2.2
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.77
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200402 | 18.4.3895.0 |
| Baidu | Win32.Worm.Mira.c | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200403 | 2013.8.14.323 |
| McAfee | W32/Worm-GAT!CE0A89FF8812 | 20200403 | 6.0.6.653 |
| Tencent | Worm.Win32.Mira.a | 20200403 | 1.0.0.1 |
静态指标
动态指标
在文件系统上创建可执行文件
(24 个事件)
| file | c:\PerfLogs .exe |
| file | c:\Windows .exe |
| file | c:\iugtl .exe |
| file | c:\VC_RED.cab .exe |
| file | c:\ProgramData .exe |
| file | c:\Documents and Settings .exe |
| file | c:\$Recycle.Bin .exe |
| file | c:\install.exe .exe |
| file | c:\eula.2052.txt .exe |
| file | c:\globdata.ini .exe |
| file | c:\360Downloads .exe |
| file | c:\gcoxh .exe |
| file | c:\install.res.2052.dll .exe |
| file | c:\Users .exe |
| file | c:\Python27 .exe |
| file | c:\Recovery .exe |
| file | c:\vcredist.bmp .exe |
| file | c:\System Volume Information .exe |
| file | c:\VC_RED.MSI .exe |
| file | c:\Program Files (x86) .exe |
| file | C:\ProgramData\sfqxy.exe |
| file | c:\Program Files .exe |
| file | c:\install.ini .exe |
| file | c:\pagefile.sys .exe |
创建隐藏或系统文件
(25 个事件)
投放一个二进制文件并执行它
(1 个事件)
| file | C:\ProgramData\sfqxy.exe |
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.rsrc', 'virtual_address': '0x00047000', 'virtual_size': '0x00007000', 'size_of_data': '0x00006800', 'entropy': 6.9980272091586775} | entropy | 6.9980272091586775 | description | 发现高熵的节 | |||||||||
| section | {'name': '.NewSec', 'virtual_address': '0x0004e000', 'virtual_size': '0x00001000', 'size_of_data': '0x00001000', 'entropy': 6.975781981947885} | entropy | 6.975781981947885 | description | 发现高熵的节 | |||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoftᆴ Windowsᆴ Operating System | reg_value | C:\ProgramData\sfqxy.exe�������������������������������������������������������������������������������������������������������� | ||||||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Trojan.GenericKD.32372893 |
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.32372893 |
| AhnLab-V3 | Trojan/Win32.Fakon.R291518 |
| Antiy-AVL | Trojan/Win32.Agent.icgh |
| Arcabit | Trojan.Generic.D1EDF89D |
| Avast | Win32:Malware-gen |
| Avira | TR/Zusy.BQ |
| Baidu | Win32.Worm.Mira.c |
| BitDefender | Trojan.GenericKD.32372893 |
| BitDefenderTheta | Gen:NN.ZexaF.34104.MCZ@aiiPd4ci |
| Bkav | W32.FamVT.MiraVM.Worm |
| CAT-QuickHeal | Trojan.GenericPMF.S7634848 |
| ClamAV | Win.Trojan.Agent-1388690 |
| Comodo | Worm.Win32.Mira.AA@59ticr |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.f8812c |
| Cylance | Unsafe |
| Cyren | W32/S-7e474b30!Eldorado |
| DrWeb | Win32.HLLO.Siggen.5 |
| ESET-NOD32 | Win32/Mira.A |
| Emsisoft | Trojan.GenericKD.32372893 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-7e474b30!Eldorado |
| F-Secure | Trojan.TR/Zusy.BQ |
| FireEye | Generic.mg.ce0a89ff8812c7ed |
| Fortinet | W32/Mira.9C5!tr |
| GData | Win32.Worm.Mira.D |
| Ikarus | Trojan.Minggy |
| Invincea | heuristic |
| Jiangmin | Trojan/Agent.iezf |
| K7AntiVirus | Trojan ( 004993691 ) |
| K7GW | Trojan ( 004993691 ) |
| Kaspersky | Trojan.Win32.Agent.icgh |
| MAX | malware (ai score=80) |
| Malwarebytes | Worm.Mira |
| MaxSecure | Trojan.Agent.icgh |
| McAfee | W32/Worm-GAT!CE0A89FF8812 |
| McAfee-GW-Edition | BehavesLike.Win32.Worm.jh |
| MicroWorld-eScan | Trojan.GenericKD.32372893 |
| Microsoft | Worm:Win32/Mira!rfn |
| NANO-Antivirus | Trojan.Win32.Zusy.ethqlz |
| Panda | W32/Milam.A.worm |
| Qihoo-360 | Worm.Win32.Mira.A |
| Rising | Worm.Mira!1.A270 (RDMK:cmRtazp5EQQXzDtdOqceV+r82pdV) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Mira-B |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-02-27 14:41:59
PE Imphash
dbf687d6aa2a6cafe4349f7b0821a792
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0003c000 | 0x0003c000 | 6.080451775497244 |
| .data | 0x0003d000 | 0x00001000 | 0x00000200 | 1.219839492304036 |
| .rdata | 0x0003e000 | 0x00003000 | 0x00002600 | 5.008530245268908 |
| .bss | 0x00041000 | 0x00005000 | 0x00000000 | 0.0 |
| .idata | 0x00046000 | 0x00001000 | 0x00000a00 | 4.294939157790109 |
| .rsrc | 0x00047000 | 0x00007000 | 0x00006800 | 6.9980272091586775 |
| .NewSec | 0x0004e000 | 0x00001000 | 0x00001000 | 6.975781981947885 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004cfec | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0004d454 | 0x00000084 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_VERSION | 0x0004d4d8 | 0x000002e0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x4461b8 AddAtomA
• 0x4461bc CreateDirectoryA
• 0x4461c0 CreateProcessA
• 0x4461c4 CreateSemaphoreA
• 0x4461c8 DeleteFileA
• 0x4461cc ExitProcess
• 0x4461d0 FindAtomA
• 0x4461d4 GetAtomNameA
• 0x4461d8 GetCommandLineA
• 0x4461dc GetLastError
• 0x4461e0 GetModuleFileNameA
• 0x4461e4 GetModuleHandleA
• 0x4461e8 GetStartupInfoA
• 0x4461ec InterlockedDecrement
• 0x4461f0 InterlockedIncrement
• 0x4461f4 ReleaseSemaphore
• 0x4461f8 SetFileAttributesA
• 0x4461fc SetLastError
• 0x446200 SetUnhandledExceptionFilter
• 0x446204 Sleep
• 0x446208 TlsAlloc
• 0x44620c TlsFree
• 0x446210 TlsGetValue
• 0x446214 TlsSetValue
• 0x446218 WaitForSingleObject
Library msvcrt.dll:
• 0x44623c __getmainargs
• 0x446240 __mb_cur_max
• 0x446244 __p__environ
• 0x446248 __p__fmode
• 0x44624c __set_app_type
• 0x446250 _assert
• 0x446254 _cexit
• 0x446258 _ctype
• 0x44625c _errno
• 0x446260 _fstati64
• 0x446264 _iob
• 0x446268 _isctype
• 0x44626c _lseeki64
• 0x446270 _onexit
• 0x446274 _pctype
• 0x446278 _setmode
• 0x44627c _strnicmp
• 0x446280 _vsnprintf
• 0x446284 abort
• 0x446288 atexit
• 0x44628c fclose
• 0x446290 fflush
• 0x446294 fopen
• 0x446298 fprintf
• 0x44629c free
• 0x4462a0 localeconv
• 0x4462a4 malloc
• 0x4462a8 memchr
• 0x4462ac memcpy
• 0x4462b0 memmove
• 0x4462b4 memset
• 0x4462b8 rand
• 0x4462bc setlocale
• 0x4462c0 setvbuf
• 0x4462c4 signal
• 0x4462c8 srand
• 0x4462cc strcat
• 0x4462d0 strcmp
• 0x4462d4 strcoll
• 0x4462d8 strcpy
• 0x4462dc strftime
• 0x4462e0 strlen
• 0x4462e4 strtod
• 0x4462e8 strxfrm
• 0x4462ec time
L!This program cannot be run in DOS mode.
