1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.71
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Nitol-B [Trj] | 20200605 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200605 | 2013.8.14.323 |
| McAfee | GenericRXHV-XF!FB89844B2185 | 20200605 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0c2cd | 20200605 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(9 个事件)
| section | UFO1 |
| section | .NewSec |
| section | INITDAT |
| section | PAGE |
| section | u0007!55 |
| section | .erloc |
| section | new_imp |
| section | gfelmge |
| section | \u0014 |
动态指标
在 PE 资源中识别到外语
(1 个事件)
| name | RT_BITMAP | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x00009190 | size | 0x00000ac4 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 59 个反病毒引擎识别为恶意
(50 out of 59 个事件)
| ALYac | Gen:Heur.Mint.Zard.30 |
| APEX | Malicious |
| AVG | Win32:Nitol-B [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Heur.Mint.Zard.30 |
| AhnLab-V3 | Trojan/Win32.Agent.C3534448 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Mint.Zard.30 |
| Avast | Win32:Nitol-B [Trj] |
| Avira | TR/Dropper.Gen |
| BitDefender | Gen:Heur.Mint.Zard.30 |
| BitDefenderTheta | AI:Packer.98BA07FB1F |
| CAT-QuickHeal | Trojan.GenericPMF.S8478502 |
| ClamAV | Win.Trojan.Nitol-6335025-0 |
| Comodo | TrojWare.Win32.GameThief.Magania.~NWABI@1775fs |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.b21852 |
| Cylance | Unsafe |
| Cyren | W32/S-677c9ef6!Eldorado |
| DrWeb | Trojan.DownLoader24.51669 |
| ESET-NOD32 | Win32/ServStart.M |
| Emsisoft | Gen:Heur.Mint.Zard.30 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-677c9ef6!Eldorado |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.fb89844b21852cad |
| Fortinet | W32/Generic.AC.2D85!tr |
| GData | Win32.Trojan.ServStart.F |
| Ikarus | Trojan.Win32.Agent |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.brsmj |
| K7AntiVirus | Trojan ( 004b803e1 ) |
| K7GW | Trojan ( 004b803e1 ) |
| Kaspersky | HEUR:Trojan-DDoS.Win32.Nitol.gen |
| MAX | malware (ai score=87) |
| Malwarebytes | Trojan.ServStart |
| McAfee | GenericRXHV-XF!FB89844B2185 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.mt |
| MicroWorld-eScan | Gen:Heur.Mint.Zard.30 |
| Microsoft | DDoS:Win32/Nitol.A |
| NANO-Antivirus | Trojan.Win32.GenKryptik.fnpygk |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM07.1.B245.Malware.Gen |
| Rising | Backdoor.Overie!1.C6A2 (RDMK:cmRtazpblJqqJzV6vt9Czu8Awalu) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-AYVZ |
| Symantec | SMG.Heur!gen |
| Tencent | Malware.Win32.Gencirc.10b0c2cd |
| Trapmine | malicious.high.ml.score |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-30 00:42:28
PE Imphash
286870a926664a5129b8b68ed0d4a8eb
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00004f9c | 0x00005000 | 6.429731503283109 |
| UFO1 | 0x00006000 | 0x00000b3c | 0x00001000 | 4.048958645985325 |
| .idata | 0x00007000 | 0x000014b8 | 0x00001000 | 4.922245940742589 |
| .NewSec | 0x00009000 | 0x00001f18 | 0x00002000 | 3.0296544723808445 |
| INITDAT | 0x0000b000 | 0x00001000 | 0x00001000 | 1.928230724228301 |
| PAGE | 0x0000c000 | 0x00001000 | 0x00001000 | 0.8191947914524449 |
| u0007!55 | 0x0000d000 | 0x00001000 | 0x00001000 | 0.7812588593481377 |
| .erloc | 0x0000e000 | 0x00001000 | 0x00001000 | 1.9460632341794597 |
| new_imp | 0x0000f000 | 0x00001000 | 0x00001000 | 1.9638050348706804 |
| gfelmge | 0x00010000 | 0x00001000 | 0x00001000 | 0.7812588593481377 |
| \u0014 | 0x00011000 | 0x00001000 | 0x00001000 | 0.7812588593481377 |
