1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.82
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Trojan:Win32/Starter.ali1001008 | 20190527 | 0.3.0.5 |
| Avast | Win32:BackdoorX-gen [Trj] | 20240216 | 23.9.8494.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | malware.kb.a.1000 | 20230906 | None |
| McAfee | BackDoor-AXJ.gen | 20240216 | 6.0.6.653 |
| Tencent | Trojan-Proxy.Win32.Convagent.ka | 20240216 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .ajelhf |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x0000b7d0', 'size_of_data': '0x0000b7d0', 'entropy': 7.174873209837235} | entropy | 7.174873209837235 | description | 发现高熵的节 | |||||||||
| entropy | 0.7209658638230066 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意
(50 out of 66 个事件)
| ALYac | Trojan.Agent.DQQO |
| APEX | Malicious |
| AVG | Win32:BackdoorX-gen [Trj] |
| Acronis | suspicious |
| AhnLab-V3 | Win-Trojan/Berbew.51712 |
| Alibaba | Trojan:Win32/Starter.ali1001008 |
| Antiy-AVL | Trojan[Proxy]/Win32.Qukart.gen |
| Arcabit | Trojan.Agent.DQQO |
| Avast | Win32:BackdoorX-gen [Trj] |
| Avira | TR/Crypt.XDR.Gen |
| BitDefender | Trojan.Agent.DQQO |
| BitDefenderTheta | AI:Packer.8C0F6CFA1E |
| Bkav | W32.AIDetectMalware |
| CAT-QuickHeal | Worm.Dorkbot.A |
| ClamAV | Win.Trojan.Crypted-32 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.ed9764 |
| Cylance | unsafe |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | BackDoor.HangUp.5 |
| ESET-NOD32 | Win32/Padodor.NAM |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.Agent.DQQO (B) |
| F-Secure | Trojan.TR/Crypt.XDR.Gen |
| FireEye | Generic.mg.2243980c02e4d134 |
| Fortinet | W32/Qukart.A!tr |
| GData | Trojan.Agent.DQQO |
| Detected | |
| Gridinsoft | Trojan.Heur!.03216021 |
| Ikarus | Trojan.Crypt |
| Jiangmin | Backdoor.Padodor.i |
| K7AntiVirus | Trojan ( 005993611 ) |
| K7GW | Trojan ( 005993611 ) |
| Kaspersky | Backdoor.Win32.Padodor.gen |
| Kingsoft | malware.kb.a.1000 |
| Lionic | Trojan.Win32.Padodor.m!c |
| MAX | malware (ai score=87) |
| Malwarebytes | Backdoor.Padodor |
| MaxSecure | Backdoor.Win32.Padodor.gen |
| McAfee | BackDoor-AXJ.gen |
| MicroWorld-eScan | Trojan.Agent.DQQO |
| Microsoft | Backdoor:Win32/Berbew!pz |
| NANO-Antivirus | Trojan.Win32.Padodor.foufls |
| Panda | Trj/Genetic.gen |
| Rising | Backdoor.Berbew!1.AF13 (CLASSIC) |
| Sangfor | Trojan.Win32.Save.a |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.Generic.cc |
| Sophos | Troj/Padodor-M |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2020-07-11 11:39:59
PE Imphash
26babd76bbb7f9c516a338b0601b4c9f
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000b7d0 | 0x0000b7d0 | 7.174873209837235 |
| .bss | 0x0000d000 | 0x0001e81c | 0x00000000 | 0.0 |
| .data | 0x0002c000 | 0x00003314 | 0x00003314 | 5.982082921672471 |
| .idata | 0x00030000 | 0x00001210 | 0x00001210 | 4.968075144922723 |
| .ajelhf | 0x00032000 | 0x00001000 | 0x00000200 | 2.2544365290935007 |
Imports
Library wsock32.dll:
• 0x43039c WSAGetLastError
• 0x4303a0 WSAStartup
• 0x4303a4 __WSAFDIsSet
• 0x4303a8 accept
• 0x4303ac bind
• 0x4303b0 closesocket
• 0x4303b4 connect
• 0x4303b8 gethostbyname
• 0x4303bc htonl
• 0x4303c0 htons
• 0x4303c4 inet_addr
• 0x4303c8 ioctlsocket
• 0x4303cc listen
• 0x4303d0 recv
• 0x4303d4 select
• 0x4303d8 send
• 0x4303dc socket
Library ole32.DLL:
• 0x4303e8 CoCreateInstance
• 0x4303ec CLSIDFromString
• 0x4303f0 CoTaskMemFree
• 0x4303f4 CoInitialize
• 0x4303f8 CoUninitialize
Library OLEAUT32.DLL:
• 0x430404 SysAllocString
Library WININET.DLL:
• 0x430410 DeleteUrlCacheEntry
• 0x430414 FindFirstUrlCacheEntryA
• 0x430418 FindNextUrlCacheEntryA
Library KERNEL32.DLL:
• 0x430424 ExitProcess
• 0x430428 ExitThread
• 0x43042c ExpandEnvironmentStringsA
• 0x430430 FileTimeToLocalFileTime
• 0x430434 FileTimeToSystemTime
• 0x430438 FindClose
• 0x43043c FindFirstFileA
• 0x430440 FindNextFileA
• 0x430444 FreeLibrary
• 0x430448 GetCommandLineA
• 0x43044c GetCurrentProcessId
• 0x430450 GetCurrentThreadId
• 0x430454 GetExitCodeProcess
• 0x430458 GetExitCodeThread
• 0x43045c GetFileAttributesA
• 0x430460 GetFileSize
• 0x430464 GetFileTime
• 0x430468 GetLocalTime
• 0x43046c GetModuleFileNameA
• 0x430470 GetModuleHandleA
• 0x430474 CloseHandle
• 0x430478 GetProcAddress
• 0x43047c GetSystemDirectoryA
• 0x430480 GetTempPathA
• 0x430484 GetTickCount
• 0x430488 GetTimeZoneInformation
• 0x43048c GetVersion
• 0x430490 GetVersionExA
• 0x430494 GetWindowsDirectoryA
• 0x430498 GlobalMemoryStatus
• 0x43049c CopyFileA
• 0x4304a0 InterlockedIncrement
• 0x4304a4 IsBadReadPtr
• 0x4304a8 IsBadWritePtr
• 0x4304ac LoadLibraryA
• 0x4304b0 CreateDirectoryA
• 0x4304b4 LocalAlloc
• 0x4304b8 LocalFree
• 0x4304bc OpenFile
• 0x4304c0 OpenMutexA
• 0x4304c4 OpenProcess
• 0x4304c8 PeekNamedPipe
• 0x4304cc CreateFileA
• 0x4304d0 ReadFile
• 0x4304d4 RemoveDirectoryA
• 0x4304d8 RtlUnwind
• 0x4304dc SetFileAttributesA
• 0x4304e0 SetFilePointer
• 0x4304e4 CreateMutexA
• 0x4304e8 Sleep
• 0x4304ec TerminateProcess
• 0x4304f0 TerminateThread
• 0x4304f4 CreatePipe
• 0x4304f8 VirtualQuery
• 0x4304fc CreateProcessA
• 0x430500 WaitForSingleObject
• 0x430504 WideCharToMultiByte
• 0x430508 WinExec
• 0x43050c WriteFile
• 0x430510 lstrlenA
• 0x430514 lstrlenW
• 0x430518 CreateThread
• 0x43051c DeleteFileA
Library USER32.DLL:
• 0x430528 GetWindowTextA
• 0x43052c GetWindowRect
• 0x430530 FindWindowA
• 0x430534 GetWindow
• 0x430538 IsWindowVisible
• 0x43053c GetClassNameA
• 0x430540 GetForegroundWindow
• 0x430544 LoadCursorA
• 0x430548 SetTimer
• 0x43054c KillTimer
• 0x430550 RegisterClassA
• 0x430554 GetMessageA
• 0x430558 CreateDesktopA
• 0x43055c SetThreadDesktop
• 0x430560 GetThreadDesktop
• 0x430564 TranslateMessage
• 0x430568 DispatchMessageA
• 0x43056c SendMessageA
• 0x430570 CharUpperBuffA
• 0x430574 OemToCharA
• 0x430578 PostQuitMessage
• 0x43057c ShowWindow
• 0x430580 CreateWindowExA
• 0x430584 DestroyWindow
• 0x430588 DefWindowProcA
Library ADVAPI32.DLL:
• 0x4305a4 RegCreateKeyExA
• 0x4305a8 RegCloseKey
• 0x4305ac RegOpenKeyExA
• 0x4305b0 RegQueryValueExA
• 0x4305b4 RegSetValueExA
• 0x4305b8 GetSecurityInfo
• 0x4305bc SetSecurityInfo
• 0x4305c0 SetEntriesInAclA
Library CRTDLL.DLL:
• 0x4305cc _itoa
• 0x4305d0 __GetMainArgs
• 0x4305d4 _sleep
• 0x4305d8 _strcmpi
• 0x4305dc _stricmp
• 0x4305e0 atoi
• 0x4305e4 exit
• 0x4305e8 memcpy
• 0x4305ec memset
• 0x4305f0 raise
• 0x4305f4 rand
• 0x4305f8 signal
• 0x4305fc sprintf
• 0x430600 srand
• 0x430604 sscanf
• 0x430608 strcat
• 0x43060c strchr
• 0x430610 strncmp
L!This program cannot be run in DOS mode.
