1.9
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.77
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200117 | 18.4.3895.0 |
| Baidu | Win32.Worm.Mira.c | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200117 | 2013.8.14.323 |
| McAfee | W32/Worm-GAT!406CEE7C7DBE | 20200117 | 6.0.6.653 |
| Tencent | Worm.Win32.Mira.a | 20200117 | 1.0.0.1 |
静态指标
动态指标
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\lklokt.exe |
创建隐藏或系统文件
(2 个事件)
投放一个二进制文件并执行它
(1 个事件)
| file | C:\ProgramData\lklokt.exe |
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(1 个事件)
| section | {'name': '.NewSec', 'virtual_address': '0x0004e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00001000', 'entropy': 7.104684871522107} | entropy | 7.104684871522107 | description | 发现高熵的节 | |||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.32372893 |
| AhnLab-V3 | Trojan/Win32.Fakon.R291518 |
| Antiy-AVL | Trojan/Win32.Agent.icgh |
| Arcabit | Trojan.Generic.D1EDF89D |
| Avast | Win32:Malware-gen |
| Avira | TR/Zusy.BQ |
| Baidu | Win32.Worm.Mira.c |
| BitDefender | Trojan.GenericKD.32372893 |
| Bkav | W32.FamVT.MiraVM.Worm |
| CAT-QuickHeal | Trojan.AgentPMF.S8880688 |
| ClamAV | Win.Trojan.Agent-1388655 |
| Comodo | Worm.Win32.Mira.AA@59ticr |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.c7dbe8 |
| Cylance | Unsafe |
| Cyren | W32/S-9d9efeaf!Eldorado |
| DrWeb | Win32.HLLO.Siggen.5 |
| ESET-NOD32 | Win32/Mira.A |
| Emsisoft | Trojan.GenericKD.32372893 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-9d9efeaf!Eldorado |
| F-Secure | Trojan.TR/Zusy.BQ |
| FireEye | Generic.mg.406cee7c7dbe87b8 |
| Fortinet | W32/Mira.9C5!tr |
| GData | Win32.Worm.Mira.D |
| Ikarus | Trojan.Minggy |
| Invincea | heuristic |
| Jiangmin | Trojan/Agent.iezf |
| K7AntiVirus | Trojan ( 004993691 ) |
| K7GW | Trojan ( 004993691 ) |
| Kaspersky | Trojan.Win32.Agent.icgh |
| MAX | malware (ai score=89) |
| Malwarebytes | Worm.Mira |
| MaxSecure | Trojan.Agent.icgh |
| McAfee | W32/Worm-GAT!406CEE7C7DBE |
| McAfee-GW-Edition | BehavesLike.Win32.Worm.fh |
| MicroWorld-eScan | Trojan.GenericKD.32372893 |
| Microsoft | Worm:Win32/Mira!rfn |
| NANO-Antivirus | Trojan.Win32.Zusy.ethqlz |
| Panda | W32/Milam.A.worm |
| Qihoo-360 | Worm.Win32.Mira.A |
| Rising | Worm.Mira!1.A270 (RDMK:cmRtazp5EQQXzDtdOqceV+r82pdV) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Mira-B |
| Symantec | W32.SillyFDC |
| Tencent | Worm.Win32.Mira.a |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-02-27 14:41:59
PE Imphash
dbf687d6aa2a6cafe4349f7b0821a792
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003c000 | 0x0003c000 | 6.080451775497244 |
| .data | 0x0003d000 | 0x00001000 | 0x00000200 | 1.219839492304036 |
| .rdata | 0x0003e000 | 0x00003000 | 0x00002600 | 5.008530245268908 |
| .bss | 0x00041000 | 0x00005000 | 0x00000000 | 0.0 |
| .idata | 0x00046000 | 0x00001000 | 0x00000a00 | 4.294939157790109 |
| .rsrc | 0x00047000 | 0x00007000 | 0x00006800 | 5.99541472509758 |
| .NewSec | 0x0004e000 | 0x00001000 | 0x00001000 | 7.104684871522107 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0004d454 | 0x00000084 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x0004d4d8 | 0x000002e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x4461b8 AddAtomA
• 0x4461bc CreateDirectoryA
• 0x4461c0 CreateProcessA
• 0x4461c4 CreateSemaphoreA
• 0x4461c8 DeleteFileA
• 0x4461cc ExitProcess
• 0x4461d0 FindAtomA
• 0x4461d4 GetAtomNameA
• 0x4461d8 GetCommandLineA
• 0x4461dc GetLastError
• 0x4461e0 GetModuleFileNameA
• 0x4461e4 GetModuleHandleA
• 0x4461e8 GetStartupInfoA
• 0x4461ec InterlockedDecrement
• 0x4461f0 InterlockedIncrement
• 0x4461f4 ReleaseSemaphore
• 0x4461f8 SetFileAttributesA
• 0x4461fc SetLastError
• 0x446200 SetUnhandledExceptionFilter
• 0x446204 Sleep
• 0x446208 TlsAlloc
• 0x44620c TlsFree
• 0x446210 TlsGetValue
• 0x446214 TlsSetValue
• 0x446218 WaitForSingleObject
Library msvcrt.dll:
• 0x44623c __getmainargs
• 0x446240 __mb_cur_max
• 0x446244 __p__environ
• 0x446248 __p__fmode
• 0x44624c __set_app_type
• 0x446250 _assert
• 0x446254 _cexit
• 0x446258 _ctype
• 0x44625c _errno
• 0x446260 _fstati64
• 0x446264 _iob
• 0x446268 _isctype
• 0x44626c _lseeki64
• 0x446270 _onexit
• 0x446274 _pctype
• 0x446278 _setmode
• 0x44627c _strnicmp
• 0x446280 _vsnprintf
• 0x446284 abort
• 0x446288 atexit
• 0x44628c fclose
• 0x446290 fflush
• 0x446294 fopen
• 0x446298 fprintf
• 0x44629c free
• 0x4462a0 localeconv
• 0x4462a4 malloc
• 0x4462a8 memchr
• 0x4462ac memcpy
• 0x4462b0 memmove
• 0x4462b4 memset
• 0x4462b8 rand
• 0x4462bc setlocale
• 0x4462c0 setvbuf
• 0x4462c4 signal
• 0x4462c8 srand
• 0x4462cc strcat
• 0x4462d0 strcmp
• 0x4462d4 strcoll
• 0x4462d8 strcpy
• 0x4462dc strftime
• 0x4462e0 strlen
• 0x4462e4 strtod
• 0x4462e8 strxfrm
• 0x4462ec time
L!This program cannot be run in DOS mode.
