1.8
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.77
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200106 | 18.4.3895.0 |
| Baidu | Win32.Worm.Mira.c | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200106 | 2013.8.14.323 |
| McAfee | W32/Worm-GAT!45BC52C52A1F | 20200106 | 6.0.6.653 |
| Tencent | Worm.Win32.Mira.a | 20200106 | 1.0.0.1 |
动态指标
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\knfsy.exe |
创建隐藏或系统文件
(2 个事件)
投放一个二进制文件并执行它
(1 个事件)
| file | C:\ProgramData\knfsy.exe |
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(1 个事件)
| section | {'name': '.rsrc', 'virtual_address': '0x00047000', 'virtual_size': '0x000067b8', 'size_of_data': '0x00006800', 'entropy': 7.0138496310660114} | entropy | 7.0138496310660114 | description | 发现高熵的节 | |||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 64 个反病毒引擎识别为恶意
(50 out of 64 个事件)
| ALYac | Trojan.GenericKD.40578669 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.40578669 |
| AhnLab-V3 | Trojan/Win32.Agent.R111396 |
| Antiy-AVL | Trojan/Win32.Agent.icgh |
| Arcabit | Trojan.Generic.D26B2E6D |
| Avast | Win32:Malware-gen |
| Avira | TR/Zusy.BQ |
| Baidu | Win32.Worm.Mira.c |
| BitDefender | Trojan.GenericKD.40578669 |
| BitDefenderTheta | Gen:NN.ZexaF.33558.uyZ@aKopAmpi |
| Bkav | W32.FamVT.MiraVM.Worm |
| CAT-QuickHeal | Worm.Mira.IM6 |
| ClamAV | Win.Trojan.Agent-1388690 |
| Comodo | Worm.Win32.Mira.AA@59ticr |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.52a1f7 |
| Cylance | Unsafe |
| Cyren | W32/Trojan.YVBK-2015 |
| DrWeb | Win32.HLLO.Siggen.5 |
| ESET-NOD32 | Win32/Mira.A |
| Emsisoft | Trojan.GenericKD.40578669 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan2.PUUV |
| F-Secure | Trojan.TR/Zusy.BQ |
| FireEye | Generic.mg.45bc52c52a1f79ad |
| Fortinet | W32/Mira.9C5!tr |
| GData | Win32.Worm.Mira.D |
| Ikarus | Trojan.Win32.Heur |
| Invincea | heuristic |
| Jiangmin | Trojan/Agent.iezf |
| K7AntiVirus | Trojan ( 0040f8a71 ) |
| K7GW | Trojan ( 004993691 ) |
| Kaspersky | Trojan.Win32.Agent.icgh |
| MAX | malware (ai score=88) |
| Malwarebytes | Worm.Mira |
| MaxSecure | Trojan.Agent.icgh |
| McAfee | W32/Worm-GAT!45BC52C52A1F |
| McAfee-GW-Edition | BehavesLike.Win32.Worm.fh |
| MicroWorld-eScan | Trojan.GenericKD.40578669 |
| Microsoft | Worm:Win32/Mira!rfn |
| NANO-Antivirus | Trojan.Win32.Zusy.ethqlz |
| Panda | W32/Milam.A.worm |
| Qihoo-360 | Worm.Win32.Mira.A |
| Rising | Worm.Mira!1.A270 (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Mira-B |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-02-27 14:41:59
PE Imphash
dbf687d6aa2a6cafe4349f7b0821a792
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003be78 | 0x0003c000 | 6.080451775497244 |
| .data | 0x0003d000 | 0x00000260 | 0x00000400 | 0.705049269986258 |
| .rdata | 0x0003e000 | 0x000024a8 | 0x00002600 | 5.008530245268908 |
| .bss | 0x00041000 | 0x00004890 | 0x00000000 | 0.0 |
| .idata | 0x00046000 | 0x000008a4 | 0x00000a00 | 4.294939157790109 |
| .rsrc | 0x00047000 | 0x000067b8 | 0x00006800 | 7.0138496310660114 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0004d454 | 0x00000084 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x0004d4d8 | 0x000002e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x4461b8 AddAtomA
• 0x4461bc CreateDirectoryA
• 0x4461c0 CreateProcessA
• 0x4461c4 CreateSemaphoreA
• 0x4461c8 DeleteFileA
• 0x4461cc ExitProcess
• 0x4461d0 FindAtomA
• 0x4461d4 GetAtomNameA
• 0x4461d8 GetCommandLineA
• 0x4461dc GetLastError
• 0x4461e0 GetModuleFileNameA
• 0x4461e4 GetModuleHandleA
• 0x4461e8 GetStartupInfoA
• 0x4461ec InterlockedDecrement
• 0x4461f0 InterlockedIncrement
• 0x4461f4 ReleaseSemaphore
• 0x4461f8 SetFileAttributesA
• 0x4461fc SetLastError
• 0x446200 SetUnhandledExceptionFilter
• 0x446204 Sleep
• 0x446208 TlsAlloc
• 0x44620c TlsFree
• 0x446210 TlsGetValue
• 0x446214 TlsSetValue
• 0x446218 WaitForSingleObject
Library msvcrt.dll:
• 0x44623c __getmainargs
• 0x446240 __mb_cur_max
• 0x446244 __p__environ
• 0x446248 __p__fmode
• 0x44624c __set_app_type
• 0x446250 _assert
• 0x446254 _cexit
• 0x446258 _ctype
• 0x44625c _errno
• 0x446260 _fstati64
• 0x446264 _iob
• 0x446268 _isctype
• 0x44626c _lseeki64
• 0x446270 _onexit
• 0x446274 _pctype
• 0x446278 _setmode
• 0x44627c _strnicmp
• 0x446280 _vsnprintf
• 0x446284 abort
• 0x446288 atexit
• 0x44628c fclose
• 0x446290 fflush
• 0x446294 fopen
• 0x446298 fprintf
• 0x44629c free
• 0x4462a0 localeconv
• 0x4462a4 malloc
• 0x4462a8 memchr
• 0x4462ac memcpy
• 0x4462b0 memmove
• 0x4462b4 memset
• 0x4462b8 rand
• 0x4462bc setlocale
• 0x4462c0 setvbuf
• 0x4462c4 signal
• 0x4462c8 srand
• 0x4462cc strcat
• 0x4462d0 strcmp
• 0x4462d4 strcoll
• 0x4462d8 strcpy
• 0x4462dc strftime
• 0x4462e0 strlen
• 0x4462e4 strtod
• 0x4462e8 strxfrm
• 0x4462ec time
L!This program cannot be run in DOS mode.
