F999999::*:k:^:I:N::
;;;<<9<*<
<`<<<=
=~=o====>
>}>S>\>>>>>???
?F? 0U0
5=6"6y6Z666n7
8888899&9d9o9C99999:<:
:}:d::;
;v;;;<<x<[<D<<<<<=
=x=Q=Z=F======>>>
>h>o>U>]>>>>>>>>>>>>>????
?x?}?f?l?Q?Z?C?O??????
000050
0x0A0G0000014191!1&1R1X1H111112292
2u2{2a2g2R2\2B2L222222222333+3
3v3}3_3333344444%4,4
4p4v4c4i4P4W4F444444444555|5Q5^5D5J555666656<6.6d6m6X6G666666677707=7(7
7v7c7o7^7D777778888'8
8s8c8R888888899999979-9
9 9`9o9Z999999::::=:+:
:p:V:M:;;;<;#;.;
;S;@;F;;;<?<v<M<<<==3='=====>>
000111n12232k2S2222233:3?3'3.3
3v3P3X3N33474s4x4o4[4D4T556
6s6666666677=7
7r7|7f7P7Z7D7N777777777888808:8$8.8
8v8`8j8T8^8H8888888889999949>9(9
9p9z9d9n9X9B9L99999999::#:z:i:R:^:G:::::::;;;
;O;;?<x<S<==<====>
>???X?O???p000
0p0z0M0001\222m3H3M3334
4K45555556-6
6k6[6D666666667777W7F777777777
8x8}8i8P8X8C8N889999
9x99999:r:w:::::::;;;<)<
<j<N<==#=)=
=z=e=P=
>k>>>>>>>>??
?t?I???????????`p00070=0 0q00000111;1(1
1d1111112(2
3j3334444
4]4I44445&5
5i5_5555P83
3p3`3d3h3X3H3333344484,4
4`4T4D4H4444455545<5$5,5p5d5P5L55555566606
6t6`6\6D66666677747<7$7,7
7p7d7P7L777777788<8(8
8`8T8@8H88889999@0h011111111222222222222024282<2 2$2(2,2
2p2t2x2|2`2d2h2l2P2T2X2\2@2D2H2L222222222222222222222333333333333034383<3 3$3(3,3
3p3t3x3|3`3d3h3l3P3T3X3\3@3D3H3L333333333333333333333444444444444044484<4 4$4(4,4
4p4t4x4|4`4d4h4l4P4T4X4\4@4D4H4L444444444444444444444559 9Shellex
OREWxFMBWo
QqZN:.O@
I(vocb(~c-
H~s6Ul
k(UUe{5$
vq(52J
'|0Lx<
,.i-d(
"K4Q&.D
8MsH`ND}[LR
~`r1@v#
I6)b%X
Bfl-${h&
B`3e/?
oFM5s6
Or8,?9
nW a78>
F[>B!je&
d[`mzzZ=
]eZy6mf
k93Zy#f,
mM}_HY]
Nd+Woe'
'}e_$DD
aP3mh2
BGB%t`/HQ3
>2`_+D)
^*qR_Q+k5%/pP
tl,X|rn
^$o)/,WNcq
g-M8{V
Pfw9nvw)Wr
WowgfD~]V-e
kernel32.dll
HeapFree
KERNEL32.dll
VirtualProtect
VirtualFree
CGraphicDoc
CGraphicView
Data File [terrain.bin] not found in program directory.
terrain.bin
CMainFrame
SetLayeredWindowAttributes
ERROR in Combining Region
.?AVtype_info@@
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwxwxwwwxwxwwwwwwwwwwwxwxwwwxwxwwwxwxwwwxwxwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwywwww
wwwUUUUUUWwwwwwwwwww
wwwwxwxwwwwwwwwww
wwwwwww
wwwxDww
wwwwwww
wwwwwww
wwUUUUUUWwyyw!
xwxwwwwww
wwwwDDDww
|wwwwww
ww=wwywywr
xwxwwww
wwwwwwwz
wwwwwww
wwwwwww
w|wwww
wwtDD7w
wwwwww
ww|wwww
ww=wwywywr!