.rdata
.idata
.NewSec
E;Es9}
<t6p t<~ @tO
x7EZ[^_]
UW1V1S
eEEE$@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E$@
UpPl1|pl
;u ]]$}}
4$Yt8 M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E
++C B4CUNGB
t-S4C0
UEhEE]u}E
E]u}]E
UEhEE]u}E
tB1u2=C
UEXEE]u}E
80S4C0
t(S4C0
x9JtD|IS
]uEEEE
]uEEEE
]uEEEE
UUWVSLE
$UE@M@
$IMEQh$9t
$YMEQh$9t
$iMEQh$9t
]u}EEUE
Pht%$9t
UE]PhXdE
$]u}E$@
|u9EEP@
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
UUWVS\E
EuSEUE9B
Et1@t@
UEXEE]
Et1@t@
UUWVS\E
EEUEn@
EuSEUE9B
UMWVSlE
UMWVSlE
UUWVS|E
@;Er]E[
@;ErEU]H
]xEEEt
$u}E$@
oUUWVSlUE
UUWVSlUE
9t1]u}]
[^_]UU
[^_]UXeE
$B4$Z]u]U
UEXEE]u}E
Eu!PRD
u9Et4+_
9}]t7q^
8"t-EE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
e[^_]EAAAA
uEAAAAEAAAAE
EAAAAEAAAAE
EAAAAEAAAAE
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
[^_]o2
UWVS,PXD
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]PXD
H0yAPXD
EUM]Uu
M9Mv uMEU]Eu}U]
EuaE9E
UEEEU]u}]
Mu,9vZ
1E]E}Uu]
W11V1S
tplhl$
D$'\ t&
ME1UfE
:|,1\$ \$0
t$$t$4|$(|$
\$ t$$|$(,
D$,L$(D$
T$$D$ L$
T$DfD$B
\$0fD$0
|T f|T`B
UWVS|$
t$@\$@L$B
;f9yD$
|[^_]fD$
\$ fD$
~t$`1L$@
tfxJ\$
[^_]uUt$
~ML$$t$$
~;D$$p
~PL$$q
[^_]Ov
1D[^_]
|$lOD$
~D[^_]
D[^_]fD$&
tH1|$(M
Ky\$\u=L$
|$\T$`
UWVSd\$xl$|
2L$:zQ
1d[^_]
1D$8L$
HyfD$8xfD$
UWVSLt$`l$d
:L$"ZQ
L[^_]1
HyT$ \$
LS[^_]
Iy%LbD
t,K9w4
0^t&K9w.
B9w[][]
;Ew,t&
Bt$H9v
9pr(t$
EZ;]]r
u39~rdF]
E9]EEr
9rrTB]
u)]u}]
9rrdB]
E@E9]EEr
9prw;M
DF;gUS
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
t>BtmEM
$rE]u}]
$UEP&A
]UUWVS
T$ E|UD$
D$ |UD$
eOEElD$
$SEJEEE
$@$EVE
rUMWVS
$EJEEE
$@$EFE
pUMWVS
$EJEEE
$@$EVE
rUMWVS
e|EElD$
$EJEEE
$@$ECE
nUMWVS,
enEElD$
11dE1X
'x $t&
cUMWVS,
e_EElD$
dE1X1\
$9\rpw
eUMWVS
$@$Eek
]EUu}]
UWVS<U
EMu`EED$
]UU EEE
$Uu}E$@
$:EUEEU
$8EU]u}]
UU EEE
$U]uE$@
$?7EU]u}]
]UU EEE
$Uu}E$@
$EU/EEU
$5EU]u}]
$;U(E$U
uM }u$}
UWVSLE
EUe[^_]
7UWVSLU
EUe[^_]
DUWVSLE
0P&M U
EUe[^_]
>UWVSLU
U N 1%D$
EUe[^_]
E$]U u]
E <$D$
@ 1vE D$
a0L$/4
@ -6m D$
]U M$}>D$
W ]u}]
(]] uu
$WEEUs
AE]EUu}E
$YotuH
$]u}E$@
$;"UExE
$]u}E$@
$!UExE
$]u}E$@
UWVS<E
1t+u+t
$P$WUWVS<E
1t+u+t
<[^_]#
$P$WUW1VS
$P$US$M
E0EE,l
;E |qgfff
M(9Mt\EU
$P$UWVS|E
U ElUE
EET$$U
1t+u+t
|[^_]S<1u
Bu+E1E
UWVS,E,EE(l
C;]$s!U
CG;]$r
$X?E(UM
$<?E9Ur
U2Cu9rE
e[^_]E
<$MEMP
EET$$U
BdEBhEBlEBpE
1t6u6t
9u{tEC
,A<8w4
D$ E$T$$
D$ ,T$$U
|,U$HB
T$ 4E$
BHEBLEBPEBTE
E$T$(L$$D$
Bd8Bh<Bl@BpDBtHBxLB|P
B,EB0EB4EB8EB<EB@EBDE5
FJ8tJU
$%\$ ~
c%\$ (
$P$US$M
UWVS<E
$3;]$tb
tO%tv}
C;]$uE
%uC;]$tE
u!C;]$tM
R4UVS ]
^]kTU(
UMWVS|
MU E$@
e?E]l]
hxUxBl@
||8\A
\|@@B4E1<<
$E,|B
80tp@U
)UMWVS|
MU E$@
rxUxBl@
||8\A
\|@@B4E1<<
80tp@U
D$ E$T$
D$ E$T$
U M$$@
|htL$/p
x|e[^_]
$hp)dL$
UU EE$U
U8uE u
]U$M(}>D$
4$L$ D$
U t,t$
]u}]UWVS
$nXlD$
HlL$+@Ep1D$
@L$+<P0
T$+@Bl
kUWVS<
eE|lp<$yl
Od|dBl@
0L$'D,
0C,<$D$
EUEEUE
&{TPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUWVS<
eE|lp<$ll
Bd|dBl@
0L$'D,
0C,<$D$
EUEEUE
&nTPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUUWVS\E
$>\[^_]
UMWVSLE
$yL[^_]
U]Mu}EU
U]Mu}EU
$R]u}]
uEE}UM
UMWVSlE
t ]u$E
El[^_]
$bEl[^_]
]MEEUEIB
$E|[^_]
E|[^_]
EEUu}E
t&]u*E
EEU]}E
t&}u*E
$4E]u}]
$E]u}]
UU]EEu}E
E@t']u+E
$2E]u}]
EEU]}E
$nE]u}]E
EEUu}E$@
$D~E]u}]
UU]EEu}E$@
$B}E]u}]
$m|E]u}]
$]}E$@
EEUu}E
