Sample details: a93c90a210aed61255dc34102335af8d --

Hashes
MD5: a93c90a210aed61255dc34102335af8d
SHA1: c46f9c9e00ac8a1a55b8bb65e0bb1a3247aaaade
SHA256: 71011b459586a06acd2ecd6be340ccd751eabc2bbb8f02c4492f68496a3940e2
SSDEEP: 12288:5/zzNe37l4Q8tzGwTk8LF5J1Ex5DYva9Sqcby5S5VP+KWt1K:5/zzNA7SQ4GwTk8p5zCtlcsUReK
Details
File Type: data
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_pe | CuckooSandbox/embedded_win_api | YRP/domain | YRP/contentis_base64 | YRP/System_Tools | YRP/Dropper_Strings | YRP/DebuggerCheck__QueryInfo | YRP/ThreadControl__Context | YRP/anti_dbg | YRP/antivm_vmware | YRP/win_registry | YRP/win_token | YRP/win_files_operation | YRP/MD5_Constants |
Strings
		bin/i386/coredll.bin
SVWh(g
9~$YYs
;wTt&S
PSSSSSSh 
8!rsiVW
>NSuof
t.SSSj
tL9}(tG
PPPh|m
SSShdk
SSSSSh
PVSh@p
t ;t$$t
!!!!!!!!!!!!!!!!ADAA@@@@@@@@@@@@
@@@@@@@@!!!!
@@@@@@
A@@@@@@@@@
@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@AAAA@@@
@@@@$$$$$$$$$$$$$$$$@@@@@@@@@@@@@@@@
@A@@@@@@@@@@@@@A@@@@@@@A@AAA@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
KiUserExceptionDispatcher
ntdll.dll
ZwQueryInformationProcess
RtlGetNtVersionNumbers
kernel32.dll
IsWow64Process
msvcrt.dll
/bin/i386/coredll.bin
SPUTNIK
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
/bin/amd64/coredll.bin
/bin/i386/preload
/bin/amd64/preload
/pkg/sputnik.spk
/installer/com_x86.dll
/installer/com_x64.dll
/installer/services_x86.exe
/installer/services_x64.exe
/installer/ploader_x86.bin
/installer/ploader_x64.bin
/pkg/plugins.spk
UAPAQARASeH
(A[AZAYAX]
UVWATAUAVAWH
I9;u$H
I9{ u%H
I9{(u%H
:NuYI9{0u"H
:Nu+I9{8u%H
:Ru+I9{@u%H
:Nu(I9{Hu"H
:Zu+I9{Pu%H
A_A^A]A\_^]
RtlUnwind
memcpy
memset
ZwOpenSection
RtlInitUnicodeString
_snwprintf
_stricmp
memcmp
_chkstk
ZwQueryInformationProcess
ZwMapViewOfSection
_alloca_probe
ntdll.dll
malloc
MSVCRT.dll
GetProcAddress
GetModuleHandleA
InterlockedExchange
VirtualProtect
ExitProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
lstrcpyW
SetErrorMode
GetCurrentProcess
GetLastError
GetVersion
lstrcmpiA
VirtualAlloc
ResumeThread
ExpandEnvironmentStringsW
CreateFileMappingW
GetTickCount
GetCurrentProcessId
TerminateProcess
QueueUserAPC
SetThreadContext
GetThreadContext
DuplicateHandle
CreateProcessW
GetStartupInfoW
DeviceIoControl
CreateFileW
OpenMutexW
lstrlenW
WriteFile
lstrcatW
CreateDirectoryW
lstrcmpiW
DeleteFileW
KERNEL32.dll
FreeSid
LookupAccountSidA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
CloseServiceHandle
DeleteService
CreateServiceW
OpenSCManagerW
ControlService
QueryServiceStatus
OpenServiceW
ADVAPI32.dll
SHLWAPI.dll
NetApiBufferFree
NetUserEnum
NETAPI32.dll
5A7G7N7U7%8.8a8
?'?2?7?C?H?Z?_?g?