.rdata
.idata
E;Es9}
<t6p t<~ @tO
x7EZ[^_]
UW1V1S
eEEE$@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E$@
UpPl1|pl
;u ]]$}}
4$Yt8 M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E
++C B4CUNGB
t-S4C0
UEhEE]u}E
E]u}]E
UEhEE]u}E
tB1u2=C
UEXEE]u}E
80S4C0
t(S4C0
x9JtD|IS
]uEEEE
]uEEEE
]uEEEE
UUWVSLE
$UE@M@
$IMEQh$9t
$YMEQh$9t
$iMEQh$9t
]u}EEUE
Pht%$9t
UE]PhXdE
$]u}E$@
|u9EEP@
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
UUWVS\E
EuSEUE9B
Et1@t@
UEXEE]
Et1@t@
UUWVS\E
EEUEn@
EuSEUE9B
UMWVSlE
UMWVSlE
UUWVS|E
@;Er]E[
@;ErEU]H
]xEEEt
$u}E$@
oUUWVSlUE
UUWVSlUE
9t1]u}]
[^_]UU
[^_]UXeE
$B4$Z]u]U
UEXEE]u}E
Eu!PRD
u9Et4+_
9}]t7q^
8"t-EE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
e[^_]EAAAA
uEAAAAEAAAAE
EAAAAEAAAAE
EAAAAEAAAAE
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
[^_]o2
UWVS,PXD
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]PXD
H0yAPXD
EUM]Uu
M9Mv uMEU]Eu}U]
EuaE9E
UEEEU]u}]
Mu,9vZ
1E]E}Uu]
W11V1S
tplhl$
D$'\ t&
ME1UfE
:|,1\$ \$0
t$$t$4|$(|$
\$ t$$|$(,
D$,L$(D$
T$$D$ L$
T$DfD$B
\$0fD$0
|T f|T`B
UWVS|$
t$@\$@L$B
;f9yD$
|[^_]fD$
\$ fD$
~t$`1L$@
tfxJ\$
[^_]uUt$
~ML$$t$$
~;D$$p
~PL$$q
[^_]Ov
1D[^_]
|$lOD$
~D[^_]
D[^_]fD$&
tH1|$(M
Ky\$\u=L$
|$\T$`
UWVSd\$xl$|
2L$:zQ
1d[^_]
1D$8L$
HyfD$8xfD$
UWVSLt$`l$d
:L$"ZQ
L[^_]1
HyT$ \$
LS[^_]
Iy%LbD
t,K9w4
0^t&K9w.
B9w[][]
;Ew,t&
Bt$H9v
9pr(t$
EZ;]]r
u39~rdF]
E9]EEr
9rrTB]
u)]u}]
9rrdB]
E@E9]EEr
9prw;M
DF;gUS
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
t>BtmEM
$rE]u}]
$UEP&A
]UUWVS
T$ E|UD$
D$ |UD$
eOEElD$
$SEJEEE
$@$EVE
rUMWVS
$EJEEE
$@$EFE
pUMWVS
$EJEEE
$@$EVE
rUMWVS
e|EElD$
$EJEEE
$@$ECE
nUMWVS,
enEElD$
11dE1X
'x $t&
cUMWVS,
e_EElD$
dE1X1\
$9\rpw
eUMWVS
$@$Eek
]EUu}]
UWVS<U
EMu`EED$
]UU EEE
$Uu}E$@
$:EUEEU
$8EU]u}]
UU EEE
$U]uE$@
$?7EU]u}]
]UU EEE
$Uu}E$@
$EU/EEU
$5EU]u}]
$;U(E$U
uM }u$}
UWVSLE
EUe[^_]
7UWVSLU
EUe[^_]
DUWVSLE
0P&M U
EUe[^_]
>UWVSLU
U N 1%D$
EUe[^_]
E$]U u]
E <$D$
@ 1vE D$
a0L$/4
@ -6m D$
]U M$}>D$
W ]u}]
(]] uu
$WEEUs
AE]EUu}E
$YotuH
$]u}E$@
$;"UExE
$]u}E$@
$!UExE
$]u}E$@
UWVS<E
1t+u+t
$P$WUWVS<E
1t+u+t
<[^_]#
$P$WUW1VS
$P$US$M
E0EE,l
;E |qgfff
M(9Mt\EU
$P$UWVS|E
U ElUE
EET$$U
1t+u+t
|[^_]S<1u
Bu+E1E
UWVS,E,EE(l
C;]$s!U
CG;]$r
$X?E(UM
$<?E9Ur
U2Cu9rE
e[^_]E
<$MEMP
EET$$U
BdEBhEBlEBpE
1t6u6t
9u{tEC
,A<8w4
D$ E$T$$
D$ ,T$$U
|,U$HB
T$ 4E$
BHEBLEBPEBTE
E$T$(L$$D$
Bd8Bh<Bl@BpDBtHBxLB|P
B,EB0EB4EB8EB<EB@EBDE5
FJ8tJU
$%\$ ~
c%\$ (
$P$US$M
UWVS<E
$3;]$tb
tO%tv}
C;]$uE
%uC;]$tE
u!C;]$tM
R4UVS ]
^]kTU(
UMWVS|
MU E$@
e?E]l]
hxUxBl@
||8\A
\|@@B4E1<<
$E,|B
80tp@U
)UMWVS|
MU E$@
rxUxBl@
||8\A
\|@@B4E1<<
80tp@U
D$ E$T$
D$ E$T$
U M$$@
|htL$/p
x|e[^_]
$hp)dL$
UU EE$U
U8uE u
]U$M(}>D$
4$L$ D$
U t,t$
]u}]UWVS
$nXlD$
HlL$+@Ep1D$
@L$+<P0
T$+@Bl
kUWVS<
eE|lp<$yl
Od|dBl@
0L$'D,
0C,<$D$
EUEEUE
&{TPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUWVS<
eE|lp<$ll
Bd|dBl@
0L$'D,
0C,<$D$
EUEEUE
&nTPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUUWVS\E
$>\[^_]
UMWVSLE
$yL[^_]
U]Mu}EU
U]Mu}EU
$R]u}]
uEE}UM
UMWVSlE
t ]u$E