B@t2]u6t&
$yE]u}]
$yE]u}]
UMWVSlE
$wEl[^_]
$s.UWVS
UMWVS|E
$NrE|[^_]
rE|[^_]
}EEEEUE
@@t.}u2&
pE]u}]
$oE]u}]
$%nE\[^_]
$mE\[^_]
$rl]u}]
$$k]u}]
U}1EEU]uE
iE]u}]
$hE]u}]
UUWVS|E
$8gE|[^_]
$fE|[^_]
UUWVS|E
$heE|[^_]
$dE|[^_]
KUUWVS|E
$cE|[^_]
$"cE|[^_]
{UUWV1S|E
$aE|[^_]
$RaE|[^_]
UUWV1S|E
$_E|[^_]
$_E|[^_]
UUWV1S
UUWVS|E
$(\E|[^_]
$[E|[^_]
UUWV1S|E
$XZE|[^_]
$YE|[^_]
;UUWVS|E
$XE|[^_]
XE|[^_]
kUUWV1S
mUUWVS|E
$TE|[^_]
$BTE|[^_]
UUWV1S|E
$RE|[^_]
$rRE|[^_]
UUWVS|E
QE|[^_]
$PE|[^_]
UWVS|E
e1OEUE
$OE|[^_]
U]UEEu}E
$ME]u}]
ME]u}]E
EEUu}E$@
$NLE]u}]
$dKE]u}]
UU]EEu}E$@
$bJE]u}]
$IE]u}]
$]}E$@
$u}E$@
$8GE]u}]
$B]u}]
$kA]u}]
e5?EED$
}U|BtBu
#UUWVS|E
$<E|[^_]
6PxBtBu
]M|BtBu
eE4EED$
J|BtBu
e0E|D$
EpBtBu
eE-EED$
C|BtBu
]UUWVS
e"*E|E
3UUWVS
eu&EED$
<|BtBu
@))9rZt$
]]UXeE
]uEEEE}E
E]u}]E
$E+vUE
UU]EEu}E
UEWVSlE
El[^_]=
\dE|EiC
4$)1D$
9PrWp1|$
9BraR1_U\$
$K]u}]
9JrfzU
X?)9rY|$
9s3Bt$
)9snu~B
$u}E$@
U uL C
UjU(]E
u0F)9w
EJ?))9rRt$
8D]u}]
?J)9r[|$
?]9EUUrwU
X9s?))9rtt$
]u}]9st$
]]U(uU
<$E)(>U
UEEMEB
$I:EEE
$69E\E
A?));U
$u}E$@
$aUUWVS|E
$|[^_]
EE]u}E$@
$@]u}]
$u}E$@
9BUr~Uu
EHjU(}}
EE]u}E$@
$0]u}]
$u}E$@
9BUr~Uu
E8jU(}}
$]u}E$@
$]u}]E
$]u}E$@
$J]u}]E
}~UXeE
$cUXeE
U]uEEU
$@]u}]
$#UXeE
$cUXeE
$A]u}]
$~]u}]
$#UXeE
$cUXeE
U]uEEU
$>]u}]
$#UXeE
$bUheE
$sUXeE
$L]u}]
$c]u}]
$AUXeE
$(XUXeE
$(hUXeE
tD~@Q@
c_UWVS<E
7E|$/M
$UE19u
C@uaC@
C\u'C\
$#uOEE
$E]u}]
P0P@@J
@4A8A<u
$4UB@BI
;EE0AtM
$E.UMWVS
tlUEPXE
$e[^_]
$E,E3WqMEAX
$e[^_]
EpXX\
CdpueUpB\B
B4B8B<E
U]uEE}E
$E]u}]
${E]u}]
$EL*U(uu
EE]u}]
]9ttuF
U;:|CF
;9t19~!)tQC|$
P1SBF0
ChCdC@C
YLQ@9A
ALIPCT
$E>$BX
U9EXXPd
#t{]{T
$P$t:E
U]uEE}E
$:tfEU]@
$PE]CX
$E]u}]
E:IaUX}}
]u}]GT
_h1Wd)9]
G<~?O\U)
u6whO\U
F?E)\$
GhMW\)9EEr
GdeEGX
$\gGd\$
$AUUWVS\E
$\[^_]
UUWVS\E
$u\[^_]
]uEEEE
$R]u}]
]uEEEE
$1UXeE
]uEEEE
UUWVSlUE
e6EMxM
EUxBx8
UUWVS\UE
EUxBx8
hUMWVSlME
M6UMWVS\E
eR]UMC
EMUE]A
qUUWVS\E
EUxBx8
_UUWVS\E
EUxBx8
_UMWVS\E
EMUE]A
$4\[^_]
$RE]u}]
UUW1VS\E
$$UEMBt
$\[^_]
$OUUWV1S\UE
eDEMtM
$"UEMBt
$t\[^_]
UMWVS\E
$\[^_]
$yUMWVS\E
$YUXeE
EUtBt8
$1UXeE
EUtBt8
$RE]u}]
UUW1VS\E
$\[^_]
$WUUW1VS\E
eVEMpM
$UMWVS\E
$%\[^_]
UMWVS\E
EUpBp8
EUpBp8
$xUXeE
$"]u}]
$8p1D$
$"]u}]
$8o1D$
"EUE1}
*UqUheE
$.]u}]
$(UqUheE
]uEEEE
]uEEEE
$']u}]
]uEEEE
$g]u}]
]EEEEU
$]EUD$
$]YUheE
REUE1}
$:\EUD$
$m\YUS
[[]}OU
pl&$hd
$|e[^_]
$X)TL$
Nld)hL$
UUWVS\E
esEUE1}
t\[^_]
$K1UD$
$KZUUWVS\E
eXrEUE1}
$r\[^_]
$nJZUS
X[]}=U
UUWVS\E
epEUE1}
q\[^_]
HE1Ut$
$HZUUWVS\E
eHoEUE1}
$o\[^_]
1G1UD$
$^GZUS
X[]m:U
$'utJ$
p`1(@=
ie[^_]
$rld)hL$
$gktJ$
p`1(@=
$T_e[^_]
$hld)hL$
$69cU1
X[]}&U
Y[]-&U
$U]u}]
$`[UXeE
$ZUXeE
$ZT]u}]
$S]u}]
$SYUXeE
]uEEEE
$R]u}]
$XUXeE
]uEEEE
$:R]u}]
$WUXeE
]uEEEE
$Q]u}]
$O]u}]
$#UUXeE
$N]u}]
$sTUXeE
$ N]u}]
$SUXeE
$pM]u}]
]uEEEE
$L]u}]
$SRUXeE
]uEEEE
$K]u}]
$QUXeE
]uEEEE
$JK]u}]
$PUXeE
$J]u}]
$=PUXeE
$I]u}]
${OUXeE
$NUXeE
$WH]u}]
$MUXeE
$G]u}]
$;MUXeE
$F]u}]
UMWVS\E
$WC\[^_]
CtSt]u]
?XCtCu
CtSt]u]
$u}E$@
$&EUD$
E@xEtP
UWVSLE
$wllD$
$TCtCu
].UXeE
$~E1@t
$F=]u}]
u1EEEE}1
^H[^_]E
[H^_]E
-UWVS(E
C9u([^_]
4$ [^]
UUWVS|E
$2E|[^_]
$d2E|[^_]
UEXEE]u}E
$-1E]u}]
UEXEE]u}E
$m0E]u}]
UEXEE]u}E
$/E]u}]
$E]5t&
$EYUEXEE]u}E
$.E]u}]
UEXEE]u}E
$-.E]u}]
UEXEE]u}E
$m-E]u}]
UEXEE]u}E
$,E]u}]
$E]2t&
$EYUEXEE]u}E
$+E]u}]
UEXEE]u}E
