MalScore
100/100
MalFamily
Barys

cl.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/68
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 400.00 KB (409600 bytes)
Compile time: 2018-05-30 00:57:58
MD5: c92e30e2f8e43ec775b9cd1590c537fc
SHA1: 0439e3c4cdedb6975525c83de16828f5b60c77b8
SHA256: 8d1df395656f14c32f5e459beba244bfc55a78881505ef94cd4b557148e73d08
Import hash: cfc48e8308660cb8b8058c50361894bd
Sections 3 .text .data .rsrc
Directories 2 import resource
First submission: 2018-06-11 15:57:04
Last submission: 2018-06-11 15:57:04
Filename detected: - cl.exe (1)
URL file hosting
hXXp://betaqq.ru/cl.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-06-07 07:46:02 [42/68] VirusTotal
PE Sections 0 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x5d188 385024 34d07c4c4c4045ad0366ddae49f44a14 834d71a07820d51c9ad3486d2224d7b034f4075c
.data 0x5f000 0x9730 4096 620f0b67a91f7f74151bc5be745b7110 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
.rsrc 0x69000 0x3866 16384 0bc810e187c2d2b33b81f613aae0a422 870c55318d06c41fd03a1f605bac2a43e2d303fa
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x69416 9640 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x693f4 34 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x69120 724 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: BOSCH-6
InternalName: BOSCH-6
FileVersion: 1.00
CompanyName: BOSCH-6
LegalTrademarks: BOSCH-6
Comments: BOSCH-6
ProductName: BOSCH-6
ProductVersion: 1.00
FileDescription: BOSCH-6
Translation: 0x0409 0x04b0
OriginalFilename: BOSCH-6.EXE
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0
File found
FIle type: Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
FIle type: Library
MSVBVM60.DLL
GDI32.dll
sHELL32.DLL
VBA6.DLL
IP Found
No IP detected
URL(s)
No URL found
VarFileInfo
Comments
jjjjj
jjjjjjjj
BOSCH-6.EXE
InternalName
jjjj
\Users\g
StringFileInfo
Translation
BOSCH-6
FileVersion
VS_VERSION_INFO
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
1.00
CompanyName
040904B0
LegalTrademarks
ProductName
vies
iq?QS
`1~b
>Z5-
\ UO&G
Qzb'
s9/
c%a]?
TvfWu
X/B1
0_#%y
|3- k
j+)W#
lur<
r49C
d Y_
-[zU
<mOApf
tfd}
u &x/KwV
^.<U
D$ i
d;] y
#Nmx
CseS
D$ c
>`,DW
*zX>bU
7ow?
~Tv{+
0K8 j'vnY
g=ly
0o C}
/CsbBc
gW &~Ur
Sporvognens3
M:l){<<
^Y.u'$
?7jA
5|T\>
TfOOOO3
6NTQ
YIqA
0pBQJ
)w#}
:})g-
Va5b
:ydS
!d)G
z6>~
= yEQ
\=54
!`A
+]@9
$qVP|b
;6<7
En>w e"
@Zg5
Ingenirakademiers
PpU+
>i Qj
?GES0
EnumFontsA
@idD
Pf9@
C S&/,
]`/xe
!E*o
__vbaExceptHandler
Secularisers
!R9s
lK94v$J
RWw;I>
Ba&P
~4Aj
}92-Z
M2T)u
Gu )
/t_
|jCP\
/~Xpa
1-V&"
"Z!,{
GP-*
DpGd{
}6]a?
k6p4Ve
vvvv0
3b3
y XL
.:z~S\
yo2k
z:9kP
B !y
N_;G[
0\Px
6c=W4>
oc*6%
>w4a f
Cc9[I
+f*[
0 \[
WQ:|
t7c/ nLH
H<,h
|~OqRJ
&6&H
ysot5
]Aa%z[5_
>Wu{
4 xZB%
i8|g
#iwf2
|^yP
W_W_
A4=r~?
h^8
1ZZT
bN
Irfvp
gHG
[yqC
g#PCE
HWlg
]ec- ,N
An(k
H <A
L Qr;S
k"+(
[ ?-
WHc|d
AW>q
B. &
$mse!
lSwwe
USg%s;*1
DF)[u
%E C
,G@R
XXi@
|EK5b
?Gf
%y,Z&
3V8m
@7';
c!wa0~
\sCK
8gBo
(JJw
-=10
E%o*$
K_cd
xxWo$
ybGc
R^8u-
Yo
YSx2l~
` \o
}!i.
58d`
"PF$
!x5%
DfTk
^2b
4l(L
h7x
2y{`pG
5__vbaEnd
C ['Q7
zzzz
YVjr4Z
pLu9
'Ut9X b
PGL d
[Sn(A
|S+d
Sm4'
GBR?
@ L
m)3*
7~p!
_>M/
r ay
=c#$~3
>C_a
GH F
T0>D