.rdata
.idata
.NewSec
E;Es9}
<t6p t<~ @tO
x7EZ[^_]
UW1V1S
eEEE$@
++CCUNG
pP EtB(dB$
R \tp@$
hUhU`hu
llU6hU(Et
E!t#XtEXM~t
$]u}E$@
UpPl1|pl
;u ]]$}}
4$Yt8 M
]1u}];] tIF
UWVS|U$E
E|[^_]
1|[^_]
UWVSL}
$DtbEN
UEXEE]u}E
++C B4CUNGB
t-S4C0
UEhEE]u}E
E]u}]E
UEhEE]u}E
tB1u2=C
UEXEE]u}E
80S4C0
t(S4C0
x9JtD|IS
]uEEEE
]uEEEE
]uEEEE
UUWVSLE
$UE@M@
$IMEQh$9t
$YMEQh$9t
$iMEQh$9t
]u}EEUE
Pht%$9t
UE]PhXdE
$]u}E$@
|u9EEP@
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
$]u}E$@
tuHxEE
UUWVS\E
EuSEUE9B
Et1@t@
UEXEE]
Et1@t@
UUWVS\E
EEUEn@
EuSEUE9B
UMWVSlE
UMWVSlE
UUWVS|E
@;Er]E[
@;ErEU]H
]xEEEt
$u}E$@
oUUWVSlUE
UUWVSlUE
9t1]u}]
[^_]UU
[^_]UXeE
$B4$Z]u]U
UEXEE]u}E
Eu!PRD
u9Et4+_
9}]t7q^
8"t-EE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
$u}E$@
$u}E$@
$u}E$@
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
]uEEEE
e[^_]EAAAA
uEAAAAEAAAAE
EAAAAEAAAAE
EAAAAEAAAAE
EAAAAE
S C0C,
t(C,1D$
S0x]u]
t3[4u$&
t$B0x=B0uVB(
z(]u}]
H0x4P0uMX(]
[^_]o2
UWVS,PXD
]t"x0xFp0u X(EP J
UWVS,@
tLEtt$
tEp0x^X0uw@(UEEE
]tAH0xFP0u
X(EP J
X(EP J
H0us@(EUE
x0uaX(EP J
<$&]u}]
taH0xkP0uu@(
e[^_]PXD
H0yAPXD
EUM]Uu
M9Mv uMEU]Eu}U]
EuaE9E
UEEEU]u}]
Mu,9vZ
1E]E}Uu]
W11V1S
tplhl$
D$'\ t&
ME1UfE
:|,1\$ \$0
t$$t$4|$(|$
\$ t$$|$(,
D$,L$(D$
T$$D$ L$
T$DfD$B
\$0fD$0
|T f|T`B
UWVS|$
t$@\$@L$B
;f9yD$
|[^_]fD$
\$ fD$
~t$`1L$@
tfxJ\$
[^_]uUt$
~ML$$t$$
~;D$$p
~PL$$q
[^_]Ov
1D[^_]
|$lOD$
~D[^_]
D[^_]fD$&
tH1|$(M
Ky\$\u=L$
|$\T$`
UWVSd\$xl$|
2L$:zQ
1d[^_]
1D$8L$
HyfD$8xfD$
UWVSLt$`l$d
:L$"ZQ
L[^_]1
HyT$ \$
LS[^_]
Iy%LbD
t,K9w4
0^t&K9w.
B9w[][]
;Ew,t&
Bt$H9v
9pr(t$
EZ;]]r
u39~rdF]
E9]EEr
9rrTB]
u)]u}]
9rrdB]
E@E9]EEr
9prw;M
DF;gUS
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
$]u}E$@
t>BtmEM
$rE]u}]
$UEP&A
]UUWVS
T$ E|UD$
D$ |UD$
eOEElD$
$SEJEEE
$@$EVE
rUMWVS
$EJEEE
$@$EFE
pUMWVS
$EJEEE
$@$EVE
rUMWVS
e|EElD$
$EJEEE
$@$ECE
nUMWVS,
enEElD$
11dE1X
'x $t&
cUMWVS,
e_EElD$
dE1X1\
$9\rpw
eUMWVS
$@$Eek
]EUu}]
UWVS<U
EMu`EED$
]UU EEE
$Uu}E$@
$:EUEEU
$8EU]u}]
UU EEE
$U]uE$@
$?7EU]u}]
]UU EEE
$Uu}E$@
$EU/EEU
$5EU]u}]
$;U(E$U
uM }u$}
UWVSLE
EUe[^_]
7UWVSLU
EUe[^_]
DUWVSLE
0P&M U
EUe[^_]
>UWVSLU
U N 1%D$
EUe[^_]
E$]U u]
E <$D$
@ 1vE D$
a0L$/4
@ -6m D$
]U M$}>D$
W ]u}]
(]] uu
$WEEUs
AE]EUu}E
$YotuH
$]u}E$@
$;"UExE
$]u}E$@
$!UExE
$]u}E$@
UWVS<E
1t+u+t
$P$WUWVS<E
1t+u+t
<[^_]#
$P$WUW1VS
$P$US$M
E0EE,l
;E |qgfff
M(9Mt\EU
$P$UWVS|E
U ElUE
EET$$U
1t+u+t
|[^_]S<1u
Bu+E1E
UWVS,E,EE(l
C;]$s!U
CG;]$r
$X?E(UM
$<?E9Ur
U2Cu9rE
e[^_]E
<$MEMP
EET$$U
BdEBhEBlEBpE
1t6u6t
9u{tEC
,A<8w4
D$ E$T$$
D$ ,T$$U
|,U$HB
T$ 4E$
BHEBLEBPEBTE
E$T$(L$$D$
Bd8Bh<Bl@BpDBtHBxLB|P
B,EB0EB4EB8EB<EB@EBDE5
FJ8tJU
$%\$ ~
c%\$ (
$P$US$M
UWVS<E
$3;]$tb
tO%tv}
C;]$uE
%uC;]$tE
u!C;]$tM
R4UVS ]
^]kTU(
UMWVS|
MU E$@
e?E]l]
hxUxBl@
||8\A
\|@@B4E1<<
$E,|B
80tp@U
)UMWVS|
MU E$@
rxUxBl@
||8\A
\|@@B4E1<<
80tp@U
D$ E$T$
D$ E$T$
U M$$@
|htL$/p
x|e[^_]
$hp)dL$
UU EE$U
U8uE u
]U$M(}>D$
4$L$ D$
U t,t$
]u}]UWVS
$nXlD$
HlL$+@Ep1D$
@L$+<P0
T$+@Bl
kUWVS<
eE|lp<$yl
Od|dBl@
0L$'D,
0C,<$D$
EUEEUE
&{TPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUWVS<
eE|lp<$ll
Bd|dBl@
0L$'D,
0C,<$D$
EUEEUE
&nTPLB
ChtB4E
J$Z(@@<
X<$BuEX
$xUUWVS\E
$>\[^_]
UMWVSLE
$yL[^_]
U]Mu}EU
U]Mu}EU
$R]u}]
uEE}UM
UMWVSlE
t ]u$E
El[^_]
$bEl[^_]
]MEEUEIB
$E|[^_]
E|[^_]
EEUu}E
t&]u*E
EEU]}E
t&}u*E
$4E]u}]
$E]u}]
UU]EEu}E
E@t']u+E
$2E]u}]
EEU]}E
$nE]u}]E
EEUu}E$@
$D~E]u}]
UU]EEu}E$@
$B}E]u}]
$m|E]u}]
$]}E$@
EEUu}E
B@t2]u6t&
$yE]u}]
$yE]u}]
UMWVSlE
$wEl[^_]
$s.UWVS
UMWVS|E
$NrE|[^_]
rE|[^_]
}EEEEUE
@@t.}u2&
pE]u}]
$oE]u}]
$%nE\[^_]
$mE\[^_]
$rl]u}]
$$k]u}]
U}1EEU]uE
iE]u}]
$hE]u}]
UUWVS|E
$8gE|[^_]
$fE|[^_]
UUWVS|E
$heE|[^_]
$dE|[^_]
KUUWVS|E
$cE|[^_]
$"cE|[^_]
{UUWV1S|E
$aE|[^_]
$RaE|[^_]
UUWV1S|E
$_E|[^_]
$_E|[^_]
UUWV1S
UUWVS|E
$(\E|[^_]
$[E|[^_]