$-+E]u}]
UEXEE]u}E
$m*E]u}]
UEXEE]u}E
$)E]u}]
$E]/t&
$EYUEXEE]u}E
$(E]u}]
UEXEE]u}E
$-(E]u}]
e}#EME
$MAX9EE~wE
k-MT$+Uyu
#Ee[^_]
8UBtBu
$e7 EME
.*MT$+Uyu
6UBtBu
$ Ee[^_]=uE
$]uE$@
$E."EU
$]u}E$@
$E*!EU
$u}E$@
||EH;E
En}t uu$E
UM4$L$
UU]EEu}E
\Mira.h
Saaaalamm
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow error reading the file
basic_filebuf::underflow invalid byte sequence in file
basic_ios::clear
basic_string::at
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::reserve
basic_string::erase
basic_string::assign
basic_string::append
basic_string::_M_replace_aux
basic_string::replace
basic_string::insert
basic_string::resize
basic_string::_S_construct NULL not valid
basic_string::basic_string
basic_string::substr
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
basic_string::_M_replace_aux
%H:%M:%S
%m/%d/%y
basic_string::_M_replace_aux
basic_string::erase
pure virtual method called
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
locale::facet::_S_create_c_locale name not valid
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
August
September
October
November
December
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
c:/mnt/samo/mingw/msys/mthr_stub.c
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
R`%uM]=];Z
uuvHMe
I x@ p+
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St11__timepunctIcE
St11logic_error
St11range_error
St12codecvt_base
St12ctype_bynameIcE
St12domain_error
St12length_error
St12out_of_range
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_fstreamIcSt11char_traitsIcEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14codecvt_bynameIcciE
St14collate_bynameIcE
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15messages_bynameIcE
St15numpunct_bynameIcE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15underflow_error
St16__numpunct_cacheIcE
St16invalid_argument
St17__timepunct_cacheIcE
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St21__ctype_abstract_baseIcE
St23__codecvt_abstract_baseIcciE
St5ctypeIcE
St7codecvtIcciE
St7collateIcE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8numpunctIcE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9time_base
St9type_info
AddAtomA
CreateDirectoryA
CreateProcessA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
_fdopen
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fstati64
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
atexit
fclose
fflush
fprintf
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
SHGetFolderPathA
ShellExecuteA
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
;33330
*7RTVVjrqmjr}
!/9?NGGaaq^^^m
+388<<a^^^^]^
#%88<Ca[]]]]]
#%''CCZ[^\\\]
#%'''<[[^^\\]
#%''<_a[^^^\^
#%''<<aa^^^^^
##''<_am^m^^m
"%%8D<aabm^^m
#-8<Iaammmmm
"#%89addammmr
$-8<Gdnmmmj
$-8GIdnnjrr
$-8GGhnsrr}
$-9Gdhnszz
$-9GGggs}s
+-9Ghgys
$1;GVvys
+/GSiiyy
+/?Tiv
jjuwxz.4DC\JJMU
'* KJJJ;t
99MJJBy
9KJJJ\
9#KMJJ\
=LMOO`
*1=R\QQc
*<=UUQ\h
*@@VU```g
2@CVVg`m
'2FCaccm
3F[Yam
%@74i%
(J@@=%
:TOJ7Q
Tccbk
Vcccl#
Vcccl),Fbb_:
Vccll7,bheb:
Vcj[S/dhhhbH
_VTTTPJJJBH
~s#MgR'Qj.(Vq
]vr Lhh(QjT/SiB3Sh'5Ti
Lit%Qla-TkM3Ti>5Sf85Qd(6Rf
Liz$Qli,UmU2VlD5Ti:5Rf55Qd1YD}h
Li|#Qmo+Un\Fsbcqy~xtvywvs^