ZH(4[
r#VMV
[lf#
%f\dqu
"T{zHb
^%}c
V/ )(>l
9=0}
A@5@
/_#%y
IKc
+}jk
5s/?
alminding
3y/Z&
f2C f:
Mn}#
Rich%
99k<
B+GZ
H+Tp`
Yq^ |'
m/}a
1=L~l
{FFC
VonP
q)#R
#Axv
e*|QL
FgE|
6f[/
T`_94
z{# #
}N*bbb;;
~tF}
@Z1W5X
cCY
$rFz9
q'}y
i%F]Y
,f,@W
iL |E
,<q'
^X -
(0qq
8 ;<T
LNo=
(HAJ5
0W2g
8gv}*[
[4>l
:j./
[eT>
_ic
-Aw_p
`-gt
t 7w
J`b=
Idmf
N2|-
ji. k
Xff=p
ctX
x?B;
$P E8#
HWs^
jP-s
u4aZD;
$Y#L;
S5su
_FUB
s{ywTv
h$jS
o}Y^
p7K/
4hP+
GFw{
\@CS1+
em^U}n+
py[[[[[[[[[EE
3FDeS
pW?k ^/
k00-~
I@hH
2q?r
N}%x
#{Y
XqLsP
<>JV
&a2 R
!uq-
{F%5
rUP=
*<6),{9
- *[
$:Dv^
&cltG
BTYb4
Z!T
V%1H
|@ S1
A[[[[[[[[[[[[[[[[[[[[[[D[[[[[[ttt
KyVj
\.}v
:zZK"
Hdw?-
5'fa
- '&
^3NU
":,U
aG0b
CBA~
BYKZ
~FExZ
E54L\
u3]*
[`%|7
g$[N
w8VOpP(
#!/
B$ce
lD$@
&yV23
_QUc
$4@%
!`-=M
W,5o
0aS>}
?&[[[[[[[[[[[[[[KKaR
n=nkS
YC$9
Corner1
Je$6
b:!,R
z~M<
)Ma^
$4P7l
M-+Bv|
DJ!|
K+<G
A=1U
&[[[[[[[[[[[[[KKKi
) z%E
[Si=;
:1D~
ys6
D U3
"V.
D"!=
gPt1sH<y
7$~w
||Ir
]w8f[3
i#9 W
4-p ?y
]ZB~
*^b^[
R<I[
mtJ2
K_jd%
v m)[O
#-9:
)LZZ
DK"D
Is*U
WW!hh
GHNHa
#qjR
'a6(
T?.BU
@ko!"0:
']"k>
\w;i
"/M}
~o|1
b;LWi
b@Li_t
DdpcwU
w,p.
&&&&&&&&&&a-
f- ZPo
)?@k
:aHd
,a ;
+HZRb
|99I
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
.text
F6R^
? m'p
4n|P,
<H\Y
'6pfN
+JxXN"|
b-fa
Basketry8
qOW9
6*Qa\
pUb{
Bo}Wm*
Krepi7
y(mY
q '09
~e%M,J
:Op:
E>E>Y
!|YE
n%4$m
P, p!%
'&@=
)4 |
+M/L
S&ST
:v}b
q$@s
A).-
k-J!2hae
)WW
J'Di
yfn)
'3'=
Dn90
@m lA(
L|OkOt
fE9!
JAI
b'"H7
WygZ8A
i! $
Pc3o
Y^@P
_CItan
l 2 B
mhp&
l}LO
F^29
1p]8)
M5UkNc&7ex
Spidsrod
s?S
J]7t
2-0
!VC=
19D
GF@<
e?Pp
6$,z0@
$)4l
Fu9;
EZkd
!1Lt
T\YgD#
UBls'!
(N z
CAB |{
+oa4
LsTjm
`zK'kR
?,#Zf
xj /c
0)gfw
~H%Gi
SA^a]M
. "/
1J>f
iq1
yy8~t
t'ZT
fbr
t|zD!Ce
gkU0
_adj_fprem
S5h
ktpV
|)pQ
5P\0
v+Jq
_n#nyK
y[U,
/UC
mkX:
jXgV
IXzs
WJb~A
}[QtqcG
V^\&
3=^qL
Tdy(
cG65
C Y>
Mw 8
7YehX
W-^M
JZx
wg) ?j
U/DK
o<^
~f+<P
W?`7
_pF_
()AH
oYp
|7)z
2SkR`
\H\F
&[[[[[[[[[[[[[
1yoR
'P-k
Mauley4
M*Ln
G c
!\}j
|*(
0 ~'
DQyz
[[[[[[[[[[[[[[[::
t0*w
Vi Y
c$:Y
xJW0R
'\Mg
3 c?
{D`/v
t_UY$
!6F$
V*f3
l2R6
Nzy!S
hypokonderes
2^7P
{:or
\Km~:
,1MQ
R ;p
Y]H3)6q=~
IH9+
w%E`
l~D%y
Q.Pr#j
]%1|1
;0Z?
U]
G92P
`PyH
4\u'
){n"T
Tyg<I
8Z R
Yg8jXk
4y[#~
A5<V
Igq* Dz
KVM/
+; g
d/O6
N+o gf
attemperament
_&!+1
{Rll
y3co
wH6
f~vGd/
m <o
H<.4
i (&
eTDb
zc^2t
N~m
]F/2H
EEc0
V2@nh
JA[2t
c1 = Cw
qg o
Phasianoid
[LaUc^.
(*3V
rzwB
UsV
Bi z}]
schenklerne
Y.VigN$
IO=a
p MLx
P8(<
@ZnK/
x;*`
Kontrasterne
__vbaAryDestruct
ROR&
#S |r
H%U^
AFV%
b v N
ifx'efn
r4u(q
oxT.
SSSTh
fS*LW=
"pE*S
!~\t
Xk^u
[#DICi
_adj_fpatan
=RZ4 z
m<*N
m2 {17
' .n{
`cHwF
9q[lj
:+YZn
;>aF
.p+,
@H5
%.OHGc
^w h]
-EaH
Gbn65
J5R
oK x
M `e
,9 Q
t sz
ROD
AS.Y
q f1
D5,od
AAAA[[[[[[[[[[[[[[[[[[[[[[[[[[999
7cBp]
)9g=
u NzC
"xg/
\ERoS
ciGz
1NRVCT|2XD
;G`/
.o,DL
hUrq
Ls(4
0Xe=zC
*_&AV
6[nq
V3p[,
M&f(
9zZ5)
iY!
63w*b
@z<<
B{.`i
Dekadisk2
6n K
ZWf=Dl
+-}{%l
O^uV
ph|!
:kLEx
oZh'dP
3.mG
*@H?yVk
denet
WWW!!!WWW5u
8xX]
~@uq
YyMp
_adj_fdivr_m16i
*)b R
7XA
_}%'
P$,Eq
I3B~
tfRy
#+(7
Ux<N
G7_/
e4D Z
j~W`
c/ D
NCpl
~BI(
boeje
I`GuR
.btY
H-B
\z`$
lK.m
2? 2 c\
?6(7
yeNfnj
_4oR
RegisterHotKey
mx13
3p,t
b8mu
iLye[d
n[39
`io'
iUEDvdO
;}''L
zqTYq#@(
\h2HG
*XAw4,H
\-W"W
B @~ 7
CGWa
?Hbo^
6Mp c
iLZC%
wyY=
OR#~
,Q6O_Uu
er;(
PG8z
jr?j^
hdw@