.idata
.ajelhf
L)[[Uu
!ke21i3
j@QwT{
s[D,RJ
ZA$6BCP<
G <Cls4~
G 1=9="K
G &[+0
dw5@toVA{
8GkU*o
G !=*_
~g86@EC
&:Gw@
L)js4X
@@:@VO
.VI(4X
,o\<~2YFay
H`:CZwy
,R"Z'RI
z6@.T#
(9c4@}
H`:CZA$vJZTO,R
Bkx@~^Y
z6@.[D|PUL)jw
=SDB"FL
G[D|PSH
6@!X*6L)jw
@!X*6VI(4p
:OUw+MG M
XZ6IH4 ^
wHMG :@ULD{
&666y
(4:(Z66
4@/4=k
F:@q#g
G /45)Z4@F
g:@ ^
2P-js?
:CUu}1=Sx
ZA$vJZ
:@@/W@\
=@/4=k
Wa@w6X
<A p;2
>u@zg4|
@/4=(Z
@/4=(Z
:@UwMG :@UG@
2AO:@UG@R'
\@|9:@Uc'=:CVg p:
:@UW'!:C
@Aw D :@U
@|@:@UwbMG :@U
@}@:@@/2A
4AHHS6@g:}@ p:H
Vg:@U#'i:C
<kA p;
K4kAOH_6@g:I@ p:
@86WBo
4oAOIw@A'
4AOIw>H
4AOIw<
AOIw>e
q(@Qx@~
.SH8(66@xjw
@!vJZSH:jf666
@!JZTO,R"e"8-
YZ6z+]
4URo4@
={}m>L
\'C|Zw6CA{
g4|Z4
G g4|@Z<
<#C:@Uu
j@A:G~g
2AO:@Uu~@A
\/C|Z<
6@g:U@ :@@/
\3C|@Z6
:@A/2AO
\7C|Z4
2gAO:@Uu
@p*@Z4@Z6
:@o :q@U
KC:K N
C/2AO:@U'2AO:@Uu
@p*y@Z@
o :@U
:@Uu@p
:@Uu@APE{eSW
wNG :@UV{%"@
u}=A/Wt@sy
:A@zK
p6:A@n?Cq<3+
A.<_A p+
u~=A/W@s
@S@[AOF
A@w:@U
k[D|P>
@ :@UwNG :@Ut#
zCC/2@O
Es6.6z+]
G ={B$BC]
S5L)Zk
2@/@p)@py
j6yz+]
r@@g,|Z@
A=o O:G
[D|PUH
H:G vJZkfuzH:K
666uo2@/
Nqj:y@
?@~5@CwPE
G 4:c8~
jr4@T"
4:c8Y~
~6@xl@
?@~5@CwPUC
*[,-4PTMTO
&<_ |PRv
6.6wE
:%7@ x;Z
@Ell4@C6
@Ell4@C6
G@@*@B?
{~G g4|C
2@O:@UG
:@UI]
2AO)W0
6.6.V{
=o /2AO(W
*@WI
{~G :@
C:@UI
4?T8Hg
g,|4?T
uw=i{WT
XZ6z]
<g/2@/W
uu2@/@s
{~G G4xZB.SH
{~G G,xo
)W~@w>u_
ZA$vJZTL)jw
G,x4?T
A:@I{6
o :@Uu~Wd
XAxZA$vJZ;o
,R"Z,
{~G ,W@s:GV}J@r<
+A:cby
GZ6@,WF@VBA}L>-@7V]c
}L<?~^~
:GN}Jd<~
F[?6@2
B&4x}K`Z4@FcyA
Q@7Vi,WF@w6
{~G =
"CoE ~
D@!*6N)jw
6@xZA|PUL)bw
~~O(W@\z]
6.6y8
oC(W~@o_|
6.6uz@r
}J?{_z5A
6@x}-If
)Wk@s@s
JZcSH_;
w~G ~6.6y
|NG,W
@@!{P<
{~G H=7
=ZA|P<
.?;?p*W_
9D Sx^
D |V
`?@!/|G >EB@
H:W>Er#
g6Yb>
_Nw!*6N)
wyG y
6wyG )W|c
=ZA|P>
2@:KE
G g,|zZ
{xG z+]
:[Uj?^
:[Uj?^
6@|ZA$vJZ[x@`>
u~2@/2@/@p
[Z6@|P4u^@
JZsSH
@Jo2Q
z,|Z4@
Z(@z+]
?9!{Q#ypTG}?9
j.6#ypYG{
*@Jo2Q
z,~g{6@
#ApMGMC
j66#yp!G|?9
@@!*6VI(@
D Nd~gU%I&@
i><ZX5
K=k@ZA$vJZCZ
,RF:@
!P*@np2
wG .Wi
*@+j_^
6@.T$w
D"@s:@U,
6@1> o
~aR@
}6@ 4@
:@`:@`
yo *@s
k=<@ *@}6
p:*@ZA$vJZTO(4@
G*6N/Zw
woD v
*6SHYG<>P\
H:C#zs^
:D /W`t
6X x8'
2@/2@/@0
[D|P<k,R
=R<??9
=Z{@B@
wu~=Z'@<
wOG )W
@s6y/Z
wMG )W@s6y
C*j{R@
&6@G<x
u{2@/@p
@l666z+]
G g4|cM
\D|@/{y{?Zw@5
=o h
Oyo -m
:@8ZX
=Zw<}
k%2E@EC
@D/2AOmi