~srrrr:oRdr}}xsqnlihglt
]{usrsrZagjlqqokhdb`__b
3zxvtsrHR]deddbcc_\ZZY]
~{ywvsGKQW\_``_`]ZYXX[
|zyv@FOVZ\^^__^\ZYXZ
~{y?EMTZ\^_`a^^\ZY[
|?FMTX\^`ab`^^\Z\
?FMTY\_accb`^^\_
?ELTY]_ccdbb`^^`
tELSX^acefdab``c
ELRX^acfhfcdccf
ELRY_cehiiffffp
FLTZ`dgiljiiij
FMTZ`ehkmljklo\
HNT[bfjlonmmpsf
HNU\chkoqqoprv
IPV]dinqstssuz
KQX_fkoruwuvx}
KRYaimqvxxxy|
MS[cioux{}|}
NT\elqw{~
OU]fmuy}
PW_gpv|
PX`iqx
NaHaJaF
/Y'3TmaY'#PZ99F'1Sm !9'!b
yF'(Sm Y/9FNH
xJD*xJJ
=n|eD#
VBmtFm
rr?w=|HK
>rjE~z
saD|LNH
xJ4AH4z
>x4u4n
mzH3J4
wL4v|qBlv3#
><>INHO
~kHt6qPL\Tx
I'2DC|H@I/
M~u}rr
Ll x.i<
86M~/t
Dh)L~9
DlaL~=
~+GtM=
>zHD's
~+GtM=
~7HrJt
=oB!5$d
1C~R?,
~'HD'#
%/D #K<|
yX9xHOD
M~1xrr
=M=M=M=M'
M~AVsFn
M~}TsF
G*fJ|n
cwr~93>
"Bm|: L
-8xG|LNH
1J4r|W
3mCuJ4zH
|qLDr_
NxG3qyJ
qyO|<NH
>x^nJDnx
Nx~J<vz
M9;u|ENH*B
IsFmzJ
HO|<NH
M>o/K<
HJDJ4Lgrp)B|<Tcxyt
~/ytFTg
DW<> a
E3xC]Axx
+H?T_x
Tcx!Jt
Dc HkzrF)H3
{n}LOx
>CtFm.z
TG|ymsFmP
DczLetGt|mzyHTG
L4NC~#z
LktOoCP
DcrF)H
4>M>Gz
3Vx|NH
_OO|<NH
3Vx|NH
3V|: LNH
OO|<NH
OO|<NH|
LIu|ENH
OO|<NH
OO|<NH|
LIu|ENH|
OO|<NH|
_OO|<NH
?OO|<NH|
OO|<NH
OO|<NH|
sF4Bl5
|: LNH
J4r*rfBnzyx|
LIu|ENH
oO|LNH
HO|LNHO
2|xLKy
H3sFsqOx|NH
Hl<,H+
vxrVx|
]|LNHO
Ncz|H3
H3J<*x
v~~jJDFt|
u|E|<m
x||~<>|,|<n<>~rJu
J<6zH<2
*D~J<NLe
0cBlwc
H46FJ<FM:
n}*sFmz
HV|: LNH
xVV|LNHO
DzJ_GB
rsM>zJDV
HDJohGDU
Nc6~cy<
v}J4b|
|;~yx||;
M>zL4N
FxyrfBm
zH>rfBm
3Vx|NH
3Vx|NH
[OO|<NH
/OO|<NH
OO|<NH|
LIu|ENH
>rrQH4f
M>sQ<&*HTn
zHjEU|<NH
HJO|LNH
HO|LNJ
J<xV|: LNJ
u|ENH|
"|: LNH
%Iu|ENH
>rrQH4f
xHd~<M>
9S4j/$nQ|
VzJlLI3
ezO=tan;z
5p|<NH
>rrQH4f
xHd~<M>
9c4j/$n1P
H4B UDO
>tFmLo)V|: LNH
>rraH4f
VzJlLI
>orrH4BbrK
BlRJ4Nmx
>rraH4f
nM|f<M>{?=c
>{zJd~<
a4Jrr`f<tFmM
>wtFmx
M13|D2D
>rrQH4f
nKJLz|
Gmtn(x
D,=;HB2c:
vxrVx|
O|: LNH
H>V|<NH
H>V|: LNH
H>V|<NwxkV|<NwxkV|<NH
LDINwxkV|<NH
M>Q<5q
4JFRJ4BO=x
VzJlLI|
J4BO=x
4JvQJ4BO=x
J4BO=x
4JPJ4BO=x
J4BO=x
M>Q<B7
4JPJDB
J4NO=x
J4NO=x
u|ENHO
NxxkLJ4
Bn]HG|
>J*Ox|NxxkLJ4
Bn]HG|
>J2*Ox|NH
HCH:4J
>{aJ4B|
H;HJ4J
>{aJ4B|
HKHZ4J
>{aJ4B|
H&pJLz4
vxrVrK
>rrQHd~H4f
M>t9xHoHcq 3
HzoJ4B
JO|LNH
7<NxJ4
M>y9xHn46
~?l=tr
HZnJ4B
B|H42*
<'zJCNJN
>{zJd~<
BlJJ4N
4JJJD.
vv0JL>
n|: LNH
o3yS=x
n|: LNH
]n|: LNH
n|: LNH
^k[tM>G|LD^
>?zyL4^
Ip2Tkd
^k[sM>G|LD^
nzyJ4^Tg|@
yrnHCH=D
Yq{O|<NH
rM>G|LD^
mzyJ4^Tg|@
~rnHkH<D
oWq{O|<NH
pM>G|LD^
QkzyJ4^Tg|@
}rnHcH^:D
QtFxXz
Vq{O|<NH
^k{nM>G|LD^
izyJ4^Tg|@
yrnHCH8D
/Tq{O|<NH
^kmM>G|LD^
hzyJ4^Tg|@
~rnHkH
Sq{O|<NH
^k;kM>G|LD^
qfzyJ4^Tg|@
}rnHcH~5D
qtFxXz
Qq{O|<NH
jM>G|LD^
dzyJ4^Tg|@
yrnHCH4D
OOq{O|<NH
^khM>G|LD^
1czyJ4^Tg|@
~rnHkH>2D
1tFxXz
Nq{O|<NH
^k[fM>G|LD^
azyJ4^Tg|@
}rnHcH0D
>rrQH4f
xHd~<M>
4jK#/$n1+
H[JLz4
vxrVrK
BlJJDN
M>#knx
>rrQH4f
xHd~<M>
$/$nq*
H[JLz4
vxrVrK
BlJJDN
M>cjnx
HOx|NH
HOx|NH|J4~
JVqz.`A
qzDu|EN
OOx|Nwz<xkV|<NH
A3Vx|NH
A3Vx|NH
|: LNH
M>R<_WHTn
vg JDB
NgzDH>#4.|<o|<
;tFn2|
nH"L4F
>zJDR|!Bm
>{|H4f
HLz<M>
4j(/UJD>x
H*J4BJ
H&VJ4B
NzJ4R|Bm/9H
HJ!|nx
>rrQH4f
xHd~<M>
94j)/$n$
izJd~<
zJ4Rm/9H
>rrQH4f
M>3S<bZHTnSJ4x
zJ4Rm/9H
vg JDB
4.|<o|<
;tFn2|
M>30nNz
>zJDR|!Bm
M>;anx
4JJO|LNH
M>P9xaz
;tOm|<
#%M>kz
GxD~42
H<.oe|
Nr~HD6
r~33M>+
;-o;31
;tFm|<
GxD~42
H<.oe|
Nr~HD6
r~33M>
7V|LNH
4j5/$n1
JL>M>Wz
94:kzJ4:
>otFmzH#
>zJDR|
ncc|}\Bm
j1sJ4*
vtFmx|
vxrV|LNH
^{PM>Wz
c|<osFm
GJ4z{JX
H4JD/<z
v|{R4.