070W0i0s0~0
1+1@1d1q1y1
3(3/3H3X3y3
9-:9=F=X=^=
=6>=>C>
?.?:?Q?W?
0T1[1m1t1
1&242=2B2H2O2V2v2
4:4T4]4l4s4}4
6F6O6~6
:!:G:V:b:t:~:
;U;a;i;z;
<'<0<C<S<\<e<
=]=t=~=
7N7c7s7z7
8,8:8T8_8h8{8
9!9'9Z9t9{9
;!;=;H;O;T;`;l;|;
<#<B<S<h<s<|<
=&=0=@=N=W=f=o=
%0E0c0
bin/amd64/preload
D$@H9D$
WATAUH
 A]A\_
UVWATAUAVAWH
A_A^A]A\_^]
installer/com_x64.dll
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.reloc
UVWATAUAVAWH
 A_A^A]A\_^]
\$ UVWATAUH
A]A\_^]
WATAUH
0A]A\_
@SVWAUAVH
|$Xt7H
|$XtMH
A^A]_^[
|$ ATAUAVH
 A^A]A\
|$ ATH
|$ ATH
d$ AUAVAWH
A_A^A]
|$ ATAUAVH
< t[<	tW
 A^A]A\
Hct$@H
shHcD$HH
WATAUAVAWH
D$8A9}
A_A^A]A\_
WATAUH
 A]A\_
|$ ATH
ATAUAVH
 A^A]A\
LcA<E3
WATAUAVAWH
@A_A^A]A\_
|$ ATH
UVWAUAVH
PA^A]_^]
VWATAUAVH
0A^A]A\_^
@SUVWATAVH
|$Hfff
f;D$@uhA
f;D$@u:A
t2HcD$DH
t2HcD$DH
A^A\_^][
VWATAUAVH
0A^A]A\_^
|$ ATH
@SUVWH
@8l$&H
ATAUAVH
0A^A]A\
l$ VWATH
|$ ATH
D$8t#A
d$ AUH
ATAUAVH
0A^A]A\
@UATAUAVAWH
e A_A^A]A\]
D$PH;5[
L$ UATAUAVAWH
A_A^A]A\]
D$@H;5
@SWATH
L$ VWATAUH
hA]A\_^
hA]A\_^
hA]A\_^
D$Ht#A
u"8D$Xt
@USVWATAUAVAWH
eHA_A^A]A\_^[]
ATAUAVH
PA^A]A\
@8t$Ht
PA^A]A\
MSPUTNIK
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
`h`hhh
xppwpp
OLEAUT32.dll
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerW
ADVAPI32.dll
VirtualProtect
VirtualFree
VirtualAlloc
ExitProcess
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapReAlloc
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
FlushFileBuffers
KERNEL32.dll
COMHelper_x64.dll
DllCanUnloadNow
DllGetClassObject
ServiceMain
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
pkg/plugins.spk
^'C;W9.
4'/!hw!i
(}CuZR
|`([&[g
I0ec86
=/*cl7
D%p_\;
:-~s3T
 j6b !A
y5`r3(
lgwn`n@
:e+y[!|
v$DnN%
gO+P:|
4$^Ijy
En?C+&
c,ztIa
kSFwPc
]e<9Ap
%z< mA
H4t`sN
?g>jq+W<
MT]!\7i
(%nij.
|`N[#h!
;O^r%F
89V#$<
sic&>y
YW Kbd
QI V"COdE
__:[+y
_0H[.O
e@M/-'
".R]G1
z@qH|iN
.B(<S/
BDJdb5
[~8eT<
|9f><^
 0o1(v
e(v<#x
YNHRJu
w{m"N2
4M&+$i
`l>v;Q
HbW@<f
>"^0XL
1lkBnuE5C
2Kj2UV
y+xWP]
];xN!Y
saI3m|
>:UN,6
EWB|{X|
&>Efv "
1c zC>U
$e8[v[@
I;Q"B~y
X=Zt o+>
#iL}->g
V^[U2F
}C&wR}
 j-(WO
	xQ_G4
3:z"NE
_NeDGA
/tR~d0
?=6is,
}peGP{
]DGSh.