A@zLZZ@Fo{|1
wOG :@U\
ny:@c:A>p
@zKZZ@|*@<
Ay:@X@F
\D|@~V:@
LUwOG :@U
wOG :@U
wOG :@U
@/W@s6
cK66ET$
*@~nr@7
@*@G&u~
=@/W@@s6y
wKMG p
@z@ZZ4A]Foy2@
wMG :@U
CO:@U@jwW
@k6C@q
@/WT@s6AH?6
#~px~A
g:@D|@
-J=Vg2@
ZA$vJZ
,RY%F|
G g4|@
2@/{y{?Zw@u
yC =o
/W[@\:Wo@o
/W+@\:Wo@o Y
p:E@Zw_s@F
;8D@B$
:CcCV@
g4|j2BO:@U
OG :@U
\@|o AZw@5
5c{<a}T
YDcy*@
OG :@U
kg4C*C,~o{6Ce4C*C.@~o}6Cz+]
@GjiWI
C[D|PSH
wPG )WxB
wqPG )WdB
[D"|P>
,o\<^EAO
@6~O:@Uw
yo :@Uw~
+[D|P<
2@/2@/
jo@p_
[D|PUL)jw
CYjxyA(~
RZA$vJZTO)
o )WPH
H:G *6VI(
Uu?WDI
Z66@xo
Z6@LIS
S5L)J$YB&
M*MYG
g4|rbp
:A6|kr
4Hw.ZRH:g
[D|P<_,R"ZW~V>@
*Gb20P
u?@~?xn
:wZ\~
:@ZA$v
/+/.w//_//_/
/&//~/
/Ow/N/{/Ft/y/
?u{//W/xE 6
//./G/
=W/kLG 6
//./G/
>.O///
/x|JZcSH
ZwOH:S
[D|P</,Ru
YZ6Hp
Km=|=R
YG |OeT
vh"YG O4yo_
YG |=<Z
YG NYZ6
YG |=<Z
j{<hgZ|=UC{
.ZA$vJZTHd
vJZTH<rW666
vJZTO[
@*6N/SH
MIIO@p
C*jwZy
Z#xqH(U=RL
@!*6Hi
xZBS%L)q
G 0$
6yuo2@/@0
2@/2@/@0
W@Gk#?~
@)jsZy
AQ?@~2@OL
w5QG :@U)ycC
w5QG :@U)ycE>Ok
@jsWPT
xZA$vJZs
,RGTx+-
CZsUwC{
XAxA/W(W
:@Uw:QG :@U(
2@O}@
nL"@V\
x/wDQG 5B
~G:@UD
UCbw@2P
ZA$vJZs
)'mG4@
CZsUE{
2@OmC
T<u~2@O
A/ =B/WW
@!vJZs
<qHK6u~2@O
UFG4xjs2@O
Gp+:@U
o / =jw@3
G,xI:@U
o / =jw@3P
=jw@3t
/W@YAyjs2@O
?2@O5F
V:o{W
o O(jW\
/W@XAxjs2@O
UwoQG A
w~QG G
G,xm
o /=,;
wRG 1D
u~2gAO
xyA :@UCA
Ng:@UX
2@O:@U4
Nmo*u@n
g,|Zw@u
L)jw4X
HO6u~2@OOcb@$Q
}c*A\p
/2@OD<
6_/=A/Wd_
,=A/W0_
O:@UCN{
x@}VGp
GkA<x
)Wa@w>
C6.6@HO6u{2 @O:@U
2 @Oa<
@ :@8J,W
^"<A?p;T
z>BR[r|
8O0Qk#("-QMp;
2 @Mm<
C/Wu@\w>)
o /l=,3
UwoQG J
@W4@&W
o ,W@sT
kj2 @Uu~@
o /2@MK
o />=,=1
UwoQG +K
ka2 @UL=<
wDQG I2
666w1RG m2
woQG 52
6@2@O2
O*@WLW,,
wPRG 2
o /$=,y7
6.6EE ^
@wSG /W,
=jwWh-
M:@Uo@
>y:@A/@@
6.6{W-
97ZNONd
O,yo O
O:`@:@UCzK
@p:@UHW0
*6VI(4p
DGk{jC@3t
HG6wSG :
<@ G4xD/
jUq=sN
K@@Cc=
o2 @OI5
o *@WO*
XZ6.6w
XZ6uy
}c*Qc:S
XZ6.V
H:cOO,Wd4
66@xN@@!{PUH
H:G vJZ
2@/6U:
Z6@:CXZ6
j{v>/7
.ZA$vJZTI(4p
2@/2@/
@!vJZTO)
&:Gp*N
:CZA| q
/JZVI(4X
G}TgX>
bsq>>
ZsjoW8
Zsw666.[D"|P<;,R"Za
z6@L/
6@:WZH`:Obn
Ru?W@6
,Ot{C$
<~(4x()=R4
$:Gw@!*6C
SH{G>6
66B2AO
g@w"=jwWH4
B$Cw^
@RwSSG
Zc6A.
:@UqC{
666[W<
2@Oy"
wUG :@Uw~
@w;NG
H{%Fn
SHx3&666
=6@H6I!
6k@ W`;
Jw4k@+
:u@B!
6s@'W ;
Jw4o@+
o :@Ut
:@UwVG
wVG :@U
xB/2@O=
G,xA/W
6{@@@wTG
2@O9!
2@O,W>
6r<@ Pkw
6yH:S,W?
OOEO!'