2LgdLkx
4qO|<NH
Hd~<M>[
4._;/RCt
TczTg(
PHcL4^
Ip2TGc
SL~2<~2Ht
Ld^LkzJ4N
9(VDka
FD[zL?zTWp2n
<~+C}>t24
xrnH;H
uHTn@J<BJ4
M:T0$3OTLepMB/6M>sz
Bl:5M_=H;
L?Q F*
}7=x}!3
63Q)I"3/QH$[
LSQ!3Z[
x 3w=) 3*
wPb= F*JZ
6PH$ZZ
Qb = FQJ4B
>3Rw=\
'=x5!3/=x=!3B=
RH3!"3
?12H;J<B
>* |Ow_= aOb= F*vY
b= FO) 3*
b= FP)
= FP)) 3*
b;= F= = |= a
PbC= F
PbK= F*Z
O;Pbo= FO= S= |W=
) 3{=x 3
)!3QH3
>zJDR|
qO|<Nwxk|
) 3Ub=_
zY%3~d[OD
;OU|: LNH
M>gM>=zY%3~c
' 3HcH"
JD6|(Bmr~3+
F[zY%3
NWtanz
O|: LNH
M>gCM>=zY%3~c
' 3HKH
UJ4^~c
QzJd~<
JD6|(Bmr~3+
F[zY%3
NWtOnz
4.NO|: LNH
HTn24J<BJ4
M:T0$3OTLepMB/6M>sz
Bl:5M_=H3
EM>#M>Y
CQw_=x
LSQ!3Z[
C=xI"3
M>#-M>z
M>EA"3
b= F= =
{Pz7=x 3oPb= F
aQb#= F*[
b+= FQ)=!3
6Q~w=x
@!"3HC
b= F*bY
aO) 3*
b= FP)
= FP)) 3*
b'= F= O
P)9 3*
3*x! 3*x% 3*Z
bK= F P)] 3*
b[= F/P) 3*
=> 3c=xq 3k=xy 3s= 3H3!3
>3Qw=x
QJDBH34J
HD6mr~3(
RM?=]LNH
NFL@BA
x#q>4^ 3O=tO
UJ4^~c
TkzyBm
}|}:Bm
TCzY%3
HtnqR:4
7HC1hz
HcH\gw
nyrn~x
r|: LNH
u|ENHOH|
3|B"x~T
NO|<NH
V|: LNH
V|: LNH
<|: LNH
5Jl~cx~
Mn1|: LNH
vxrV|<NH
J/Ox|NH
MV|LNH|
JZO|LNH
vxrVx|
_O|: LNH
NHi|LNHY|LNH
xJL4Hl<
>rrQH4f
xHd~<M>
9O4jq[/$n
VzJlLI|
N7H4vk|4qJ
uDqw X|JX
N`=xkVBOx|N
DC\G2~xN
EHCH~Z2Lr?
DC\G2~xN
EHCHZ2Lr?
DC\G2~xN
DC\G2~xN
EHCHnX2Lr?
_JO|LNHO
v(yl|L
_JO|LNHO
v(yl|L
4JJDBy9mz
vxrV|<|M>zJDB
#Ox|NH
JDBy9mz
vxrV|<|M>zJDB
H""Ox|NH
4J&JDBy9mz
m|: LNHO
IKzJdLINH
>rrQH4f
>{zJd~<
M>W{M{M_
VzJlLI
>c*SB'mz
VzJlLI|qO|<NH
vxmzJd~<
HB|LNH
vH4fmzJd~<
VzJlVm
H3MzHQJLz4
vxrV|<
MLNxxkB
JkHvO|<NH
OO|<NH
OO|<NH|
Hd~<M>{
Hd~<M>{
xrnH;HFD
s#M>gz
HkO|LNH
Hd~<M>{
zrnHKHFD
s"M>gz
HjO|LNH
H3J4B|
qzJd~<
H3J4B|
i|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH
Hd~<M>{
c4Nuo/
Hd~<M>{
s4Njp/
~rnHkHD
H*fO|LNH
Hd~<M>{
yrnHCHD
H*eO|LNH
M>X<Az
H3J4B|
H3J4B|
AzJd~<
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
JO|LNH|
Hd~<M>{
J4&G=zL?z
Hd~<M>{
J4&G=zL?z
xrnH;H
H:`O|LNH
Hd~<M>{
J4&G=zL?z
zrnHKH
H:_O|LNH
M>Y<Qz
H3J4B|
H3J4B|
1zJd~<
N`<xkV|<NH|
<x)JBH1L
M3L9L9M9-/=
M9%/H2O|<NH|
<x)JBH1L
M3L9L9M9-/=
M9%/H2O|<NH
M> Y<az
J?w=tXmz
HL|M>zH4>
J?w=tXmz
HL|M>zH4>
M>+Y<sz
J?w=tXmz
VzJlLI|M>zH4>
O|: LNH
M>1Y<?
