Exes_e27bdc1c79013da1098d22cf06437f23_exe.json

1.  
2. [*] MalFamily: "Black"
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_e27bdc1c79013da1098d22cf06437f23.exe"
7. [*] File Size: 12265098
8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
9. [*] SHA256: "cccac4ce557dce36970c15077a73eda37a30c0834f5c21f9bbe8c752e677a6e8"
10. [*] MD5: "e27bdc1c79013da1098d22cf06437f23"
11. [*] SHA1: "807265a577233164d07dd5bbc640c31bf5d3f707"
12. [*] SHA512: "6e0a95fb7d54ddfbe7712660c24d5745e4e0ca2a9e812c86614570347932335c96a1837283a3b610b000f3c30f7764b51e47914ef2861a432c0fdf349aaba9b0"
13. [*] CRC32: "A97246F3"
14. [*] SSDEEP: "196608:79z/2bK5onZOLWmvMuqa7nXQ2omMeKttmC9d1lfhrf/LjOwn/dFwsWZ2wu1Jr1Ef:7J/s4v7vMuqcXOOO1XDqw/d8MJ/r5cWy"
15.  
16. [*] Process Execution: [
17. "Exes_e27bdc1c79013da1098d22cf06437f23.exe",
18. "Exes_e27bdc1c79013da1098d22cf06437f23.tmp"
19. ]
20.  
21. [*] Signatures Detected: [
22. {
23. "Description": "Creates RWX memory",
24. "Details": []
25. },
26. {
27. "Description": "Reads data out of its own binary image",
28. "Details": [
29. {
30. "self_read": "process: Exes_e27bdc1c79013da1098d22cf06437f23.exe, pid: 3564, offset: 0x00b76984, length: 0x0000182a"
31. },
32. {
33. "self_read": "process: Exes_e27bdc1c79013da1098d22cf06437f23.exe, pid: 3564, offset: 0x00b78a77, length: 0x00039c13"
34. },
35. {
36. "self_read": "process: Exes_e27bdc1c79013da1098d22cf06437f23.tmp, pid: 3972, offset: 0x00000000, length: 0x000ac000"
37. }
38. ]
39. },
40. {
41. "Description": "Drops a binary and executes it",
42. "Details": [
43. {
44. "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\is-RM3HH.tmp\\Exes_e27bdc1c79013da1098d22cf06437f23.tmp"
45. }
46. ]
47. },
48. {
49. "Description": "Performs some HTTP requests",
50. "Details": [
51. {
52. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
53. },
54. {
55. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
56. },
57. {
58. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
59. }
60. ]
61. },
62. {
63. "Description": "Exhibits possible ransomware file modification behavior",
64. "Details": [
65. {
66. "file_modifications": "Performs 86 file moves indicative of a potential file encryption process"
67. },
68. {
69. "appends_new_extension": "Appends a new file extension to multiple modified files"
70. },
71. {
72. "new_appended_file_extension": ".exe"
73. },
74. {
75. "new_appended_file_extension": ".bin"
76. },
77. {
78. "new_appended_file_extension": ".ini"
79. },
80. {
81. "new_appended_file_extension": ".png"
82. }
83. ]
84. },
85. {
86. "Description": "File has been identified by 20 Antiviruses on VirusTotal as malicious",
87. "Details": [
88. {
89. "CAT-QuickHeal": "Trojan.Black"
90. },
91. {
92. "Symantec": "Trojan.Gen"
93. },
94. {
95. "Kaspersky": "Packed.Win32.Black.a"
96. },
97. {
98. "NANO-Antivirus": "Trojan.Win32.Black.bdjqqs"
99. },
100. {
101. "AegisLab": "Packer.W32.Black.a!c"
102. },
103. {
104. "Rising": "Trojan.Generic (cloud:WwnxCDlrpDK)"
105. },
106. {
107. "Sophos": "Mal/Behav-374"
108. },
109. {
110. "DrWeb": "Trojan.Packed.650"
111. },
112. {
113. "VIPRE": "Trojan.Win32.Generic!BT"
114. },
115. {
116. "McAfee-GW-Edition": "Artemis"
117. },
118. {
119. "Cyren": "W32/Trojan.XVWW-6420"
120. },
121. {
122. "Webroot": "W32.Malware.Heur"
123. },
124. {
125. "Avira": "TR/Black.Gen2"
126. },
127. {
128. "Antiy-AVL": "Trojan[Packed]/Win32.Black"
129. },
130. {
131. "Microsoft": "VirTool:Win32/Obfuscator"
132. },
133. {
134. "ZoneAlarm": "Packed.Win32.Black.a"
135. },
136. {
137. "GData": "Win32.Application.Agent.3N5HS0"
138. },
139. {
140. "McAfee": "Artemis!E27BDC1C7901"
141. },
142. {
143. "AVware": "Trojan.Win32.Generic!BT"
144. },
145. {
146. "Cylance": "Unsafe"
147. }
148. ]
149. }
150. ]
151.  
152. [*] Started Service: []
153.  
154. [*] Executed Commands: [
155. "\"C:\\Users\\user\\AppData\\Local\\Temp\\is-RM3HH.tmp\\Exes_e27bdc1c79013da1098d22cf06437f23.tmp\" /SL5=\"$7017C,12020100,54272,C:\\Users\\user\\AppData\\Local\\Temp\\Exes_e27bdc1c79013da1098d22cf06437f23.exe\""
156. ]
157.  
158. [*] Mutexes: [
159. "CicLoadWinStaWinSta0",
160. "Local\\MSCTF.CtfMonitorInstMutexDefault1",
161. "DefaultTabtip-MainUI"
162. ]
163.  