*I[oUX
SwV E
:GZA$vJZW`
,R"T,Vx@_`
G4x4?T
x4xSw{
.Wr@w"=Sx
HK4@[D|P>{
<@ G4x4
*K}BG,xd
:@UwVG
2@O:@U(
@@wTG
:@UIq
u~t=C/Ww@s
:@UL)<
:@U+W{
"@E~LV+W
#<,/B)<
G,xo
:@ZA$v
XZ6L
XZ6@!*6N/SHl
6@xZA$v
L-W^@wkj
w4D :@U
wWG :@U
O4yo :@U#
?@%p:K
Vu&6XD
"5D }Kw
wWG :@U
NO:@Uw
WG :@U
w8WG :@U
h@@Cm'
:@A(W
:@UKW
O,yC/G
@!{PRk&H$C
:@UJ[x^
:OU:GU
:_U:OU
:[G,xm
?9@ZA}
wWG :@U
IKk6@P
)2@O|<;>
)2@Ok}<
w4D :@U,P{
@o66@<
ZA$vJZn
O4yo
Q/2@O'
Hzc66@
wWG :@U
2{@O:@U
|o :@Uuz2@O
@/kf@p)
2@OUH<
H<v2Y<
[D|P>{
O4ygx
<^DPCO:
Vu|d*@@C~5 @#wu
JCLy)@-O
yPC/=m
24@O:@U
XG D z
6@O,ym
:@Uw2D
bg{-n2
=U>Qvq
VO:@U0
ZkV6XB@q
HHH-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-Hl
rz-H-H)H:%HTwHPH-H-H-H-HK.^,^.-H[kK
=H/H-H-H-H-H-H-Hb.H-Hk[-Hk[k[-HroHroHroHroHnHnHhHhHroHroHroHroHnHnHhHFiHroHroHroHroHnHnHhHhHroHroHroHroHnHnHhHhHroHroHroHroHnHnHnHhHroHroHroHroHnHnHnHhHroHroHroHroHnHnHnHhHroHroHroHroHnHnHnHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHroHroHnHnHAnHiH
iHiHnHiHhHhHhHhHnHnHnHnHnHnHnHnHnHnHnHnHnHnHnHnHiHiHiHiHroHroHroHroHroHroHroHroHroHroHroHroHhHhHhHhHhHhHhHhHhHhHiHhHhHhHhHhH
iHhHhHhHhHnH
iHhHhHhHhHhHhHnHnHnHnHnHnHnHnH
iHiHiH9iHhHroHroHiHiH+iHhH9iHhHhHloHhHhHroHroHroHroHnHnHhHhHroHroHroHroHroHroHroHroHnHnHnHnHnHnHnHnH
iHiHnHhHhHhHhH
nH_iH=nH=nHhHhHnHnHhHhHhHhHhHhHroHroHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhHhH
A&Y&N,~:CHY&L
`8D?K-Y'-<c
-H-H-H-H-H-H-H-H-H-H-H-H-
LJ/'Y/TllH
V=kmHS@zIW
d<*~k[M'G
|&Cd<LOC@,IY%@
I,O,IX/JAx5-4%-<)-TH@ p%-
J//;ZI,=H@ p%-
J//TllH
UH-H-H-H-HY=_
^-d._)D&-H-H-H-H-H-H-H-H-HH&AzI$-&I$I$-H-HEHH,M%BC,A,AH-H^+
fAH-#_-
fAH--C$ ,AHX-
fAH-H^: ,AH-#_-
fAH-+N8-H-H-H-<CH-H-H-H-!Y)}'H<-H--n:H<_+^
-!I!I?-H-H--I-^/lH-H-;L
_H-H--C$ ,A
'C+D&H<O!E,'B`
.H)H[HH-HmH-H-H-H-H-H-H-H-HH#-
Dh_/LhL&Y*
H-H}HaN
F&J-H-H-HH-H-H-H-H-H,H-H)H-H-H-H-H/H-X-H-X-H-H=H-HeH-HH-H-H-H-H-H-H-HH-HyH-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H
H-H-H-H-H
,YHyH-HyH-H-H-H-H
)LHH-HH-H-H-H-HmHT
,YHH-HH-H-H-H-HMHT
-BHH-HH-H-H-H-H
,YHeH-HeH-H-H-H-H
H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H
aLclN-<ll-HW~ iXGZ =X
[/D'lD
LXsEI+M-H
sxpgAx%
@cmN-G
l ^%'k" -
wk'> )+![
+[OQX1[
Wx-{!=
-=[=@5-Ht
|Hx=T-L
|H`x7!HL-AkY"zL-P%/u
XX-=+H
-HgHx-
`-H{M--
pTU-HY-]Q]
xkXXI(H
)H-ATX~/5l
u-H|)H`@
h\L xX
>$t-H- x\8H-H-
/wF--c-|[
F-w!j[W
|WG(HHM-'W-LG
Zkgw!j[W
!}---,HG
-w!j[W,|WgR,
ZkgILg)H,HHG
ZkgaLgyLgILg 6
X-I2)H
N---c-T[
k-|HOQ-gAH|aLgY.H
-[x[|H|w!j[Wg^- #Hc-$[
k---c-<[
-w!j[WW-gH|w!j[Wg
-TVHc-
$Q-%uH,HG
k-c-,[
L-1O -W
H|aLgYHc-$[
-w!j[WE[H-)
-w!j[W
|Wg-WH|w!j[W
k--,4HG
ZkgaLgWHO-2)Hc-
-w!j[W
J---,rHG
ZkgILg
[CI-'|ILgyLgaLgWkH|aLgWH6E-S
4-w!j[W,|W
Nd----
]H}}tllK%D-
tDKW}}tuOl ).
-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H,H,H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-HeH-H-H-H-H-H
HZ:-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-HL+H/D#@'q
J$-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H]H-H-HyHHH-H-HHH-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H
HyH]HHHHHH-H-HHHHH%H9H
HeH-H-H
HyH]HHHHHH-H-HHHHH%H9H
Y=_&y:L
Y&D'@&~:C;-H6
B-L,HH
Y1Y%D-Y:lHx
Y!F'CH
A&D, C0NH
]&B.L,HH .A;-H
H!-Hc%A'-Hv8D<-HM:D-J;Y=-HB;L,\;_)-HX;_8-Hf
-H-H-H-H-H-H-H-H-H-Hn
afaH9H9H9H9H9H9H9H9H9H9H9H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H
H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-HqH
N?V-H!H-H-H
HI A8Y0Q
-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H
H,H,H,H
HI$I$eH
H-Hr!`!mz-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H,I,e
ck-<Qi-H<\H_H,_H
H+H)HDHR
-H-H-H-H-H/-HLHHHLH]HLHXHXHXHHHNHBHHH-H-H^m-
N'B<d|E<
gZfD:^.
-LuH-_ L'Y*L#H/ Yr
!X$^fBgN,Y<E<
8A/]8E<
xIm H[
N< ,Ymq;H-DHA>-'~.Z:-&AzI<~)NhL-~)Y
IyD @mq<Um
)-=IH^g
'-;N%L,].q%
0-;N,].
H--D<_-[+}'H;F:H{
+D<K&Y'
3H.]:CfB)D&
Hh:@H^=
N'B<d<_-
H8B-H--)E
D:^.q!I?q=_&{:D&h8B-q:Z-H
B)x-b.D-~.Z:q!_;K
Y:HhH<C;
N'B<z&B;n:H<H;B
C-C<~<D/q'H
1HjX%YhL=
v^:]vX+D&\?
,N%Cf_y^*D`
hN!Cj^hH Ijb
fYH^+N*D,X--'@&
0-)MhD$-!A,-:N;
8NH]+ HU<'m
hB}'H; -Y
B-^zD;-:L-B$H8 &] Y
j^hIB x}8 H-H-z
-AhL'Bi'm
xDm HB)
H^HHh[&
'J:~.Z:q!_;K
G+i$T'I
L<H<y:L!J'HHn
imq&_+H>_z
9H<':J)
'N+HBB<CeT-
-Y @E ty
ro'^:^&
)K:HhH=^Hy
'CE})@rCeL
C-Y<]rY0
hB<L-i
A'XhL$I
yBhHL
E HhhY8
H-I,I,HwH-Hk:~/H<}h^HB%X/^hL;B,-;
'@=J;-
N'B<d<_-
DHHHX'X/^Hb
`+B'Y C'^
_-Y-^'q0A:_
Y&@)E,L;B,-
Y:HhU$_:}<_
H<d;L+-;B-
H-H-H-H'
N'B<d<_-
0A:_H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-H-Hi{_
tY Qkx!kY/
jCcx!kY/
tY QDo
-H-HT-H-
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
closesocket
connect
gethostbyname
inet_addr
ioctlsocket
listen
select
socket
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
SysAllocString
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
GetStockObject
DeleteObject
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
__GetMainArgs
_sleep
_strcmpi
_stricmp
memcpy
memset
signal
sprintf
sscanf
strcat
strchr
strncmp
wsock32.dll
ole32.DLL
OLEAUT32.DLL
WININET.DLL
KERNEL32.DLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
CRTDLL.DLL
L!This program cannot be run in DOS mode.
.idata
.ajelhf
!kAefagX'e
W!EP1EHg['eat36cAq
X7%a<PaX'e
eaX'%|
lQm)EP-m[eXR
mCdX'eai>
Hge-/'e<
r<T i#Xxee
#caX'j'eab
'$&Ti#/
(X'eTQ
%q037$eXU
'4gl'aea`'a
p4L'ea
'Tl'a\d'a
X`qeejX'e
yMe]7#X/eaXMmeamhRbY'ea
''e/TH'a[aXe&eaXz:?