UUWV1S|E
$XZE|[^_]
$YE|[^_]
;UUWVS|E
$XE|[^_]
XE|[^_]
kUUWV1S
mUUWVS|E
$TE|[^_]
$BTE|[^_]
UUWV1S|E
$RE|[^_]
$rRE|[^_]
UUWVS|E
QE|[^_]
$PE|[^_]
UWVS|E
e1OEUE
$OE|[^_]
U]UEEu}E
$ME]u}]
ME]u}]E
EEUu}E$@
$NLE]u}]
$dKE]u}]
UU]EEu}E$@
$bJE]u}]
$IE]u}]
$]}E$@
$u}E$@
$8GE]u}]
$B]u}]
$kA]u}]
e5?EED$
}U|BtBu
#UUWVS|E
$<E|[^_]
6PxBtBu
]M|BtBu
eE4EED$
J|BtBu
e0E|D$
EpBtBu
eE-EED$
C|BtBu
]UUWVS
e"*E|E
3UUWVS
eu&EED$
<|BtBu
@))9rZt$
]]UXeE
]uEEEE}E
E]u}]E
$E+vUE
UU]EEu}E
UEWVSlE
El[^_]=
\dE|EiC
4$)1D$
9PrWp1|$
9BraR1_U\$
$K]u}]
9JrfzU
X?)9rY|$
9s3Bt$
)9snu~B
$u}E$@
U uL C
UjU(]E
u0F)9w
EJ?))9rRt$
8D]u}]
?J)9r[|$
?]9EUUrwU
X9s?))9rtt$
]u}]9st$
]]U(uU
<$E)(>U
UEEMEB
$I:EEE
$69E\E
A?));U
$u}E$@
$aUUWVS|E
$|[^_]
EE]u}E$@
$@]u}]
$u}E$@
9BUr~Uu
EHjU(}}
EE]u}E$@
$0]u}]
$u}E$@
9BUr~Uu
E8jU(}}
$]u}E$@
$]u}]E
$]u}E$@
$J]u}]E
}~UXeE
$cUXeE
U]uEEU
$@]u}]
$#UXeE
$cUXeE
$A]u}]
$~]u}]
$#UXeE
$cUXeE
U]uEEU
$>]u}]
$#UXeE
$bUheE
$sUXeE
$L]u}]
$c]u}]
$AUXeE
$(XUXeE
$(hUXeE
tD~@Q@
c_UWVS<E
7E|$/M
$UE19u
C@uaC@
C\u'C\
$#uOEE
$E]u}]
P0P@@J
@4A8A<u
$4UB@BI
;EE0AtM
$E.UMWVS
tlUEPXE
$e[^_]
$E,E3WqMEAX
$e[^_]
EpXX\
CdpueUpB\B
B4B8B<E
U]uEE}E
$E]u}]
${E]u}]
$EL*U(uu
EE]u}]
]9ttuF
U;:|CF
;9t19~!)tQC|$
P1SBF0
ChCdC@C
YLQ@9A
ALIPCT
$E>$BX
U9EXXPd
#t{]{T
$P$t:E
U]uEE}E
$:tfEU]@
$PE]CX
$E]u}]
E:IaUX}}
]u}]GT
_h1Wd)9]
G<~?O\U)
u6whO\U
F?E)\$
GhMW\)9EEr
GdeEGX
$\gGd\$
$AUUWVS\E
$\[^_]
UUWVS\E
$u\[^_]
]uEEEE
$R]u}]
]uEEEE
$1UXeE
]uEEEE
UUWVSlUE
e6EMxM
EUxBx8
UUWVS\UE
EUxBx8
hUMWVSlME
M6UMWVS\E
eR]UMC
EMUE]A
qUUWVS\E
EUxBx8
_UUWVS\E
EUxBx8
_UMWVS\E
EMUE]A
$4\[^_]
$RE]u}]
UUW1VS\E
$$UEMBt
$\[^_]
$OUUWV1S\UE
eDEMtM
$"UEMBt
$t\[^_]
UMWVS\E
$\[^_]
$yUMWVS\E
$YUXeE
EUtBt8
$1UXeE
EUtBt8
$RE]u}]
UUW1VS\E
$\[^_]
$WUUW1VS\E
eVEMpM
$UMWVS\E
$%\[^_]
UMWVS\E
EUpBp8
EUpBp8
$xUXeE
$"]u}]
$8p1D$
$"]u}]
$8o1D$
"EUE1}
*UqUheE
$.]u}]
$(UqUheE
]uEEEE
]uEEEE
$']u}]
]uEEEE
$g]u}]
]EEEEU
$]EUD$
$]YUheE
REUE1}
$:\EUD$
$m\YUS
[[]}OU
pl&$hd
$|e[^_]
$X)TL$
Nld)hL$
UUWVS\E
esEUE1}
t\[^_]
$K1UD$
$KZUUWVS\E
eXrEUE1}
$r\[^_]
$nJZUS
X[]}=U
UUWVS\E
epEUE1}
q\[^_]
HE1Ut$
$HZUUWVS\E
eHoEUE1}
$o\[^_]
1G1UD$
$^GZUS
X[]m:U
$'utJ$
p`1(@=
ie[^_]
$rld)hL$
$gktJ$
p`1(@=
$T_e[^_]
$hld)hL$
$69cU1
X[]}&U
Y[]-&U
$U]u}]
$`[UXeE
$ZUXeE
$ZT]u}]
$S]u}]
$SYUXeE
]uEEEE
$R]u}]
$XUXeE
]uEEEE
$:R]u}]
$WUXeE
]uEEEE
$Q]u}]
$O]u}]
$#UUXeE
$N]u}]
$sTUXeE
$ N]u}]
$SUXeE
$pM]u}]
]uEEEE
$L]u}]
$SRUXeE
]uEEEE
$K]u}]
$QUXeE
]uEEEE
$JK]u}]
$PUXeE
$J]u}]
$=PUXeE
$I]u}]
${OUXeE
$NUXeE
$WH]u}]
$MUXeE
$G]u}]
$;MUXeE
$F]u}]
UMWVS\E
$WC\[^_]
CtSt]u]
?XCtCu
CtSt]u]
$u}E$@
$&EUD$
E@xEtP
UWVSLE
$wllD$
$TCtCu
].UXeE
$~E1@t
$F=]u}]
u1EEEE}1
^H[^_]E
[H^_]E
-UWVS(E
C9u([^_]
4$ [^]
UUWVS|E
$2E|[^_]
$d2E|[^_]
UEXEE]u}E
$-1E]u}]
UEXEE]u}E
$m0E]u}]
UEXEE]u}E
$/E]u}]
$E]5t&
$EYUEXEE]u}E
$.E]u}]
UEXEE]u}E
$-.E]u}]
UEXEE]u}E
$m-E]u}]
UEXEE]u}E
$,E]u}]
$E]2t&
$EYUEXEE]u}E
$+E]u}]
UEXEE]u}E
$-+E]u}]
UEXEE]u}E
$m*E]u}]
UEXEE]u}E
$)E]u}]
$E]/t&
$EYUEXEE]u}E
$(E]u}]
UEXEE]u}E
$-(E]u}]
e}#EME
$MAX9EE~wE
k-MT$+Uyu
#Ee[^_]
8UBtBu
$e7 EME
.*MT$+Uyu
6UBtBu
$ Ee[^_]=uE
$]uE$@
$E."EU
$]u}E$@
$E*!EU
$u}E$@
||EH;E
En}t uu$E
UM4$L$
UU]EEu}E
\Mira.h
Saaaalamm
basic_filebuf::xsgetn error reading the file
basic_filebuf::_M_convert_to_external conversion error
basic_filebuf::underflow codecvt::max_length() is not valid
basic_filebuf::underflow incomplete character in file
basic_filebuf::underflow error reading the file
basic_filebuf::underflow invalid byte sequence in file
basic_ios::clear
basic_string::at
basic_string::copy
basic_string::compare
basic_string::_S_create
basic_string::reserve
basic_string::erase
basic_string::assign
basic_string::append
basic_string::_M_replace_aux
basic_string::replace
basic_string::insert
basic_string::resize