vDe'M
; L`g(
?`5Q
user32
jP]gh[
vH k
W_HH1
=rrH
%]74[`
$KDK w
VD%
XS u
# { f
*b#[^
participium
O+n9
kbb(
D?s
y%5\V
]v&-q
,f:%C
D Iyk
jB&n`N|
YIZ!
[[[[[[[[[[[[[[[[[[[[[[
(/L
SZJF
p3<i
w)ST
27jg
$H~K
|B8
W1NM
EVENT_SINK_QueryInterface
+^.
rNTmc
zu4%
Ip3=
py[[[[[[[[[
c" %9>
bkh2
8{ukv
sNU+
BDk#K
grBnI}
__vbaFreeVarList
5C8j
8`|G
LH|_
Jfta.
GAMb
46",
~7|h
gZccA
"3 X
TXU.
E>-o^tC5x
V_4(
OhQ$
F \V;C
%z$[
'wDM
^>7%,
` ^W
__vbaVarMove
5k\#
$ U(;
ie_!
N9|`o
'{OG
={`#
&@|K
_X#2
i,z(O
i*)u
b=%:1s
_adj_fdiv_m32
T9y7*8
#$22
&v,j
LX=U?
``j9
e/i.P^
/&AuM
P<3X
wELZ
.Ozt
1k]P4
5MJm
WN<M
Y}]a1
0E~w
Eumo
) o>
\~Q.
nX@L
+Rom
]t(i
A3!e
(fV)Q
!&Hj
cZdO
>ZRo
N`j'q
0i]!
^/o
U1Tu&n
umE $
SyM-
n%>
K!^L
E4G7
1UW]
?D5g
36%!
f~@8
EC\O
8XQ#
IS[(
z]Q{
WNit
s9VM
)=*YZq
vf<F
lId#
2J k
Yu|
Oy%7
U2D{v}
#i7?7
n58t
|Os\
wGlY
P`nH
>1%2S
l_$uj
sV!6
=`!O#
5,G{S
=s>
-tE}
]9[Y
T14M
,yEa
4"O,
0`%"
3X]:jd
0=^.j
>Fv-v\-
<V@Tu
%w K
wv?C
CMy:
O(d
kKHS<
h! f{
;AI-
.bD>
Recerptpligtig8
^4@Xh |
Y:na=,
k c41T
S|OG
Wy/,/
h3m1Sb
p)t8
Vjg>
p:t9[i
n0A/
)-c6
sW"7
f|x)t
*;=fo
V uW
K;c3
!S\lMaJ[y
}(63
5sj}"R{
=[~X^
DfE
]1p(
t=;r
YKh Kg
T;oh
0R^ F9Di
?[V^\&
v:;N
krpr
H ~ 3
3:"k3%p
cI!m\
MFbbb;;
GI^]
rjg6
T+aE>
GwI
P;U?r
4n1n
f{^+
Z% +
L[YM
Form
p<Cx
&&&&
"2VT
E[Y?{:
.%@tL
}hRul>5!
U~~HK
6X<D
9vI/
P[zN
Rwqg
L\YW
73}[t
c +#
|`fF
zB $
Yo0^
<<<<
+I02
E?k
1LP)N
C/dN
:%G1
1fd|
R{$}
T6r(
TDl<
t+30
RI*9
UA=h
~v t
Z_/,
:N 8+-
[[ (@
4pRB
opiH
1r4V
shQO
g > H
W $m
SvI:P
[[[[[[[[[[[[[[[[:
\k.r{
{!?H
[T#B}C0
68n~n
dE=e
W4+n
/$p&
Nonnationalization0
']5o
r{#c
?v>(T
4c')}
Ao@.>Z
Y%do?
2ev_
(1cU
'| 2
5HTm
MSVBVM60.DLL
u3W}/2
(Sa;
_ J62S
oC5>
[ "M
@,O
W_Hf
+8*'Z
/E,9VY
<7%7
[[[[[[[[[[[[[[[[[
{tD x
k }G
dc`*
H{` 9
FH.*
6|ip
AUUvD
MNcZ
!|%{
'bN}
OX6{
fZ2 f
I[ja
__)n
0jBvEU
>GRV)
2w<i
/s P
nNQ+D
gbAO\0
1Xl[
8Al8
fnkzV5
!yR/
|I=S"
w lb
V'{>
$,)8
Overmarl
Y&><
#l4
>KOJ
!r5I
bu}
~{J;
@i
{]Ll
Ek$UQ
*ZE'
CTkf#L
QQ00
*d]T
I@S}
o} m
z v
>$v
"ges
:{[-
$ \Z
=#tu
>Z0>
y_6 mI09
-?^$
JpLY
UslO1 c Z
Vo:FE
=WxY
*R$|
z6fW
Ux W
}#@Kd
W#Y
[L&ZA
$J*
S"];W8P
5ug&
b-!3
.5YG
9`6I
aOhs
donG%
VZ#uF
<w*`_
/HgEL5
( Oa0
D4\P
wN (W
tVsI
w71f
zPqi
/^"$x
z 'J
m'YJ!
vvvvvv00
Tt_D
/K=,
+8GPZ
oxRG
^V*
{o(|
OZU%
u&4J
<o4:O
.hpp
,DReE
_]Kbr
-Tu
([u_@f
M4ds.
(1y(
y9#w
u3 e
.rsrc
L$u
{|n
0_ 4
fqo"
]L2z%
'6yE"
`c:G
?Z\c
*!7$
;/(/:p
_aP
(\4
f{]r
?_at
-^C-
!! {Ri"
0!UQ
-vFV
8DD0
MEK_3>
g-ZE
*y:,AFlro?
Y^Qk\
lkQO
Dm^y
$_?v
tYQ3?
*YAje
~AX_Un
/ ed
Y"u)
g07e
M.W$H
3ITf
wVbe
`P,
3avSL
$$$$
?>AGV
b{)W
ltq<
-(0-
b_daq+$
Z;'~
{5Qo~f
{;Dn
+(hvsL62
R=M'
.zRk
vSgs
n`@\
&l/lr
E 9(
H57f
Wrv
:)\(
M/L\c2b
>VK94)!@"
cmX!)
2qz1;
n~
q&} m
{.I}
[[[[[[[[[[[[[[[[[[[[[[[999
}H$Gh
h_8 Z
'B7k^
o8;
'Td*(
IM+[}
g)"k
G0HtU
2;YY_Q
Konkursbegringen2
W5h47}'
R{O\
Gd#0
/`cM
"8|_3
4%*(=Z
F6_.
\LtD
9G1n
?b16
d"_"
|_*?
NZ@^2
]~:Oa
0>|'
}^n<
72B]
81JU
GSv?
$c3\;%
au*e
fnk6
fb>2
@p45
C=z
?) 6
/V%!
SKPp
L/ -
P}B@
CCnaz
vdrJ
+aIL
E Ul
B 0
Lzi'
ckh3
RlOE
R\)'
+'QJ)
62Fa
RRnn
}S(
7H r
hh!!
I[yw
?\%wq
$7-Q
z?kGl
/*n:TY\
(j:
gfn-
e_Z-gR
OOOO
zv\
&w^C
VZTpMS
4BG$
= RG
go^
"G^q
y+=0
$1!"
discloister
%H;P&Dl)M
vcf-
U;okL
Snorebroderis5
B[ W
=$"@
8(\
8M]K
/#ST
IIMh)>
jro:
#zi9|
V0v4d
JidEp
/Nx?
hFt`7fz
Ubemrkede
Z ^
#7`mq
nFH/u
(-_w
fkiOJ
y (f