<XMeea- `X'eI
j=Y'ea
Hge1<@aX'e767
YE>iEX$M|e2'
aXyi,w'eCaX'eXri2
KX'd'ai
^b`0iWacWq_a
Y`XRXU
$P%d&e
'e^M'e>
H'daaXt36Ri
'$P%d&e
5q4Pq[
Fuoa\$[
'e=$ bm\?e>
8mbazjS
fCaX`eey
/j\ q,T(uI
t36Rm4TCf39X'd'aRi
a aX`\
0t36Rm
X'\'aXSn'a
e?2PH^S@6isaXx;:
PP.n$.
5eaTQj Q
ee^SHqtX'ea3'e TQj Q
4QX&eEea
+j&&eabi'aL\'aXS}'a
/D'aXH
'eJ&eaT$w$P%e
X(X'e%eneaX
aaX'Zm'#2g2Ab
5`q\X'eabhRV
ee1 'eabhRn
'5h3ib
XOeaXg
a2'3eabi
Y`XRMe
bX'3aea
y>recX
XX'K'e
S'ee#X'
5`q\X'eabh(^'e
ee1 6 Qj!ea0 X
1#XwYp
lW8gX'
'jo&ea
enecaXMd
X'j'eaW
#`fea>
#`ee10 X
$aMiBiW
Yd'aX(
a9`aX9'e
5`2=bh(\'eC
5`2Abh(\'e
dneaXJ'e
5h3}uX'
eaX'$.n
faX?=X'
1 6` L
'j$eaJ:X'
1 6| Qj
agaXMeea
5qeX'e
1 ue'eaX QjU%eaL
1 64 Qj&ea
e&ea2''e8d
H\'ea8
bh()Y'eS'Y
5`q\X'eabh(X'eS'j'ea
'j'ea>1
X(X'ejw
8i"o#2'ej'
5eaukvaX
O'eWwQqm
wQqmwQqmwQqm
CDX'ea}2
>yaXO=cX''e#
<eaX'#e441
m0 XX'HO
$7waXx;r
Xeea-#T
fe-+'e+q&eaXx;<r
gX'b`ee
/e`apgXUVaX*4H!rY'gbuX'q@ X':?
[&eAea
mX'd'a
hX'd'a
#XaaX'
R'a[aX
IeaTTqbaX
aX`PpfX'ibX d`e
$ '$.'e/a
,aX '$HJ'e
$ '$}'eca
b]#XOe`X'
5ea~KaX
X&ea2'
#ab,aXMe
aX($Z'e
X'j|%ea
Y'jL%eaXgaWocX'
['jX%ea2'
X'j'ea2%
g&eaX%
ee-/'e7$P]
i\ea,9
iaXq[X'$P!
d$P%d&e
#faXq2-/w0&`ee
aaX('Zwm1
nX'd'aW#e
('Z!QPw
X'iW#e`
zD'en
p<P)xlea"
X'aee['
ea0#Xp'e
D'aX@eeaP=aX
'e`aZ
PaeeMea
4ht36bq
AcG4aX
i'aX T
7HeaXw
'e]#X
'e=eQ&eabi
Y`XRA4`ee
eaX'$'eaX2
IaX($w
b\!h%$H
T [b`w'e+j
d$ [b\!h
J mW0sr`3uL "Z%7
d'a2'$w
aX+\'e-
aRi-/ 'e
6X';+'e :rq6^o)' d'aT$w
mRmAeaRq-?$w
q23{OBaX
57aXMd
'ab1me
aX(Z'e&
`X'j'eabJ
+M`7?aX
qw'e%6
eVMg7aX
}ea0&e`XMd
YOgcX'3
edaXRh
X'Y'endaX sb\B&eaW`X'$
eadaX(d
vX'b`b]\U
eVMg7aX
{ea2+$w3eaZ#WC`X'
RjD&ea
X'lWk`X'Y0'daX
X'$w3-eab1R1eaZa-3$$
N$w$0q7
N4uN$w
XnX'$zX'
MU-'e-k'e
YOaX'3=ea2'3
eaRum#X
X'EYea
y>7e6+-
Qe$'e]#XO!
'a0&ea
s ea0c#XOo
'a0=#XOdaX
0EaXPeeIea
4Tt36bq
:Td\'a2#$Hw$w
'$"][eaW m?
$'fbeab`W
a2-$w$P
eaX} 'ePx;:0
EbY''e2
'etaXMe
q'eh(X'e
u2eaQj'ea2'
'eP`X'd\'a
'd\'a2'5
zX'lWaX'
qk'eh(X'e
-;2Yea
XR|]##Xp'eucaX
57saX.
~`eeel"ea
eai%e:'e
w2EeaQ
RX'qi%M
4Lq2-/]b+'G
aX`eee&ga
ee.#_'e$Aea$P
]##X~ZX'b`eee
`@aX mb
5.#'eB%aX
)6tLd\'aW m
i-iim"a
P0=->=ea"a
'q2&3#
!E$%m'aa
W3'W+&W/lW7ly
:aaX`eeeny
t36RmC
4!X'd\'a
ZX''ea>X'ecX
aX'' X'e]##Xs
X'eeaQ
/qi%A`eeeNaXMe7Qii:?
q2-/L\O0]aX
Md9ea"a
5.#'ehS~
ea=d\'aT'`&eaX#]Y'eaW
2. Lr2i2/&"Y
Ze$$H02'
Pmee]'ead\'ahaX
e$yaXtA
7t&#fd
CX'ec,5
'$P0d&]\Ta]XPy
/TeaX Trn\&%
6%\&b-/j
fbLX'e
<%sz%b
?!aRH'e2i
x;:0v36Rm
vVX'd\'a
_S)ead \'
eaYma,/
P*X' T'
eaL'eaXSneaXBX'd\'aAaaimL^aX
A'eaZ'j [5ea
q`X'e1Pm
uPgX'e
M`//'ehSU]##XHn`
aX`eeen`
7$7eaX
`]##X('ea
jX'W2aX'
9ea$-/3W
`eeezbaXq
8YRX]##X`7
\X'e7mQaea}'aX
|Qa.+36
8igMX':?
`eee}#X'
aaX W`
Peeeiea2"T\'aaX.
@`ieec
!eaX`eee
A$'e@($NX'ed"a
T@eeaeaX`
uaX'$wj
'ea#`Age1
`egenb
eaXatl%aW 1aX'u]
a#`age10[!XMe
XX'T6ea=x;:aa
ea> i>
'dP'aXMe
Xea0'!X
X'T`eee
a2'G'e
aX`eee
Xieea,
b(dP'a
#Add'aDXQ$aX
,'e} X'D$aX@%fea"
0'e d$a\'ea#Xe
'j]' X.n
aX'j$%ea
AeeU Xg
Z'e]#X
jo\g$&`fe
'%^ j`%ea"e
'dd$a!d$a*
X'pZ'e] XccX'd'a"
$ea\X'l
B$eadl
$aPSbP
'mX$a X
$aYSbP
'd]_ X%eaX
$aZSbPcX'Y*
'g] X%eaXS|'e
'd$a0X'l
fe`] X
hfe!eaX
'Z&`fe'ea X&`%fe'ea_ X&`fe'ea"
'd$aZaX'<ea"
'f'eai
Y'eU X
'j]#X.