| new_imp | 0x00012000 | 0x00001000 | 0x000005f0 | 4.333172746999679 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x00009190 | 0x00000ac4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000a018 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000a018 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x0000a018 | 0x0000009e | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x0000ade8 | 0x0000012a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x00009c58 | 0x000003c0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVCRT.dll:
• 0x406078 _controlfp
• 0x40607c __set_app_type
• 0x406080 __p__fmode
• 0x406084 __p__commode
• 0x406088 _adjust_fdiv
• 0x40608c __setusermatherr
• 0x406090 _initterm
• 0x406094 __getmainargs
• 0x406098 _acmdln
• 0x40609c exit
• 0x4060a0 _XcptFilter
• 0x4060a4 _exit
• 0x4060a8 _except_handler3
• 0x4060ac strstr
• 0x4060b0 strcspn
• 0x4060b4 strncpy
• 0x4060b8 atoi
• 0x4060bc time
• 0x4060c0 srand
• 0x4060c4 rand
• 0x4060c8 realloc
• 0x4060cc free
• 0x4060d0 malloc
• 0x4060d4 sprintf
Library KERNEL32.dll:
• 0x406000 ReleaseMutex
• 0x406004 Sleep
• 0x406008 lstrcpyA
• 0x40600c CreateProcessA
• 0x406010 TerminateProcess
• 0x406014 ExitThread
• 0x406018 GetStartupInfoA
• 0x40601c GetModuleHandleA
• 0x406020 WaitForSingleObject
• 0x406024 GetModuleFileNameA
• 0x406028 CreateFileA
• 0x40602c SetFilePointer
• 0x406030 WriteFile
• 0x406034 lstrcpynA
• 0x406038 lstrlenA
• 0x40603c OpenMutexA
• 0x406040 GetComputerNameA
• 0x406044 ExitProcess
• 0x406048 GetCurrentProcess
• 0x40604c GetCurrentThread
• 0x406050 CloseHandle
• 0x406054 CreateThread
• 0x406058 LoadLibraryA
• 0x40605c GetProcAddress
• 0x406060 GetSystemDefaultUILanguage
• 0x406064 GetTickCount
Library USER32.dll:
• 0x4060f4 wsprintfA
Library SHLWAPI.dll:
• 0x4060ec SHDeleteKeyA
Library WS2_32.dll:
• 0x4060fc setsockopt
• 0x406100 recv
• 0x406104 __WSAFDIsSet
• 0x406108 select
• 0x40610c send
• 0x406110 WSAIoctl
• 0x406114 WSAStartup
• 0x406118 htons
• 0x40611c inet_ntoa
• 0x406120 htonl
• 0x406124 socket
• 0x406128 connect
• 0x40612c closesocket
• 0x406130 inet_addr
• 0x406134 sendto
• 0x406138 WSACleanup
@.idata
.NewSec
@INITDAT
u0007!55
.erloc
new_imp
gfelmge
\u0014
new_imp
SUV5X`@
D$tPhLp@
20D$(ND$)T\$*L$8D$9D$:D$;\$<D$
L$@D$AD$BD$C3\$DD$HVD$IiD$JsD$KtD$La\$ML$ D$!8D$"T$#T$ST$,T$
D$QD$RD$
\$$D$07\$1L$PD$TRL$U\$V\$-L$
w0|$(3u
+t$h|$h
;u!8$j
PD$HSD$IP\$J
T$lD$xRT$xL$lPQShp@
PD$$MD$%HD$&z\$'
M D$XFD$\D$`rD$YiD$ZnD$[dD$]CD$^PD$_UD$aED$bD$cD$doD$e\$f|$X3+
T$pRWj%
t$(S9^
D$$GD$%bD$&pD$'s\$(P-
D$,MD$-bD$.pD$/s\$0R
L$0D$,@\
QSUVt$
<=u>D$
V395x@
txHtnHtaHtTHtG
tOHt>Ht#
HHuQC@
n_^[SVW|$
3395x@
tt!5x@
Hu-@O@
WVWSMu]
_^[SVt$
WVSOu_
^[U@SVWj
Ku_^[U
SV5X`@
j Y3)hlt@
fEP]Yw@
UfEhw@
PQPPEj
SV5X`@
SEPhr@
VUVV_^[UjhPa@
|Pd\VWhEj
PVpVxQuPWW=P`@
P|Pltu>VSj
@|Pd\VxQupP\th
SV5X`@
SEPhq@
SEPhDs@
SEPhXs@
SEPhls@
SEPhPt@
SPj@E3Y3j@fY3}|fj@3Y
|VPEPECEOEMESEPEEEC]U
EE/PPEcE EdEeElE ]E E>E EnEuEl]U
Ej@E|EE^h
]EOEpEeEn]]]uUh
t9VuUh
SVW=X`@
VEPhls@
jL3YSh8
EuErElEmEoEnE.EdElEl]EUERELEDEoEwEnElEoEaEdETEoEFEiElEeEA]
Ht!Hu@
j@3Yhw@
PEoEpEeEn]PPP
SPPEPS
j@3Yj fY3%$fPh
$PPUEP
j@3Yj fY3fPh
U_^[VSh
VAjA3YEVPhw@
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
VbjA3YdEVPdhw@
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
SV5X`@
SEPh r@
E%EcE%EcE%EcEhEoEsEtE.EeExEen
YaPEPEP
E\EDEeEbEuEge
YY3jAY
SVWj@3Yfpu@
j@Yfh
jA3Ypu@
PPhpv@
SV5X`@
SEPj@E3Y3ESf}
3EYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\U+
X3Ujh`a@
SVWhq@
9jAY3ESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]u
SSSSSu
ttPV83<<
`\hdpl
\H@8Pj
uV9u8=1
_^[39t
SUV5X`@
SPhls@
SPh]7@
VVVhk-@
VVVVVh< @
SUV5X`@
Ht~HtDHHu0j
VcYt e
EuPE5@
j@Y3fPj
33%`@