J?7=tXmz
HL|M>zH4>
M>7Y<Qz
J?7=tXmz
HL|M>zH4>
J?7=tXmz
VzJlLI|M>zH4>
D}T/'M9
/H2O|LNH
J?=tXmz
HL|M>zH4>
M>IY<_z
J?=tXmz
HL|M>zH4>
M>OY<#1z
J?=tXmz
VzJlLI|M>zH4>
y<mw:H
| czxP:B
VO|<NH
D}P/I2
<-e/2+>
M9/<m/
H*A%2G
Hw:?52Ox
M9%/#M95/3M9
U/SM9'e/cM97uHw
NwxkLB|n
u|E}c<
XytVn
D?m'|<y
rr4Zyc
!3kLIO
4OLNH|'2|"D
DK<tXnCu|ENH|'i%3~
zxi%3|
DK<tXnGO
N`=xkVJ7x|Ny1xkL
4dz?2H;
|: LNHO
0:`o<|4":
0:H4BG42:
<x`<x`<x`<x
Ht~5",D
:M<?R9
}79`o<x
CHt'2D_
+H#=rr
UL2oUL2ULTzT
NHn12xnp7Z*O
xHL~ UJ
Lbmt|n|: L
VzHJ2~
Ttan|: L
tOmz%3i
nz%3~c
szJd~<
;tFr|: LJ
;tFmw|: L
Z`=z)D
>xzLIu|ENH
J/9x|NH
SGtXntOmx
rr%`=z
H4r*tF3
A X|?D.DHK
W|hBmi
H#+=x^|oO`=z)DiF_
>xHnM|~5`=zD
13s'%3m|<NH
D~@J4r*rHc
>tFmAx
C9rJ%wJX
z)DpJ/
Hn|}^JLz4
vxrVx|`=z)D
*`=z)D
H#+=x^
ItXnx!J4r
JQz%HKHC=rr
qLcLNHO
Cz)DJg~
6L`=z)D
H#+=x^|o+
a@K'%3
Dr`=tFm#z)D
qtn x!J4r
13B '%3
ItXn4z!H
NtFnr3
X|tVm|wJX
AtOrT'%3
ILNHLB
tFmGv|: LNH
H;= X|
nrrHLeNH
OLeNH|
zH#= X|
xxL<n~
VxJd~xJlL
NxL4n~
u<VJDV4JDb
<FxH}nx
FtOm<FzJ4^"
NzJd~<
Fd2ex`xG
nq OmtFn
Tvl2xLp
H}HM>xN
NtOm^|}JLz4
vxrVx|
nh OdtFn
}HqDvrXoW
H}HY^xG(`f
y?cnzo
y?cnzo
F|?$(3H
y?cnzo
F|?$U3
-W LcL
nM F|LO
}PHcJu
XLM|: L
y?cnzo
/<L3HuoZz
i|: L|
nqLeLB
MBT|: LLB
BvrL3 BvDK
6?aB.nz13=
DL`V|%r
}ry;iD[
vx^jUM
TccLKz#Y"LGz
Le_BA8o
3LeDGzCQ
~hg|qH
u&s8$4~
wGpCujxz;u
v~JLN4
FzJ4Zu|E
LemrP%x
~hg|q%r
NoxJ4:
mx F<y%
H}m}x;I
LdNTCx
L<N\Cx
"pIf}xp
LDN\Cx
<y%z#i~
,x#%?|
>_BA8WUMq}
rH%tFn5
rq%x|rJLP
_H3;w|: L_BA8
|c|Wg@yF|
UM<q=%tFm=
v39J{_H;BwpJ
Ld*=LKi}|L
uLc]J;
|rL%(~m=RUW
u|E_3)|
v4_DsB
vc9LK9L;;y
v;)J_H;
v1_D~H
B_Bi{r@L
dr=>rM
|c|Wg@yF|
E|qJ;D
Jk!D}J[
%tXrrN}Bwz
|c|Wg@yF|
v FjrJ=
|c|Wg@yF|
EXc|F|
|<_Bl3.
|c|Wg@yF|
h^eJKUD6J;
3d+M%o
MI%r<d9BwG|
rUM?F_5>J
n@x}jH
BB8_BlLD
Jpl>_H
w|<_Bk
?yx|_BC8
oUM@F_6>rJ]
MVxp*|<
w|<_B+t
u|E_BC8
o=VpQ>_HL|SW
u}%ta_HK
oJ{y_H0|z9xs
@=B_H
n@x}w|<_BA8om
=Tpi>z
Le_BA8o
_31oq_3
mqLC1H
@_BC8od*
d9BwN_xrH
>6ns|=n|A
|c|Wg@yF|
;=B_H(
O|L>_H6
vEpm>z
_B+4s|
L_B+4|
_6JX|<N
_0|x|<
+BB8_BlLk
b_B+t|
rMB_~d
L_BA8|<;
o=*=B_Dv
r=o@*=B_D=
rJELBJX
MV=dxx_^
UM?|rq%x|rw
>LoNH|
d<DLcL|>T
Mpx<c@
>ef|>T
dzJdLIO
J4xJ/z2
v(F,mxH
H!DDJ4j"zJd~<
vxJ"wa
VxL4vk|
vxrV|<
VzJlLI
J4xJ/z
VxL4vk|
Fx^"zJd~<
VxJiaz
AuzJ<xJ?z"(PpxJDr
JFz"(`pxY4
JQaRHV|<
INwxkV
>rrqH4J
xHd~<M>{
4N0$nr
>rrqH4J
xHd~<M>{
>rrqH4J
xHd~<M>{
4N0$np
>rrqH4J
xHd~<M>{
4Ny0$n
>rrqH4J
xHd~<M>{
4N0$nn
>rrqH4J
xHd~<M>{
4N90$nQm
>rrqH4J
xHd~<M>{
4N0$nl
>rrqH4J
xHd~<M>{
4N0$nk
J?AxAxJq"
{cH0Ax
{sH0Ax
{GH0A{x!Jq
>szD~r46
H4.H3H
>[zJd~<
5|<;4M>z
>rrQH4f
xHd~<M>
9 4jY0$n!g
>rF!H^
vxrVx||
2Dk|}H
M>g/:x
~'t}t~+5x||
M>G|H.4
1;y|M>G|
^{+M>W|JD
~7J'92"r~2
N[r~HD
mr~3(M>Wz
HJJ4$W
pW<e(HTR~4.
F?tXmzBnz
DntXmzBnz
F*oCxs
L4D_tX
T_MJD~
;0~4J|M:
C[|: L
9L4D;z
tXmzBnz
B{<Bnz
F*oCLs
D,J4|$J14
}YD}QJBwrnB
~D\J14
9H1:4<
utL~"f~
D&tXmzBnz
F*oC0s
D,J4|$J14
~/C~yK
NO's(;
t[M>GO
#D}J4^
~J'92"r~2
x;]RJ|
L<L[tXmz
r~4M>|
|W<O6HTR
F?tXmzBnz
F*oCxs
L<L_tXm
H|M>g|H
*x;]*x#U|
F*oCHs5
D,J4|$J14
J|MLcL
}D}JBwrnJ
|oL~"z
L<L'tX
x|T'sF
utL~"n~
D"tXmzBnz
F*oC,s
D,J4|$J14
J|MLcL
~/C~yK
#D}J4^
~J'92"r~2
x;]RJ|
L4D[tXmz
T[~x||
CzJ/z~
<#J4^T
:|H"CCJ4
tXmzBnz
}C~CJ<
z!4.xG%J
z!4.xGSJ4
z!4.xG/O
jW<%DHTRs4.