&eeaXX%|5
X]#XP $aY"
hP9`X'fuea"
(X'eaa#XHn"
j]#Xfbnb\'eaWaX'
'SeaW eeaXRn$aY"
'\$aZRp%e
X%"Ze-
`aaS X(d,$ab
lZa- dZ$a\L'e}
X'y#M
DZ$aX}atZ$a'eM7#X`%fe$aa"
'qa.fePggT;:0v36C&"
'e]#XO
'3![ea#XH'e
#XqK$'e'a
eaXt36//] d'a03#X
'qBab`X'e
daX':dea"a
`aX'b10'egX
pfeQea$
b12&&'e]#XMe-
X'+feaR]ea"
0[aX mb
$aP+X':<ri2
'TWa_eeaXRQncR`eeaXRMncRceeaXRyncRbeeaXRuncReeeaX(kZ'e
7%["ufqYbaW Wad'aWq_aj'ea/n3sX(X'e
6#j\!XX'e
($Ln#`ee1g
aX(4Lu3p
4``eqf$eb
7%["da
u]&eaXEnb
3]]E#X'
ce-lgd!a
j]Yg|Rs$ qs]da eM&eaXY_ZR
=ZYgZR4
cc-aan#c\'ea, XX'e
4``eqda
$H!b]qdY'ea
k#j\!Y\,)XX'e
aX0qsvdY\atY'ea a\'en
i;T ]f'
bX'\.X'e-d'aW0qgd2
?<]#X(eG
FeeaXSE=eVb
u_qgbXQ$aab
B\8eF!~Ye
YLdY$!
Y07f|XQ$a`
ek%F&4u]#Xq5F"da
fa\Y'ea
7ZQt'aSm
y>r{@aX^
X'XaX'
Yd'aYS
pfeRea
9]]I#X'j
ZYtZ$aX(\'en
'Nw`aXge
yOeqX'6ReaYc
&eqX'^
'P%Z$0
Rl&eeX'
n`aH'e
+'uaXa'e
ySeagfaX(
cZc[jT6M
g%f,&R%
$qdd'ea
X'cA2'i3
c3p%fe
OeqX'7iTea
P'jb&ea
nZm`WY`X'zY'e
qdY'ea
p%YXR{
L#YXRo
w#P`X'e%h#
X`X'ea-
]e%eaX'
XbX'ea-3]e#eaX'
XdX'ea,$"(Q
Zm`,;j
X#ea*d'a
9]]I#X'jw
aX`eenbm
X'$($PLu
`q.fea"
LYdLQ$aYR}nbm
$>0v56bm
LQdLQ$aW
LYdHQ$aXSqnbm
X&eaXjnbm
4Tp$PA$P6b
$]#XXeeea, cX'e.`
X`eead
+'e+$w
XMeaVea?#X,X'bMeUea
d'aW`ee>0
&hFaX`eePaX'uX'e
`q.fea--]]3
$L'ea$QdHQ$a;
aXqaX'bl"q
'g4'eL'ea$AdLQ$aXPL'ea$AdHQ$aX`<(
q.fe=Ueai\+aXPeeeLea
'eRaXMem?#X
X'T@'a
aX`ee>
4|t36i
A$%en"
'5=Lea
'e ea27$wT\'a/
aXOaX'T\'a
eaX`ee`bqX'e<WaX`ee
A$'e}($Lu
`q.fea--]]3
<[]#XA
X($Lu#`q.fe10=!XMe
X'5Kea
{'e]#XMk-+$w;('e+
N'e $'d'aj%d&e
w4uk7'e
Y'e%?e
PzdaX &
baXpnb
+uIqg> W :
'3iA45
baXpnb
+uIqg> W :
iA4($YgwRa
j]#XMd
rnb\ea,"ZZm
"aX($agX($
!W cU`
5-36'e+j
'3EOeaYQ
\!euNea
m.#XoaX'>
&Aabmh
X'd'a2' 5'e82'
w$PU1@ea
a-<$P(!Tw
82'0'e
ebBaXSk\
ea, X'
M iW%m
X'd'abm #dn|
5!Keai
XA$'eF($b
bX'd'a
baXsnb"]A$($
baXsnb"]
> X'@W W
]biX'd'adn
5i\eaWaX'j
Z i_a`/,j
X'j'eaW
W(q%H&
\ea,(j
5YOea2&
nb\ea,
Ueenb"5i
w_>'e+
1Rm eair$aX
fX'T iW%m
X'H`ee
1Rm<!eai09aX`ee
a2'w9'e1
%Eeaa3'e
y>r;eeX~<X'67
x~Wiea"
eab`X'e
&Aabm(#
'd'a2'9'e82'
e>aX ?aX
iou2'
iou2'
m#FX'j
bmngi1
wu]#XMeE{ea
eaaX'$d
ea-sX'e
1c;aX`ee
N^9X'XR
MeQ}ea2&
ea-2X'e
YQ$#YX&!"Z%
]h[a]aYg^a^
w$PUpea
Rsqeae
<X'< Y
/#P`ee
T q> q
&'e]#XA
'3%zeam
'39zeam
/R3aX!'e>
3gaXt36
'e]#XeaXxee
fzH89\
b`b]PQ '
XOeaXg
N=X'Y2'
2aX`ee20#X
eaXP20s#XO
cX'P'ea1>
n^j'e]#X`=e
XOZaW'
aRi-/'
aW3aX%d&e
w36+tqG#
aX'-/W
-#T Y2%
pea2'$w
6X'3reai%Q :?0
a0eaXMf
X'eRmqea
Uea$P>
q2B>AT
a0eaXMa
X'eRm]qea
Uee7S3aXq
aXdaX':?
4ht36r>[
'bX'ee'e%7d
%$L&($(%]F& Zc-#
%iJ`Za-$T(!Z
6JeaW W!d
ZP5d%e
JdaX(4(
sbnj Yb
!4P(3^
nrnd$ mW%irmnumH& b
P_eeI'ea$H0Zmh#XjaX'Zmy#XbaX'J09'ec@
eNfnr[
PeabaeaXfnr[
bndd\'ea%xj
&@X'eg
eb`W&`_e,-]Rlg
eb`J{}'endd
\ [("Y
aX'XX'e
\ \(beeaXRo
eab`ZnW.
gb`-$&
?eaX'=
!XH$*ge?