Ujhpa@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%x`@
SUV5X`@
T$!D$"D$%T$&D$.D$2D$8D$:D$<rlx2D$
\D$ ID$ nL$#D$$nD$' D$(ET$)D$*p\$+D$,oL$-L$/D$0\D$1iT$3D$4p\$5D$6oL$7D$9.T$;D$=D$BL$
D$@PQ_^]
SUV5X`@
D$0IP$P
T$(=x@
t4-4a@
SQVOuj
SUV5X`@
L$ QfD$
SUV5X`@
D$$Phlx@
L$0f|$ Q
1tGT$ @j|P
SUV5X`@
W3h@x@
\$4\$8\$0\$(\$,\$$
D$LD$$L$ PT$,QD$8RL$8P$
t4D$,L$0T$(D$
D$6|$UD$:h
fD$FD$Xfj
t$Pf\$@
SPD$\T$dT$
D$8fD$4
j5fD$6x@
D$TED$U
L$8fD$X3
ft$ZPD$`D$a
ft$bL$h
j5D$dfD$j
Rj fD$lft$nfD$lL$pj
L$x|$|
D$xD$p%D$p3
JBuCD$
D$}D$~
j,33L$hT$tfD$d$
fD$nD$4j
PVL$`j3QR
SUVWh`x@
3|$<D$8D
D$LfD$P
D$ RPj
D$dL$dPT$hQ$
RPhPy@
D$dRPl
SUVWh`x@
3|$<D$8D
L$Lu.|a@
T$ QRj
tNPu$T$d$
RPhdz@
PD$lRPQ$
SUV5X`@
fD$(fD$
T$(=x@
trj(p@$X
SUVWh`x@
PQhD{@
QRVVT$
SUVWh`x@
QRVVT$
_^][Ujhe@
3)f(Ph
RSj((PMQ
SUV5X`@
2.\$:L$;L$?L$A\$B43j
L$GL$HS3Sh
T$PD$Q9T$TD$U6D$V8T$X\$]fL$b
RfD$b$
Rt$ h`
@PfD$$$
5fD$*f
D$,\$0D$4PD$5
fD$6f\$8f\$:\$`D$a
t$p|$tfD$^L$\L$x
t$$|$|T$pj RF
|$xfD$<
D$xj(P
@L$DPhp
t$ f\$8
t$pt$$L$\D$(D$ L$x
|$|T$pD$tj R
|$xfD$<
D$xj(P
D$PL$`j
QST$|j(RP
D$LHD$L
SUV5X`@
D$TP$t
D$HQ3j
_^]3[p
T$1T$5T$9T$=fT$AT$C=x@
D$ D$!
BRT$@hp
L$TQD$(
SVWh`x@
SUV5X`@
D$(IP$
T$$-4a@
SQVOuj
SUVWh`x@
QPVVT$
_^][Q=
B8t6t8t't
GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm
MFC42.DLL
malloc
sprintf
realloc
strncpy
strcspn
strstr
_except_handler3
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetTickCount
lstrcpyA
GetComputerNameA
GetSystemDefaultUILanguage
GetProcAddress
LoadLibraryA
CreateThread
CloseHandle
GetCurrentThread
GetCurrentProcess
ExitProcess
ReleaseMutex
OpenMutexA
lstrlenA
lstrcpynA
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfA
USER32.dll
SHChangeNotify
ShellExecuteExA
ShellExecuteA
SHELL32.dll
SHDeleteKeyA
SHLWAPI.dll
WSAIoctl
WS2_32.dll
GetIfTable
GetAdaptersInfo
iphlpapi.dll
ExitThread
TerminateProcess
CreateProcessA
RegOpenKeyExA
RegCloseKey
GetVersionExA
GetSystemInfo
GlobalMemoryStatusEx
RegQueryValueExA
KERNEL32.dll
ADVAPI32.dll
0.0.0.0
%d*%u%s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%s %s%d
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
KERNEL32.dll
ADVAPI32.dll
WS2_32.dll
CreateThread
closesocket
GetTempPathA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
lstrcatA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
CopyFileA
RegSetValueExA
StartServiceA
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
CreateServiceA
LockServiceDatabase
GetLastError
ExitProcess
GetCurrentThreadId
CreateMutexA
DeleteService
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
WinExec
RegOpenKeyExA
SetServiceStatus
WaitForSingleObject
GetModuleFileNameA
GetWindowsDirectoryA
StartServiceCtrlDispatcherA
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
FindFirstFileA
WriteFile
FindClose
SetFileAttributesA
3d3d3R3m1h3c0eQJERYQFxRD
Serpiei
Microsoft .Net Frameworek COMi+ Suppoot
Microsoft .NET COM+ Integration with SOAP
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
www.baidu.com
GetTickCount
gethostbyname
GetSystemDirectoryA
lstrcatA
lstrcpyA
setsockopt
WSAStartup
closesocket
WSASocketA
gethostname
KERNEL32.dll
WS2_32.dll
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/%d.0
GET %s HTTP/1.1
Referer: http://%s:80/http://%s
Host: %s
Connection: Close
Cache-Control: no-cache
%s %s%s
GET %s HTTP/1.1
Content-Type: text/html
Host: %s:%d
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Host: %s:%d
GET %s HTTP/1.1
Host: %s
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s:%d
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: %s
Connection: Keep-Alive
%d.%d.%d.%d
MFC42.DLL
MSVCRT.dll
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_except_handler3