164. [*] Modified Files: [
165. "C:\\Users\\user\\AppData\\Local\\Temp\\is-RM3HH.tmp\\Exes_e27bdc1c79013da1098d22cf06437f23.tmp",
166. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_RegDLL.tmp",
167. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_setup64.tmp",
168. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_shfoldr.dll",
169. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\unins000.dat",
170. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-VSN8O.tmp",
171. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\unins000.exe",
172. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-H04T4.tmp",
173. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\bookinfo.bin",
174. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-7KVH9.tmp",
175. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\BookMaker.exe",
176. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-75STA.tmp",
177. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\cyclone.exe",
178. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-VLGTM.tmp",
179. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\cyclone.ini",
180. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-9N2KS.tmp",
181. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\EThinker.exe",
182. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-0T7J2.tmp",
183. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\ethinker.ini",
184. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\is-865TA.tmp",
185. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\bk.png",
186. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-Q11GP.tmp",
187. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\ba.png",
188. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-UM7JB.tmp",
189. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\bb.png",
190. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-0JQ6D.tmp",
191. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\bc.png",
192. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-TO44T.tmp",
193. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\bk.png",
194. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-H6UPO.tmp",
195. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\bn.png",
196. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-4JOF8.tmp",
197. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\board.png",
198. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-LM6SV.tmp",
199. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\bp.png",
200. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-FOTCR.tmp",
201. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\br.png",
202. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-N9TKC.tmp",
203. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\dir0.png",
204. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-2GLJC.tmp",
205. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\dir1.png",
206. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-QC7CJ.tmp",
207. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\focus.png",
208. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-CTA1R.tmp",
209. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\ra.png",
210. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-6MG0D.tmp",
211. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rb.png",
212. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-A3GUE.tmp",
213. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rc.png",
214. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-3TDEU.tmp",
215. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rk.png",
216. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-6SR4M.tmp",
217. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rn.png",
218. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-LR31I.tmp",
219. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rp.png",
220. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-OG437.tmp",
221. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\rr.png",
222. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-S7H1R.tmp",
223. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\start.png",
224. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-120A3.tmp",
225. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\stop.png",
226. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-5OSVJ.tmp",
227. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\ba.png",
228. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-SS68F.tmp",
229. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\bb.png",
230. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-P5U6V.tmp",
231. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\bc.png",
232. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-IFDQQ.tmp",
233. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\bk.png",
234. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-ITR69.tmp",
235. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\bn.png",
236. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-AH28S.tmp",
237. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\board.png",
238. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-CQ344.tmp",
239. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\bp.png",
240. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-5A2JK.tmp",
241. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\br.png",
242. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-NNG5C.tmp",
243. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\dir0.png",
244. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-3QCJ9.tmp",
245. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\dir1.png",
246. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-I4U32.tmp",
247. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\focus.png",
248. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-4OE59.tmp",
249. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\ra.png",
250. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-OF1GJ.tmp",
251. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rb.png",
252. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-JHPAC.tmp",
253. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rc.png",
254. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-21BHG.tmp",
255. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rk.png",
256. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-J6MKG.tmp",
257. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rn.png",
258. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-NU5VM.tmp",
259. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rp.png",
260. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-I7I4T.tmp",
261. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\rr.png",
262. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-3FK17.tmp",
263. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\start.png",
264. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-9VUQ2.tmp",
265. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\stop.png",
266. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-SD3EE.tmp",
267. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\ba.png",
268. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-SOCDL.tmp",
269. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\bb.png",
270. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-J1Q7U.tmp",
271. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\bc.png",
272. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-CCC2M.tmp",
273. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\bk.png",
274. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-K9CSJ.tmp",
275. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\bn.png",
276. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-9VV3B.tmp",
277. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\board.png",
278. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-4P8VE.tmp",
279. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\bp.png",
280. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-V4CF4.tmp",
281. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\br.png",
282. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-I60DS.tmp",
283. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\dir0.png",
284. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-KOOOO.tmp",
285. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\dir1.png",
286. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-C515E.tmp",
287. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\focus.png",
288. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-U8SK5.tmp",
289. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\ra.png",
290. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-VK5A1.tmp",
291. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rb.png",
292. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-NOLKJ.tmp",
293. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rc.png",
294. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-TH7RN.tmp",
295. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rk.png",
296. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-IGDQH.tmp",
297. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rn.png",
298. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-E59SR.tmp",
299. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rp.png",
300. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-0QLHL.tmp",
301. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\rr.png",
302. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-4NK80.tmp",
303. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\start.png",
304. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-FPBUV.tmp",
305. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\stop.png",
306. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-M61M2.tmp",
307. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\ba.png",
308. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-95HUM.tmp",
309. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\bb.png",
310. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-K0TK2.tmp",
311. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\bc.png",
312. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-EH3I8.tmp",
313. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\bk.png",
314. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-R239C.tmp",
315. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\bn.png",
316. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-7VJUC.tmp",
317. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\board.png",
318. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-N79DK.tmp",
319. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\bp.png",
320. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-P07P3.tmp",
321. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\br.png",
322. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-K16EK.tmp",
323. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\focus.png",
324. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-SVA7I.tmp",
325. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\ra.png",
326. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-U9P6F.tmp",
327. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rb.png",
328. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-EBOC8.tmp",
329. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rc.png",
330. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-1D21G.tmp",
331. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rk.png",
332. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-O8V4U.tmp",
333. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rn.png",
334. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-R0OKA.tmp",
335. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rp.png",
336. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-4R7OG.tmp",
337. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\rr.png",
338. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-TGA1O.tmp",
339. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\start.png",
340. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-D9EL8.tmp",
341. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\stop.png",
342. "\\??\\PIPE\\srvsvc",
343. "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5.lnk",
344. "C:\\Users\\user\\Desktop\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5.lnk"
345. ]
346.  
347. [*] Deleted Files: [
348. "C:\\Users\\user\\AppData\\Local\\Temp\\is-RM3HH.tmp\\Exes_e27bdc1c79013da1098d22cf06437f23.tmp",
349. "C:\\Users\\user\\AppData\\Local\\Temp\\is-RM3HH.tmp",
350. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-VSN8O.tmp",
351. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-H04T4.tmp",
352. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-7KVH9.tmp",
353. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-75STA.tmp",
354. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-VLGTM.tmp",
355. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-9N2KS.tmp",
356. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\is-0T7J2.tmp",
357. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\is-865TA.tmp",
358. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-Q11GP.tmp",
359. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-UM7JB.tmp",
360. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-0JQ6D.tmp",
361. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-TO44T.tmp",
362. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-H6UPO.tmp",
363. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-4JOF8.tmp",
364. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-LM6SV.tmp",
365. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-FOTCR.tmp",
366. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-N9TKC.tmp",
367. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-2GLJC.tmp",
368. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-QC7CJ.tmp",
369. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-CTA1R.tmp",
370. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-6MG0D.tmp",
371. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-A3GUE.tmp",
372. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-3TDEU.tmp",
373. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-6SR4M.tmp",
374. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-LR31I.tmp",
375. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-OG437.tmp",
376. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-S7H1R.tmp",
377. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\large\\is-120A3.tmp",
378. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-5OSVJ.tmp",
379. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-SS68F.tmp",
380. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-P5U6V.tmp",
381. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-IFDQQ.tmp",
382. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-ITR69.tmp",
383. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-AH28S.tmp",
384. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-CQ344.tmp",
385. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-5A2JK.tmp",
386. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-NNG5C.tmp",
387. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-3QCJ9.tmp",
388. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-I4U32.tmp",
389. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-4OE59.tmp",
390. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-OF1GJ.tmp",
391. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-JHPAC.tmp",
392. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-21BHG.tmp",
393. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-J6MKG.tmp",
394. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-NU5VM.tmp",
395. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-I7I4T.tmp",
396. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-3FK17.tmp",
397. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\medium\\is-9VUQ2.tmp",
398. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-SD3EE.tmp",
399. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-SOCDL.tmp",
400. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-J1Q7U.tmp",
401. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-CCC2M.tmp",
402. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-K9CSJ.tmp",
403. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-9VV3B.tmp",
404. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-4P8VE.tmp",
405. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-V4CF4.tmp",
406. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-I60DS.tmp",
407. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-KOOOO.tmp",
408. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-C515E.tmp",
409. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-U8SK5.tmp",
410. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-VK5A1.tmp",
411. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-NOLKJ.tmp",
412. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-TH7RN.tmp",
413. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-IGDQH.tmp",
414. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-E59SR.tmp",
415. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-0QLHL.tmp",
416. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-4NK80.tmp",
417. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\small\\is-FPBUV.tmp",
418. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-M61M2.tmp",
419. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-95HUM.tmp",
420. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-K0TK2.tmp",
421. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-EH3I8.tmp",
422. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-R239C.tmp",
423. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-7VJUC.tmp",
424. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-N79DK.tmp",
425. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-P07P3.tmp",
426. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-K16EK.tmp",
427. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-SVA7I.tmp",
428. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-U9P6F.tmp",
429. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-EBOC8.tmp",
430. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-1D21G.tmp",
431. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-O8V4U.tmp",
432. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-R0OKA.tmp",
433. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-4R7OG.tmp",
434. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-TGA1O.tmp",
435. "C:\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x96\\xc3\\x90\\xc2\\xb9\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5\\scheme\\tiny\\is-D9EL8.tmp",
436. "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.lnk",
437. "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.pif",
438. "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.url",
439. "C:\\Users\\user\\Desktop\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.lnk",
440. "C:\\Users\\user\\Desktop\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.pif",
441. "C:\\Users\\user\\Desktop\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5.url",
442. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_RegDLL.tmp",
443. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_setup64.tmp",
444. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup\\_shfoldr.dll",
445. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp\\_isetup",
446. "C:\\Users\\user\\AppData\\Local\\Temp\\is-LRG04.tmp"
447. ]
448.  