X7%a%a_6
X'aL'aV
X7%aMa
p$TA$Tb;,q
$PA$'e'eabm`wL
''e_'eaW0L
0bm\!Y
/6$P&!WunjHu
/j\!XX'e
I iY%n7j
5ueaW
gb1bm`w
7aXha[4
`lzH84
\'ee#X'
li<Z'e
ivilW[cX'j%
Zq\4'as3X
ZX'bpj%
ZQ\0'af\'a
v~:X'[bM#X
'\$U'abOb
Ieabe#X$`eeX
4aX 4aX
uhXee=veab
veaZnW7l
ee$`ee1/4aXm#X 0yeaf$peePH \
'fd'aab
'fd'aab
be#X(4L
'l'a+_
ea$$Xeenrq'a*
YRa5}nb1fd'a
XOeaXg
PB,X'$
.aX|Y'e2)aX
aXXieea-cYbm
'a0g]aXM%-kea/#XH
XMe%jea
XieeaWaX'T'a-aXA$'e0qj'enb
daXpieed%e
@($NAY'eM/#XQc-aX($NAY'eM/#X
xW 1E`X'tP'aSue
-aXA$($S$TP'a.aX1'e}/#X':r
Xieea-"
baXEnb
daXpieed%e
$-/2ieam%7e
A$'eN($YfwRmnb\ 9
b6.aX(<
V/X'T#
baXsnbd 9
P($afwA$p
'enzX[
afXx;:0p
aXXieea,
$PUaea0
daXMe-/
'e+cea0$daX)X'Y
z4xt36kq|8'e
uaX'i ea:
'Y0g]aXMem/#XB,X'
'eA4Mu
5m#XJ'X'
T'a[#aXMu
daXpieel%Yb12'
x&ea["m
'a1E`X'tP'acu}
:-X'Pc7 aXMu
r-X'T 1
/daXt36
b-X'PP
tRinb"K
'enRX[
%H&5meaM
y>ri`X'67
5uoea`
2+X'DH
a0eaXMf
/R&aX`
2,aXmd
6ZmoJ"X'3
y>ricX'36=
'e"eaMd
1-aX}7zX'
59beaQ
5oeai&
1w#aXMe1
3-/Wc'aXy
#aXMe10
'edZaXx;ri`X'36&R,
{ee5bea2'5
B'aRmn
{eeabea2'5
B'aRmnJ X'Y
qeeMbea2'5
H'aRmnn X'rpea
3daXt36:$PH`
wg 'e;
#X'Y`-4
3&aXMe
H'ac!aXMe107#X0i
'e'eataX
Y'a3!aXMe10�i
]-%s2'$w22Rdea$P
e ZaX!'e
'a&aXMe10
g'e2_'aX
$aX''e>
3daXt36zm?s
LT$T]N-
a0eaXMf
L07#X#X'
_X'q0'aXMe
ab10'aXq
\N_X'Y
eeQeea2'5
+%aXx;:0
cY'f'e2
T'a+eaX3[aXO
ee%/VXaXMd_w$P}
1&aXm9
~0#Xb X'
eaXWaX'
1?[aX[x'e
uPqWWL
VH60#X
6'aXET
6Zm/#{d'e
eaX['e
2feaAoaX
1GZaXMe1
\6ZX'U
]X'qbm(#b'e
ZaXMe10
3daXt36Rm
`v(X'e#%en
1[aXb' T>daXa^'e
_X'>0dj
l`nb"e
+X'ePaXA,($.
59geai
$\d[-:6
5mgeai(aXG2
5Igeau
1[^aX,
YTHPgci:?
4Lt36Rm
c{\aX#egX'
i1]aX 27$w
mYRi-73<
mZRB-73
qeenYX'
;`aXt36zm#T
wX'YFSaX
"'akYaXMe10]#XV
a\'e'wR?]aX
`0_#Xa
chnfaX(\'e\
l!AWAeX'
~5$WJeX'
(Z'e:#eaet,;
#eaew*3
uj&ea'7X2
daXIeX'X1
t6n#faXyeX'X-
t1neaXXu\
b65WnbX'['e\
bX'['e
1Twd'e7
on'e'$ea07#X
'RPaX`
$ea\iaW4bX']
@eaaaX'~
mXSp'd
Md2m}X'Z'e#+e
wCc'e+Q
5 ea2'5
uRQaXtcX'
Zee ea2'5
l'e&ea
"52oiKaX
&ea07#X^YX'
QaX`X'\
/}@eaYdaXO^
RX'l/ea
"eekRX'
tea5daXOu
qeekRX'
aX'y10
1\aXm"aX
eaeaXOJ
NeeknRX'
j'eAOw
seekSX'
Yqm'eq7l'ec&x;:0
ea)Bea0#X
ee7sRaXyL
TeaTaXt36Zmd
S_SaX~rea
eneaX
[&ea,5VJaX
aX'q2'$w
eaQj'eaZa-
H&RX'qZaWaX'T
5hSn 7X.&T'
1QaXMe-
eadT3^XSjo~NX'j
q2-/<H
2RX'\+"T
^\9$P\9e-+3u
q2-/x'
'e7faX~l->WKKaXqc]'e8
a2'j'e1UaX`
XOeeX'X
SahRYnnOX'
P2SX']o'e
\'e8iY'e
vUX'P.
oOe!X'
tWHaXT`X'i2!
+lWaX'X
PX'^(X'e
e^wk'e+
,'aKTaXMe10S#XS=
>X'X'e
eau'wh'e
iUaXd'e_
y>#e4`t36&
a07 XSX'T
7X'bMc
bMX'>0> Z'
JX'l,16
'ea2"6
ead$7eaX $w$w69
'uX'e=$YdH$aXSl
$L'eaB
U]7 X $w
aJaXwu'e
vx;:aa
*LX'k'e :r
Puq5deaLrreabmX'e
ab1b1Tw
ab1b1Hw'v'e
eab1b12'
Px+ee^x_ee22'u'ehSc
'e-Wt'e-Ot'e
eXRaPl
eNaXMq
Xqw'e+
PTaX'@x8
i!eaXy
z4Tp6#
XOcaZ'
aRi-/7v'ehSaPX-?
4Lq2-3$@A$@Yql
eaTgX $w
eiXb}1
b($@x;r
w36@XS''ee
HLaXwt'e
#XPhRaPxm
MX'$yqX'b
\L$THuY7-77u'e+
eaN$T0q#ga[<X'g:`]c'
J q'e@aX m
X'l,<[bi1Ru
eabi`m
=N.eaB
$t r'e
$ b=$ Zi
eabPsn#VVl,-j\
YaXA$'e
(]cB'ea
$4F2%2
.MX'LA$($
*$x;:0
YaZ'~'e2
XRh2CMaX
b'aaXp
POa`X'3
nJX'LO
10#Xwr'e3
x'jT&eaeaX'X'en
<ee13OaXy`aX
c&eaby
Ws'e[&ea
eaeneaX/z'e
;`a'eX
?Y1S &
q'e+.uea
<ee1MaXyd
p'e/q2'
aX'%-/[}'e
|'e&t|'e
aXx;:0
iY'e6g~LH
;Heab`b]]U
'a0$eax3'e>0
aT$P]`W&
bm\"daX'
[P i]q|'e
earmS1k]1cYe
earmW1k]
nGX'Oz'e1
CaXOa`X'
Z'e5EQ
CX'T^gaXH
eaTT"gaXO
eay3aX
GaX.neaX
w|'e73
XK{[aX
10[#X"CX'Q
DaXYM'e
k0'aXZ@X'
e&h'6Oea
&AX'Y2'
p<Lws%
$`-/x'eA4
r-7x'eA4 6
D&j !R
ea2#$@w
P"5-:eaL
T($!g]g5
:eaRunb
7g1cxaXtj
dW0cub
B|X'$w
a2'{x'e
57xaXqoF'e&
y>rozaX}X'67
5'a~aXh(X'e
KDaXiQ
57~aX.
?DaXiQ
Tj}X'ii%TPc|naXx;:0
iAX'C'e2
Oa`X'gE'en>ea!
da-2/Y4Jm
'a0#Xa
1EaXud
\5'e'wOF'e
X'6e;ea
1X'`X'eJ
aaXt36
b'e'ii<P<'e2xaX0isg`
~aXwkx'e
1zaXOa`X'
EQj%ea0#daX
5)=eaL
mQj%ea0#X
1WzaXA8'e
wF'e;q
Y'^a'e
zX'lW`X'
10[#XN}X'Q
z0faX>zX'
]]Uh(nY'e
Xea ~aXOa`X'
5Oi\eaWaX'
/lWaX'
'a;~aXw
ee7xaXuQ
{X'q2'
y>#e4Lt36zm)uTbt+B'e
TZ{X'41cHu
!;|aX2
RvX'6y=eaRi
raX`2WsaX
Xn{X'23>eaAaX
vX'30eabTUX'bx;:0v52
K$YvaX md
sc,:Y[
ee1raX LN'e
P:{X'm
y>7e442
yX'5^&4t7
y>#e4xpA
b1G|aX2/X'b
ab1+|aX.