strstr
strcspn
strncpy
realloc
malloc
sprintf
KERNEL32.dll
ReleaseMutex
lstrcpyA
CreateProcessA
TerminateProcess
ExitThread
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
SetFilePointer
WriteFile
lstrcpynA
lstrlenA
OpenMutexA
GetComputerNameA
ExitProcess
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateThread
LoadLibraryA
GetProcAddress
GetSystemDefaultUILanguage
GetTickCount
USER32.dll
wsprintfA
SHELL32.dll
ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHLWAPI.dll
SHDeleteKeyA
WS2_32.dll
WSAIoctl
iphlpapi.dll
GetAdaptersInfo
GetIfTable
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For you
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
MFC42.DLL
MSVCRT.dll
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_except_handler3
strstr
strcspn
strncpy
realloc
malloc
sprintf
KERNEL32.dll
ReleaseMutex
lstrcpyA
CreateProcessA
TerminateProcess
ExitThread
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
SetFilePointer
WriteFile
lstrcpynA
lstrlenA
OpenMutexA
GetComputerNameA
ExitProcess
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateThread
LoadLibraryA
GetProcAddress
GetSystemDefaultUILanguage
GetTickCount
USER32.dll
wsprintfA
SHELL32.dll
ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHLWAPI.dll
SHDeleteKeyA
WS2_32.dll
WSAIoctl
iphlpapi.dll
GetAdaptersInfo
GetIfTable
MFC42.DLL
MSVCRT.dll
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_except_handler3
strstr
strcspn
strncpy
realloc
malloc
sprintf
KERNEL32.dll
ReleaseMutex
lstrcpyA
CreateProcessA
TerminateProcess
ExitThread
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
SetFilePointer
WriteFile
lstrcpynA
lstrlenA
OpenMutexA
GetComputerNameA
ExitProcess
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateThread
LoadLibraryA
GetProcAddress
GetSystemDefaultUILanguage
GetTickCount
USER32.dll
wsprintfA
SHELL32.dll
ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHLWAPI.dll
SHDeleteKeyA
WS2_32.dll
WSAIoctl
iphlpapi.dll
GetAdaptersInfo
GetIfTable
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
Thank you for choosing Microsoft Office 2013. This is a license agreement between you and Microsoft Corporation (or, based on where you live, one of its affiliates) that describes your rights to use the Office 2013 software. For your convenience, we
ve organized this agreement into two parts. The first part includes introductory terms;
MFC42.DLL
MSVCRT.dll
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_except_handler3
strstr
strcspn
strncpy
realloc
malloc
sprintf
KERNEL32.dll
ReleaseMutex
lstrcpyA
CreateProcessA
TerminateProcess
ExitThread
GetStartupInfoA
GetModuleHandleA
WaitForSingleObject
GetModuleFileNameA
CreateFileA
SetFilePointer
WriteFile
lstrcpynA
lstrlenA
OpenMutexA
GetComputerNameA
ExitProcess
GetCurrentProcess
GetCurrentThread
CloseHandle
CreateThread
LoadLibraryA
GetProcAddress
GetSystemDefaultUILanguage
GetTickCount
USER32.dll
wsprintfA
SHELL32.dll
ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHLWAPI.dll
SHDeleteKeyA
WS2_32.dll
WSAIoctl
iphlpapi.dll
GetAdaptersInfo
GetIfTable
jAtIk :
Microsoft Updates1
Microsoft Updates0
191006134601Z
201006140601Z0E1
Microsoft Updates1
Microsoft Updates0
iqi9O\
mP]>90dm{lx
'5{Rvu@;
Trw32u
JeJ[bcU
yT`o>,
W+Nt./
UJ"Tem4E
ME>bwbR
~|NYKw
Western Cape1
Durbanville1
Thawte1
Thawte Certification1 0
Thawte Timestamping CA0
121221000000Z
201230235959Z0^1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
%y"W*o
%CE{t"
MD$k_E;DC
&Mq 1Qa
xE/W?=
Qlie)`
h]jxdE`F~T
_n\t}?L.02
http://ocsp.thawte.com0
8060420.http://crl.thawte.com/ThawteTimestampingCA.crl0
TimeStamp-2048-10
DnmX|0i#s
y@b%n7j!