449. [*] Modified Registry Keys: [
450. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xef\\xbf\\x8c\\xef\\xbf\\xac\\xef\\xbe\\xbb\\xef\\xbf\\xba\\xef\\xbf\\x8f\\xef\\xbf\\xb3\\xef\\xbf\\x86\\xef\\xbf\\xa5_is1",
451. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\Inno Setup: Setup Version",
452. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\Inno Setup: App Path",
453. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\InstallLocation",
454. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\Inno Setup: Icon Group",
455. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\Inno Setup: User",
456. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\Inno Setup: Language",
457. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\DisplayName",
458. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\DisplayIcon",
459. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\UninstallString",
460. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\QuietUninstallString",
461. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\NoModify",
462. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\NoRepair",
463. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\InstallDate",
464. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\\xc3\\x8c\\xc3\\xac\\xc2\\xbb\\xc3\\xba\\xc3\\x8f\\xc3\\xb3\\xc3\\x86\\xc3\\xa5_is1\\EstimatedSize"
465. ]
466.  
467. [*] Deleted Registry Keys: []
468.  
469. [*] DNS Communications: []
470.  
471. [*] Domains: []
472.  
473. [*] Network Communication - ICMP: []
474.  
475. [*] Network Communication - HTTP: [
476. {
477. "count": 1,
478. "body": "",
479. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
480. "user-agent": "Microsoft-CryptoAPI/6.1",
481. "method": "GET",
482. "host": "ocsp.digicert.com",
483. "version": "1.1",
484. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
485. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
486. "port": 80
487. },
488. {
489. "count": 1,
490. "body": "",
491. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
492. "user-agent": "Microsoft-CryptoAPI/6.1",
493. "method": "GET",
494. "host": "ocsp.digicert.com",
495. "version": "1.1",
496. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
497. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
498. "port": 80
499. },
500. {
501. "count": 1,
502. "body": "",
503. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
504. "user-agent": "Microsoft-CryptoAPI/6.1",
505. "method": "GET",
506. "host": "ocsp.digicert.com",
507. "version": "1.1",
508. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
509. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
510. "port": 80
511. }
512. ]
513.  
514. [*] Network Communication - SMTP: []
515.  
516. [*] Network Communication - Hosts: []
517.  
518. [*] Network Communication - IRC: []
519.  
520. [*] Static Analysis: {
521. "pe": {
522. "peid_signatures": null,
523. "imports": [
524. {
525. "imports": [
526. {
527. "name": "DeleteCriticalSection",
528. "address": "0x40d0b4"
529. },
530. {
531. "name": "LeaveCriticalSection",
532. "address": "0x40d0b8"
533. },
534. {
535. "name": "EnterCriticalSection",
536. "address": "0x40d0bc"
537. },
538. {
539. "name": "InitializeCriticalSection",
540. "address": "0x40d0c0"
541. },
542. {
543. "name": "VirtualFree",
544. "address": "0x40d0c4"
545. },
546. {
547. "name": "VirtualAlloc",
548. "address": "0x40d0c8"
549. },
550. {
551. "name": "LocalFree",
552. "address": "0x40d0cc"
553. },
554. {
555. "name": "LocalAlloc",
556. "address": "0x40d0d0"
557. },
558. {
559. "name": "WideCharToMultiByte",
560. "address": "0x40d0d4"
561. },
562. {
563. "name": "TlsSetValue",
564. "address": "0x40d0d8"
565. },
566. {
567. "name": "TlsGetValue",
568. "address": "0x40d0dc"
569. },
570. {
571. "name": "MultiByteToWideChar",
572. "address": "0x40d0e0"
573. },
574. {
575. "name": "GetModuleHandleA",
576. "address": "0x40d0e4"
577. },
578. {
579. "name": "GetLastError",
580. "address": "0x40d0e8"
581. },
582. {
583. "name": "GetCommandLineA",
584. "address": "0x40d0ec"
585. },
586. {
587. "name": "WriteFile",
588. "address": "0x40d0f0"
589. },
590. {
591. "name": "SetFilePointer",
592. "address": "0x40d0f4"
593. },
594. {
595. "name": "SetEndOfFile",
596. "address": "0x40d0f8"
597. },
598. {
599. "name": "RtlUnwind",
600. "address": "0x40d0fc"
601. },
602. {
603. "name": "ReadFile",
604. "address": "0x40d100"
605. },
606. {
607. "name": "RaiseException",
608. "address": "0x40d104"
609. },
610. {
611. "name": "GetStdHandle",
612. "address": "0x40d108"
613. },
614. {
615. "name": "GetFileSize",
616. "address": "0x40d10c"
617. },
618. {
619. "name": "GetSystemTime",
620. "address": "0x40d110"
621. },
622. {
623. "name": "GetFileType",
624. "address": "0x40d114"
625. },
626. {
627. "name": "ExitProcess",
628. "address": "0x40d118"
629. },
630. {
631. "name": "CreateFileA",
632. "address": "0x40d11c"
633. },
634. {
635. "name": "CloseHandle",
636. "address": "0x40d120"
637. }
638. ],
639. "dll": "kernel32.dll"
640. },
641. {
642. "imports": [
643. {
644. "name": "MessageBoxA",
645. "address": "0x40d128"
646. }
647. ],
648. "dll": "user32.dll"
649. },
650. {
651. "imports": [
652. {
653. "name": "VariantChangeTypeEx",
654. "address": "0x40d130"
655. },
656. {
657. "name": "VariantCopyInd",
658. "address": "0x40d134"
659. },
660. {
661. "name": "VariantClear",
662. "address": "0x40d138"
663. },
664. {
665. "name": "SysStringLen",
666. "address": "0x40d13c"
667. },
668. {
669. "name": "SysAllocStringLen",
670. "address": "0x40d140"
671. }
672. ],
673. "dll": "oleaut32.dll"
674. },
675. {
676. "imports": [
677. {
678. "name": "RegQueryValueExA",