]k?3WT{l
D.|Uc[
kM`i(\
/h8Fa)_
k';z9BW
\ ~>Kt
faK/(@
,WC4$M
wr;k}]Z
?n	Ad	b
CRE;C=
]y@uuHr
PikRO&
8ZA !6,
ilh_6+
?v]\V2
'_=RaB
ADOg|\$]:
Pf#PmZ
M>C87j
2^`*M,
(?8v)v
O_nW=;
>ElG1cS
elU5b|
:OS/R!u
n!@q%o
};Ld8?{
jDX	+)
9iUiC[Bhl
5Q7T:!
UD=R} 
CUXN]x
v:G|l:
Fv+bzY
\wUbDs
}|QGD'?
,1;&1Y8
H&>.,[
{"t>N]
7(;pa:C
+frFx4
.$<J)*
FJ5C<%
!R|;\u u
Xx?CVnKo]
pGKp+<\b
.gxDfi6
KLo'E$!
l]EDAH
.~ U.J
`p9grXc
dx]a:-
LOL[ySz
~G"3c\
o<1c94z
!raFmn
Vi~aS*
S@r]L$
nY<Y<t/
WI/(4H
fuH;;\2
+d<#~xrc6V
XXH.%E
m!E'fI
ua8C^jg
~@=5r.
?rkU`LYe4
B5	+V*
q+Fi>@?-~
:qM:a[	
)I[Utv
nf+*Aa6
hUsu,T
@bxCv_
+/r_cG~
f5)hL7
9q:}{`m
6S>@h7
k-2&Zx
y+bW*@
r\xR#^
#)6x9j
krVW=H
f6{J;#
jF%L5L
:3dxXx
Hd5&	FL
WSl\ks
6fz3<1 
B~P/NqA
u~.^!N&
^i%m4z
@zTsop
v`![MS
_c`=@8
m.LmoJ
%z\i_d
RY0ca{
(lm$)c
	 Z_YK
r>O-9=-
1x>:@g
{=vXR2
ChE}2B
b>a6_t
u*"h%3
wD}#D~L
'YqI\<
x4g$Qo
:d`If&
nBS%xJVtA
sV^Ysf^?
6&(YmdhW]x
x)@O[}s3s
Gbk:v(_R
<_e,4k
/fj@Yc
08{M2>2
Fo*$M,
u1i>|O
\oWUz)pX
4)5?#P
<TVs\h
[I+ieo
55O_(C
s;l_gBK3px(@
k^BC-=
7`?uE]
`}Xxxe
/Qw2@M
^I?euQ
l=QaOE
OD"fqcG,
Vclohh
1O|^	)
Iwaj.U
g!_uGQ
O2{$QM"#
k$BFl 
uU(?qx}
D&PsUHn
=QZe77ZmN
Ukah+#
+(nri7Qs/
b4,>Ccb
FBtMfO
tA=h.&
v^A}P=
-o`F#hP
CY?{k2
OZw.O,'^
sn-8W4~
"!cQ?S
RowTr'(
9LM(]`8
FxV}DO
0%E	<;A
i@xiB|
aRPvIg;	
R~`+KJ
Q"-C("
bY87"<
_!p'WO_
GiPe,5
jq:$in	
;qUFGgz
A-Vtx~o
7a3)&"
BG2$FF#
hs5I--
Lc!oD~
+]Y=l%^
#0b+*iO
xkR8G)
/0icyV
Z(	t@O
_biGvAs
yUj7sB9
*rs5Ha
SP3a@@0
$$CRzm
dDLhp-
#.O(1%a
p&n6a0
|N(*zX
egk_Fh
XssP+z
P`E`wt
enJ5U(
-t?:&C=`%q
B)NQ_I
?	kmv&R
M1=S%M2
W?Aywg
,jOc"It 4
HPhA{~V
l"&?`z
g,iMz9X%
k+Bp^S
jS3a>@6
m'egI'r
KOTSS9T
~/jpJ^ey$
W#9n'0R
(z2?V@
#)*Gsu
 E1[rT|S
=TMcPr
Iq=q780
*w0(iC
ju_jvQ~
z'brJhJ
<BzTkXv
.3	% "
daHZl<
It~t0G
b&AP`U[
_38d>}
):i!Q?