El[^_]
$bEl[^_]
]MEEUEIB
$E|[^_]
E|[^_]
EEUu}E
t&]u*E
EEU]}E
t&}u*E
$4E]u}]
$E]u}]
UU]EEu}E
E@t']u+E
$2E]u}]
EEU]}E
$nE]u}]E
EEUu}E$@
$D~E]u}]
UU]EEu}E$@
$B}E]u}]
$m|E]u}]
$]}E$@
EEUu}E
B@t2]u6t&
$yE]u}]
$yE]u}]
UMWVSlE
$wEl[^_]
$s.UWVS
UMWVS|E
$NrE|[^_]
rE|[^_]
}EEEEUE
@@t.}u2&
pE]u}]
$oE]u}]
$%nE\[^_]
$mE\[^_]
$rl]u}]
$$k]u}]
U}1EEU]uE
iE]u}]
$hE]u}]
UUWVS|E
$8gE|[^_]
$fE|[^_]
UUWVS|E
$heE|[^_]
$dE|[^_]
KUUWVS|E
$cE|[^_]
$"cE|[^_]
{UUWV1S|E
$aE|[^_]
$RaE|[^_]
UUWV1S|E
$_E|[^_]
$_E|[^_]
UUWV1S
UUWVS|E
$(\E|[^_]
$[E|[^_]
UUWV1S|E
$XZE|[^_]
$YE|[^_]
;UUWVS|E
$XE|[^_]
XE|[^_]
kUUWV1S
mUUWVS|E
$TE|[^_]
$BTE|[^_]
UUWV1S|E
$RE|[^_]
$rRE|[^_]
UUWVS|E
QE|[^_]
$PE|[^_]
UWVS|E
e1OEUE
$OE|[^_]
U]UEEu}E
$ME]u}]
ME]u}]E
EEUu}E$@
$NLE]u}]
$dKE]u}]
UU]EEu}E$@
$bJE]u}]
$IE]u}]
$]}E$@
$u}E$@
$8GE]u}]
$B]u}]
$kA]u}]
e5?EED$
}U|BtBu
#UUWVS|E
$<E|[^_]
6PxBtBu
]M|BtBu
eE4EED$
J|BtBu
e0E|D$
EpBtBu
eE-EED$
C|BtBu
]UUWVS
e"*E|E
3UUWVS
eu&EED$
<|BtBu
@))9rZt$
]]UXeE
]uEEEE}E
E]u}]E
$E+vUE
UU]EEu}E
UEWVSlE
El[^_]=
\dE|EiC
4$)1D$
9PrWp1|$
9BraR1_U\$
$K]u}]
9JrfzU
X?)9rY|$
9s3Bt$
)9snu~B
$u}E$@
U uL C
UjU(]E
u0F)9w
EJ?))9rRt$
8D]u}]
?J)9r[|$
?]9EUUrwU
X9s?))9rtt$
]u}]9st$
]]U(uU
<$E)(>U
UEEMEB
$I:EEE
$69E\E
A?));U
$u}E$@
$aUUWVS|E
$|[^_]
EE]u}E$@
$@]u}]
$u}E$@
9BUr~Uu
EHjU(}}
EE]u}E$@
$0]u}]
$u}E$@
9BUr~Uu
E8jU(}}
$]u}E$@
$]u}]E
$]u}E$@
$J]u}]E
}~UXeE
$cUXeE
U]uEEU
$@]u}]
$#UXeE
$cUXeE
$A]u}]
$~]u}]
$#UXeE
$cUXeE
U]uEEU
$>]u}]
$#UXeE
$bUheE
$sUXeE
$L]u}]
$c]u}]
$AUXeE
$(XUXeE
$(hUXeE
tD~@Q@
c_UWVS<E
7E|$/M
$UE19u
C@uaC@
C\u'C\
$#uOEE
$E]u}]
P0P@@J
@4A8A<u
$4UB@BI
;EE0AtM
$E.UMWVS
tlUEPXE
$e[^_]
$E,E3WqMEAX
$e[^_]
EpXX\
CdpueUpB\B
B4B8B<E
U]uEE}E
$E]u}]
${E]u}]
$EL*U(uu
EE]u}]
]9ttuF
U;:|CF
;9t19~!)tQC|$
P1SBF0
ChCdC@C
YLQ@9A
ALIPCT
$E>$BX
U9EXXPd
#t{]{T
$P$t:E
U]uEE}E
$:tfEU]@
$PE]CX
$E]u}]
E:IaUX}}
]u}]GT
_h1Wd)9]
G<~?O\U)
u6whO\U
F?E)\$
GhMW\)9EEr
GdeEGX
$\gGd\$
$AUUWVS\E
$\[^_]
UUWVS\E
$u\[^_]
]uEEEE
$R]u}]
]uEEEE
$1UXeE
]uEEEE
UUWVSlUE
e6EMxM
EUxBx8
UUWVS\UE
EUxBx8
hUMWVSlME
M6UMWVS\E
eR]UMC
EMUE]A
qUUWVS\E
EUxBx8
_UUWVS\E
EUxBx8
_UMWVS\E
EMUE]A
$4\[^_]
$RE]u}]
UUW1VS\E
$$UEMBt
$\[^_]
$OUUWV1S\UE
eDEMtM
$"UEMBt
$t\[^_]
UMWVS\E
$\[^_]
$yUMWVS\E
$YUXeE
EUtBt8
$1UXeE
EUtBt8
$RE]u}]
UUW1VS\E
$\[^_]
$WUUW1VS\E
eVEMpM
$UMWVS\E
$%\[^_]
UMWVS\E
EUpBp8
EUpBp8
$xUXeE
$"]u}]
$8p1D$
$"]u}]
$8o1D$
"EUE1}
*UqUheE
$.]u}]
$(UqUheE
]uEEEE
]uEEEE
$']u}]
]uEEEE
$g]u}]
]EEEEU
$]EUD$
$]YUheE
REUE1}
$:\EUD$
$m\YUS
[[]}OU
pl&$hd
$|e[^_]
$X)TL$
Nld)hL$
UUWVS\E
esEUE1}
t\[^_]
$K1UD$
$KZUUWVS\E
eXrEUE1}
$r\[^_]
$nJZUS
X[]}=U
UUWVS\E
epEUE1}
q\[^_]
HE1Ut$
$HZUUWVS\E
eHoEUE1}
$o\[^_]
1G1UD$
$^GZUS
X[]m:U
$'utJ$
p`1(@=
ie[^_]
$rld)hL$
$gktJ$
p`1(@=
$T_e[^_]
$hld)hL$
$69cU1
X[]}&U
Y[]-&U
$U]u}]
$`[UXeE
$ZUXeE
$ZT]u}]
$S]u}]
$SYUXeE
]uEEEE
$R]u}]
$XUXeE
]uEEEE
$:R]u}]
$WUXeE
]uEEEE
$Q]u}]
$O]u}]
$#UUXeE
$N]u}]
$sTUXeE
$ N]u}]
$SUXeE
$pM]u}]
]uEEEE
$L]u}]
$SRUXeE
]uEEEE
$K]u}]
$QUXeE
]uEEEE
$JK]u}]
$PUXeE
$J]u}]
$=PUXeE
$I]u}]
${OUXeE
$NUXeE
$WH]u}]
$MUXeE