mB>.
fi[1
A6--
n`NO
tC-x*>
yefs3M
a$j!
^n<
Aw_Q
fzA{ *
P_ n]
_<:i
[>H#
z?6
[PW?
L(6F6[
Ws*8T
T i=
u $z
UtQl
am+|
vDfd1
qqe3
:zB
OXeg^B
X`f;b
b $!N
b-Fv
|M5T
T\Y$
j0M3
-r"Wh
a gu
=E"6/
yD{fn.
2{aa
@C,3
*!`
-JUeA
,2| j
%Oz"GA
jU!'r
<x%a
{'*Wn
B^n!Q
!@ct
s^oZGj
hW~m
_zh"
(Q"{
*OWp
&&&&&&&&&&&n
| %78
CpGK}
uke1M
g1lf
Dh1P
&nQO
#zn w
O;&i
I[[[[[[[[[[[[[[++
-jo&7
"B`i.
$9rU^
mX}uu
85PY~P
xS;C
T n)
BJ"
OHXB+
#19|^
-DW/
,Y|m
{n[?
g06E
hYPqOCY
2h8r
5$o+
,#>rJ
lBp!Ya|uz
m c$
yW<a
m\M5Y
JHe3q/
BOSCH-6
_%nQ
8v3zN
ln&E
LV_,,
bi w
QXFc3
EVENT_SINK_Release
z,b0
Z::[[[[[[[[[[[[
W1m
6(*2*
1,j_M
vT,[lS
nk3H
`*9[
W{E1SGJ
?RL$o
7|._
=EB
nIRO]:
&[[[[[[[[[[[[[[KKi
O&O:1GQ
_\Z
!i I^
__vbaChkstk
D8&|
E5I
Wy'y
^z3x
0<2!
X3UR7
dC*8
FXy}
9sb>H
ohEj
UN$s
SGM
@s:{
:+_,
npF8
6ASz
fnl6
galeeny
F3 )
_ge/
p;u:\j
g HC
PXUc@
r&*9G
J+`d
f{\!
"wd
hk Z!?
Y{wt
_GtMP
[[[[[[[[[[[[[[[ttt
i98=
7=o:
Br67
!/1\
d;rv
jpH:
KHvG;
>TXm
zu0bf
BvV<.
9UoS
k& TT
:4zu
pW_'
1`kb
>}}/
XP9i\$
>S:_n`3$
Z!^
*:+F
dQ:4F
Z$ Z
s\<7
*<Le
N?Y7
ZzpBg oa
6R_a
4| 3
Y6<i
=j~r
E8VN
o-oP
]\Z6D,
~% +
:0;}
vyTd
s`5@
P8uc
U\S8f
v`+2
c\HMy
O/**
dNYR$
_=`j
5/i@
7%gc6
X`J`
BVV<@&{
b,}X
aeV~
UjUs
L'2'?
&2Jn
Z(d)
.F!K
)09O
K*0G
H.1Nl
L )#
T5*]Qc
+)KN7/
X&D:/
:wjy
Niz8
u.4wm
cs.W
6$Nf
A)8Q4
/eliC
{5fmF
699+A
v-:G?S
)6LTz
' x0x
JPy9
=\b(
kkT{6j
/d+ ~
Rn-")
`)oz;
p>v"
I5th
A%D?
&Z2
EU5i
Imperialized
JhK',sv
[m?G
VD?X
nVJ[b
[[[[[[[[[[[[[[[[[[[[[999
%HH/!
~3A0Z
:<vJ+Q
kt!~qh
]=2JE\ 9f
.+R*
0"Yk
<o4(
C;n%
xXrE
&&&&&&&&&&L--nR
)HP z
;X@d
rE^f
P.v$
S[X#
N5q^
ZEZh[i
{> OS
:: 3
b~9>
GFjW
1`Qw
8)Q
y&%-
>bMozhG
ev/=_
4 4i
Z<kY
R_9I(
^R_U
~7u7seN
h|I@
9]{@iPI}/
T\Z$
iqn9
yQWw
SN80k
,~u
En`m+xd
'{"zx
p$?s
9"2 b
*s?7\
R4Iqt
JZ}0
t?i.
EP j
{C9YT
qyvA
x-:j
Wc!fl
HBL5
Cs64
ZE',
i1p2
`|Ok
)E PE
oo{s
/M;7
U[Wp
J]@
/j._
pWJ
olor
e}-
_CIsqrt
V8mt
v7vF
j]; 9
6Ff!
&liKV
viP
>m13
S %[` =
#dK2
\'gb0Y
Cg]c
r\@e
]n5c
+PP
ajg1
;&5~
]Id=
{o5
S[D%
P p'Lz
>oMB;
awt=
&jZ"
PBLm
y1,7
eC!28Q
!J_t
'Zp.
v (
k v$
S[XfC"
GL%
{i0
X|8G#
q=e#
Iy=>
[cY0>
*Y6R9
H"K
>uSN
Ps&;
=EC
RE33
znno
DYe
Anmassede
=BoX
;u>(]
UUss
.(qL
st:}
y[[[[[[[[[[[[[[KK
_$ }{
40ZkL
D(#5
ngKB
(.NFdr?
C;n
pAl"D
w1p e
=J((
`#vj
+T%~
/N
t7?ZR
!!9m
,o |~K
b{Bx
D:p6
!w)<
p*pG,G-
%~!^
AkYm
6>;mJ)
T!Nbku
,.Tn
Q ex
i F 8 7
]mc9
G VZ}
fh q
1 ~4
*}K)
?v!j
DM )&
Q_S0
!7*r
M~e8
`-j^T
$NgX
_5CB^
gJgf@
^Ho jE
~fnj
Ne}v
n5(8
5\X3
5 Y
1~}]s{cb=
odontognathous
6S2UA%YnYp
_CIsin
x< 66
NK'Y
5d=V0
cLMl
LyNa#
NPM2
h>Ns
}JsJk
/nIN
@/}s
`!-"
h+-U
w_^z
2SK'
/i-(4
-8,NZ
@]H-
fsy<Td.c
Xmv
25Q\g
`/wK
S:WT
WP.8
L"C0`%
9/K~V
kG\tp9
z q
*Sg}
3m1l
!jJm
^IMF
,#Q] h
Label1
#-[k
@<Em
2)DxP
Flutey4
5T!t
08F]D
o#>/
ue[6F
u'"+fQ
;;;;;
Overfamiliar
#cM9
[[[[[[[[[[[[[[[[[[[[[[[[[[[
Ldc
`DLl
&z>?
IVj0hL
i?DS
/;:\
"[ y
GY8*
Yja"H
=~;P1
&OTH
uw8b
9usU
: 0u
R_|m
~kp'L
iP _7ui
b~,o
F{ .
zEea
U?F[
Peo;
V.Td
)s>5A
fffY
Hotels8
SWxm#
'/,;
0n53
( j9
6hgo$<
[[[[[[[[[[[[[[[[[[[
ratQ
[[[[[[[[[[[[[[[[[[[[[[[[[[[e[[[[[[[[[[[[[[[BB[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
6K+Y
nP$Q@
# r
}jf !
O>SE 5
jt6x
r3"d
gQA
~lW<G
/+H&
:k_:
^fc. -O
gUS,.S
ktL*5Cg)
8/ps
oyk?
2MN
F a|R
Hz&"
D5["
Handelsrejse5
X`:i
}y0f
9e.f
~E,G
\-Yf
c6sq
\N 1
wb*R
k(>hgv
i$"o@
#QM"
uA A
HbuE
6=2X
)LV
=o{I