basic_string::_S_construct NULL not valid
basic_string::basic_string
basic_string::substr
ios_base::_M_grow_words is not valid
ios_base::_M_grow_words allocation failed
locale::_S_normalize_category category not found
locale::_Impl::_M_replace_facet
basic_string::_M_replace_aux
%H:%M:%S
%m/%d/%y
basic_string::_M_replace_aux
basic_string::erase
pure virtual method called
LC_CTYPE
LC_NUMERIC
LC_TIME
LC_COLLATE
LC_MONETARY
LC_MESSAGES
locale::facet::_S_create_c_locale name not valid
-+xX0123456789abcdef0123456789ABCDEF
-+xX0123456789abcdefABCDEF
-0123456789
%m/%d/%y
August
September
October
November
December
%H:%M:%S
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
c:/mnt/samo/mingw/msys/mthr_stub.c
-LIBGCCW32-EH-2-SJLJ-GTHR-MINGW32
w32_sharedptr->size == sizeof(W32_EH_SHARED)
%s:%u: failed assertion `%s'
../../gcc/gcc/config/i386/w32-shared-ptr.c
GetAtomNameA (atom, s, sizeof(s)) != 0
R`%uM]=];Z
uuvHMe
I x@ p+
N10__cxxabiv117__class_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
NSt6locale5facetE
NSt8ios_base7failureE
St10bad_typeid
St10ctype_base
St10money_base
St10moneypunctIcLb0EE
St10moneypunctIcLb1EE
St11__timepunctIcE
St11logic_error
St11range_error
St12codecvt_base
St12ctype_bynameIcE
St12domain_error
St12length_error
St12out_of_range
St13bad_exception
St13basic_filebufIcSt11char_traitsIcEE
St13basic_fstreamIcSt11char_traitsIcEE
St13messages_base
St13runtime_error
St14basic_ifstreamIcSt11char_traitsIcEE
St14basic_ofstreamIcSt11char_traitsIcEE
St14codecvt_bynameIcciE
St14collate_bynameIcE
St14overflow_error
St15basic_streambufIcSt11char_traitsIcEE
St15messages_bynameIcE
St15numpunct_bynameIcE
St15time_get_bynameIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St15time_put_bynameIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St15underflow_error
St16__numpunct_cacheIcE
St16invalid_argument
St17__timepunct_cacheIcE
St17moneypunct_bynameIcLb0EE
St17moneypunct_bynameIcLb1EE
St18__moneypunct_cacheIcLb0EE
St18__moneypunct_cacheIcLb1EE
St21__ctype_abstract_baseIcE
St23__codecvt_abstract_baseIcciE
St5ctypeIcE
St7codecvtIcciE
St7collateIcE
St7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St8bad_cast
St8ios_base
St8messagesIcE
St8numpunctIcE
St8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9bad_alloc
St9basic_iosIcSt11char_traitsIcEE
St9exception
St9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE
St9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE
St9time_base
St9type_info
AddAtomA
CreateDirectoryA
CreateProcessA
CreateSemaphoreA
DeleteFileA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
_fdopen
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_fstati64
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
atexit
fclose
fflush
fprintf
localeconv
malloc
memchr
memcpy
memmove
memset
setlocale
setvbuf
signal
strcat
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
SHGetFolderPathA
ShellExecuteA
KERNEL32.dll
msvcrt.dll
msvcrt.dll
SHELL32.DLL
NaHaJa
/ (1}3 { |:3..
.@=-Ox
H"aOl?
FCDdHEW
HSuUXBKS
J OAzh
BkG!lH
k?k?Y6
@JSuUrB
!pHbHB
RC@JS:
Qv36W?
aOl;!JS
!@J@Qv
Bt3>w9$
!DHRH"hG
.WHZJc
!DGLb!OTB?
@0D@?JS
XHRHZJS
[HRJSG
UI|S`NG
WHP!ot
Q@3P@y^
WI|H)CL`n2
-BtJ+,
Q[4W{@
UI|S`NG
WI|H)CS
UI|S`NG
D@Q@4@W
UI|S`NG
4wULSG
UI|S`NG
WI|H)CB
UI|S`NG
UI|S`NG
2UI|S`NG
)-!<HP
2UI|S`NG
i,!<HP
2UI|S`NG
JcTU`RG
2UI|S`NG
JcTU`RG
&Q@HS!8JP
2UI|S`NG
2UI|S`NG
rK`J^4
WwHcph
!XHRJS
XHRH"hq
!XHRJS
!XHRJS
HjH"hw
!XHRJS
!XHRJS
HRH"h7
!XHRJS
!XHRJS
!XHRJS
HRH"hW
!XHRJS
!XHRJS
ID!HJSN@H"G
ID!HJSN@H"G
D@gMAB
W{$DAJc
(Bt5Y6
2UI|S`NG
(Bt5Y6
QI3?Y6
Ox!0Jc
Q@3?Y6
Ox!0Jc
W{A8JQ
)8HBdG
HkthK4
,D@JSx
Q@3)UvHRB
U!DSq9N
C@Bd5P@3\W_
8HRH"hH
>L[L|J
W{!4JO
o"R8oo
[HSl8G
N0 RG2b
Rhob
Q[4&W[!
QI4&W[!
W{!4JO
HbJc9?!