Symantec Corporation100.
'Symantec Time Stamping Services CA - G20
121018000000Z
201229235959Z0b1
Symantec Corporation1402
+Symantec Time Stamping Services Signer - G40
[LvCK"+Ch@O8
2[^Z(P
Gf=Gpr_
L-wD h
[2V3cI:3
http://ts-ocsp.ws.symantec.com07
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
50301/-+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
TimeStamp-2048-20
_n\t}?L.0
Lb07x'
2m,&c3Idm
7 Cxx(
]=Qy3+.{
[0W,I?
>"hcSit
Microsoft Updates1
Microsoft Updates
jAtIk :
D^lvz|
prw/0<
http://www.ms.com/0
O~uS_u
rT63a2
u/7Qo1
Symantec Corporation100.
'Symantec Time Stamping Services CA - G2
191011150816Z0#
UQr Dt
&FYB89k&
cp5r8slh#
%r6*I~l:%
V}4N\Bue&GA
@h9(& .{
kWxngI6G
kWxngI6G
kWxngI6G
kWxngI6G
kWxngI6G
8MEHNSzi0Y8MEHNSzi0Y8MEHNSzi0Y8MEHNSzi0Y8MEHNSzi0YmGgfO4HbVhmGgfO4HbVhmGgfO4HbVhmGgfO4HbVhmGgfO4HbVh2MZXcCnHzk2MZXcCnHzk2MZXcCnHzk2MZXcCnHzk2MZXcCnHzkmydYfyFfCnmydYfyFfCnmydYfyFfCnmydYfyFfCnmydYfyFfCntZbsa3Yb7ftZbsa3Yb7ftZbsa3Yb7ftZbsa3Yb7ftZbsa3Yb7fZw8sd4y2T
Zw8sd4y2T
Zw8sd4y2T
Zw8sd4y2T
Zw8sd4y2T
EjdWXvX7K
EjdWXvX7K
EjdWXvX7K
EjdWXvX7K
EjdWXvX7K
ZbYcme7mY
ZbYcme7mY
ZbYcme7mY
ZbYcme7mY
ZbYcme7mY
C6JWyfuMNSC6JWyfuMNSC6JWyfuMNSC6JWyfuMNSC6JWyfuMNS1dCDSb4vUk1dCDSb4vUk1dCDSb4vUk1dCDSb4vUk1dCDSb4vUk1QHVlmEFl
1QHVlmEFl
1QHVlmEFl
1QHVlmEFl
1QHVlmEFl
8PvzqSJ1l
8PvzqSJ1l
8PvzqSJ1l
8PvzqSJ1l
8PvzqSJ1l
pynNbVUdo9pynNbVUdo9pynNbVUdo9pynNbVUdo9pynNbVUdo9j27y1jKyy
j27y1jKyy
j27y1jKyy
j27y1jKyy
j27y1jKyy
zWC4GFUK
zWC4GFUK
zWC4GFUK
zWC4GFUK
zWC4GFUK
ZmmQZxKtO
ZmmQZxKtO
ZmmQZxKtO
ZmmQZxKtO
ZmmQZxKtO
x9JJWjvo
x9JJWjvo
x9JJWjvo
x9JJWjvo
x9JJWjvo
H0u4H3nmRDH0u4H3nmRDH0u4H3nmRDH0u4H3nmRDH0u4H3nmRDHqbf7D12l
Hqbf7D12l
Hqbf7D12l
Hqbf7D12l
Hqbf7D12l
yjVqXfxttZyjVqXfxttZyjVqXfxttZyjVqXfxttZyjVqXfxttZcrcLmap0EIcrcLmap0EIcrcLmap0EIcrcLmap0EIcrcLmap0EIyblaXmv1dTyblaXmv1dTyblaXmv1dTyblaXmv1dTyblaXmv1dTDnwHPGyD8VDnwHPGyD8VDnwHPGyD8VDnwHPGyD8VDnwHPGyD8VrW1mVfJdKVrW1mVfJdKVrW1mVfJdKVrW1mVfJdKVrW1mVfJdKVyftkR3dX3LyftkR3dX3LyftkR3dX3LyftkR3dX3LyftkR3dX3LvPQLnt27q
vPQLnt27q
vPQLnt27q
vPQLnt27q
vPQLnt27q
xc5zhQZugrxc5zhQZugrxc5zhQZugrxc5zhQZugrxc5zhQZugrbLyCTnQFMabLyCTnQFMabLyCTnQFMabLyCTnQFMabLyCTnQFMas8pP6zys8ps8pP6zys8ps8pP6zys8ps8pP6zys8ps8pP6zys8pwOqD2yyZdQwOqD2yyZdQwOqD2yyZdQwOqD2yyZdQwOqD2yyZdQ7gUNDTUsU
7gUNDTUsU
7gUNDTUsU
7gUNDTUsU