wwwwwwwww
wwwwwz
pwwwpwx
wwwwwwwC8w
wwwwww
ww=wwywyw"
wwwwwwwwwp
ywyyww
ywwwww
wwwwwww
ww=wwywyw"
wywwww
wwwwww
w""""wz
wwwwww
zwzwwww
ww=wz*
wywwwwwx
wwwwwwx
wyw{www
wwwww8w
wwwywww
wwwwww
*ww=wvifif*x
w|wwwwww
wwww7w
wwwywww
wwwwwww
*ww=wz*w
wwwzww
pwwwwww
wwwwww
wwwwww
wwwwwww
yzrGww=wvififrGw
wwwwwx
|wwwwywx
wwwwwwx
wwwzww
wwywwww
wyzzrGww=wwywywrGx
wwwwwww
ww||wwwwww
{wwywww
wwwwwww
wwwwwww
wwwwwww
wwwwwww
wwwzzw"Dwww7wwywyww"Dww
wwwwwwwp
wwwwwww
ww||wwwwwwwww
www{ww
wwwwwww
wwtwww
wwwwwwwwwwww
wwwwwww
ywwwwww
wqwwww
wwwwwww
wwwwzwwww""DDwwwww7wwwwww""DDwww
wwwwwwwp
wwwwwww
wwwwwwwwwwwwww
wwwwwww
wwwwwww
wwwwwww
wwwwwww
wwwwww
wGvwww
wwwwwwwwwwwww
wwwwwww
wwwwww
wwwwwww
wwwwwzwzwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwww
wwwwwww
wwwwwwwwwwwww
wwwwwww
wwwwwww
wwwwwww
wwwwwww
wwwwwwwwwzwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwp
Z_X]W\V[UZTYSXQVOTOTNSLQKPKPKPKPKPKPKPKPKPKPKPKPKPKPKPKPKPKPKPKOIMHLIM2
{|||}}}~~jfcs
}}}~~~
vtmi||s
tsu~~o
mkxjqlts|
plqcq[dZb_pnv
sm`zJRJR\u{~
uo;;W3/G3/G?@\zwv~y
wp}|zzwWv_~crroonnoomsxz|~|
|rusqrHg*B],Fd?UHdhffday{tpqsv
~smkjh$;V 3J+Gj4S}V_]]Z\tuvsifko
d``U!5L!5L+Rw3_XVUTQZnsnd]`d
vyZXX8d#7P#7P)a;OMMJHGRl}`_[TWY
wqQOO*Jo$8T#A\&jEGDEBAFKaZSGHLOQ
yiHGG%:X%:X$Rt%{@>==87AWigK9;AEGH
&'=['=[ k
a+p(o"j#j!g b \
*>_*>_
Y _#d#g#f"a
!2o+@b)Im
W _#h&m)p(o%i"a
M'm'm,H}.Bd!c-9?B,u W Z#d(nADFG7-x#g \
S11/b1Dj
3:@BGMQW\aibaVE(l)n
S111v4Em
3:@CIMRX]bdb]XRM
T112~.R{,3:@CIMQW\bd}ca\WQM
T111&s129?BGLPVZ_bcbb_ZVPK
b1112}118>AEKNRXZ]``]ZXRNI
8111116;@CGLOSWYZbzzw
[QBFLND
g[YPOD
uotjTQD
wp{XRG"
|rYQG"
iL+ )U"
phqirksmsnrovt
qHPZs}~p
}|.GcC\\zrv{v
rpHg)B\AWbfdixqs|
fa'B_"8Q4[ZXW]i{laf
wWP#7O)Qu;MJHWwz`\QW
kHA$9U'i@?=;DZr??CG
]#i)q#m#h `
!2n'Bj
W#c&m(n#g
S1.O$c3>B3~5AWwYE)o
S1/b#|6?ENV_aXP
T11t*6>DMT]cd`WO
b11~13;BKQY`baZSL
TTSUYaflquvvql
F4}2u/y]I(
bI.#'96
S/&<[9.
Zb=.V1'@Z4+
i`:.S4&BV=*
_8+S1'R\=, d;?
::9ZYXnml{zzzyyussdbaOML200
e0//hgf
~KII(%%
#,*)FA@?eb`7331/.C
! 0=;9
ZVU=:8! 0
421EURR
C?=975D
965Xjhf
MIGDA?\
;97Wwus
UQOJGE`
?<;Npmk
VSPSPNZ
@=<:[WV
WTSKHF7
/-+%DA@
ZXV743
}{xljh
FCA2ige
gdc\ZX4
PLJ)kih
nki]ZX)
spo&%$
[WT(zwu
yvuqnl-
upm {zx
okiupm
nheupm
upm!nli
j^]upm!
mhei]\U
}b\Ynig
upm$kge
e`]upm$
upm0fa`
rkiupm0
upm4d`]
wroupm4
upm0gca
|rmupm0
upm$wrosuqp
yonupm$
upmCuqn
qliMupm
upm!{vsW
tomaupm!