$G]u}]
$;MUXeE
$F]u}]
UMWVS\E
$WC\[^_]
CtSt]u]
?XCtCu
CtSt]u]
$u}E$@
$&EUD$
E@xEtP
UWVSLE
$wllD$
$TCtCu
].UXeE
$~E1@t
$F=]u}]
u1EEEE}1
^H[^_]E
[H^_]E
-UWVS(E
C9u([^_]
4$ [^]
UUWVS|E
$2E|[^_]
$d2E|[^_]
UEXEE]u}E
$-1E]u}]
UEXEE]u}E
$m0E]u}]
UEXEE]u}E
$/E]u}]
$E]5t&
$EYUEXEE]u}E
$.E]u}]
UEXEE]u}E
$-.E]u}]
UEXEE]u}E
$m-E]u}]
UEXEE]u}E
$,E]u}]
$E]2t&
$EYUEXEE]u}E
$+E]u}]
UEXEE]u}E
$-+E]u}]
UEXEE]u}E
$m*E]u}]
UEXEE]u}E
$)E]u}]
$E]/t&
$EYUEXEE]u}E
$(E]u}]
UEXEE]u}E
$-(E]u}]
e}#EME
$MAX9EE~wE
k-MT$+Uyu
#Ee[^_]
8UBtBu
$e7 EME
.*MT$+Uyu
6UBtBu
$ Ee[^_]=uE
$]uE$@
$E."EU
$]u}E$@
$E*!EU
$u}E$@
||EH;E
En}t uu$E
UM4$L$
UU]EEu}E
\Mira.h
Saaaalamm
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow error reading the file
basic_filebuf::underflow invalid byte sequence in file
basic_ios::clear
basic_string::at
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::reserve
basic_string::erase
basic_string::assign
basic_string::append
basic_string::_M_replace_aux
basic_string::replace
basic_string::insert
basic_string::resize
basic_string::_S_construct NULL not valid
basic_string::basic_string
basic_string::substr
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
basic_string::_M_replace_aux
%H:%M:%S
%m/%d/%y
basic_string::_M_replace_aux
basic_string::erase
pure virtual method called
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
locale::facet::_S_create_c_locale name not valid
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
August
September
October
November
December
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
c:/mnt/samo/mingw/msys/mthr_stub.c
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
R`%uM]=];Z
uuvHMe
I x@ p+
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St11__timepunctIcE
St11logic_error
St11range_error
St12codecvt_base
St12ctype_bynameIcE
St12domain_error
St12length_error
St12out_of_range
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_fstreamIcSt11char_traitsIcEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14codecvt_bynameIcciE
St14collate_bynameIcE
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15messages_bynameIcE
St15numpunct_bynameIcE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15underflow_error
St16__numpunct_cacheIcE
St16invalid_argument
St17__timepunct_cacheIcE
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St21__ctype_abstract_baseIcE
St23__codecvt_abstract_baseIcciE
St5ctypeIcE
St7codecvtIcciE
St7collateIcE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8numpunctIcE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9time_base
St9type_info
AddAtomA
CreateDirectoryA
CreateProcessA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
_fdopen
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fstati64
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
atexit
fclose
fflush
fprintf
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
SHGetFolderPathA
ShellExecuteA
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
NaHaJa.