@HcpA R
! HRH"h?
ol!R8G"
N!RG2b
Uw!03"Ox
8HRH"h/
8HRH"h.
P@3 UxJk
P@3 UxJk
U!HHb;
WI|H)CB
*HjHJh{
UI|S`NG
WI|H)C
WI|H)CB
)`3E1"
WIP3Ta!
UeJcH#
DK3Jch
UI|S`NG
UI|S`NG
DK3Jch
UI|S`NG
UI|S`NG
DK3Jch
UI|S`NG
UI|S`NG
F F G>
F F G>
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
WI|H)CBG
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
WI|H)CBG
Q6QG2y
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
UI|S`NG
QR3 WH"
WI|H)CBG
N(eQGnz
N8~QG~{
@!XHjU
HgOAtI
HRHjY4
BUvHHB
&U)x`n2
?3 Qv4-Y4
BQ[42Y4
>Q@4dW
>Q@8Y4
>Q@3Y4
WJSJRN
QR4CQI3U"WJe
#HZHRHb
Q@4RO{
#HjHRHb
/>Qv7lW
)lD@JV
>QR4"U
m@%Rkrnx
m@%Rkm@
Q@42O{
U`HWJN
Q@30WDA]L
D@]H*h?
c@kRPg
!PJ!\HS
SRVQP3
_Bt4IQ@4
1pHfUF6!
XBw)tJ
_Bt4IQ@4
hJSwkH
`HUZGJSu[S
LHRHBho7
eR"aMl
u!>=PB
ABPL[;
OJtUOiY7
%IHHZU
vDDEaBk
OJtUOiY7
TA?M=;
OJtUOiY7
OJtUOiY7
vDDEaBktOk
)HHHZH*h_
;2sjLRHRi
W.W2W6OD\
OBtQ@4
vAOktUB8'
?w32v2G
7G7tQ@37
JpJZLz
iJZLj}
OJtUOiY7
7tQR8OHw
=bW2OA
btUHOA
TQQ3Q7<
H+]W"7
TQK3XY??
@BH @B
KtUi*Cw
m)CHIL
wtQ[%(
BH@OBWEqu
O@XEu%
JbLj%I
7%<TO~
k]tOz'
Ur%G;~
vAOktUB8q
<"W*>,U
W)JVkF4
kH)CO\
D@H^HW
A|H)CO\
UXJk)tJ
WI|H)C
2UI|S`NG
HRH*hcH
2RHcLho
XUK3 @B
6NUOAJ<
J QR3<W
QR3(WI
XUK3 @B
SRD@JS
QR3WWI
6NUOAJ<
QR3(WI
XUK3 @B
6NUOAJ<
J QR3<W
QR3(WI
!XHRH"h
^/1L=C
XUK3 @B
6NUOAJ<
J QR3<W
!XHHRH"h
~>1LM5
XUK3 @B
SRD@JS
QR3WWI
6NUOAJ<
HUHH6Lq
QR3EWI
6NUOAJ
QR3(WI
XUK3 @B
6NUOAJ<
QR3mWI
6NUOAJ
QR3EWI
6NUOAJ
QR3(WI
!XHHRH"hSb
J QR3<W
QR3\WI
6NUOAJ8
HZJ[L;
QR30WI
6NUOAS
J[\}>GD1
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
W!J'U*W
<.U?HO`tHQ
U*U&U"W
!HRHbJS
aOl!JS
2USAxHG
WS!XHbJc
HbHRJSd
WSHRJS
WI|H)CBG
U[!HSd
AxS`NG
!XH"hK
WS!XHbJc
HbHRJSd
WSHRJS
WI|H)CBG
2USAxHG
WS!XHbJc
HbHRJSd
WSHRJS
WI|H)CBG
6W!HRJS
6W!HRJS
6W!HRJS
6W!HRJS
6W!HRJS
6W!HRJS
LRBhsC
!LHRJS
UCHXL~
Y=U"Oc
WI|H)CJS
HbHZ^F
HbHZ^F
HRLS[;2
HbHZ^F
HbHZ^F
2ODi)CO\
*ODi)CO\
ODi)CO\
ODi)CO\
A|H)CO\
A|H)CO\
HbHRJS
HbHRJS
dHHbHRJS
`BP[39PR49UvC@JS
dHHbHRJS
`BP[39PR49UvC@JS
W!J'U*W
W!J'U*W
JcuTAP
.HH%t2wA-z
)DJRiHH
`JiHJk
`BP[39PR49UvC@JS
J[}WHRH
0uo~!0HW+G$J~
!,HZHS
`BP[3DPR4DUvC@JSx
P3"TQGFC
B!D@JP
HjHZHRJ~
U*@HRJS
HbHRJS
U.IHZL~
2U6O@y
W!J'U*W
W!J'U*W
W!J'U*W
~I)H@L
m)CJ%@HR
JkuSuc
)tHWI|H>khws
*Us!Sx`N
)HHbH*h
tOxG2x
J QR36W
J QR36W
J QR3<W
HJNH|~
*Us!Sx`N
)HHbH*h
tOxG2x
J QR36W
J QR36W
J QR3<W
HJNH|~
W!J'U.W
W!J'U.W
m)CJP~
!HZJl~
US!HS\
"UK!HST
HbHRJS
ODi)CO\
WI|H)CH
WI|H)C
jHHRH"h
YS)J[G
F F G>
WHRHO@
Q@3%W=
HRHH"i7
YS)J[G
F F G>
WHRHO@
Q@3%W=
HRHH"i7
Ww!<J[
W{!<J[G
W{!<J[G
U_! W[
BB[|Jk|
4Qv3Ww
Qv34Ws
WI|H)CLB[Jk
UvB[JS
R~!0H"h[
Q@34Wo
WI|H)CLB[|J|
UvB[|JS
P~!,H"h
)0DALS
LB[|Jk|
2UI|S`NG
WI|H)CLB
Us)tHS\
UI|Sx`NG
UvJXD8
$tUPJ`
U!4HS\
uP3@Ws@
2~6NWk
J%UxJX<D
SPI4G6)hJQv^
26NUP@PJT
6UBWHB
J%UxJX<D
SPI4G6)hJQv^
26NUP@PJT
6UBWHB
)(D@_Jc|
Y=~! J
D@)7JO
uN3<Wo
LB[|J|
!:~BJc
UI|S`NG
W{!4Jc
S0*Phr
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
Q@HSdC.
!4HRJS|
QR30W[
*~BJcl
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
Q@HSdC/
!4HRJS|
QR30W[
"~BJcl
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
$HRJSt
Wo!4HRHbJch
&t.ALSp
QR3WH"
DtJSd>H"G
QR3(WH"
}!4H"G
WI|H)CLB
Us)tHS\
UI|Sx`NG
UvJXD8
$tUPJ`
U!4HS\
2UI|S`NG
WI|H)CJcl
PSc! J
ODi)C~}
QR3WH"
QR3WH"
UI|S`NG
WI|H)CB
W{!4Jc
t.ALSp
QR3WH"
2OJ r|
QR3WH"
4Qv3Y4
Q@38WK
&t.ALSp
QR3WH"
2OJ 2w
WWHRJOG
Q@3@WK
&t.ALSp
QR3WH"
2OJ Rt
QR3WH"
!HjHRJH
DtJST>H"G
&t.ALSp
QR3WH"
2OJ rq
QR3WH"
&t.ALSp
m)CLYj}
QR3WH"
HSLuSPi_
QR3WH"
Q@3@WK
&t.ALSp
QR3WH"
QR3WH"
HS\uS`
&t.ALSp
QR3WH"
2OJ 2g
&Wg),B
&t.ALSp
QR3WH"
QR3WH"
WI|H)C
WI|H)C
I|H)CL
AxHW)tH)CO\
UIHjJS
WJPA-P@3
A|H)Cx
)xH)iO
WI|H)CH
QR4%UJ
B>BK8?