679. "address": "0x40d148"
680. },
681. {
682. "name": "RegOpenKeyExA",
683. "address": "0x40d14c"
684. },
685. {
686. "name": "RegCloseKey",
687. "address": "0x40d150"
688. },
689. {
690. "name": "OpenProcessToken",
691. "address": "0x40d154"
692. },
693. {
694. "name": "LookupPrivilegeValueA",
695. "address": "0x40d158"
696. }
697. ],
698. "dll": "advapi32.dll"
699. },
700. {
701. "imports": [
702. {
703. "name": "WriteFile",
704. "address": "0x40d160"
705. },
706. {
707. "name": "VirtualQuery",
708. "address": "0x40d164"
709. },
710. {
711. "name": "VirtualProtect",
712. "address": "0x40d168"
713. },
714. {
715. "name": "VirtualFree",
716. "address": "0x40d16c"
717. },
718. {
719. "name": "VirtualAlloc",
720. "address": "0x40d170"
721. },
722. {
723. "name": "Sleep",
724. "address": "0x40d174"
725. },
726. {
727. "name": "SizeofResource",
728. "address": "0x40d178"
729. },
730. {
731. "name": "SetLastError",
732. "address": "0x40d17c"
733. },
734. {
735. "name": "SetFilePointer",
736. "address": "0x40d180"
737. },
738. {
739. "name": "SetErrorMode",
740. "address": "0x40d184"
741. },
742. {
743. "name": "SetEndOfFile",
744. "address": "0x40d188"
745. },
746. {
747. "name": "RemoveDirectoryA",
748. "address": "0x40d18c"
749. },
750. {
751. "name": "ReadFile",
752. "address": "0x40d190"
753. },
754. {
755. "name": "LockResource",
756. "address": "0x40d194"
757. },
758. {
759. "name": "LoadResource",
760. "address": "0x40d198"
761. },
762. {
763. "name": "LoadLibraryA",
764. "address": "0x40d19c"
765. },
766. {
767. "name": "IsDBCSLeadByte",
768. "address": "0x40d1a0"
769. },
770. {
771. "name": "GetWindowsDirectoryA",
772. "address": "0x40d1a4"
773. },
774. {
775. "name": "GetVersionExA",
776. "address": "0x40d1a8"
777. },
778. {
779. "name": "GetUserDefaultLangID",
780. "address": "0x40d1ac"
781. },
782. {
783. "name": "GetSystemInfo",
784. "address": "0x40d1b0"
785. },
786. {
787. "name": "GetSystemDefaultLCID",
788. "address": "0x40d1b4"
789. },
790. {
791. "name": "GetProcAddress",
792. "address": "0x40d1b8"
793. },
794. {
795. "name": "GetModuleHandleA",
796. "address": "0x40d1bc"
797. },
798. {
799. "name": "GetModuleFileNameA",
800. "address": "0x40d1c0"
801. },
802. {
803. "name": "GetLocaleInfoA",
804. "address": "0x40d1c4"
805. },
806. {
807. "name": "GetLastError",
808. "address": "0x40d1c8"
809. },
810. {
811. "name": "GetFullPathNameA",
812. "address": "0x40d1cc"
813. },
814. {
815. "name": "GetFileSize",
816. "address": "0x40d1d0"
817. },
818. {
819. "name": "GetFileAttributesA",
820. "address": "0x40d1d4"
821. },
822. {
823. "name": "GetExitCodeProcess",
824. "address": "0x40d1d8"
825. },
826. {
827. "name": "GetEnvironmentVariableA",
828. "address": "0x40d1dc"
829. },
830. {
831. "name": "GetCurrentProcess",
832. "address": "0x40d1e0"
833. },
834. {
835. "name": "GetCommandLineA",
836. "address": "0x40d1e4"
837. },
838. {
839. "name": "GetACP",
840. "address": "0x40d1e8"
841. },
842. {
843. "name": "InterlockedExchange",
844. "address": "0x40d1ec"
845. },
846. {
847. "name": "FormatMessageA",
848. "address": "0x40d1f0"
849. },
850. {
851. "name": "FindResourceA",
852. "address": "0x40d1f4"
853. },
854. {
855. "name": "DeleteFileA",
856. "address": "0x40d1f8"
857. },
858. {
859. "name": "CreateProcessA",
860. "address": "0x40d1fc"
861. },
862. {
863. "name": "CreateFileA",
864. "address": "0x40d200"
865. },
866. {
867. "name": "CreateDirectoryA",
868. "address": "0x40d204"
869. },
870. {
871. "name": "CloseHandle",
872. "address": "0x40d208"
873. }
874. ],
875. "dll": "kernel32.dll"
876. },
877. {
878. "imports": [
879. {
880. "name": "TranslateMessage",
881. "address": "0x40d210"
882. },
883. {
884. "name": "SetWindowLongA",
885. "address": "0x40d214"
886. },
887. {
888. "name": "PeekMessageA",
889. "address": "0x40d218"
890. },
891. {
892. "name": "MsgWaitForMultipleObjects",
893. "address": "0x40d21c"
894. },
895. {
896. "name": "MessageBoxA",
897. "address": "0x40d220"
898. },
899. {
900. "name": "LoadStringA",
901. "address": "0x40d224"
902. },
903. {
904. "name": "ExitWindowsEx",
905. "address": "0x40d228"
906. },
907. {
908. "name": "DispatchMessageA",
909. "address": "0x40d22c"
910. },
911. {
912. "name": "DestroyWindow",
913. "address": "0x40d230"
914. },
915. {
916. "name": "CreateWindowExA",
917. "address": "0x40d234"
918. },
919. {
920. "name": "CallWindowProcA",
921. "address": "0x40d238"
922. },
923. {
924. "name": "CharPrevA",
925. "address": "0x40d23c"
926. }
927. ],
928. "dll": "user32.dll"
929. },
930. {
931. "imports": [
932. {
933. "name": "InitCommonControls",
934. "address": "0x40d244"
935. }
936. ],
937. "dll": "comctl32.dll"
938. },
939. {
940. "imports": [
941. {
942. "name": "AdjustTokenPrivileges",
943. "address": "0x40d24c"
944. }
945. ],
946. "dll": "advapi32.dll"
947. }
948. ],
949. "digital_signers": null,
950. "exported_dll_name": null,
951. "actual_checksum": "0x00bb4532",
952. "overlay": {
953. "size": "0x00ba528a",
954. "offset": "0x0000d400"
955. },
956. "imagebase": "0x00400000",
957. "reported_checksum": "0x00000000",
958. "icon_hash": null,
959. "entrypoint": "0x00409c40",
960. "timestamp": "1992-06-19 22:22:17",
961. "osversion": "1.0",
962. "sections": [
963. {
964. "name": "CODE",
965. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
966. "virtual_address": "0x00001000",
967. "size_of_data": "0x00009400",
968. "entropy": "6.56",
969. "raw_address": "0x00000400",
970. "virtual_size": "0x00009364",
971. "characteristics_raw": "0x60000020"
972. },
973. {
974. "name": "DATA",
975. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
976. "virtual_address": "0x0000b000",
977. "size_of_data": "0x00000400",