r6SD=f
"iyQZ1
Be$@]Gy_NQ
"W-M>z
fn8BI5
D8=u79os
D%S< z~g,
5viFA\
ps_&}fhtt
OWZMYt0
+D70=*
;=[&gY
_^]^OA
`&`jGv
i}r&bR(q
qUW1IF
	{wV	Kf
JnKvV-q(
R"~iLgH!f
uXUnTQ
Q4Z/G](
& @[Y>
dNszzZ;gJ
#(C-3`tG
'VgfyHB
=:/Bhf
9|JJz]f\
9rJ/^A
\'Oz>!|
J|84?'u
GgIMzx
3}R>/z
cVvUrS
G~7M|&
<ix%Z%
|3wWf?0
P]iB? zU
'\-U?A
YQ\	3W
H0yJ]cP
u2S8i~:f
$2	eEx
boUIh*
E5{8D]
4~w+Ew
+)7TT3
Yr0]Ul%
2WCGE*#
H7j Qn&I
Q#4wfG7
rr|%d	V
(R$Q&n
8GH[.u
6zp	)$
x43E"4C
#::+sB
=EpGu"
2U30u,@
v#Xj*?
cC?S0>
py]3;/
M%L~`U
@\2';i
~p=kj&%l
@"S;F}
^FO+Jz
|OqDC~U\
N{St:8
sy.@hcVE
62*~ ~
ZSVlSo
9T0#Q&
4EEj6W
"sHzNHt
C*jfC&M	
u7OO;z
%-VO6c*
lL:hPw
^ZWqq-
rj}	EK
installer/com_x86.dll
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
HVtAHt$Ht
t?HuKVh
YYuTVWh
YYu-9D$
j8j ^V
>=Yt/j
< tK<	tG
t#SSUP
t$$VSS
_^][YY
URPQQh
0SSSSS
0SSSSS
0SSSSS
0A@@Ju
t^9(uZ
tD9(u@
v	N+D$
;t$,v-
UQPXY]Y[
PPPPPPPP
PPPPPPPP
^SSSSS
j"^SSSSS
t+WWVPV
MSPUTNIK
CorExitProcess
mscoree.dll
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InitializeCriticalSectionAndSpinCount
kernel32.dll
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
(null)
`h````
xpxxxx
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
`h`hhh
xppwpp
OLEAUT32.dll
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerW
ADVAPI32.dll
InterlockedIncrement
InterlockedDecrement
VirtualProtect
VirtualFree
VirtualAlloc
ExitProcess
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
CloseHandle
FlushFileBuffers
KERNEL32.dll
COMHelper_x86.dll
DllCanUnloadNow
DllGetClassObject
ServiceMain
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
3*303@3E3]3
4,454C4I4Y4o4
7%737F7R7^7j7q7}7
:%:):/:::@:H:$?
\0`0d0h0l0p0t0x0|0
0@1F1W1m1
2*3_3x3
4 4$4n4t4x4|4
5 5A5k5
888=8G8{8
9=9Y9q9
:>;E;W;n;t;z;
<9<E<K<n<u<
00>0D0^0c0r0{0
1(1/1C1J1P1^1e1j1s1
<'<=<G<b<j<r<}<
>&>->6>v>{>
?(?M?p?w?
4B5Q5i5
8	:0:P:
;f=j=n=r=v=z=~=
=<>F>P>k>r>
?!?-?6?;?A?K?T?_?k?p?