FH}-VLg
pc8~
x:R
<5~o
5.^y
U>-n
7)x+\D
k<><
Akz%dH
2 \6
Oge;
I9 4
/o+eG<
=Y~
X &Zv
&wTJ
F `|
M=Z$r
[[[[[[[[[[[[[tttj
#uvww
wLfP
;x2A]_jg
wz 3
[[[[[[[[zG
milers
1 \ s
\nHR'
n:=V
]:\~/v
$U]v!
$Q<x
<q\c
7Qb j
}xrsm
.nl
5(,9
Q}wt
3z IV
i!~9
_V+2
__vbaStrMove
cofinances
CZ@Y
-$b$r
!F-.D
;0x7
u nj
/2:RU
\vG`
^hp~
.|wl
kbE
\a)(
>2_eZ
!{}J"
1VhW6
RVT}p
udJ#*
Dekl
"1 2
>.V&
;O}kb
/[g5
9A #~X
gf@@K<
?ClqZ
"OM@
|0[C;U
`6s\t
=mQ3
Z^km6`^
0yzNN
rwUVP
e2L%
wA{@bp
xG!:g
)&"cB
q7:3
MW|zH
-tKp
}V9I
.Qgc
n!t%CF
)wlU
`Tvjs
r#Q|
a2d f
mS _
cBL1T
?qLh
+cw3`TU
__vbaVarDiv
{ 2;E
MM<GY
x4,H
Vk&TGI
O$\:
!This program cannot be run in DOS mode. $
g~U,x
yZ!|
/t
)W*iR
gg6v
36D3
])Lf?
7BoP6
g2i
xd.uy
_F%w
N9PC+
c8Z '
0X<!
dli4
%K-T
.AG!
P,Op!%
;!-z
$?S;a
p81r
; 7'
)(M*
N/1J`
_adj_fdiv_r
U$2NH
h(#H
ERq7
[z'c
ra;KO5P2+
4$GO
>(L:g
c*o{
{mrx
P:wp
N6*eL
<iP)9m l
>[r*
7d'EH0E
w @ a[
;\8_
4wFy
__vbaFreeStr
H((((
!l31
^A !
=uIk
8q>c
__vbaR8FixI4
}F<v
\d *
HKN,
%Zgm
/_)(X
M-VT
]XaL
W5:0
cx 6
? 1*NN
9d/.)
%V"J
;cn-"}
X`^(
h7<(
uwp}
qAJ~y
#(Gu
8pbze
[E ;
k8pvA
!-'P
l s;
zZDj>x
*OTi
6oJZh
LC8X
Fc$m
=h*5H
:\.h:
zONC
d B
747C
%lmn
+-DC
*bm5
3,"LQ(
bf-R
l 6q
7vHep
[[[[[[[[[[[[[[
_P,y
X4Wx)qR
bgGb
=maZ
9eBS
bdBy
sR`M^i
UaR(
M3k?
Uy&.
)ekkC|as7'C
p"di
-j [7
Ycv+
v~|F#Eg
f ,M
L]{8
9h,.
."<&/
H=..$A
KqSyn
A|]$(hQ
P/%H
\K$
)^@o
3+^;
yw5wQ
eUbL
fOCu
t]{${nn
-'\A
t**C&
EBq5
@?Of
t5U0
$w!H
oyv6
mmmm
I3|ZR:c,
! :WF
OFPo
/d^~b,
3CA
{6Qh
q*,
W/cu}q
>g tu
6TZ^
>zC5
~yjY(
}-GJ
L@?Zl
W!hhh
'B O
rp<tI
z\sb
aFt_
Sn,t
PC'lK
nXiI
HPM[8
BKVE
4C g
`a#4c
[$?=M
t'Cv
u(%l
+>h>
)8U2bX
!%~p
=_Mk1s
Zo%e
@<}Zr
[Eg`
</Di
$::o(
SHh4t
n}#
dfD
*f`:
ofnE
s5~%
w&_>
u@~6 V
N>kV
s0EaL
sAQF'
]6EW
@Y-(
R7B\}
m T:
kW+X
2% _
&&&&&&&&&&
E@,#2_
m"s`
9EVSb
j~Ix
Z:[[[[[[[[[[[
F,+I
t]s
6JZZ
*qw2E
)PsG*3
shF;
sK h
jNrf
[s0r?
|3<9
miEn
[e3
6 da -
44kk
Z@d9
`.data
G B>skV
x+'iv
EKC2x
yltz/
/s9n
H m;
#_iT
~/=*
?+mW c.
g+\2N
YSj (t
9}Gx
a e
7XY6
3oUnLfU
IK}_
SWU/
pFk3
;8MM
D!b
|J_G2
bdkD
8 (i
gol7
Q:+m
&`rS,
]4rO
o a_
9x5=
PXU
zHKjAe
J5.
@zq3
:N|w
isDO8
r Gl.^
WX;n
t\sr
qq(^
S 9X9!
8ACX
X(M|
__vbaNew2
gg`x
c^ v
C5v#([
e!
S@+S(d}3Q
)8,a
xRIa
i~5&N
pr;G
.^"#x
GAKy
unflexibly
|q-=
aQA A
Bsning
GJyJ
lI[[[[[[[[[[[[[[
]lR L
}@<'
>4E"
|6%A
g[ifs
w X
#F>i
__vbaFreeVar
SBuv
ITFp
uS^n
D-T'
q?`d
yz
$I:7
uG ja|
#{mX
RSzi
eCH6
hXo~
JTR>W
z5L#O q
$NgXu
A^@@n
N4'U
=EBQ- q"&
$ijh 2
]580
ewA0
z%sp=;
{Ums
DEid
ECdD>
0f%E
?p}?j
q(0-
]X.r
cj`?
_adj_fdiv_m32i
CL|m[
QZ v\"5
]iTJ
IWa
1xT|
\>!
GDI32.DLL
u}{E"
mm\0
B,5r
XI1
wjo\
%Q_K<)
\db,
hlx@
u)D0
m rqOh
x%9m
0lT8
9&]}N
W/$d
N.CY
4)v.K(
oyeW
Amm
msvbvm60.dll
}0NkW
Gs=T
l(QE
3u
te3m
l1ff
Yro7>
nFE<L9
9A>
qX_0
Zj?2
34 g~
^u=G
4444
C?}sT
Z?: 7
???????
pzZkgK
q+J}
96,T
rg`?
v N$
gnp2P
Z:@w
;O >
2dg:
/Xs1- XJV
~k~#;
ro's
x|Pk
yBEG
>4y@
Fmd*X
AD,n
v#0_
h 6}
p%M.
mk(Wy
eg3B
d[6u
6 7}Vwi
{FSt
.fe+
Y6e:l
904z
&^u&mXL8D
e-o
: w*@C
{i YO
Fe\v
pd;+
ewh
GzB3
b7!l
8lVU
-Hd/
SVW)
~b-A
G~%2H\
J"/1
#mU
0 B
l 5{
3Xpg
^BQs
*30>
O^5B
F0cN
SMO;
SPOR
,(j9
Wgu
tXz(
oPZ,
HAkQxW
Undiscernibly
Kasju
q/G Oo
~!3w
fJ?0A
-6KQ
(M EN
>avtKc&
pU]7/
&&&&&&&&&&7--n
KLxW
69ZU
9.3-'v
L.m+
& q>-
@N|~
VLc$
!$k5j
p<4W
!O~BD
_CIlog
. 2h
__vbaFPException
UB
iMA )
9GLQ
Zyy[[[[[[[[
?$sNa+
1^Pv