7gUNDTUsU
9dMLRRVus09dMLRRVus09dMLRRVus09dMLRRVus09dMLRRVus0xX6fx1vYv
xX6fx1vYv
xX6fx1vYv
xX6fx1vYv
xX6fx1vYv
KN3zDo3LpdKN3zDo3LpdKN3zDo3LpdKN3zDo3LpdKN3zDo3LpdFi3r4oYg8UFi3r4oYg8UFi3r4oYg8UFi3r4oYg8UFi3r4oYg8UGiqW5ude7mGiqW5ude7mGiqW5ude7mGiqW5ude7mGiqW5ude7mniOvtXPMgtniOvtXPMgtniOvtXPMgtniOvtXPMgtniOvtXPMgtvOrei0VCDcvOrei0VCDcvOrei0VCDcvOrei0VCDcvOrei0VCDcEc0WYjn1k
Ec0WYjn1k
Ec0WYjn1k
Ec0WYjn1k
Ec0WYjn1k
3rpwNTTzC
3rpwNTTzC
3rpwNTTzC
3rpwNTTzC
3rpwNTTzC
CUYxEaqgQ
CUYxEaqgQ
CUYxEaqgQ
CUYxEaqgQ
CUYxEaqgQ
jRpsRPLOa
jRpsRPLOa
jRpsRPLOa
jRpsRPLOa
jRpsRPLOa
TSll1NK00mTSll1NK00mTSll1NK00mTSll1NK00mTSll1NK00m3CLVEvHPCO3CLVEvHPCO3CLVEvHPCO3CLVEvHPCO3CLVEvHPCOEDuWGJuDI
EDuWGJuDI
EDuWGJuDI
EDuWGJuDI
EDuWGJuDI
mUvQWr9u97mUvQWr9u97mUvQWr9u97mUvQWr9u97mUvQWr9u97PzMC5g1VjtPzMC5g1VjtPzMC5g1VjtPzMC5g1VjtPzMC5g1VjtzWghEg8TnQzWghEg8TnQzWghEg8TnQzWghEg8TnQzWghEg8TnQblZg5OczWmblZg5OczWmblZg5OczWmblZg5OczWmblZg5OczWm6O336lQLyu6O336lQLyu6O336lQLyu6O336lQLyu6O336lQLyu40O2ES7jOZ40O2ES7jOZ40O2ES7jOZ40O2ES7jOZ40O2ES7jOZyrccG6UpzsyrccG6UpzsyrccG6UpzsyrccG6UpzsyrccG6UpzsLnTrdl5SQcLnTrdl5SQcLnTrdl5SQcLnTrdl5SQcLnTrdl5SQcIF64hGcrbiIF64hGcrbiIF64hGcrbiIF64hGcrbiIF64hGcrbi8hJX8TnWiL8hJX8TnWiL8hJX8TnWiL8hJX8TnWiL8hJX8TnWiL7RFbOUg1Fo7RFbOUg1Fo7RFbOUg1Fo7RFbOUg1Fo7RFbOUg1FoK9IavS32wEK9IavS32wEK9IavS32wEK9IavS32wEK9IavS32wECvyxwFDl82CvyxwFDl82CvyxwFDl82CvyxwFDl82CvyxwFDl82cR8Ht72PP
cR8Ht72PP
cR8Ht72PP
cR8Ht72PP
cR8Ht72PP
aHlfLusN6
aHlfLusN6
aHlfLusN6
aHlfLusN6
aHlfLusN6
sv3qWvWWMRsv3qWvWWMRsv3qWvWWMRsv3qWvWWMRsv3qWvWWMRzTRey2zVm6zTRey2zVm6zTRey2zVm6zTRey2zVm6zTRey2zVm6zsYXmxd0RqzsYXmxd0RqzsYXmxd0RqzsYXmxd0RqzsYXmxd0RqPN9qX5gMrdPN9qX5gMrdPN9qX5gMrdPN9qX5gMrdPN9qX5gMrd9G5zvNvreu9G5zvNvreu9G5zvNvreu9G5zvNvreu9G5zvNvreugd1E2Cf6V
gd1E2Cf6V
gd1E2Cf6V
gd1E2Cf6V
gd1E2Cf6V
YU4m7232L
YU4m7232L
YU4m7232L
YU4m7232L
YU4m7232L
5PxbEa7Ve
5PxbEa7Ve
5PxbEa7Ve
5PxbEa7Ve
5PxbEa7Ve
wwVVjMVre
wwVVjMVre
wwVVjMVre
wwVVjMVre
wwVVjMVre
vIXJCWSNWRvIXJCWSNWRvIXJCWSNWRvIXJCWSNWRvIXJCWSNWRWY9SzKN3eWWY9SzKN3eWWY9SzKN3eWWY9SzKN3eWWY9SzKN3eWN30zzvNkpeN30zzvNkpeN30zzvNkpeN30zzvNkpeN30zzvNkpeytF68lZkaPytF68lZkaPytF68lZkaPytF68lZkaPytF68lZkaPcquEqztN3ZcquEqztN3ZcquEqztN3ZcquEqztN3ZcquEqztN3ZpMzJrK1OI3pMzJrK1OI3pMzJrK1OI3pMzJrK1OI3pMzJrK1OI3EK7GC4pvSMEK7GC4pvSMEK7GC4pvSMEK7GC4pvSMEK7GC4pvSMIDGJ3LNCqmIDGJ3LNCqmIDGJ3LNCqmIDGJ3LNCqmIDGJ3LNCqmV6oYpjHQfzV6oYpjHQfzV6oYpjHQfzV6oYpjHQfzV6oYpjHQfzbXcU5fb7lPbXcU5fb7lPbXcU5fb7lPbXcU5fb7lPbXcU5fb7lPuFlJGClxvGuFlJGClxvGuFlJGClxvGuFlJGClxvGuFlJGClxvGsMR5gjO3YgsMR5gjO3YgsMR5gjO3YgsMR5gjO3YgsMR5gjO3YgmL0aQo2pP4mL0aQo2pP4mL0aQo2pP4mL0aQo2pP4mL0aQo2pP40KrhJxff