#0)040@0U0[0o0v0
1#12181A1M1[1a1m1s1
2@2F2p2v2
2:3]3g3
4(4.4B4P4W4]4s4x4
5 5+505;5@5K5P5]5k5q5
676@6L6
738c8u8
9/9=9L9
;N<T<g<q<
<2=D=u=
0N0T0]0d0o0{0
0/1H1O1W1\1`1d1
1>2D2H2L2P2
3;3m3t3x3|3
3M4Y4e5
6-6K6_6e6
8#8Z8e8o8t8y8~8
9X9]9d9i9p9u9
;3;D;K;Z;_;l;z;
< <v>}>
858D8J8d8u8
9 9*9P9
:"<3<m<z<
="=D={=
060?0E0N0S0b0
2J3a3r3
8"9(949
;7;=;I;
= =B=z=
1'1.141J1e1r1
;!;3;P;b;t;
;0A0F0L0V0e0
\1`1d1h1l1x1|1
,404x4
585D5\5`5|5
6 6@6`6
7 7@7`7
3$3,343<3D3L3T3\3044484<4@4D4H4L4P4T4`4h4
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
pkg/sputnik.spk
Tl,Wi~`V.
zu;7{	
u3uWTJaZDa?
F}RpWu
8J[0NI
5W=M@X
@e__:5
:0<Z{Z
oxaNtr
/uoGr 
O7.2HU
C9-IXo
70g%>b-]
`0s<(8
X,G,t'
X.r\%W
6Mi/'@
 7-f^Iu
5rQd.Z
=G7nNU
>EJo3yj
}6pTr~
Tx6Ly`
a&t~0%
\f3K~U
[Zm_;%
hW"pI0
2"%,ufCiDM
w@2"1Z%
[]nly{N	
uBfK/w 
f"-H^*m
Di"[&3a
'=}VEH
FohP'N
af=$7Up
c(@/lH
b7?4<8n
[[7\K]:
&Sg&~n
*&]\q=04PD
[jf<baaI
?Ha	Nw&
"(,:egK
~sG!b$
gS?P<k
0S(w'v
vRr"=d
4OQ[Sz[M
x:7,y6
< mL3I
RUWZbIb
E-37\~
!Y:9Mi2
4}E%Dj
0n09.Kq39
/s=tF@
%1\tpV
!4iM2 s
b|<Zru,
Hq#K*,
VS6Nd}@
sx	.4r
|Q>CM3%
!EPzQ-
YN|#`,a
D^nl:f
t9Rmp/
L>+_@N8$
5bgJEq
mwG{YR+@
"6aoA#
_d_:J\Z
**y-}N
/rv?]}m
]RZ%F8
D=f`y1?
TvViRF
KqHg5I
P*JQ!5|
3BE^ur
h5)%_xp~
=$zQH<
eg>;	,
vZROL/#_EY
\KY4(2
V	-.wp;o
KO{_OVx
P98.:Q
xj)n4&
}OkxCw7({
.xEBrR2
Si|0i2
b.8a=i
$9?JY]
~&:i3T
%ic(0%
~)M)ISbr<(
G4(wWOby}
bPkFe$0
"[r XX
]E|Pt.
#kQ.m]
)#h#v-
]7l;]"mm
wtOcU_
7v0Qxm5
5Y%7ia
{{BhKQT
<<JP&l
*FS`'<b
`wD(yl
IHq+9wg
q{{Pl~
~_j#tFK}
v`2_17]
6}h!$f
.mBQ0_
l<q.]t
$zATM0Td
~K0`yh
;blv$<
k;]Ii}e
B<v5`	
0d{EC,"
:b1KGIbe
xwYE#(
f1-}Qi{
e2KnXH
Qa;%&W
=pl'jo
	cw~3z
-?tw#wt
?m\`%V
`H/(}:
,uaeY=7
3]GTKT
	L%f u
_* )!r
{2.O`H
1;pE/-N\
<nD~Ls
^>ZV{Q
Ys:,U,a
.;9Uq0z
kB|e3.