<'\AW
_j#y<
4{^Y
A/{CO
BhV2
cV>_#
3ZLW
Jw 3
XVu;
Fe"3Y
j~In
u% **
%a]T
ZaJ'
O#?O
.Hh4
x pY
(ALQF3
u!5tH
Ncq5E
O;I<
=+`,@Ot
*qy5
=h3_
vJR(
&zvRl
LsgJ+S
V^JG
{m5G
__vbaI4Var
r9<5
m =sGHB^*
aiftQ/
{R,c
=t/F
7(B P
H8`0
E77!wy
AY|5yN
QtHa
P,WO+
Bf<o
}o%i
:+d<
Sp5l<
;& '5
Y;aux
[[[[[[[[[[[+}
OG, <%
:2BP
l8eBM
_ Sm
r!wW
J"?Uq
(aI
;T,
(;%<i)
y`Pc
Fv:<
Nf4~yD
jd&f
.MTU
3=;C
ff;[
Zb`nJ)
Z_Z1
q]y2
,TJ~%
(Ui_
_!:a2
w1v
l1^^
Spiritusere0
[[[[[[[[[[[[[[[[[999
l%0b
IRVB
2>?7K'g1nn
{BEXJ#Z
N^d
HU.t
"<Xj
Q@qQ
kE+,!
Ciborium6
kA0yI
N(Y ne~x2
!xdZ
]/N!/F
p>V<c
A|n X
./qj]
tP=%NF
.[C5g
wz*
_nR=
yb|fn
M|@B
`5-d
tO5uo
7##8
mmO7
DjQ
D$ r
S)8;
3y!D9
2n v$<, 6
9yh5
H:U1
- f,
JP
DX<TJ
0tKE
# m}
Csxr
D$ i
5pqJ.LQK
mfn'
g.[R
pR,CT#*=`
\NcN
WWWWW
LGVd&N
>7\l&
Z &s7
hLdK
}=&t
!6:<m
[ 3|b
Es6$
"O~BD
Eh'N
;+S#
B3uK
H B^H,
>c`<
^W_d
jp`g
>Wi1
D?|k
U'n6H
y8qw
aQr2H4
qVmRO
%nB_
?@ZK
"d h
?"a
oR]-P
^%\o~
LK3kc*x0
vBxW
)bE0
t*L/
zo,IC@
i>0
"`FN
?&&&&\---nR
fjA"
sHELL32.DLL
%k tX:
\2Mz
nzD5{n(
p!$/
M[Ne
P@=uk
P,L^
:a*t{
O8%/
q;_J
{s]t
Svun
9+G5oL
q w)X=
g)~U
!4R0
SULNt
yZBC
owt?
q^1?
i/zl
]6w)*D
d(wA
5 S:
_adj_fdivr_m64
xqifn
_CIcos
Un f
qIN/
(rAU
iv 4
b&|>v
q }
Bd1^
ePa!E
YYZbPF
)xYS
VB5!6&*
)GGq
=lX0
&*3A
Oy8
@;es
+X,w
xXdlR
M2j=d*
N1C|
eRz3
z xIj
6pJ;3
*n.zUc
);5E
% tz
J{dV
*pS6f
h+df
Mtp
R0Q.
6X
G=W7
FxyBEG
vY$9
">UU
pCzNX
t[c+
:G0+
Y q[
fV+6~
('-
I&?I
S^"`<
FKF>
ORTbt$
p(Yv
__vbaSetSystemError
s&h
hm+)XW
[O>4c
z1`# K
@B f]
`F%0
y^o`
tGi/1\
5$v&
@4Ly:y4.1
i EE
)C!WqD
}yEbhk
VB%CD
UG#!
ls '
<O_HH
cs+&
#UkT
eeA
hZEH
E~`V-
1nu&
>kQyz
8]z5
o`HI
KgsHe
CN:+
i_{
Od P@
z%9Y
P+;Q
5 ij
WSJeX .
1u00
nI3
!hhh
x< -
nm!B
7]s.
C?n_
g^.
j"V<#
ncb {
t]0[
|~BEEEE[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
Om
{r53
6R9h
!)&4
&d%%l
QYV!
-w<
RCs
Y/Wo;
nW4['q,P
Passater
S/ (s
Z?W&
ha?n'
tT+a
! ()
W)`!
jhG<
__vbaFreeObj
47P(A
g.1*
S6>k
h|x@
A&U>/
x3nv
\sATq`
YQ^Q
u&J(u
T~<}ol
_%afa.
^_a^T
=@ag
Muka
?#n+
0e3ql
'#i<
bN-4^
5M-i;B
)7"Dg>sbh5
F]d]
s4=n
p(oV
[9|F
0]nks
[:VR
188z
a`[cD!
^53_3
khUa
/&Q1
WW!!
NdFa
2[Mty
0Sk?z6
' WE
kX8
k$({
%u[[ A
6D#LV
Muwu
ti9q6H
__vbaVarAdd
Q !%
i-dSQ
OR: y
@3KH
SYEKr
-C=j
E}gi
ckW>"
WK?:
EMJX5
> Db
Av/R
KN\JF{
,S|
l3 L$
u1am'
~u! X
0BiO
?+|&
sE h_z
o&6At
h[DAA
idf
j'zu
a(}_c
(}2T
h x@
mF@g
.LZkC6&N
{Qai
!UXE
fMUa>
,"u{2
Y'cC
D$ f
1rfu
66?w&%
`?B#
J dx
ph(!s
WWWWW*&&&&&&&&&&
$/nu
(%4
F+e!.
dZn[Lzw
S#7!
xQMf
-/B2NP
6v^q
L~>M
C q"
zNM^
!nG;
#>I9r
A F -;
nfhS'
<t s
7HcN&A
SdRg
Okd
?u[;=
^UE
C8\[
[[[[[[[[[[[[[[:
:B?
b<ND
Transformeren7
+8>=
O w
Billetkbene6
(?:
S0Rt%m
5th9nj
[[[[[[[[[[[[[[Z
q5p"
tOj
$YzG[
Upt`#
MirG
[[[[[[[[[[[[[[g
9Q&{
(4<B
_adj_fdivr_m32
8!\)
Ndtb
6jt2Y
x-($
iO ;d
tK4R
E+GB
R&&&&&&&&&&
?;:,
>x-^I
^?Ff
#\d].
]Gp'e*
g0>I
wCf=
$NJp
mSal/
Xf>}
wI lc~
xNawh
D' O
v^f. -
&U[FP
nvs>
Oe bb
D$ yT
'YN]6I
g wo
h\x@
#{jo
n&[0^M
r{ P~
)ANW'
Ugepengene4
9$h{W'3
m Ss
_allmul
Je2[
$Dw>
bs 7
]Tx
Mndf
*a0At
j?6u
z`[q
@798
Wl[M
<3tJ
plsl
%1.(
/Uk\
)|K,PS3
>D#AgQ
~un0
A558^C
R*T;
\p}7
_CIatan
AP=$
0z[`
K,Ce
gn/0
n%Y
xE{&
% Lr
P7u>
M":
{C]=
Nl$|
WcCv
5"C2m
@fxpl
;)!'y
wB|Acq
mIk}
E`Ro/
KIrd
# a/
dE5-
_. N
%mN[
dU}L
Oajc
nnnR
2-9M _h
Eg]u^c
$MfuqM
|w}!
wwJh
.U S
Et~t
(]yX
Cg
YCHu.
-G:bp
A3tC
UXT`a
2I[[[[[[[[[[[[888}+++