F?tXmzBnz
DntXmzBnz
F*oCxs
L4D_tX
T_MJD~
;0~4J|M:
C[|: L
9L4D;z
tXmzBnz
B{<Bnz
F*oCLs
D,J4|$J14
}YD}QJBwrnB
~D\J14
9H1:4<
utL~"f~
D&tXmzBnz
F*oC0s
D,J4|$J14
~/C~yK
NO's(;
t[M>GO
#D}J4^
~J'92"r~2
xC]RJ|
L<L[tXmz
4..4.*
r~4M>|
RHTRf4.
F?tXmzBnz
DntXmzBnz
F*oCxs
L4D_tX
T_MJD~
;0~4J|M:
C^|: L
9L4D;z
tXmzBnz
F*oCLs
D,J4|$J14
}sD}kJ
;0DJ>z
x|L+sF
z!4.xGCw}vG=Ht
D&tXmzBnz
F*oC0s
D,J4|$J14
~/C~yK
F4DK<"tktX
Tt~#HtL>FoIy<v
u|J4^T
CpzJ/zD/z
~+/Le|
CzJ/z~
H3<#J4^T
:|Hb'CJ4
M>gVUJ
M>gV.C~we
M>gV_J
M>gV{J
z!4.xG@J|M{z
dW</aHTRX4.
F?tXmzBnz
F*oCxs
L<L_tXm
H|M>g|H^aJD
>O ||GrF?l
D2tXmzBnz
F*oC<s
D,J4|$J14
J|MLcL
r]L~"|
}fJD~c
|Jt xN<"
t-tDSx
t+@ZDDRNx
tXmzBnz
BZ<Bnz
D,J4|$J14
J|MLcL
}SD}KJB
5OL~"|
dLMJD~
e4|Knu*;Ql
#D}J4^
~J'92"r~2
M>gV4.
L4D[tXmz
T[f}x||
CzJ/z~
M>gM>g FH3
<#J4^TwJ<
M>gV]J
M>gVC~we
M>gV'J
M>gVCJ
z!4.xGJtM&zz
^W<UpHTRI4.
F?tXmzBnz
DntXmzBnz
F*oCxs
L4D_tX
T_MJD~
;0~4J|M:
D2tXmzBnz
F*oC<s
D,J4|$J14
J|MLcL
}iD}aJB
N?4JtM9s
4TKap*
HL>Fo}
z!4.xG
tXmzBnz
B`<Bnz
D,J4|$J14
J|MLcL
}YD}QJB
5OL~"|
dLMJD~
e4|Kfk*;Ql
NO's(;
#D}J4^
~J'92"r~2
M>gVUJ
M>gV4.
L<L[tXmz
~L4^Tx
Hn<Jtv
M>gV;J
M>gVRJ
W<OHTR94.
DL>N>mz
r~4M>z
9L4Dgz
tXmzBnz
F*oCxs
J/zD_z
L4D[tXm
dT[MJD~
s2L~*|
F*oCXs
D,J4|$J14
D}tJ14
9H1:t!M>
9tFD7cJBl
J'92"r~2
H;H8JD
L3zDZoO
C.zJ/zD;zCE
y|Y~YJ4^
Hte?n"
M<#J4^T'wJ<
r~4M>z
M>gVXJ
z!4.xGJ4"|
y|Ze?n"
H3<#J4^T
:|H2CJ4"|
r~4M>|
C�C�C�C�C�C�C�C�C�C�C�C�C�C�
A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�
C�C�C�C�C�C�
C�C�C�C�C�C�
?�@�F�H�I�M�Z�E�M�L�L�P�Q�R�Q�U�X�a�s�y�M�Y�S�Y�\�Y�]�^�o�`�g�S�T�[�[�\�]�^�d�r�e�i�c�l�i�m�i�l�e�l�r�q�}�b�l�i�n�a�q�u�q�u�~�x�_�d�c�i�n�o�i�l�h�o�u�r�v�y�z�|�t�y�~�r�v�q�}�_�^�Y�Z�]�a�b�e�a�d�k�c�v�r�v�y�n�a�e�f�i�n�i�i�l�q�}�s�z�p�t�}�s�u�v�r�u�y�}�y�y�{�~�
>�B�C�S�E�I�N�Z�T�Z�Q�N�S�P�U�S�\�a�c�b�f�]�Y�_�W�X�[�]�Y�\�]�Y�Y�^�W�c�j�n�e�h�n�b�d�q�s�z�v�{�b�k�s�}�{�|�T�Z�]�X�Y�f�b�g�j�n�k�a�o�v�{�s�r�{�K�M�W�[�Q�U�X�^�[�`�e�a�f�j�n�m�u�t�{�b�b�e�i�m�z�r�q�{�y�}�p�v�v�t�r�v�y�|�y�~�
]�C�K�E�I�N�D�T�E�G�L�J�[�N�N�R�V�V�]�R�V�\�d�a�h�n�`�t�N�Z�]�Q�^�_�a�g�c�e�i�d�k�o�x�
r�~�y�V�[�`�f�i�n�m�p�p�v�r�}�m�p�u�s�z�}�y�}�
Process Tree
- 081e3f7c86cd660dec1dd8fbbc6ce50b62761b3cf27bdf9fd596966d8cf1bc1f.exe (1848) "C:\Users\Administrator\AppData\Local\Temp\081e3f7c86cd660dec1dd8fbbc6ce50b62761b3cf27bdf9fd596966d8cf1bc1f.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | fd74e942b228ed53_lklokt.exe |
|---|---|
| Filepath | C:\ProgramData\lklokt.exe |
| Size | 98.0KB |
| Processes | 1848 (081e3f7c86cd660dec1dd8fbbc6ce50b62761b3cf27bdf9fd596966d8cf1bc1f.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 84f78f595fdbd123ebcc7bb0eac1c935 |
| SHA1 | f47177ec8057f42bad3aeb75da89af1f04ce1a50 |
| SHA256 | fd74e942b228ed5335f8b94c8225bac1d46545fa4b8bd4505267444e133e9f35 |
| CRC32 | 5D8DE455 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1be5abe9ae442aad_mira.h |
|---|---|
| Filepath | C:\ProgramData\Saaaalamm\Mira.h |
| Size | 270.0KB |
| Processes | 1848 (081e3f7c86cd660dec1dd8fbbc6ce50b62761b3cf27bdf9fd596966d8cf1bc1f.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 254d5fe09a8363b220d861d6a71363fa |
| SHA1 | 0fd752ecf22ab585a4a685d98a9e7ead83ba4a4b |
| SHA256 | 1be5abe9ae442aad710b33e5aa9906a512c4cf6be79301061ae15f9e8dad60f3 |
| CRC32 | 691FA564 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.