978. "entropy": "2.75",
979. "raw_address": "0x00009800",
980. "virtual_size": "0x0000024c",
981. "characteristics_raw": "0xc0000040"
982. },
983. {
984. "name": "BSS",
985. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
986. "virtual_address": "0x0000c000",
987. "size_of_data": "0x00000000",
988. "entropy": "0.00",
989. "raw_address": "0x00009c00",
990. "virtual_size": "0x00000e4c",
991. "characteristics_raw": "0xc0000000"
992. },
993. {
994. "name": ".idata",
995. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
996. "virtual_address": "0x0000d000",
997. "size_of_data": "0x00000a00",
998. "entropy": "4.43",
999. "raw_address": "0x00009c00",
1000. "virtual_size": "0x00000950",
1001. "characteristics_raw": "0xc0000040"
1002. },
1003. {
1004. "name": ".tls",
1005. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1006. "virtual_address": "0x0000e000",
1007. "size_of_data": "0x00000000",
1008. "entropy": "0.00",
1009. "raw_address": "0x0000a600",
1010. "virtual_size": "0x00000008",
1011. "characteristics_raw": "0xc0000000"
1012. },
1013. {
1014. "name": ".rdata",
1015. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1016. "virtual_address": "0x0000f000",
1017. "size_of_data": "0x00000200",
1018. "entropy": "0.20",
1019. "raw_address": "0x0000a600",
1020. "virtual_size": "0x00000018",
1021. "characteristics_raw": "0x50000040"
1022. },
1023. {
1024. "name": ".reloc",
1025. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1026. "virtual_address": "0x00010000",
1027. "size_of_data": "0x00000000",
1028. "entropy": "0.00",
1029. "raw_address": "0x00000000",
1030. "virtual_size": "0x000008b4",
1031. "characteristics_raw": "0x50000040"
1032. },
1033. {
1034. "name": ".rsrc",
1035. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1036. "virtual_address": "0x00011000",
1037. "size_of_data": "0x00002c00",
1038. "entropy": "4.46",
1039. "raw_address": "0x0000a800",
1040. "virtual_size": "0x00002c00",
1041. "characteristics_raw": "0x50000040"
1042. }
1043. ],
1044. "resources": [],
1045. "dirents": [
1046. {
1047. "virtual_address": "0x00000000",
1048. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1049. "size": "0x00000000"
1050. },
1051. {
1052. "virtual_address": "0x0000d000",
1053. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1054. "size": "0x00000950"
1055. },
1056. {
1057. "virtual_address": "0x00011000",
1058. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1059. "size": "0x00002c00"
1060. },
1061. {
1062. "virtual_address": "0x00000000",
1063. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1064. "size": "0x00000000"
1065. },
1066. {
1067. "virtual_address": "0x00000000",
1068. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1069. "size": "0x00000000"
1070. },
1071. {
1072. "virtual_address": "0x00000000",
1073. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1074. "size": "0x00000000"
1075. },
1076. {
1077. "virtual_address": "0x00000000",
1078. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1079. "size": "0x00000000"
1080. },
1081. {
1082. "virtual_address": "0x00000000",
1083. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1084. "size": "0x00000000"
1085. },
1086. {
1087. "virtual_address": "0x00000000",
1088. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1089. "size": "0x00000000"
1090. },
1091. {
1092. "virtual_address": "0x0000f000",
1093. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1094. "size": "0x00000018"
1095. },
1096. {
1097. "virtual_address": "0x00000000",
1098. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1099. "size": "0x00000000"
1100. },
1101. {
1102. "virtual_address": "0x00000000",
1103. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1104. "size": "0x00000000"
1105. },
1106. {
1107. "virtual_address": "0x00000000",
1108. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1109. "size": "0x00000000"
1110. },
1111. {
1112. "virtual_address": "0x00000000",
1113. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1114. "size": "0x00000000"
1115. },
1116. {
1117. "virtual_address": "0x00000000",
1118. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1119. "size": "0x00000000"
1120. },
1121. {
1122. "virtual_address": "0x00000000",
1123. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1124. "size": "0x00000000"
1125. }
1126. ],
1127. "exports": [],
1128. "guest_signers": {},
1129. "imphash": "884310b1928934402ea6fec1dbd3cf5e",
1130. "icon_fuzzy": null,
1131. "icon": null,
1132. "pdbpath": null,
1133. "imported_dll_count": 8,
1134. "versioninfo": []
1135. }
1136. }
1137.  
1138. [*] Resolved APIs: [
1139. "kernel32.dll.SetDllDirectoryW",
1140. "kernel32.dll.SetSearchPathMode",
1141. "kernel32.dll.SetProcessDEPPolicy",
1142. "kernel32.dll.Wow64DisableWow64FsRedirection",
1143. "kernel32.dll.Wow64RevertWow64FsRedirection",
1144. "kernel32.dll.GetUserDefaultUILanguage",
1145. "comctl32.dll.RegisterClassNameW",
1146. "kernel32.dll.SortGetHandle",
1147. "kernel32.dll.SortCloseHandle",
1148. "uxtheme.dll.ThemeInitApiHook",
1149. "user32.dll.IsProcessDPIAware",
1150. "dwmapi.dll.DwmIsCompositionEnabled",
1151. "uxtheme.dll.EnableThemeDialogTexture",
1152. "gdi32.dll.GetLayout",
1153. "gdi32.dll.GdiRealizationInfo",
1154. "gdi32.dll.FontIsLinked",
1155. "advapi32.dll.RegOpenKeyExW",
1156. "advapi32.dll.RegQueryInfoKeyW",
1157. "gdi32.dll.GetTextFaceAliasW",
1158. "advapi32.dll.RegEnumValueW",
1159. "advapi32.dll.RegCloseKey",
1160. "advapi32.dll.RegQueryValueExW",
1161. "gdi32.dll.GetFontAssocStatus",
1162. "advapi32.dll.RegQueryValueExA",
1163. "advapi32.dll.RegEnumKeyExW",
1164. "gdi32.dll.GdiIsMetaPrintDC",
1165. "ole32.dll.CoInitializeEx",