<.UO!JF4DE;/NIBN@;r& F1\
nH\I18
V&b"_V*b
`.AEkk
.`)2;.R~_C-
R.g.Pt2
rZ"`)>b
(A'3.`
.VR.VRXI
C?."-Z.d.
X6b"p/>/
sZJx.K
-`R8,sd:l-V
\-VRR@,
\q-VRR@,
\-VRCD.X
"xqUdJ!*
.}!>3,._R
.8.wOG
\E-VRR,
-\J-?NU
.*1VRZ
\5-VR1Z
\E-VR}.Pt2
\E-VROz.Z
-"G3.W
\E-VRy.3+B
-{.Pt2
>6nV2`-\-VR>.
z.Pt:dR-
\%-VRow.
\%-VRZ
. X/QH
.bR*I&
.[V/QH=\.
-VRs0X
b*dd-V%
h0bZp)
2Dsd:t-V%
<6*Kg]
VR7:.VI
#$*Pt2
`_#$*Pt6`
P:N1R\xqZ>.
PI2\>`
GP>KK [
sd"ta,
-sbsgZ>.
tVRO8.X
-b"pVR`
b"t/V:
pPLJ`6*K,
sX~QHX
4`!:d"x+
*`gZ>.
.Z5,Z_(4
dE-Pr^ZT
.b"Oso
.RHlE-
\5->sc,p"
sVR#5.VE
.RQ\E-
=[.P0Q/
7B\A-X
l=-VNb
lA-VVbR-
GPi,Z$
QQ/=[`.X
-`A2`!6b
l1-VRXJ`
skVR2.X
s[RHFX
-dCwQ/
-dC%-R~X
\A-PH^`
s[VR`*|L
VR.X6Z'
.`"Hp2
\A-VR.
d9-VRb
_Z`3.-QH
]rVRVRVR.
2a-QgZ>.
2=QgZ>.
2=QgZ>.
2Q<QgZ>.
21<QgZ>.
2,QgZ>.
2a+QgZ>.
2A+QgZ>.
2+QgZ>.
2+QgZ>.
VRVR-QH
1`A2`!6`-'
t_Ph4Z
MgZ.d.
*`gZ.d.
*PtJbJiT
,A*~AwUY
sVRVRX:`
V&bBiL
XR`JTa`
`$=__.X:d
sVRX>`
2Jb*|L
.;-Z.d.
=[.XBb
{VRVRX:`
P0aH4uRs0
R~=\.Xb
Z:,6ZJ@-K
sX>-V~
@DqT>sPL2+
Nb"H=kZ
$bH_RQ=l
$K~sI\*
.ZJ81UNs
s2-P1U
.-XJb"L
{V6-Xb
{VRXB`-'
=[-XBb
{VRXJ`!6`
V"b*KS
*`VXZ.d.
*PtzbJ
P-Q/Os
.X2b"X
.`"h6`"LMj/_"WUJ
AWJV.L
uP-RX,
{V{Ph4Z
)X`sPh4Z
X&b*|T
RVRVRXB`!2b"~V
2QgZ>.
21-QgZ>.
-QgZ>.
.`2pp&k
.#W.Z>.
-gZ.d.
-gZ.d.
ZN\9`*2*q
V:C.2`
VR/#.VR
2V"`BTOsn
X&bJ*KK73.\
'C|-rRcSX\
-rR~=[<-
2k.9-Z>.
2V"`BTOsn
.X"bBT
sRH*q^
.`2ppf
X&bJ*K
@C'?.`
zPM:ZJT-b
.`2pp&e
rA=c_.
@=[.X`
sX"bBT
K.\-V~Os
-Pt2xhqRH-O2
sRHVRn
.`2pp&c
.Xb*|L
p` gAR
.Xb*|L
VBb*L
KpLtX>`sdC
bH=Kg]
sX>`@1
.VmZ>.
.VmZ>.
.VmZ>.
X&bJ*K
.X"bBT
2-.b"D
.X"bBT
/O..`On
/O..`On
.PLz2+
*Pt:bJNsR
-VRZ:`
"%.\>b
O..`!2`
.X"bBT
.X"bBT
O..`)2`
{VR.Z`
>N.b*|L
VtPM:b
.V6/(gZ.d.