PDgq~[2
^JS^rB7`\
_37"{)d
de7lp4hf
~FtR9'6
)";&!t
{^2;tL
v)=i[6J
*jNHJrm
\.8'w6{*
aTLkZ,
=Kfl-I
>Z`(QI
@S%=T1
<HZ-	1
'0~-7@
$\h6}U
GXw+<:
:4Mpt<
iB#4G'
>K}2b'
{v|!J?a,
i!,}adPs
[8W7;/>
wOG+p	a
]\Z7*G
=-J=TA
'T>B>C
a7LSg:
'8pxv)
ENh=Pk
k@(Onw~
+-C;hB
><qx3F
u;K%Ux
(uDA3U
-sy#!\J{
dL(6,MH
ff UST
>C':ykd
m|;{jX
-	E.#RlO1
1.&"V-S
^/YYFJ}
$hLpPB
eaa"Kn
3qx.kIG
hsv~C/'
|4.LG@ 0J
~l\0IM
-tTpR`
TxL"Z?
x]Uy^[^ax
VC[WF:e
g!gkC$
rjTj"H#
[ilLPf
<}5@XaA
8;]2yX
2YJ?{S
/Hy<H+
[x:d gt
EXNpHkc
FS]|Yi
s.r3"^
D@$k_Q
y[lym,
s6|t&%
$2.)Ytki
n9wLi3RM
Pgc4"@<
.]NwEB
z>6pE6}
r4LGm}
"` z<N8&
z}I/6W
yYb?F;
c V'El
GH>B<a
E4;&K0_z8>
`Xc==B
qGrQIc
hu93K2]
@nfVDDN1I'
aMS]G%^
na_'35
3?-HT[
n3sH_7V
N<8\@QZ
*wl!6{=
UX"qR?
=-SjVI
pxbZOd
2#~ P,)
Auj$X`
OIm~9RY
[V+teC
W`7Li8
j:]qsc
fbLMJC
6I){h-
UeQ[o:
O$0-&^k
-*bsm8
"tN"*9
K|H[p}
[!90Q1d^'
)X5-8n
tr*h$>
_Ju3zS
fM 5?-&
OiyMGF5
U7&wq1
a1uIy$
m*e[Qc?
wp 5&X
s&r`%m
2E:F{A
P7<FqyH
s\PuM38
:Ts=~X
?;},5c
y%T.Rr
O~1\<s
CqpXC6W-
0&{9BH
;O]6*yDh
.G"%	.
RG`Z3:
$#_MAW*
uuW/S.
skIVD	
S]{)U]W
sOE;GR
l 	C	n
Am,mTaW
+mZix~8!
D#$K/ub
Cmya/:
AaO2]{
+M@p6cIm}%
<dB"%.
>FoHWC
,\ZeKf
+cI4'\Y
HUi"+D
77;SR&~
*QL3b\
kC:)_2
6H@0.*
j2E`e*
H)@bu1
%d*[9$
Rc7i3~
F&Q(H[
k&pY9<
{mbuS1
yBw<-$
n^k{s9	
P	0f]>[
6d})ZkZ
X|jdj?
#\t*J\
pIT1]f
Lo1Xy\
^y;Q:C
p<W: 14
9xqfnh
fN7U$/o,
-w+7"M_
3DMQHf3
n/ROJN
mfiSJY
1zOiDR
gk99$[A}
LE&8k*Lt
g]~Bhw
yId8U:
>i5[am;!
)GGh`)
!<t`ej\
V1B&Cr
_wrIA/V
[.c0=s
YjUchEX.x
qd}#1O[
8R$F{Y+T{
fEM1]1
m \*xzJ
2	0>(=
G]k.yc
Qv"Q-qz
'g]t	kV
>jCEJC
t??F	i
9IHNG=\*
1>B-nGo,
e_rn&d
I1U{ T
@\}a=b8#e
;m92 '
&APt; C
	Lv:V#
\6	Pdu
th/EVz
e{w_0NaF
7X(#1M
t#Y/;_
XQDRjR-
f#qGWg
5<%oWn
*, O?l
A/E[no
l7X(N_
QZtadU!