1166. "ole32.dll.CoUninitialize",
1167. "cryptbase.dll.SystemFunction036",
1168. "ole32.dll.CoRegisterInitializeSpy",
1169. "ole32.dll.CoRevokeInitializeSpy",
1170. "uxtheme.dll.OpenThemeData",
1171. "uxtheme.dll.CloseThemeData",
1172. "uxtheme.dll.DrawThemeBackground",
1173. "uxtheme.dll.DrawThemeText",
1174. "uxtheme.dll.GetThemeBackgroundContentRect",
1175. "uxtheme.dll.GetThemePartSize",
1176. "uxtheme.dll.GetThemeTextExtent",
1177. "uxtheme.dll.GetThemeTextMetrics",
1178. "uxtheme.dll.GetThemeBackgroundRegion",
1179. "uxtheme.dll.HitTestThemeBackground",
1180. "uxtheme.dll.DrawThemeEdge",
1181. "uxtheme.dll.DrawThemeIcon",
1182. "uxtheme.dll.IsThemePartDefined",
1183. "uxtheme.dll.IsThemeBackgroundPartiallyTransparent",
1184. "uxtheme.dll.GetThemeColor",
1185. "uxtheme.dll.GetThemeMetric",
1186. "uxtheme.dll.GetThemeString",
1187. "uxtheme.dll.GetThemeBool",
1188. "uxtheme.dll.GetThemeInt",
1189. "uxtheme.dll.GetThemeEnumValue",
1190. "uxtheme.dll.GetThemePosition",
1191. "uxtheme.dll.GetThemeFont",
1192. "uxtheme.dll.GetThemeRect",
1193. "uxtheme.dll.GetThemeMargins",
1194. "uxtheme.dll.GetThemeIntList",
1195. "uxtheme.dll.GetThemePropertyOrigin",
1196. "uxtheme.dll.SetWindowTheme",
1197. "uxtheme.dll.GetThemeFilename",
1198. "uxtheme.dll.GetThemeSysColor",
1199. "uxtheme.dll.GetThemeSysColorBrush",
1200. "uxtheme.dll.GetThemeSysBool",
1201. "uxtheme.dll.GetThemeSysSize",
1202. "uxtheme.dll.GetThemeSysFont",
1203. "uxtheme.dll.GetThemeSysString",
1204. "uxtheme.dll.GetThemeSysInt",
1205. "uxtheme.dll.IsThemeActive",
1206. "uxtheme.dll.IsAppThemed",
1207. "uxtheme.dll.GetWindowTheme",
1208. "uxtheme.dll.IsThemeDialogTextureEnabled",
1209. "uxtheme.dll.GetThemeAppProperties",
1210. "uxtheme.dll.SetThemeAppProperties",
1211. "uxtheme.dll.GetCurrentThemeName",
1212. "uxtheme.dll.GetThemeDocumentationProperty",
1213. "uxtheme.dll.DrawThemeParentBackground",
1214. "uxtheme.dll.EnableTheming",
1215. "user32.dll.NotifyWinEvent",
1216. "shell32.dll.SHCreateItemFromParsingName",
1217. "shell32.dll.SHPathPrepareForWriteA",
1218. "kernel32.dll.VerSetConditionMask",
1219. "kernel32.dll.VerifyVersionInfoW",
1220. "kernel32.dll.GetNativeSystemInfo",
1221. "kernel32.dll.IsWow64Process",
1222. "kernel32.dll.GetSystemWow64DirectoryA",
1223. "advapi32.dll.RegDeleteKeyExA",
1224. "user32.dll.DisableProcessWindowsGhosting",
1225. "advapi32.dll.CheckTokenMembership",
1226. "user32.dll.ShutdownBlockReasonDestroy",
1227. "user32.dll.ShutdownBlockReasonCreate",
1228. "shfolder.dll.SHGetFolderPathA",
1229. "comctl32.dll.HIMAGELIST_QueryInterface",
1230. "comctl32.dll.DrawShadowText",
1231. "comctl32.dll.DrawSizeBox",
1232. "comctl32.dll.DrawScrollBar",
1233. "comctl32.dll.SizeBoxHwnd",
1234. "comctl32.dll.ScrollBar_MouseMove",
1235. "comctl32.dll.ScrollBar_Menu",
1236. "comctl32.dll.HandleScrollCmd",
1237. "comctl32.dll.DetachScrollBars",
1238. "comctl32.dll.AttachScrollBars",
1239. "comctl32.dll.CCSetScrollInfo",
1240. "comctl32.dll.CCGetScrollInfo",
1241. "comctl32.dll.CCEnableScrollBar",
1242. "comctl32.dll.QuerySystemGestureStatus",
1243. "uxtheme.dll.#49",
1244. "user32.dll.ChangeWindowMessageFilterEx",
1245. "gdi32.dll.GetTextExtentExPointWPri",
1246. "user32.dll.MonitorFromRect",
1247. "user32.dll.GetMonitorInfoA",
1248. "imm32.dll.ImmIsIME",
1249. "shlwapi.dll.SHAutoComplete",
1250. "ole32.dll.CoCreateInstance",
1251. "comctl32.dll.#411",
1252. "comctl32.dll.#410",
1253. "ole32.dll.CLSIDFromString",
1254. "comctl32.dll.#413",
1255. "uxtheme.dll.BufferedPaintInit",
1256. "uxtheme.dll.BufferedPaintRenderAnimation",
1257. "uxtheme.dll.GetThemeTransitionDuration",
1258. "uxtheme.dll.BeginBufferedAnimation",
1259. "uxtheme.dll.EndBufferedAnimation",
1260. "uxtheme.dll.DrawThemeParentBackgroundEx",
1261. "uxtheme.dll.BeginBufferedPaint",
1262. "uxtheme.dll.EndBufferedPaint",
1263. "imm32.dll.ImmGetContext",
1264. "imm32.dll.ImmLockIMC",
1265. "imm32.dll.ImmUnlockIMC",
1266. "imm32.dll.ImmReleaseContext",
1267. "imm32.dll.ImmSetCompositionFontW",
1268. "imm32.dll.ImmGetCompositionWindow",
1269. "imm32.dll.ImmSetCompositionWindow",
1270. "kernel32.dll.GetDiskFreeSpaceExA",
1271. "imm32.dll.ImmAssociateContext",
1272. "uxtheme.dll.BufferedPaintStopAllAnimations",
1273. "sfc.dll.SfcIsFileProtected",
1274. "setupapi.dll.PnpIsFilePnpDriver",
1275. "kernel32.dll.RegOpenKeyExW",
1276. "kernel32.dll.RegCloseKey",
1277. "devrtl.dll.DevRtlGetThreadLogToken",
1278. "propsys.dll.PSCreateMemoryPropertyStore",
1279. "comctl32.dll.#328",
1280. "comctl32.dll.#334",
1281. "shell32.dll.#102",
1282. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
1283. "advapi32.dll.InitializeSecurityDescriptor",
1284. "advapi32.dll.SetEntriesInAclW",
1285. "ntmarta.dll.GetMartaExtensionInterface",
1286. "advapi32.dll.SetSecurityDescriptorDacl",
1287. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
1288. "advapi32.dll.IsTextUnicode",
1289. "comctl32.dll.#332",
1290. "comctl32.dll.#338",
1291. "sechost.dll.ConvertSidToStringSidW",
1292. "profapi.dll.#104",
1293. "ole32.dll.CoTaskMemFree",
1294. "linkinfo.dll.CreateLinkInfoW",
1295. "comctl32.dll.#386",
1296. "user32.dll.IsCharAlphaW",
1297. "user32.dll.CharPrevW",
1298. "ntshrui.dll.GetNetResourceFromLocalPathW",
1299. "srvcli.dll.NetShareEnum",
1300. "cscapi.dll.CscNetApiGetInterface",
1301. "slc.dll.SLGetWindowsInformationDWORD",
1302. "shlwapi.dll.PathRemoveFileSpecW",
1303. "linkinfo.dll.DestroyLinkInfo",
1304. "comctl32.dll.#412",
1305. "comctl32.dll.#388",
1306. "uxtheme.dll.BufferedPaintUnInit",
1307. "oleaut32.dll.#500",
1308. "netutils.dll.NetApiBufferFree",
1309. "advapi32.dll.UnregisterTraceGuids",
1310. "comctl32.dll.#321"
1311. ]
1312.  