4OsWnV
.WJ?.Rt.
*`b"p`
q?Xb!P2bP+
v;Lh'5
JRZ=\.X
sX"bBT
.-PM:ZJL/b
b-b"0Os
VR+x-Xb
.XZ,qpf
.)rVRVRVRp-Z<T
v.1rVRVRVR{p-Z<T
rVRVRVR;p-Z<T
w.qqVRVRVRp-Z<T
s[VR`*|L
-Z3pj'
L0lI-Z`
s[VR`*|L
\I-VRop-X
`lE-Z"X
-Pp2`!2`
sVRVR0
VRVRo.RHpX
s[VR`*|L
\I-VRo-X
`lE-Z"X
-Pp2`I2`
sVRVR0
VRVR.RHpX
BqsgZ>.
s[VR`*|L
\I-VR/m-X
`lE-Z"X
-Pp2`A2`
sVRVRO0
RVR/.RHpX
s[VR`*|L
\I-VRk-X
`lE-Z"X
-Pp2`!2`
sVRVR0
VRVR.RHpX
B1sgZ>.
s[VR`*|L
\I-VRj-X
`lE-Z"X
-Pp2`I2`
VRVR.RHpX
BsgZ>.
s[VR`*|L
\I-VROh-X
`lE-Z"X
-Pp2`A2`
sVRVRo0
RVRO.RHpX
BsgZ>.
s[VR`*|L
\I-VRf-X
`lE-Z"X
-Pp2`!2`
sVRVR0
VRVR.RHpX
BQsgZ>.
s[VR`*|L
`lE-Z"X
-Pp2`I2`
sVRVR/0
BsgZ>.
s[VR`*|L
\I-VRoc-X
`lE-Z"X
-Pp2`A2`
sVRVR0
RVRo.RHpX
2V"`BTOsn
9.b*|L
VtPM:ZJL/b"P
2V"`BTOsn
9.b*|L
VtPM:ZJL/b"P
X6`gV~`
X6`gV~`
V`2*K#
QgV~|qVmZ>.
w5.`2pp@
pRH=\.Xb%B
pRH=\x.Xb
u.s>d.
0TuZ>.
pRHJZ`
b6.Z5,dC
vRQ=[C-Xb
mj=\R-Xb
sXb"TVZ
-gZ.d.
VR`*|TOsn
3.b"@VR
0b"DZ`
VRS-X`
2V"`BTOsn
sVRG.X"bBT
sVRw-X`
z8.`2p
sVRg.X"bBT
sVR-X`
;.`2pp6;
pRH=\.Xb
pRH=\x.Xb=A
u.s>d.
0TuZ>.
pRHJZ`
1.Z5,dC
nRH=[C-Xb
e=\R-Xb
sXb"TVZ
b-gZ.d.
-.Z5,Z
P/`"8,yZ
{VR Z-X`
2W .Xb
.+.Z5,Z
P/`"8,yZ
{VRW-X`
.X>b*@
VRVRc.
Ns@KN.i
-=[.X`
2Q\=[v.X>b"(h+=[Z.X`
LO2!}q
sVt-Z.d.
VtZ.d.
s{VR`"L
ATeQH%Xb
.VR0Z`
Y.(4.d.
.VR0X6b
_VRVRVR
3Sg,q,
\I-X6b
dE-BdI-VR
BisgZ>.
lA-VR`BTOssn
lA-XlE-
.Zh.`A2d
s[VRK.X
dB`dI-X"b
X\I-?$MX
dJVF\9b
H\9-Xd
|l5-N.
g2.dCN.O2Z
.Go-VRXb"<
0ZJ<3MO2=r
.X=rVR
2"N3W/.H_p
&-z1rX
$zrH_pL
N3..V`
rVRVRx-
jqVRX`
zrH_px
r~rcrQrZ'..
..z!rH/..
-z)rH_p
;C..rp
VRVRv-
6jqVRVR_v-
D(O2Y=r
R.{u-Xb
Bs-.\5
KZO2hq
'U._.X
-OsmrX
s{VR.X"bBT
Xb"8]Z
.K(-P-K
oRcXb" pL
m-gZ<T
E+OsmrX=
.xerX`
s{VR/.X"bBT
Xb"8]Z
.&-P-K
oRQXb" pL
.k&-VR
fk-gZ<T
g2.dCN.O2Z
.b-VRXb"<
0ZJ<3MO2=r
.X=rVR
[/.=rV
70.rVz)r
6jqVRX
..zrH,q
k/.UrVR9
0.`)6`
.`!6b"(
.zrXrV::
.`A6`)2`
G.zrH_pd
rHrQrZ
z)rH7..
z9rHG..
rVRVRj-
R/.b"D
D(O2Y}r
R.i-Xb
&V`"8P0K
-b"@p6m
-rRQ=\*.n
.bb-F6
.RH=lV
\A-VRW.X6d2|5,
$P4Q=.
Kl!-X=
.VRVR`
j.P-Z<T
Rw-.;.
sVRVR_.P-Lp6K
ZWV5,gZ>.
VKVR-QHV4
/bJAV4
VKVR-QHV4
-gZ.d.
BXB-N4
=.gZ<T
-[DWH.L
VR-VRd"P+
<.\>x.
:`)6`!2.
2V"`BTOsn
sVR.Vd
X&bJ*K
4WJs.L
idA.d.
R-.;]-X6b
xerVmZgV~
*PtBb*T
,O1w.bH
.dP/A.