^E[;s+w
/zd6rL
tCA%Wp-LO
o.& pYw
&FivLC
U!xygQ;UVe
sNg1;E
@SeM8/
pi3SZ4
%2vM9tNz
O_.0Y#1Ju
sAXUN 
|	Nu)*
$ =R^L
O,	;,(
TuL28,
$I9zrq
k07~-2
rD4voE
^$b*$/Hx
(z[sSW
ZyfZ,>
	Y!M3p
V{Sp&@
VN8f/K
};W[g+%
bin/i386/preload
>NSuJf
bin/amd64/coredll.bin
UVWATAUAVAWH
$H;|$@s#H;l$Hs
pA_A^A]A\_^]
H\McHLt#A
D+C@H+
H9s s	
t$ WATAUAVAWD
9{@t>H
KLH9K0s
t$HA_A^A]A\_
UVWATAUAVAWH
9s`tdL;
K,H9{0D
r.9s\u	9s,
sdHc{l;
L$`s$I
 A_A^A]A\_^]
;_ht)I
@SUVWATAUAVAWH
A_A^A]A\_^][
SUVWATAUAVAWH
(A_A^A]A\_^][
D$4vT2
WATAUH
UVWATAUH
A]A\_^]
x ATAUAVH
 A^A]A\
l$ VWATH
9!rbxH
UVWATAUAVAW
9!rsiM
;NSuof
A_A^A]A\_^]
t$ WATAUAVAWH
l$ uOHc
A_A^A]A\_
@SUVWATAUAVAWH
A_A^A]A\_^][
WATAUH
|$pFUSEA
UVWATAUAVAW
t$XH9\$Htx
A_A^A]A\_^]
UVWATAUH
9!rsiD
A]A\_^]
WATAUAVAWH
 A_A^A]A\_
A;D$$s
@SUVWATAUAVAWH
HA_A^A]A\_^][
x ATAUAVH
A^A]A\
\$ UVWATAUAVAWH
A_A^A]A\_^]
WATAUH
l$ VWATAUAVH
A^A]A\_^
9|$pv3H
8;|$ps
UVWATAUAVAW
A_A^A]A\_^]
UVWATAUAVAWH
A_A^A]A\_^]
ub9D$0t\H
tkH9\$ tdL
WATAVH
IsWow64Process
kernel32.dll
msvcrt.dll
ntdll.dll
RtlGetNtVersionNumbers
/bin/amd64/coredll.bin
SPUTNIK
ZwQueryInformationProcess
/bin/i386/coredll.bin
/bin/i386/preload
/bin/amd64/preload
/pkg/sputnik.spk
/installer/services_x86.exe
/installer/services_x64.exe
/installer/ploader_x86.bin
/installer/ploader_x64.bin
/installer/com_x86.dll
/installer/com_x64.dll
/pkg/plugins.spk
memcpy
memset
malloc
_snwprintf
_stricmp
memcmp
msvcrt.dll
RtlAddFunctionTable
ZwOpenSection
RtlInitUnicodeString
ZwMapViewOfSection
ZwQueryInformationProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ntdll.dll
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
GetVersion
lstrcmpiA
ExitProcess
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
lstrcpyW
SetErrorMode
VirtualAlloc
TerminateProcess
QueueUserAPC
SetThreadContext
GetThreadContext
DuplicateHandle
CreateFileMappingW
CreateProcessW
ExpandEnvironmentStringsW
GetStartupInfoW
DeviceIoControl
CreateFileW
OpenMutexW
WriteFile
lstrlenW
lstrcatW
CreateDirectoryW
lstrcmpiW
DeleteFileW
ResumeThread
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
KERNEL32.dll
FreeSid
LookupAccountSidA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
CloseServiceHandle
DeleteService
CreateServiceW
OpenSCManagerW
ControlService
QueryServiceStatus
OpenServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ADVAPI32.dll
NetApiBufferFree
NetUserEnum
NETAPI32.dll