AxJS>1
WJPA-P@3
i)CLH*h
A|H)CO\
I|H)CHbH*h$
3Q[4 UpJk
3xQ[4$UpJk
@HRHjHBh{#
WI|H)CLJ
4Uv!lJ
)tHWAxH)CO\
WI|H)C
Us)tHS\
A"L!lJ
|DKc@?
@HRHHjHJh
WI|H)CJ
kV)pHZU
~!pJS^HHR1
GJt18U
4Uv!lJ
AxHW)tH)C
@HRH"h
WI|H)CO\
HRHZHb5
WI|H)CO\
HRHZHb
HZHRJS
HRHZHb
HRHZHb
HRHZHbU
WW7I!1tW
"Q@4 UpJk
)tHWAxH)CO\
)YGUSS
"WJTG=
WI|H)C
2UI|S`NG
HAHZJS
JPA-P@4@Mz
JS\N@H"G
Us)tHS\
WI|H)CL
HAHZJS
JPA-P@4@Mz
JS\N@H"G
Us)tHS\
WI|H)CL
XHRH"h
XHRH"hk
)xH)CO\
WJPA-P@3
2UI|S`NG
WI|H)CLBG
2UI|S`NG
@BJcTU
UI|S`NG
AxS`NG
WI|H)CLBG
2UI|S`NG
@BJcTU
2UI|S`NG
AxS`NG
WI|H)CLBG
2UI|S`NG
@BJcTU
2UI|S`NG
UI|S`NG
WI|H)CLBG
2UI|S`NG
@BJcTU
2UI|S`NG
JcTU?G
2UI|S`NG
yD}!<HP
2UI|S`NG
@BJcTU
2UI|S`NG
JcTUHRG
2UI|S`NG
A}!<HP
2UI|S`NG
@BJcTU
2UI|S`NG
JcTUHRG
}BH"hW
}BH"hW
}BH"hW
WI|H)CJ
&P@3@W
U^HjJS
UI|Sx`NG
W[N@H"G
?W3zWC
WHbHjHB
C@T JT
UCAHJc
)pHdi#
C@?44U
? 37W
fUAJ^0
W_?JY47
UI|S`NG
X}:) ? 35
A|H)CLJQ
A|H)Cx&
HZHj`G
P@3tW{!<Jk
WI|H)C? 4(W
WI|H)CU JU
!hJm$F
!hHRLU
JnUFHS
v@Je0G)X
SJ4CJe
U*U&U"U
PHRJe$
HjHRJS
P[3dn,
P[3dn,
UI|S`NG
UI|S`NG
WI|H)CB
UI|S`NG
WI|H)CB
W{!,BD
439Ox#
Wo!4JO
Ww!<J[
Uk),JO
W{!<BDG
W{!<BDG
Ww!<J[
Ww!,JQ
32Wg),JP
)4Ww!8Jk
ODi)CJ
Q@4*W{
Ws!<HRJ
Ws!<HRJ
W{!<B@G
WI|H)CB
W{!<B@G
WI|H)CB
ODi)CJ
WI|H)CB
W{P<8R
W{P<8R
2UI|S`NG
W{!<HS
2UI|S`NG
W{!<HS
UI|S`NG
UI|S`NG
UI|S`NG
HbHRJS
2UI|S`NG
Ww!8HS
W{!8HRH"h~
2UI|S`NG
Ww!8HS
W{!8HRH"hw|
JNA-P@
!8HRJS
!8HRJS
JNA-P@
HRg}`~
2Q@4!Uu
JNA-P@
HR)^}`~
2Q@4!U
HbUY}H
HbHZ^F
HbHZ^F
HbHZ^F
HbHZ^F
2UI|S`NG
2UI|S`NG
2UI|S`NG
9}!<HP
2UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
2UI|S`NG
@BJcTUhRG
2UI|S`NG
JcTUhRG
2UI|S`NG
@BJcTUhRG
2UI|S`NG
JcTUhRG
UI|S`NG
UI|S`NG
UI|S`NG
AxS`NG
2UI|S`NG
WI|H)CBG
2UI|S`NG
JcTU?G
I|S`NG
2UI|S`NG
WI|H)CBG
2UI|S`NG
JcTU?G
1|BBk\
W[! HRH"h
WI|H)B
I(!,Hc\
U)tS`NG
DAd?36
IriuSuR
uUkGBS
UCHXHA4?
HbHZHRJS
UCHOx{
WHjHbHJ
6UBWHB
$tUHLk
S\SPI3W_
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
UI|S`NG
! HHZHRJ
2OJ R`
QR3WH"
S?A3!6
T3)xHW
T3)xHW
!HRH"h
XHRH"h_
JSdk]\
DK\Jch
WI|H)B
-}BHS`
4Qv42Yc
4Qv3W[
OAB[`JS
Q[4@Y6
)4D@TJc
S?A3!6
T3)xHW
T3)xHW
[51}?%((|06(4>-"15-j
w/.;3(|06z
~1 5&. 21
o- z-,
!o?"m2+s.%H
2u1-.11}>1s-(|33v1%w8
!o?"m2+s.%H
m/-13m@
sD$:+./-12w;s>.
!o?"m2+s.%H
-r1%z;q;$qBH97m8-u@72.:3.B+w0!o?"m2+s.%H
-r1%z;w:.{<$1"v- q@1.5t5$
!o?"m2+s.%H
-r1%z;s>.$o0-u's(z1!o?"m2+s.%H
-r1%z;w: z5pE$.?01"s-.2+s
!o?"m52H
!o?"m?1w:H-p-(q+35&H
.~E!o?"m?1w:H/,~-$
.2w/2>-u
a+1s-$
.2w/2>-u
1s?11!o?"m?1w:H1 1!o?"m?1w:H-2w3p-(q+35&H
.2w/2>-u
[+$~8"s+4 5
@(|31+o/p-(q+35&H
.2w/2>-u
!o?"m?1w:H+
-}@5o8#
.2w/2>-u
!o?"m?1w:p-(q+35&H
(}?!o?H+
u>6mC1r?(. z5
(}?!o?H+
u>6mC1r? z8"o@.| w8#
a+.9+wF
q-$u;8./3s31..:
m>/z-$m2"s@!o?"m?1w:H+
>19. p
!o?"m?1w:H+
oAp-(q+35&H
53-{1'}0"o8$r
q+.q-$.:,s. z5
G-"r1?C
{#=OA4@
s<${.1
5s9$$q1!s>
: .|08
##|1#oE
vA2r-T>#oE
o@1r-aA[;bAe1b4T>a-X-4o>T11-8
"H- {;,w:6=983v>2Aq
6A2v-$r<1;
(1K(1%6#m
%o5$r213w;n
<=3"=3"=/-t5w=C;? 1~@q
s@3}9 {16-.{2:(1%6?.>
)J^s4R5
z o{Y^k=
i5/9t-5
qD p5?
q82+8~1(|2
qD p5@
5"z-2m@/s+-t;
qD p5@
q82+8~1(|2
a@+}/+s
a@(}?!o?t-+>
!o03<(r
"E$m.2s
,}:8m.2s
,}:8~A"
,}:8~A"
m@,s<-q@"S
+}3"m11}>
1o:$m11}>
"}0"@!o?