X':7e4
C'eq2ea
d\ea=$X'
DeagaX
]#X/D'a"
eaosaXw7B'e
$ea|aXi
'a0#XO
xX'i2'
h(c\'ePI
lo'enX'enTfaX(
w3K'e&aX
e5a4eaS
b(:Y'e
&eae$aX
1C}aXm
b8L<`^
rX'r'e
NtX'"'e
w[O'e7
53eaxX'
mQj4&ea
]wN'e8
T(,Y'e]#X/D'a"
wX'H{'e
cJ'e=JaXx;:aa
'm}#X`ee
a2'J'e1uaXxH'0
D=&@^j'e
&Oa`X'
P%fe7eaL
a0eaXMf
XMe7cuaX
7eab1?uaXJX'
2&$w$w
B'a0&ea q0#XOD
X'ga2g3H'e
N'a0#XO
rX'd'aP@ee]#Xq6
G_eaW
OeaZ'3
\$aYRL7
OeaZ'3
nX'd'aP@ee]#XMa
R'a0*#XOgaXi
'a0 XO
6@hSA70-#XOh
]#X/D'a"
y>rtaXflX'36
`'e]#X/D'a"
'{8ea]uaX'i2
a,fe=5eamh(Y'eLNaXOe
5m5ea'e
]~q5m#XO
'je#Xpje#Xp
6{taXA
Y'a0##X
'FNeai%W@
+gaXps'y
'a0#XO
a2'U'e1naXxH'0v2
5Ld'aP@ee]#XOB
'gV'e=aXO%
S'e&OaJX'T'ahaXx
daXt36y
NaX`eei
'd'a0#daX
12'R'e&MeCw
jX'$WdbX'
aR-ea2'
nmX'Y2'
2gwS'e
&jX'T?j\
l,(1Son#RNeoa$da
'm}#X`ee
a,fe*eai
fYj%d&e
&760 XlX'Tj%d&e
fY7'eW
Y`XR$ d1*ea
M#Xj%d&e
M#Xj%d&e
fYj%d&e
&760 X
Y`XR$ dW
aee+eaiW
Y`XR$ dW
ee!+eaiXaXj%d&e
fYp#T'e#
Y`XR$ d
FaXpS'e#
eaR ea"
'm}#X`ee>
aaXt36*>`H eabaX
'ea ea0#XMe
Y'zamaX
hSQ ea
- ea2& ^'e
\&ea0#X
_baXwS'e
XvfX'
1C3qQj
YU-eaW^
b8L9\w
1GoaXMe
aXMe eab=e=e
bbX'e=e=e
fX'd'ax$ea"
X'e0'eXO
akcaX]
10%gaXvcX'
XS$afaXP
%'a0 XbX'
'afaXO<
fe$eaL
X'aKfaXOt
'aX'Y0 XeX'
ee>aX2iX'>X
#XOgaX)
5Tr/X'
$a7maXO
'a0%eaxptw
fe%eaW`
ee1(d'a
)%a07BaXOaJX'T'a`aXmT'e
)%a0BhXOH
X'T'aS`aX`
|X@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@[de'eaX@e\de'eaX@q\de'eaX@u\de'eaX@y\de'eaXr
C%1`aXibhSL`` ZA,
d&WbhS`
2'_Y'e
:~X7eau'uaXaEe'uaXTHaEeaX1EP
aP'eaX@E\de'eaX@I\de'eaX@M\de'eaX@Q\de'eaX@U\de'eaX@Y\de'eaX@]\de'eaX@!\de'eaX@%\de'eaX@)\de'eaX@-\de'eaX@1\de'eaX@5\de'eaX@9\de'eaX@=\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@
\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@\de'eaX@a]de'eaX@e]de'eaX@i]de'eaX@m]de'eaX@q]de'eaX@u]de'eaX@y]de'eaX@}]de'eaX@I]de'eaX@M]de'eaX@Q]de'eaX@U]de'eaX@Y]de'eaX@]]de'eaX@!]de'eaX@%]de'eaX@)]de'eaX@-]de'eaX@1]de'eaX@5]de'eaX@9]de'eaX@=]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@
]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@]de'eaX@a^de'eaX@e^de'eaX@i^de'eaX@m^de'eaX@q^de'eaX
0D+I6De
eD5S!C
22YKZug%
edub&ogJ
Pt}<jm<ba<
8m<Ja<*
8m<Ja<*
22YKZmgJ&O1Sed
-BJ8E&Ey
tEcEx!E
e>RE>N
em]eK;t8vPtm@0>K
m6gj1e
ab3u>St
X&u>#U
Ep_Jgq
8HYK[0<3ic
e]euJc
|2]e\m>+U
E2rSle
cTus1<
6>k`+e
0Iv5*e
e{0fJ[Tm[
Kgv{0fJ[
e{0fJ[dm[v
Kgv?@v'@v
m?@vUf
LeJtJp
m{0fJ[v
e{0fJ[Fek
m{0fJ[vMeX
g<o< J
e=^Ae[7
We{0fJ[
e{0fJ[Lm[ve[
m{0fJ[JeB
Kgv?@v[
e{0fJ[Tm[dm[Lm[
@v'@v?@v[#
je{0fJ[dm[Tm[Tm[
Ee<o<J
[5l*=^
.D %KZe
KzZdXs
3_e@/_
p9{Knee
%Knee@
%Kze^((D;YB)* RY_)(
cJ_)(JS!**OYu
?I&U?Ye
f[9*OY^((O<=y7uT
eeR#C1E#A7J
eT&eY1W [
cX1YP7(
?I&U?Ye
f[9*OY^((@j@*
{X3@1Ydh
+@1Ydh
,FAse^((-W[B1S@3YB1SY^$('R[P76
xKye{Knew
bo3@$EN@
e65RE6EW
]7SV8)
e&E_$O
W&$U,fo$PC,6
sE.o$UF*
7o3@J@d
T&'X76h
&E!39x
m\UU.TPH$'ST;T$U#]'eB5'U"U[
h*1ZYS!*,Z[d
"U9,Z[9 RYY<*TS
1FT&Q"-eEyEy
o^((-W[B1S d
&YB1SY^$('R[~[d
U+S1Z+B_6U6.
eB5'@6
-BJ8J61FJ
eeY1W [
*B$S(u
0B+5W!eX
reFKZee@
6@1>eEe_,J_
sKzee@,@6*[@
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
closesocket
connect
gethostbyname
inet_addr
ioctlsocket
listen
select
socket
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
SysAllocString
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
GetStockObject
DeleteObject
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
__GetMainArgs
_sleep
_strcmpi
_stricmp
memcpy
memset
signal
sprintf
sscanf
strcat
strchr
strncmp
wsock32.dll
ole32.DLL
OLEAUT32.DLL
WININET.DLL
KERNEL32.DLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
CRTDLL.DLL
L�<�C�<�C�<�C�
P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�
d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�
L�<�C�<�C�<�C�
P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�P�C�
d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�d�C�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.