0+]r
Cln4
7?<K'
. >9
| Hv8
-m9#YfT
Z* g
vy;8
Oq9[
k(T
] CB0c
[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[tt
B E4j
-,3WyA
itk 9
u7RQ
s=_q
c'hp
~Ziq
086D
z'V2N
d+5.=^c
bYJr|w''
>}d
D$ a
7*}J
J-y=lw
&m lZ
;K;Az
W: US
&&&&&&&&&---nR
n2qLY
3q.\U
k:j^
,h3
`V
|$P6
rBfIG
Hpy[[[[[[[[[[BB~
y[[[[[[[[[[[[[
un4U<4
^\}.
^yO
)~y
Hx9!
nqD=S
n8r7Yh
(v6'
[[[[[[[[[[
q$?s
D$ m
eAC`
e(5P>
bR?k
.Rtx
`"d(
%zfq
[0]2
PXVdA
4^Ix
'\mT
NnpKn
2ce3
_ R{
"[!#=
F`~f
xkd]
A)j'
cx+l
](b'HW
b2/Y
,52@
)EGZ
<]>9
:d!
_ `P
buKo[
y1]K
G-z ,)
]ebqM,
@N.3
o}#
abbb
YC!(
loT3
s?hoo
cFIp=
q.}x
fTHR
W!!!hhh!!!WW
#Lav
%hf
"g R3L
n`eK
Oktettens
h2l1
59}L
;20}0
< Wl
>>x)
CZ 7B
f52O
kj m
bq5S
h!^P
V"S^
bY.kz
&? <
={#\
UB-Z
>h>b9
&GIS
g}/x
&&&&&&&&&&?
E [[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[[
fz2"J
)s ~
"#;PD
'(I8
OMvi
'))
M}{F
o T*
+)X%f
&&&&&&&&&&
dstm&^
#ZL
Q iOB c
{"FB
yI}fn-
E] /{F
X^+J
Yv r
4kI6PV
:xk<
,-V{5
r}{o
e1#)
92RF
kZAr[Z
BJg[#
J+g>
J\ t
t>x=_n
R>90
.*Sy
7Gj0
IYoYx
F4nL
-wZ;
3 4&
xZZZZ/yy[[[[[[[[[
bjsB
c_iN
j^ b
imvFXk
`Cn[_
&&&&&&&&&&V
ug4h]>;
4F_Q[
c O!5m_
kT79
#$Av
]V04^!{
[2 i
zQ/s
u^G"G
$/Ei
jj&]
_adj_fdiv_m16i
Qpem
"~ub
fI# f
z)jjd0
s>x=_m
L _zP
a~DD.
-.d9
lsRR 9f
i&> 5
]& R
HwO(
\fLa
QQB:L
3<9G$
<@e.Ms
/S["P
pLP5RU
),RE
]{ '=
=^a7
A0;Yz
<^W<
ou~t`
LMggP
k9 Q
@v_}
yKn!
tHJ_
f!Y_+
7g+,
q1bX,
zfn>
'4F/
q7S#
O<5PMz
I^s
,9r(
92+@
J~1:7
`H<~{*
ia[i[a
[[[[[[[[[[[[[[[[[[[999
x=ABB
:~E(
_adj_fprem1
$kK&
w:&a
D&fp
P 36~
Hz2|
Parodisk5
$,fN;
$ V
!= {<
z;AC s
MgN9
wz$7
Y e1
'^iS
gcb@ry6
SRg?}
-+Re
7wh:
izg+V
cIYG
6E E
P ^0
;jb-
/69.
U+siz
t+&z
r4+!ga
]1Nb}
BMpK
Zb_*
kk].
~:i{
[+k=
T"8%
;j.0
jkHk
Eftersprges5
nfnj
.<13
<)"
fV/Gv
767J~
Y33333<
B\)/j
HoFO
m0H.
S--"ec
;Ks;
-Hmx
4m?j
^rqq
Obzp*
t3s
~<*\
6|r@
AKmaOZ7^
X_l?
yt.
@yKb
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
j]|p
_1"I+J
s!J4
EEsK.
?bBK
K5,"
; E]
meo']d
{_*?
1=32
;.!o
t 'xB
agO)
+H5GD
strmpilene
GVJ'
%sq@
0bd=
mUY{
yjgfn
a]Y[%
^tBpej
db+Zs
kEMy
Ysq|+S
7{Jw
|3;8
?7{b
htu@
Shampoo
__vbaHresultCheckObj
h6;)E
kd'
D$ I
6: j
_adj_fptan
Jx9y
g,$)Tm
VBA6.DLL
~yEC
li6^
j%~!hS
m u1
WO(ciT
qA'Y
dT|L
o!6k
ressourcestyringers
[. +t
$A}+
TJiGcH4
zA]7
QU(B3
QAi9
X.AO
Wmb#Z
hr5yOU
oT`_
=L_]1D
6O[/Q
|\ee
F_ t
DllFunctionCall
C0ezE
jBeF
"E)0
<m$[I>x]
%] -
-Fs
_OwG
_oIx
}__2
wJ61
jPHG
KKi S
+a<W
[|R2
3=i@
7g6te
[8Z|-t
GetMem4
f~[ D,
mur=
|q\cA<
|$ C9
Xg!O
kkyM
D_;C@
:q5.ha{
P6B\
Cr68
\4e
Z)^j
V"c
*sO1k
|?b
0-31
Y{qp}p
<DA
O%z9
akh*
_adj_fdivr_m32i
dk.u
50qx
E;h {
F2 NEO-
AEDU
]A4BE0
z.b
?R#+{
Chela
8PD
u4(^
-Q3 t
0r`{
U}@8
pfn"
v5k=
S a:?
BHw{8
fvO_l6W
`01y
akzb
~-+WPY!
+3Fr
IrP[
byy!
< K
"`[S
?qS'N
`X,
Cxi-
iflsO
g-c\
c"[)RI
_L:~1
BVyB
.u|Y
d1 Ndv
Z9:
:w}W|
1)su
Wdq[
*oGr
9sA1
0N3=*
~I&Hj
b9U.
+pHa
=X2*u
_adj_fdiv_m64
L$ t
Kkners1
vvp>
J p*Ft
DH|W
__vbaEnd
1Ebo
&(}!
{:{D
f%7C+
8QUm
G'li
^+-d
doKY
CK2b~W
`_d6,
~xP'
9i_l
L2 [
(n_`rk
FES6
*_ \t
!k~lk
ka15a
jp+L4:
B#B~
cWW=
^/-'
EVENT_SINK_AddRef
5Ko~3I3
%l*k
'YAj
C_FxS
Y0\*
^{9+;U0
PSx;P
sLNZ
})ZV
k"lKY<]
5d?!
:K> v
5]^rm,
Ln|"
d!pVT3 {
P('"
dVE(
a\nN
z |{L7
VI77
_CIexp
iB^*A,V
;K$#
O>Q
T<=H
@[iF
rnL2
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-11 15:54:54 2018-06-11 15:57:45 171