#_VRVRk.
*PtBb*T
,O1w.bH
.dP/A.
#_VRVR.
*PtBb*T
,O1w.bH
.dP/A.
#_VRVR
*PtBb*T
,O1w.bH
.dP/A.
#_VRVR[.
>0aMqNa(gZ.d.
*Pt:b*L
{PL:`6*K`
>/aMINa(gZ.d.
*Pt:b*L
{PL:`6*K`
wo..X(@
VRK-Z`
z.b*|L
VRJ-Z`
<q./.X(@
VRJ-X`
sVRK.Z<T
CVRkj-VRVR
L-VR'M-X&bB*K`
s.`2pp
sX"bBT
}O.w.1n
.Vm.Z+
X&bJ*K.
`!2'.VR
X&bJ*Ks
sVRVR.
hX"bBT
2.VR.V
/.b*|L
.Vm*ZS#.`
qXRbI2`
}-gZ>.
xrVm,r
2!QgZ>.
s{VR`BTOsn
sVRVR30
s{VR`BTOsn
V.b*|L
I-gZ.d.
s{VR`BTOsn
V.b*|L
-Pp2`)2`
H-gZ.d.
sVRO.X"bBT
sVR.Z.d.
sVR.X"bBT
sVRG.Z.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
s{VR`BTOsn
sVRVR0
s{VR`BTOsn
-Pp2`I2`
BD-gZ.d.
s{VR`BTOsn
-Pp2`!2`
BC-gZ.d.
. .X`;
.X"bBT
sVRw.Z.d.
.o.X`;
sVR .X"bBT
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
(gZ.d.
s{VR`BTOsn
(%rX2d
s{VR`BTOsn
(%rX2d
R>-gZ.d.
s{VR`BTOsn
(%rX2d
-Pp2`)2`
R=-gZ.d.
.X"bBT
.X"bBT
qVmZ>.
qV^b .`
P8M4O2
NnNnOn
qV^b .`
P8M4O2
NnNnOn
X&bJ*KOs
:.gV~`
z.gV~`
X&bJ*KOs
-gZ.d.
X&bJ*KOs
sX:b"/
.A.VRoZ
`I(RH=lXgZ>.
sVRXB`
.`A2`O2
LN5X"bBT
0.-qV
.`e,.CZ
.`U<.Aj
MNbH_M7bJA
M7aH7uR
.A="`3_VRVRVR
-Pt>b*
.Vm'.Z+
.Vm'.Z
B\MqRZ
B\MqRZ
c+C?..
B|7QxP
rRQZ"2+
Vx]qVxaqVxeqVxiqV
.VBx]iqVFb
[.`R-)
-rPt2H
3.d2|5,`pf
(dC-rRH=kV^Z4
V*`*73.bH
d@R~Z<T
RH-XV`
X&bJrVt
-xrX^\
-xrX^\
*PtJbs8\b
RQVRX.
P6Ko@0
*PtZxrX
vZt\c\
`)B`I>b
.VRVRYZ
.6*K/C?.`
-xrX^\
bs7dCX
t_P3`ABaIw`
sRHYVR
V`5,dC`
R~5X^\b
-xrX^\
-xrX^\
3.b*tA
xXNb/-XZ`)2`
-!rPt6\
sdA.d.
*PtJxrX
RH=[.X^\
-xrX^\
-xrX^\=
-dA.d.
X:\xrRH;X^\
xXNb/-")=
gVR-X"bBT
3.bBA
RZLXV`
RQl#)=
-9?4XKd.
RHXBeK.
?.ZRHI-/
V&`B-rVK
Pt2`dC`
-rV2Z4QdC`
VRk.Pt2\5b*_K
C/?.ZAepJ
VR.Pt2
.VRX2`
V~${CL
sX&bJ,
dHg4XA$
.b"XLb"d
>{p7>{V`
>{V_p7X
2xngVN
=_w.RZ=_`.V
$`s"x%PZ.
%`[VI%
.Rc=[.M.Q0/
P-QA/0>Q
PI2d`,
.`A2d}0
PI2d],
PI2d],
bYT.dA.d.
.H.(?.
*PtBbAN.
.`A2bS0
PI2d],
e.VRVR.Z
AZ.P-K
*Pt2b)>bAB.
Kg.Jpn
Bt2+KZ.P-K
.Z_#-*Nt
UZx\)-
F.\VR-=
?2'Ph6\
R.bZ-G1
Q/O2qX%
.`A6`)2.RH=[.
-{=.XE
Fd>X=P
4M_/uPR/=V/Pq0"?U*/
V`!3O5
l9-H9lA-Ad)-X%
.ZvPqK
-dC-\%-XE
sH,ysE
/uPR/=V/Pq0"?O
VRVRO.
=[Q:1YL
<_V=sHdC/uPR/=V/Pq0"?O
/uPR/=V/Pq0"?O
`.X&X\
UT=[-Z`
.HT{=.
.Z`!>`
s/Pv:X
dBPl!-VRZ
`A>d*PS#p
Pt!-VRZ
.d"Pt!-VRZ
T{=.X%
*Z_VRXR
RXRXRX
*XRXR3
,L.K@4
PJ0=RH
.*XRXRPK>Zd.
2+dA.d.
.*XRXRPK>Zd.
2+dA.d.
.Z#=~AY
PN>`I6`A:`)Bd.
3Or.bA>d)^=R
Pv0&3Oq
?4=RH?AP=
1}=V,PB0
.XRXR3
a.?8=VR
\Z=And)nd
6Z=XPs0=
=)>=V'
(KxK_ZR
.*Pt6b
.`ZZG.Yt.ud.