1313. [*] Static Analysis: {
1314. "pe": {
1315. "peid_signatures": null,
1316. "imports": [
1317. {
1318. "imports": [
1319. {
1320. "name": "DeleteCriticalSection",
1321. "address": "0x40d0b4"
1322. },
1323. {
1324. "name": "LeaveCriticalSection",
1325. "address": "0x40d0b8"
1326. },
1327. {
1328. "name": "EnterCriticalSection",
1329. "address": "0x40d0bc"
1330. },
1331. {
1332. "name": "InitializeCriticalSection",
1333. "address": "0x40d0c0"
1334. },
1335. {
1336. "name": "VirtualFree",
1337. "address": "0x40d0c4"
1338. },
1339. {
1340. "name": "VirtualAlloc",
1341. "address": "0x40d0c8"
1342. },
1343. {
1344. "name": "LocalFree",
1345. "address": "0x40d0cc"
1346. },
1347. {
1348. "name": "LocalAlloc",
1349. "address": "0x40d0d0"
1350. },
1351. {
1352. "name": "WideCharToMultiByte",
1353. "address": "0x40d0d4"
1354. },
1355. {
1356. "name": "TlsSetValue",
1357. "address": "0x40d0d8"
1358. },
1359. {
1360. "name": "TlsGetValue",
1361. "address": "0x40d0dc"
1362. },
1363. {
1364. "name": "MultiByteToWideChar",
1365. "address": "0x40d0e0"
1366. },
1367. {
1368. "name": "GetModuleHandleA",
1369. "address": "0x40d0e4"
1370. },
1371. {
1372. "name": "GetLastError",
1373. "address": "0x40d0e8"
1374. },
1375. {
1376. "name": "GetCommandLineA",
1377. "address": "0x40d0ec"
1378. },
1379. {
1380. "name": "WriteFile",
1381. "address": "0x40d0f0"
1382. },
1383. {
1384. "name": "SetFilePointer",
1385. "address": "0x40d0f4"
1386. },
1387. {
1388. "name": "SetEndOfFile",
1389. "address": "0x40d0f8"
1390. },
1391. {
1392. "name": "RtlUnwind",
1393. "address": "0x40d0fc"
1394. },
1395. {
1396. "name": "ReadFile",
1397. "address": "0x40d100"
1398. },
1399. {
1400. "name": "RaiseException",
1401. "address": "0x40d104"
1402. },
1403. {
1404. "name": "GetStdHandle",
1405. "address": "0x40d108"
1406. },
1407. {
1408. "name": "GetFileSize",
1409. "address": "0x40d10c"
1410. },
1411. {
1412. "name": "GetSystemTime",
1413. "address": "0x40d110"
1414. },
1415. {
1416. "name": "GetFileType",
1417. "address": "0x40d114"
1418. },
1419. {
1420. "name": "ExitProcess",
1421. "address": "0x40d118"
1422. },
1423. {
1424. "name": "CreateFileA",
1425. "address": "0x40d11c"
1426. },
1427. {
1428. "name": "CloseHandle",
1429. "address": "0x40d120"
1430. }
1431. ],
1432. "dll": "kernel32.dll"
1433. },
1434. {
1435. "imports": [
1436. {
1437. "name": "MessageBoxA",
1438. "address": "0x40d128"
1439. }
1440. ],
1441. "dll": "user32.dll"
1442. },
1443. {
1444. "imports": [
1445. {
1446. "name": "VariantChangeTypeEx",
1447. "address": "0x40d130"
1448. },
1449. {
1450. "name": "VariantCopyInd",
1451. "address": "0x40d134"
1452. },
1453. {
1454. "name": "VariantClear",
1455. "address": "0x40d138"
1456. },
1457. {
1458. "name": "SysStringLen",
1459. "address": "0x40d13c"
1460. },
1461. {
1462. "name": "SysAllocStringLen",
1463. "address": "0x40d140"
1464. }
1465. ],
1466. "dll": "oleaut32.dll"
1467. },
1468. {
1469. "imports": [
1470. {
1471. "name": "RegQueryValueExA",
1472. "address": "0x40d148"
1473. },
1474. {
1475. "name": "RegOpenKeyExA",
1476. "address": "0x40d14c"
1477. },
1478. {
1479. "name": "RegCloseKey",
1480. "address": "0x40d150"
1481. },
1482. {
1483. "name": "OpenProcessToken",
1484. "address": "0x40d154"
1485. },
1486. {
1487. "name": "LookupPrivilegeValueA",
1488. "address": "0x40d158"
1489. }
1490. ],
1491. "dll": "advapi32.dll"
1492. },
1493. {
1494. "imports": [
1495. {
1496. "name": "WriteFile",
1497. "address": "0x40d160"
1498. },
1499. {
1500. "name": "VirtualQuery",
1501. "address": "0x40d164"
1502. },
1503. {
1504. "name": "VirtualProtect",
1505. "address": "0x40d168"
1506. },
1507. {
1508. "name": "VirtualFree",
1509. "address": "0x40d16c"
1510. },
1511. {
1512. "name": "VirtualAlloc",
1513. "address": "0x40d170"
1514. },
1515. {
1516. "name": "Sleep",
1517. "address": "0x40d174"
1518. },
1519. {
1520. "name": "SizeofResource",
1521. "address": "0x40d178"
1522. },
1523. {
1524. "name": "SetLastError",
1525. "address": "0x40d17c"
1526. },
1527. {
1528. "name": "SetFilePointer",
1529. "address": "0x40d180"
1530. },
1531. {
1532. "name": "SetErrorMode",
1533. "address": "0x40d184"
1534. },
1535. {
1536. "name": "SetEndOfFile",
1537. "address": "0x40d188"
1538. },
1539. {
1540. "name": "RemoveDirectoryA",
1541. "address": "0x40d18c"
1542. },
1543. {
1544. "name": "ReadFile",
1545. "address": "0x40d190"
1546. },
1547. {
1548. "name": "LockResource",
1549. "address": "0x40d194"
1550. },
1551. {
1552. "name": "LoadResource",
1553. "address": "0x40d198"
1554. },
1555. {
1556. "name": "LoadLibraryA",
1557. "address": "0x40d19c"
1558. },
1559. {
1560. "name": "IsDBCSLeadByte",
1561. "address": "0x40d1a0"
1562. },
1563. {
1564. "name": "GetWindowsDirectoryA",
1565. "address": "0x40d1a4"
1566. },
1567. {
1568. "name": "GetVersionExA",
1569. "address": "0x40d1a8"
1570. },
1571. {
1572. "name": "GetUserDefaultLangID",
1573. "address": "0x40d1ac"
1574. },
1575. {
1576. "name": "GetSystemInfo",
1577. "address": "0x40d1b0"
1578. },
1579. {
1580. "name": "GetSystemDefaultLCID",
1581. "address": "0x40d1b4"
1582. },
1583. {
1584. "name": "GetProcAddress",
1585. "address": "0x40d1b8"
1586. },
1587. {
1588. "name": "GetModuleHandleA",
1589. "address": "0x40d1bc"
1590. },
1591. {
1592. "name": "GetModuleFileNameA",
1593. "address": "0x40d1c0"
1594. },
1595. {
1596. "name": "GetLocaleInfoA",
1597. "address": "0x40d1c4"
1598. },
1599. {
1600. "name": "GetLastError",
1601. "address": "0x40d1c8"
1602. },
1603. {
1604. "name": "GetFullPathNameA",
1605. "address": "0x40d1cc"
1606. },
1607. {
1608. "name": "GetFileSize",
1609. "address": "0x40d1d0"
1610. },
1611. {
1612. "name": "GetFileAttributesA",
1613. "address": "0x40d1d4"
1614. },
1615. {
1616. "name": "GetExitCodeProcess",
1617. "address": "0x40d1d8"
1618. },
1619. {
1620. "name": "GetEnvironmentVariableA",
1621. "address": "0x40d1dc"
1622. },
1623. {
1624. "name": "GetCurrentProcess",
1625. "address": "0x40d1e0"
1626. },
1627. {
1628. "name": "GetCommandLineA",
1629. "address": "0x40d1e4"
1630. },
1631. {
1632. "name": "GetACP",
1633. "address": "0x40d1e8"
1634. },
1635. {
1636. "name": "InterlockedExchange",
1637. "address": "0x40d1ec"
1638. },
1639. {
1640. "name": "FormatMessageA",
1641. "address": "0x40d1f0"
1642. },
1643. {
1644. "name": "FindResourceA",
1645. "address": "0x40d1f4"
1646. },
1647. {
1648. "name": "DeleteFileA",
1649. "address": "0x40d1f8"
1650. },
1651. {
1652. "name": "CreateProcessA",
1653. "address": "0x40d1fc"
1654. },
1655. {
1656. "name": "CreateFileA",
1657. "address": "0x40d200"
1658. },
1659. {
1660. "name": "CreateDirectoryA",
1661. "address": "0x40d204"
1662. },
1663. {
1664. "name": "CloseHandle",
1665. "address": "0x40d208"
1666. }
1667. ],
1668. "dll": "kernel32.dll"
1669. },
1670. {
1671. "imports": [