0KrhJxff
0KrhJxff
0KrhJxff
0KrhJxff
eV4Lou8t8ReV4Lou8t8ReV4Lou8t8ReV4Lou8t8ReV4Lou8t8RFSK5bJjN6dFSK5bJjN6dFSK5bJjN6dFSK5bJjN6dFSK5bJjN6dpXHpNZS4v
pXHpNZS4v
pXHpNZS4v
pXHpNZS4v
pXHpNZS4v
3dxE8OUegk3dxE8OUegk3dxE8OUegk3dxE8OUegk3dxE8OUegkr4DryaYgR7r4DryaYgR7r4DryaYgR7r4DryaYgR7r4DryaYgR7LrEoyykRyGLrEoyykRyGLrEoyykRyGLrEoyykRyGLrEoyykRyGgzJ7GjjbjEgzJ7GjjbjEgzJ7GjjbjEgzJ7GjjbjEgzJ7GjjbjE81E7d22qso81E7d22qso81E7d22qso81E7d22qso81E7d22qsoPvu5m1m3fLPvu5m1m3fLPvu5m1m3fLPvu5m1m3fLPvu5m1m3fLVM2EhUeGKOVM2EhUeGKOVM2EhUeGKOVM2EhUeGKOVM2EhUeGKOXZ4Mdh7m1
XZ4Mdh7m1
XZ4Mdh7m1
XZ4Mdh7m1
XZ4Mdh7m1
9zSrTey2Fx9zSrTey2Fx9zSrTey2Fx9zSrTey2Fx9zSrTey2Fxffos08vWjwffos08vWjwffos08vWjwffos08vWjwffos08vWjwXK31Eccfi
XK31Eccfi
XK31Eccfi
XK31Eccfi
XK31Eccfi
dwdljzjMlEdwdljzjMlEdwdljzjMlEdwdljzjMlEdwdljzjMlEOT8m9oTFO
OT8m9oTFO
OT8m9oTFO
OT8m9oTFO
OT8m9oTFO
2HSKI5mnMw2HSKI5mnMw2HSKI5mnMw2HSKI5mnMw2HSKI5mnMw1uQiFZONf
1uQiFZONf
1uQiFZONf
1uQiFZONf
1uQiFZONf
qj08nsOQPfqj08nsOQPfqj08nsOQPfqj08nsOQPfqj08nsOQPfLYzDwqg4e
LYzDwqg4e
LYzDwqg4e
LYzDwqg4e
LYzDwqg4e
jz8QuwTp3ljz8QuwTp3ljz8QuwTp3ljz8QuwTp3ljz8QuwTp3lvGaCqJzfFjvGaCqJzfFjvGaCqJzfFjvGaCqJzfFjvGaCqJzfFjgWtcseri
gWtcseri
gWtcseri
gWtcseri
gWtcseri
Il9GwFI8ksIl9GwFI8ksIl9GwFI8ksIl9GwFI8ksIl9GwFI8ksKzJJ0iNhEfKzJJ0iNhEfKzJJ0iNhEfKzJJ0iNhEfKzJJ0iNhEfrdC7ZNZ0zJrdC7ZNZ0zJrdC7ZNZ0zJrdC7ZNZ0zJrdC7ZNZ0zJwT27vaajjGwT27vaajjGwT27vaajjGwT27vaajjGwT27vaajjGfMOZwSI3r8fMOZwSI3r8fMOZwSI3r8fMOZwSI3r8fMOZwSI3r8QoyNqMJJsyQoyNqMJJsyQoyNqMJJsyQoyNqMJJsyQoyNqMJJsyDZKnbhZ8
DZKnbhZ8
DZKnbhZ8
DZKnbhZ8
DZKnbhZ8
oGXfJH8r8LoGXfJH8r8LoGXfJH8r8LoGXfJH8r8LoGXfJH8r8LRjhDyEaqz
RjhDyEaqz
RjhDyEaqz
RjhDyEaqz
RjhDyEaqz
tnjrQo9N6atnjrQo9N6atnjrQo9N6atnjrQo9N6atnjrQo9N6a2cptJ9l
2cptJ9l
2cptJ9l
2cptJ9l
2cptJ9l
ynDZf6Wuk
ynDZf6Wuk
ynDZf6Wuk
ynDZf6Wuk
ynDZf6Wuk
cm8MQFqEmbcm8MQFqEmbcm8MQFqEmbcm8MQFqEmbcm8MQFqEmbU8XlpICRPtU8XlpICRPtU8XlpICRPtU8XlpICRPtU8XlpICRPtdiNnvKwHPzdiNnvKwHPzdiNnvKwHPzdiNnvKwHPzdiNnvKwHPz3G4YktJHJ13G4YktJHJ13G4YktJHJ13G4YktJHJ13G4YktJHJ1xXke2IvMzvxXke2IvMzvxXke2IvMzvxXke2IvMzvxXke2IvMzvmzIdjCnYO