..=RH=
GZ|f?sPO6
K/uPR/=V/Pq0"?O
.dA.d.
o6=VPI0X-
*Pt>bIV\
R=_.P=U
VRZKZ.d.
GZ|fPw6Z
ZyH=_.??=RZPP/
XRZ@.`C3
+XRPI2`
6.b!:b
L7j6=VPI0X-
R'XRZ2.`
.V~=~AY
{=.3Or.`
,L.kHOA*`
H!PLr2+
ZI&XR?
.VRVR3Or..-3
VRPq0"F`
-b)\kb
.`I-XR7RZ=[4-
*XRXR3
Z6=V8=N
L.=V82+K
.=PqBnZ
'L.QI/
=[.3Oo
ZJ.d"=_.3Or.
.=RZ=\O.
M.3OuH
-VPL2+
Vr_Z>.
)L.Qe/
M.?NS-V
`*16*KQK=
-ZRVRG|-K#_ZR
.VRcz-VR
=Rc`)FQ/
+;M-bY
PI0=RH=\W.
PI0=RH=\\.
-RNn-V
ZIFBnZ
PJ0 Fy
kL.Q/U
(Cp5,K
=#No-V
.=.PH0!F}
ZJ.dINd"=_.3O2
=[.3Oo
8Z8V ,
+L.Q).@4
_?/Z\r
P2Us=P/
PLzd (4
<=^B-b
o-3O0A3
VRK-VRX>`)2`
V`5,g]
pVRVRX>`
VR;-VRX>`)2`
*Pt:bJ4
pVRVRX>`
VR;-VRX>`)2`
V`5,g]
pVRVRX>`
KgDKf9 P-L@-
-VRX>`)2`
RVRX:`
pVRVRX>`
X=* s4
4O2Nzq
~-VRX>`)2`
sD*dA.d.
`{KsX>
pVRVRX>`
>sV*b"4F-
AfX&bB*Kg]
VRk|-VRX>`)2`
wb"WZ>
"V>dA.d.
pVRVRX>`
KgCP-K
f9 P-L@-
xR*J2]
:gK/V`L
*`O2{q
bJg.=i
dJVF\3b
lWX"bBT
xZ>X/X
s RHV`4
xgDV>b
`{_H=nJBL
X&bJ*K
xgDV>b
{V`WX"bBT
|=YS.X
V>b$|W
(4O2azq
sX:b?`
sX:4X/
Pt2.g]
2V"`BTOsn
sVRD/Z`
Pt2.g]
Pt2.g]
2V"`BTOsn
sVR C/Z`
2V"`BTOsn
sVR_B/Z`
2V"`BTOsn
sVRA/Z`
Pt2.g]
Pt2.g]
2V"`BTOsn
sVRo@/Z`
Pt2.g]
Pt2.g]
2V"`BTOsn
sVR?/Z`
2V"`BTOsn
sVR?>/Z`
2V"`BTOsn
sVR=/Z`
Pt2.g]
Ya.VYe.V2bO$.
Yu.VBbO4.
Y.VRbOD.
pSVFbO
YY.VVbO
6K-b"0$m
ssX"bBT
{VRc7-Z>.
sVR?-X\Bb"8VRb
2V"`BTOsn
sVR0-Xb*|L
sVRXB`
sX"`b-
jg-`R-
-aJg\9-
lE-AEZ
sVR8/X
\I-VRX
sgVRVR -VRX
.VRVRk
WP/JO2q
-`!6b"
sVR:/Z`
<6*J2]
XBb*VRX>`
ssZ`" OsNYq
{WRZX2Z
=Z.>.Z
ZTS=[.QH=\.RZ%X:
-RZX>Z
=Z.>.Z
=Z.>.Z
naH_ME
Z:`R-@-
C�C�C�C�C�C�C�C�C�C�C�C�C�C�
A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�
C�C�C�C�C�C�
C�C�C�C�C�C�
Process Tree
- 06799becdd0e10e15378067d947b369085ab676c22bc7c72255add384d3c2c11.exe (1856) "C:\Users\Administrator\AppData\Local\Temp\06799becdd0e10e15378067d947b369085ab676c22bc7c72255add384d3c2c11.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 4236a1d36fb9dca5_mira.h |
|---|---|
| Filepath | C:\ProgramData\Saaaalamm\Mira.h |
| Size | 256.0KB |
| Processes | 1856 (06799becdd0e10e15378067d947b369085ab676c22bc7c72255add384d3c2c11.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | a9af0417e0ce376edaeaaba5729e0ff1 |
| SHA1 | 876770af7854d59bd7267ac4705be34a2f09ad07 |
| SHA256 | 4236a1d36fb9dca5e0cb8e9fb403e4cf1574959916652ff5a42f7118b39783b0 |
| CRC32 | 94E2CBF2 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0d140df7aa069dcf_knfsy.exe |
|---|---|
| Filepath | C:\ProgramData\knfsy.exe |
| Size | 73.3KB |
| Processes | 1856 (06799becdd0e10e15378067d947b369085ab676c22bc7c72255add384d3c2c11.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 74d7285e18dc0d52908341ffad9154b5 |
| SHA1 | 9e47dd957bd41c6b12b5be05513d33191f5e48c6 |
| SHA256 | 0d140df7aa069dcf4ebc0565d1e2676b1678bf0e29c7f3a88b3e6881f1e0f781 |
| CRC32 | B9FF6E5B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.