1672. {
1673. "name": "TranslateMessage",
1674. "address": "0x40d210"
1675. },
1676. {
1677. "name": "SetWindowLongA",
1678. "address": "0x40d214"
1679. },
1680. {
1681. "name": "PeekMessageA",
1682. "address": "0x40d218"
1683. },
1684. {
1685. "name": "MsgWaitForMultipleObjects",
1686. "address": "0x40d21c"
1687. },
1688. {
1689. "name": "MessageBoxA",
1690. "address": "0x40d220"
1691. },
1692. {
1693. "name": "LoadStringA",
1694. "address": "0x40d224"
1695. },
1696. {
1697. "name": "ExitWindowsEx",
1698. "address": "0x40d228"
1699. },
1700. {
1701. "name": "DispatchMessageA",
1702. "address": "0x40d22c"
1703. },
1704. {
1705. "name": "DestroyWindow",
1706. "address": "0x40d230"
1707. },
1708. {
1709. "name": "CreateWindowExA",
1710. "address": "0x40d234"
1711. },
1712. {
1713. "name": "CallWindowProcA",
1714. "address": "0x40d238"
1715. },
1716. {
1717. "name": "CharPrevA",
1718. "address": "0x40d23c"
1719. }
1720. ],
1721. "dll": "user32.dll"
1722. },
1723. {
1724. "imports": [
1725. {
1726. "name": "InitCommonControls",
1727. "address": "0x40d244"
1728. }
1729. ],
1730. "dll": "comctl32.dll"
1731. },
1732. {
1733. "imports": [
1734. {
1735. "name": "AdjustTokenPrivileges",
1736. "address": "0x40d24c"
1737. }
1738. ],
1739. "dll": "advapi32.dll"
1740. }
1741. ],
1742. "digital_signers": null,
1743. "exported_dll_name": null,
1744. "actual_checksum": "0x00bb4532",
1745. "overlay": {
1746. "size": "0x00ba528a",
1747. "offset": "0x0000d400"
1748. },
1749. "imagebase": "0x00400000",
1750. "reported_checksum": "0x00000000",
1751. "icon_hash": null,
1752. "entrypoint": "0x00409c40",
1753. "timestamp": "1992-06-19 22:22:17",
1754. "osversion": "1.0",
1755. "sections": [
1756. {
1757. "name": "CODE",
1758. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1759. "virtual_address": "0x00001000",
1760. "size_of_data": "0x00009400",
1761. "entropy": "6.56",
1762. "raw_address": "0x00000400",
1763. "virtual_size": "0x00009364",
1764. "characteristics_raw": "0x60000020"
1765. },
1766. {
1767. "name": "DATA",
1768. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1769. "virtual_address": "0x0000b000",
1770. "size_of_data": "0x00000400",
1771. "entropy": "2.75",
1772. "raw_address": "0x00009800",
1773. "virtual_size": "0x0000024c",
1774. "characteristics_raw": "0xc0000040"
1775. },
1776. {
1777. "name": "BSS",
1778. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1779. "virtual_address": "0x0000c000",
1780. "size_of_data": "0x00000000",
1781. "entropy": "0.00",
1782. "raw_address": "0x00009c00",
1783. "virtual_size": "0x00000e4c",
1784. "characteristics_raw": "0xc0000000"
1785. },
1786. {
1787. "name": ".idata",
1788. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1789. "virtual_address": "0x0000d000",
1790. "size_of_data": "0x00000a00",
1791. "entropy": "4.43",
1792. "raw_address": "0x00009c00",
1793. "virtual_size": "0x00000950",
1794. "characteristics_raw": "0xc0000040"
1795. },
1796. {
1797. "name": ".tls",
1798. "characteristics": "IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1799. "virtual_address": "0x0000e000",
1800. "size_of_data": "0x00000000",
1801. "entropy": "0.00",
1802. "raw_address": "0x0000a600",
1803. "virtual_size": "0x00000008",
1804. "characteristics_raw": "0xc0000000"
1805. },
1806. {
1807. "name": ".rdata",
1808. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1809. "virtual_address": "0x0000f000",
1810. "size_of_data": "0x00000200",
1811. "entropy": "0.20",
1812. "raw_address": "0x0000a600",
1813. "virtual_size": "0x00000018",
1814. "characteristics_raw": "0x50000040"
1815. },
1816. {
1817. "name": ".reloc",
1818. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1819. "virtual_address": "0x00010000",
1820. "size_of_data": "0x00000000",
1821. "entropy": "0.00",
1822. "raw_address": "0x00000000",
1823. "virtual_size": "0x000008b4",
1824. "characteristics_raw": "0x50000040"
1825. },
1826. {
1827. "name": ".rsrc",
1828. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ",
1829. "virtual_address": "0x00011000",
1830. "size_of_data": "0x00002c00",
1831. "entropy": "4.46",
1832. "raw_address": "0x0000a800",
1833. "virtual_size": "0x00002c00",
1834. "characteristics_raw": "0x50000040"
1835. }
1836. ],
1837. "resources": [],
1838. "dirents": [
1839. {
1840. "virtual_address": "0x00000000",
1841. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1842. "size": "0x00000000"
1843. },
1844. {
1845. "virtual_address": "0x0000d000",
1846. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1847. "size": "0x00000950"
1848. },
1849. {
1850. "virtual_address": "0x00011000",
1851. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1852. "size": "0x00002c00"
1853. },
1854. {
1855. "virtual_address": "0x00000000",
1856. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1857. "size": "0x00000000"
1858. },
1859. {
1860. "virtual_address": "0x00000000",
1861. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1862. "size": "0x00000000"
1863. },
1864. {
1865. "virtual_address": "0x00000000",
1866. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1867. "size": "0x00000000"
1868. },
1869. {
1870. "virtual_address": "0x00000000",
1871. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1872. "size": "0x00000000"
1873. },
1874. {
1875. "virtual_address": "0x00000000",
1876. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1877. "size": "0x00000000"
1878. },
1879. {
1880. "virtual_address": "0x00000000",
1881. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1882. "size": "0x00000000"
1883. },
1884. {
1885. "virtual_address": "0x0000f000",
1886. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1887. "size": "0x00000018"
1888. },
1889. {
1890. "virtual_address": "0x00000000",
1891. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1892. "size": "0x00000000"
1893. },
1894. {
1895. "virtual_address": "0x00000000",
1896. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1897. "size": "0x00000000"
1898. },
1899. {
1900. "virtual_address": "0x00000000",
1901. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1902. "size": "0x00000000"
1903. },
1904. {
1905. "virtual_address": "0x00000000",
1906. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1907. "size": "0x00000000"
1908. },
1909. {
1910. "virtual_address": "0x00000000",
1911. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1912. "size": "0x00000000"
1913. },
1914. {
1915. "virtual_address": "0x00000000",
1916. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1917. "size": "0x00000000"
1918. }
1919. ],
1920. "exports": [],
1921. "guest_signers": {},
1922. "imphash": "884310b1928934402ea6fec1dbd3cf5e",
1923. "icon_fuzzy": null,
1924. "icon": null,
1925. "pdbpath": null,
1926. "imported_dll_count": 8,
1927. "versioninfo": []
1928. }
1929. }