"E$m.-o9
#}9(|+1;
+s:3v+1;
.@.t+ |3
!o0$//5-
!o?"m2+s.%W/3?'o>3-3
!o?"m231,W/3?'o>3-3
,s? u1
1:({1$>1
!o?"m52> {
!o?"m;2> {
"}0"@!:,s
"}8 1!:,s
!o?"m?1s-!2"a@q41m@ w@
,s? u1
pE {1"S
pE {1"S
pE {1"a@w?1s-!2(1 ;
q ?/ +1o52W/
pE {1"a@}?1s-!2(1 ;
q ?/ +1o52W/
4|01t86m11}>
m:,~A"+ q4
(|B+w0 3,s:
m@,s<-q@"o/$W/
,}:8~A"+8|-$W/!>
,}:8~A"+8|-$W/!?
m9-sE4|/
m9-sE4|/
m/8~1 p?1o/
m/#s/3m-2>"+ 1"q5
(@$o94t+3s>3}>"a@q41m@ w@
.@$o94t+3s>3}>"a@q41m@ w@
$?&s?"S
4{<-q@"S
({1&s@"a@w?1s-!2(1 ;
q ?/ +1o52W/
({1/@"a@}?1s-!2(1 ;
q ?/ +1o52W/
r++z;
q ?/ +1o52W/
7q13w;
q G531,pA
w@1o@1W/3?'o>3-3
q G;31,pA
w@1o@1W/3?'o>3-3
({1!o?
8~1(|2
&]<-Y1
s9/v;$O
3O@,\-$O
3Q;,o:
3T5$O@1w.3s?
3Z-3S>.
3[;4z1(z1 {1
3[;4z1 |0$O
3s>.q7#R11s9-
3s>.q7#W:1s9-
+s-$a1 ~41s
3T5$O@1w.3s?
3Z-3S>.
3c: |0$r
"s<(}:(z@1
2O8.q
1a5&z1!x13
+&s@ w:1u?
+,p+4+
+/m+-5.|
+/m+,}0
+2s@ ~<3<
+(|0+}?
+(|0(?
+(|0$@
+4z8 4
+2q@/s
+2s1(D
+3:"{<|
+2|<(|@
8"o8"}:
?3z; z1N
?1t@,s
s@.z01^-'O
3"@32q
3,o5q<
V1#R5g
3$v+$?-o83"
231,;52"
3.@$o9(|?q/
3(@$o9(|?q/
3(}-@"q
32>-u-@"q
33w:.</
3$v+7q13w;q/
3$v+$9-o@q/
3$v+';q/
3$v++z;q/
3$v++}.+"
32> {.%;52"
/#s/3</
2-q@7q13</
3+}/+s"
3+}/+s+-w@"q
.2w/%w8q/
0+m;5</
:6m;5</
3#s8.~"
3+}/+s-@"q
3"E$</
52m8"o8q/
3 ;(q58</
:6m;q/
3"9.q-$</
3-sC'o:+s>"q
?#sD$~@"q
3(}?%o541"q
3.p-2m8"o8q/13
:,s>"m9,p12</
3+}/+s+ q12</
3"}8 1,s9$?"q
@,s+${.1"
@3{;$</
3/1#}$z;q
9'+3."
3&q/ w:"
+$z8(LV
32>.z0"
m+3s:?
+3@+r`
m+,}BO
m+ r0
s?!{|a
m+,}Bo
+3/+z{
+ z8"olJ
+${95sz
+&|A$//5-m4-r81N
` 3o>4~
h E+5s>%+1}A(|3
m#-[--N<@7
a@1a@m
$|9#s
]<-{;$a+
3sDm&3A9-W6
"q+7q13m@!z103o
3? r+7q13w;<> -
!o0$//5-
a@$//5-
a@$//5-
@ 1.t+-q;$r+ zA'^
m&1#mA$p^
$o0$|/#s05o8$mC3v+ 1)^
h/o>$m8#o+$o01^
z? m4 r1
z? m4 r1
h&s@ r621
Y E$m5%}
m+>/$q7$//5-m?$q
z? m4 r1
3G@/s+-t;5w
m37m<1; z58m?
q-+mA$<"1<> -
!o?"m2+s.%W/3?'o>3-3
1r- 2+
W A.2w/%w8!2"a@q41m@ w@
!o?"m2+s.%W/3?'o>3-3
1r- 2+
Q B.2w/(t?1s-
q ?/ +1o52W/
a@p-(q+%@$o9"a@q41m@ w@
!o?"m52> {
w231,W/3?'o>3-3
1r- 2+
a B.2w/(t?1s-
q ?/ +1o52W/
a@p-(q+%@$o9"a@q41m@ w@
m <> -
!o?"m;2> {
}231,W/3?'o>3-3
1r- 2+
W B.2w/.t?1s-
q ?/ +1o52W/
a@p-(q+%@$o9"a@q41m@ w@
!o?"m231,W/3?'o>3-3
1r- 2+
Q A.2w/%@$o9"a@q41m@ w@
m <> -
!o?"m231,W/3?'o>3-3
1r- 2+
b A.2w/%@$o9"a@q41m@ w@
!o?"m231,W/3?'o>3-3
1r- 2+
W A.2w/%@$o9"a@q41m@ w@
!o?"m231,W/3?'o>3-3
!o?"m2+s.%W/3?'o>3-3
[+1s-$m< q75
\ A.2w/%w8!2"a@q41m@ w@
q> 1/p-*SB132+
a@p-(q+(z14t
#s?1}E/p-*SB
!o?"m2+s.%W/3?'o>3-3
[+$@.+!o/
a@p-(q+(z14t
(+/s:5
q ?/ +1o52W/
}<-SB132+
a@p-(q+(z14t
/p-*t-+S5
!o?"m2+s.%W/3?'o>3-3
!o/%o5
!o?"m2+s.%W/3?'o>3-3
\ A.2w/%w8!2"a@q41m@ w@
q5132+
a@p-(q+(z14t
q ?/ +1o52W/
w231,W/3?'o>3-3
!o?"m52> {
1r.%SB132+
a@p-(q+%@$o9"a@q41m@ w@
w231,W/3?'o>3-3
}231,W/3?'o>3-3
!o?"m;2> {
1r.%SB132+
a@p-(q+%@$o9"a@q41m@ w@
}231,W/3?'o>3-3
q ?/ +1o52W/
q ?/ +1o52W/
q ?/ +1o52W/
!o?"m231,W/3?'o>3-3
\ A.2w/%w8!2"a@q41m@ w@
~1,}0m+
a@p-(q+(z14t
2s1/}?