mzIdjCnYO
mzIdjCnYO
mzIdjCnYO
mzIdjCnYO
DYGFL7SvcqDYGFL7SvcqDYGFL7SvcqDYGFL7SvcqDYGFL7SvcqpcOIci3S2
pcOIci3S2
pcOIci3S2
pcOIci3S2
pcOIci3S2
Eolgm26zJ
Eolgm26zJ
Eolgm26zJ
Eolgm26zJ
Eolgm26zJ
pPrSxfWDEapPrSxfWDEapPrSxfWDEapPrSxfWDEapPrSxfWDEay4912Z9Kavy4912Z9Kavy4912Z9Kavy4912Z9Kavy4912Z9KaveMDy9GIvRPeMDy9GIvRPeMDy9GIvRPeMDy9GIvRPeMDy9GIvRPdnq2SxdvPvdnq2SxdvPvdnq2SxdvPvdnq2SxdvPvdnq2SxdvPv5QiTLNtExa5QiTLNtExa5QiTLNtExa5QiTLNtExa5QiTLNtExahQaLlvFnxkhQaLlvFnxkhQaLlvFnxkhQaLlvFnxkhQaLlvFnxk2QmW10PD2
2QmW10PD2
2QmW10PD2
2QmW10PD2
2QmW10PD2
hK1m5Qa5sHhK1m5Qa5sHhK1m5Qa5sHhK1m5Qa5sHhK1m5Qa5sHhfNrXGUHWdhfNrXGUHWdhfNrXGUHWdhfNrXGUHWdhfNrXGUHWdTfzf9833FbTfzf9833FbTfzf9833FbTfzf9833FbTfzf9833FbRM87NmegT3RM87NmegT3RM87NmegT3RM87NmegT3RM87NmegT3SIcraDSXm0SIcraDSXm0SIcraDSXm0SIcraDSXm0SIcraDSXm0
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
Y�a�g�u� �M�u�s�i�c�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
C�l�i�e�n� �R�u�n�P�r�o�c�e�s�s� �L�o�c�a�l�
F�i�l�e�V�e�r�s�i�o�n�
1�0�.�0�.�1�4�3�9�3�.�0� �(�r�s�1�_�r�e�l�e�a�s�e�.�1�6�0�7�1�5�-�1�6�1�6�)�
I�n�t�e�r�n�a�l�N�a�m�e�
h�e�l�l�o�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
Y�a�g�u� �M�u�s�i�c�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
Y�a�g�u� �M�u�s�i�c�
�O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�7�.�0�0�0�.�1�4�3�9�3�.�0�8�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
P�r�o�p�e�r�t�y� �P�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �l�a�y�o�u�t� �p�r�o�p�e�r�t�y� �p�a�g�e�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �P�l�a�c�e� �d�i�a�l�h�g�d�c�c�j�k� �v�f�y�t�d�f�g� �c�x� � �g�d� �f�d�g�h� �j�d�o�g� �c�o�n�t�r�o�l�s� �h�e�r�e�.�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
A�b�o�u�t� �M�F�C�
M�S� �S�a�n�s� �S�e�r�i�f�
U�O�L�E� �i�n�i�t�i�a�l�i�z�a�t�i�o�n� �n�a�i�l�e�d�.� � �M�a�k�e� �s�u�r�e� �t�h�a�t� �t�h�e� �O�L�E� �l�i�b�r�a�r�i�e�s� �a�r�e� �t�h�e� �c�o�r�r�e�c�t� �v�e�r�s�i�o�n�.�
&�A�b�o�u�t� �M�F�C�.�.�.�
#�W�i�n�d�o�w�s� �s�o�c�k�e�t�s� �i�n�a�l�i�z�a�t�i�o�n� �f�a�i�l�e�d�.�
<�<�<�O�b�s�o�l�e�
<�<�<�O�b�s�o�l�e�t�e�>�>�
p�u�t�t�y�.�e�x�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.