~ywtolKupm
upm upm9
]{yur~zvtaupm=upm upm
655DCCEDD;:9'%%
//.qqp
~}|ECC
}zx410
xtq@=;
~yw{tq
743xrp
rli{vt
{y|wtqliqli
b-Oj1j0h.e-b,_)T$t
=HLKIFB~6_)J rL
h2-{;HUTE?>=EG<a*T#r
?P[OHEB?<:8HAa*L!uQ
CTbQMJGEB><:8G=a+
|@(Gm`WPMJHEB><:8H7Z'
`qc`[PNJHEB?<:CDe,
Mpnige[QNJHDC?<;Gi/
Pwwnnmk]QNJGEB><Jm1
tttqo_PNJHEB>Mp3
yywwvq`QNKGEENs6
}~~zxs`QMJHNNv7
|ysaPNTUFp5}
~xq`Z\K
'Ix43]2^2\0[/Y,V'Lj
{vxlOD
8f8f&x
w!f,V%I}g
|-W&Kp
J~IB6+#
MOKB96+"
5#!!!
QTPJEB=:-#
C$$$#!"
UVROLJIFB=/#
Q2)(('&#
o|{TQQNJE>."
#^S+-**('$
ZVUQMG?0"
/fx2/..-('"
_ZXTNG>/#
<^X520.*(&!
c]YTME=.#
JT751.*'!!&"
f]XQJB:,&&)?p+N~&
N^fb82.*''66
iZTNF?=9/8>lx
SlmnMDLYE
wdacVBH{Cs
XVYy|iO
kZOFwe
Sb#$&&%
q()-+*'"
{K/121.'!
0n7257/-%
v<562.&
P2/-((8+
9tU`qO
w7s4o1k.h+e)
AFFB=g*
KI87AGAg+
YI@;97<H?i,
ohQJF?97<Io/
{fXOIA:8Jv5
o\RKA;K|9
t^SIDM@
q\UYIB
9j7g4c1_.\,Z
?r7s%x w
v u)h.[
G{D|5|$w
r w)j.]
MRG8{)w
t y*l1a
TztK<}4y)v
rH<~3x)v
tG=}3x'u
brG:|/v#v
!zsjaUG
c{jC6y.w,{;|Fz
!vh\SN
ftbA>FM
ho_SUR
j|naL*
~:98s2
J<:?v3
b_C<=>
4r&n)h0`
w0iz|X;
r1rN]?
~j=4|E~
SX[:N(
HrCg@b
^zeech
sQ;mRech
OX[;mRech
\;mRechN
N*NeeN
9eSSbpS
9eSSbpS:gSSbpS
SbpS;mRech
>f:yteu
c[vcke
ceQjR4
Nekd\O
Tvckefbc
c[vcke
bte*Nech
Nekd\O
egbLHQMR]dmvd\O
\;mRvzS
Hr,gSTHrCg
c:yOX[ech
N*Nz<h
RbcVMR
N*Nz<h
9eSzS'Y
9eSzSMOn
bzS>e'Y0R
g'Y:\[
N*NechzS
Rbc0RHQMRvechzS
sQ;mRvzSv^c:yOX[@b
Y0Rck8^'Y
o;mNRh
sQSbpS
HrCg@b
@PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGNB10
C:\Users\Administrator\Desktop\
\NewServer\Release\LHYK.pdb
@�@�@�@�@�@�@�
@�@�@�@�@�@�@�@�
C�t�r�l�+�N�
(�&�O�)�.�.�.�
C�t�r�l�+�O�
C�t�r�l�+�S�
(�&�A�)�.�.�.�
(�&�P�)�.�.�.�
C�t�r�l�+�P�
(�&�R�)�.�.�.�
C�t�r�l�+�Z�
C�t�r�l�+�X�
C�t�r�l�+�C�
C�t�r�l�+�V�
�G�r�a�p�h�i�c�(�&�A�)�.�.�.�
�G�r�a�p�h�i�c�
G�r�a�p�h�i�c� �1�.�0� �
�(�C�)� �2�0�0�4�
1�3�9�7�5�1�0�2�8�7�3�
2�G�r�a�p�h�i�c�
G�r�a�p�h�i�
G�r�a�p�h�i�c�.�D�o�c�u�m�e�n�t�
G�r�a�p�h�i� �D�o�c�u�m�e�n�t�
G�r�a�p�h�i�c�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�8�0�4�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
M�i�c�r�o�s�o�f�t�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
D�X�C�2�3�X�1� �8�9�R�T�7�4�9� �8�Y�J�5�6�2�H�
F�i�l�e�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
I�n�t�e�r�n�a�l�N�a�m�e�
S�Z�D� �D�2�S�R�T�4�G� �8�9�R�6�Y� �D�T�G� �T�J�Y�U�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
(�C�)� �2�0�1�8�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
A�D�F�D� �T�R�5�6� �Y�H�6�4�8�9�C�F�5�6�4�G� �8�9�T�Y�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
M�i�c�r�o�s�o�f�t� �Z�D�F�A�S�E�D�F� �S�R�G� �Y�J�U� �F�T�G�5�6�H�4� �R�8�9�6�Y�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�,� �0�,� �0�,� �1�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.