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-06-11 15:54:54 2018-06-11 15:57:45 171

7 Summary items with data

Files

\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\cl.exe.cfg
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\sysnative\C_936.NLS
C:\Users\Seven01\AppData\Local\Temp\~DF5B06DCC951004031.TMP
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Seven01\AppData\Local\Temp\cl.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Users\Seven01\AppData\Local\Temp
C:\Users\Seven01\AppData\Local\Temp\*.*
C:\Windows\Fonts\staticcache.dat
C:\
C:\Users\Seven01\AppData\Local\Temp\IPHlpApi.DLL
C:\Windows\System32\IPHLPAPI.DLL
C:\Users\Seven01\AppData\Local\Temp\WINNSI.DLL
C:\Windows\System32\winnsi.dll

Read Files

\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\~DF5B06DCC951004031.TMP
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
C:\Windows\WindowsShell.Manifest
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll

Write Files

C:\Users\Seven01\AppData\Local\Temp\~DF5B06DCC951004031.TMP

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\cl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT\UserEra
HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\936
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Local\MSCTF.Asm.MutexDefault1

Resolved APIs

cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
oleaut32.dll.OleLoadPictureEx
oleaut32.dll.DispCallFunc
oleaut32.dll.LoadTypeLibEx
oleaut32.dll.UnRegisterTypeLib
oleaut32.dll.CreateTypeLib2
oleaut32.dll.VarDateFromUdate
oleaut32.dll.VarUdateFromDate
oleaut32.dll.GetAltMonthNames
oleaut32.dll.VarNumFromParseNum
oleaut32.dll.VarParseNumFromStr
oleaut32.dll.VarDecFromR4
oleaut32.dll.VarDecFromR8
oleaut32.dll.VarDecFromDate
oleaut32.dll.VarDecFromI4
oleaut32.dll.VarDecFromCy
oleaut32.dll.VarR4FromDec
oleaut32.dll.GetRecordInfoFromTypeInfo
oleaut32.dll.GetRecordInfoFromGuids
oleaut32.dll.SafeArrayGetRecordInfo
oleaut32.dll.SafeArraySetRecordInfo
oleaut32.dll.SafeArrayGetIID
oleaut32.dll.SafeArraySetIID
oleaut32.dll.SafeArrayCopyData
oleaut32.dll.SafeArrayAllocDescriptorEx
oleaut32.dll.SafeArrayCreateEx
oleaut32.dll.VarFormat
oleaut32.dll.VarFormatDateTime
oleaut32.dll.VarFormatNumber
oleaut32.dll.VarFormatPercent
oleaut32.dll.VarFormatCurrency
oleaut32.dll.VarWeekdayName
oleaut32.dll.VarMonthName
oleaut32.dll.VarAdd
oleaut32.dll.VarAnd
oleaut32.dll.VarCat
oleaut32.dll.VarDiv
oleaut32.dll.VarEqv
oleaut32.dll.VarIdiv
oleaut32.dll.VarImp
oleaut32.dll.VarMod
oleaut32.dll.VarMul
oleaut32.dll.VarOr
oleaut32.dll.VarPow
oleaut32.dll.VarSub
oleaut32.dll.VarXor
oleaut32.dll.VarAbs
oleaut32.dll.VarFix
oleaut32.dll.VarInt
oleaut32.dll.VarNeg
oleaut32.dll.VarNot
oleaut32.dll.VarRound
oleaut32.dll.VarCmp
oleaut32.dll.VarDecAdd
oleaut32.dll.VarDecCmp
oleaut32.dll.VarBstrCat
oleaut32.dll.VarCyMulI4
oleaut32.dll.VarBstrCmp
ole32.dll.CoCreateInstanceEx
ole32.dll.CLSIDFromProgIDEx
sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.GetMonitorInfoA
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
dwmapi.dll.DwmIsCompositionEnabled
lpk.dll.LpkEditControl
comctl32.dll.HIMAGELIST_QueryInterface
comctl32.dll.DrawShadowText
comctl32.dll.DrawSizeBox
comctl32.dll.DrawScrollBar
comctl32.dll.SizeBoxHwnd
comctl32.dll.ScrollBar_MouseMove
comctl32.dll.ScrollBar_Menu
comctl32.dll.HandleScrollCmd
comctl32.dll.DetachScrollBars
comctl32.dll.AttachScrollBars
comctl32.dll.CCSetScrollInfo
comctl32.dll.CCGetScrollInfo
comctl32.dll.CCEnableScrollBar
comctl32.dll.QuerySystemGestureStatus
uxtheme.dll.#49
uxtheme.dll.CloseThemeData
uxtheme.dll.DrawThemeBackground
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.GetThemePartSize
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
gdi32.dll.GetTextExtentExPointWPri
user32.dll.RegisterHotKey
msvbvm60.dll.GetMem4
kernel32.dll.NlsGetCacheUpdateCount
kernel32.dll.GetCalendarInfoW
version.dll.VerQueryValueA
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
gdi32.dll.EnumFontsA
shell32.dll.Shell_NotifyIconA
ntdll.dll.ZwSetInformationProcess
kernel32.dll.Sleep
user32.dll.GetDesktopWindow
kernel32.dll.HeapAlloc
kernel32.dll.SetLastError
kernel32.dll.SetErrorMode
ntdll.dll.NtYieldExecution
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.CreateFileA
kernel32.dll.WriteFile
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.GetFileSize
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualProtectEx
kernel32.dll.GetLongPathNameA
kernel32.dll.TerminateProcess
iphlpapi.dll.GetAdaptersInfo
kernel32.dll.VirtualAllocEx
shell32.dll.ShellExecuteA
user32.dll.EnumWindows
user32.dll.DestroyWindow
user32.dll.EnumThreadWindows

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-06-11 15:57:08

Detected family: #Barys

TheSystem Itself @ 2018-06-11 16:04:01