/}?(S A+.+/s:.r1132+
a@p-(q+(z14t
]<-{;$
\ A.2w/%w8!2"a@q41m@ w@
!o?"m2+s.%W/3?'o>3-3
q ?/ +1o52W/
q ?/ +1o52W/
\ A.2w/%w8!2"a@q41m@ w@
\ A.2w/%w8!2"a@q41m@ w@
a@p-(q+(z14t
SB132+
a@p-(q+(z14t
!o?"m2+s.%W/3?'o>3-3
!o?"m2+s.%W/3?'o>3-3
\ A.2w/%w8!2"a@q41m@ w@
q5132+
a@p-(q+(z14t
q ?/ +1o52W/
\ A.2w/%w8!2"a@q41m@ w@
a@p-(q+(z14t
4|01t86SB132+
a@p-(q+(z14t
2v;,o:"SB
!o?"m2+s.%W/3?'o>3-3
'}C |E
!o?"m2+s.%W/3?'o>3-3
3D8"o8m+
a@p-(q+(z14t
q ?/ +1o52W/
\ A.2w/%w8!2"a@q41m@ w@
\ A.2w/%w8!2"a@q41m@ w@
a@p-(q+(z14t
SB132+
a@p-(q+2> {
!o?"m231,W/3?'o>3-3
!o?"m231,W/3?'o>3-3
q ?/ +1o52W/
q ?/ +1o52W/
\ A.2w/%@$o9"a@q41m@ w@
\ B.2w/.t?1s-
q ?/ +1o52W/
\ B.2w/.t?1s-
q ?/ +1o52W/
}231,W/3?'o>3-3
}231,W/3?'o>3-3
!o?"m;2> {
!o?"m;2> {
SB132+
a@p-(q+%@$o9"a@q41m@ w@
a@p-(q+%@$o9"a@q41m@ w@
\ B.2w/(t?1s-
q ?/ +1o52W/
\ B.2w/(t?1s-
q ?/ +1o52W/
w231,W/3?'o>3-3
w231,W/3?'o>3-3
!o?"m231,W/3?'o>3-3
q ?/ +1o52W/
q ?/ +1o52W/
\ A.2w/%@$o9"a@q41m@ w@
\ B.2w/.t?1s-
q ?/ +1o52W/
\ B.2w/.t?1s-
q ?/ +1o52W/
}231,W/3?'o>3-3
}231,W/3?'o>3-3
!o?"m52> {
!o?"m52> {
SB132+
a@p-(q+%@$o9"a@q41m@ w@
a@p-(q+%@$o9"a@q41m@ w@
\ A.2w/%@$o9"a@q41m@ w@
a@p-(q+2> {
"z;$SB132+
a@p-(q+2> {
q ?/ +1o52W/
~1,}0<@7
\ A.2w/%@$o9"a@q41m@ w@
q A+.+/s:.r1
!o?"m231,W/3?'o>3-3
]<-{;$
}231,W/3?'o>3-3
}231,W/3?'o>3-3
!o?"m;2> {
}231,W/3?'o>3-3
]<-{;$
}231,W/3?'o>3-3
]<-{;$
\ B.2w/.t?1s-
q ?/ +1o52W/
~1,}0<@7
\ B.2w/(t?1s-
q ?/ +1o52W/
\ B.2w/(t?1s-
q ?/ +1o52W/
w231,W/3?'o>3-3
]<-{;$
\ B.2w/(t?1s-
q ?/ +1o52W/
~1,}0<@7
\ B.2w/(t?1s-
q ?/ +1o52W/
~1,}0m+
a@p-(q+%@$o9"a@q41m@ w@
q A+.+/s:.r1132+
a@p-(q+%@$o9"a@q41m@ w@
a@p-(q+%@$o9"a@q41m@ w@
\ B.2w/(t?1s-
q ?/ +1o52W/
C�C�C�C�C�C�C�C�C�C�C�C�C�C�
A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�
C�C�C�C�C�C�
C�C�C�C�C�C�
Process Tree
-
011c14f8e373fc618a42463ca2340a3b365f3d48ab458a7539414f9b9104571b.exe (1332)
"C:\Users\Administrator\AppData\Local\Temp\011c14f8e373fc618a42463ca2340a3b365f3d48ab458a7539414f9b9104571b.exe"
- sfqxy.exe (1640) "C:\ProgramData\sfqxy.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | a3f61032f6d28c76_gcoxh .exe |
|---|---|
| Filepath | C:\gcoxh .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | add8f1cfe7f75c231acae6cc8ffff966 |
| SHA1 | a3ee20616020709427fb9d95b72172f29d4e2545 |
| SHA256 | a3f61032f6d28c76e1631143321ed59bb316e144be671151c8d6c539dd34ad61 |
| CRC32 | BB8C4863 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d1b31a964a610fdf_vc_red.msi .exe |
|---|---|
| Filepath | C:\VC_RED.MSI .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 6afd0bd77d0690c342c2f94a13e955ca |
| SHA1 | 5dfd883c1196b475e99885bd528b178693c9433d |
| SHA256 | d1b31a964a610fdffdc5be3500e5574b7e00ba99cd0624a6c2c3605913ff3773 |
| CRC32 | 98FAC0E6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2142c709d69d8df1_vcredist.bmp .exe |
|---|---|
| Filepath | C:\vcredist.bmp .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 90c74c56bf82a1404072a5a2f3f54a11 |
| SHA1 | f0d7e213ee0c518b1c11ca0659b04d898970a85e |
| SHA256 | 2142c709d69d8df1fc38f7bbd41823b0d575f2e0bbf4fffc292506d372960874 |
| CRC32 | E6D0253A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2cb77b17736cb01d_python27 .exe |
|---|---|
| Filepath | C:\Python27 .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | ed52fcc8d3db43c77b3e6c87803733c5 |
| SHA1 | 8bfb6345cde511deaf812fc4be785a44ee892558 |
| SHA256 | 2cb77b17736cb01d77d1fa92564d85ae434554fc0a95458ccd31dd35c7c7fbbe |
| CRC32 | 9289A6BB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eed7508cc2b3242c_install.exe .exe |
|---|---|
| Filepath | C:\install.exe .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 4dd096406414f2191e8a808950108a6c |
| SHA1 | 06f4b9175c7a3568b645c6e5daea78f78ab83f37 |
| SHA256 | eed7508cc2b3242cddbf83b439571062252c913af7314ecb1b4673ba38887be4 |
| CRC32 | B935B81A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e3b0c44298fc1c14_Mirav |
|---|---|
| Size | 0.0B |
| Type | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b54e1bdabd843c00_windows .exe |
|---|---|
| Filepath | C:\Windows .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 44d0af5fcfd6a29fb82edcab06bcea2c |
| SHA1 | 1a98be19d8cffbb24c36d925396675e68cd8a040 |
| SHA256 | b54e1bdabd843c00f9d826ae8d22c6eba06bc40370823600ecd30cad5072b370 |
| CRC32 | C0A444FF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5ad2749fde060d52_vc_red.cab .exe |
|---|---|
| Filepath | C:\VC_RED.cab .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 987f0186ae46ab64d21810f806ef7a81 |
| SHA1 | 66fd6cdee41da83aeb9c3e4e4c6f2ff62a6c5fd5 |
| SHA256 | 5ad2749fde060d5227e0e37b14c3000458757d36c03cda5bcdafa07096b534bd |
| CRC32 | 2E1F5837 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 542f0c05da0d24fd_recovery .exe |
|---|---|
| Filepath | C:\Recovery .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | b6026bffe80bcdc63a81e582d8ad47c3 |
| SHA1 | 17b800deee3f4fec9d71f1269b0913604a0f8d5a |
| SHA256 | 542f0c05da0d24fd172298e0892078a5a0a52f9a7036f3c577a84c1d0a7a3e2e |
| CRC32 | 4D61EA8D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2f7d4a3d40d53ed6_perflogs .exe |
|---|---|
| Filepath | C:\PerfLogs .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 239f780d0b369850cb00562a9408b514 |
| SHA1 | 6e3c366d5a4a20c810502866bb73983117498b98 |
| SHA256 | 2f7d4a3d40d53ed60e08e0ef4ce9f906737016ce78c46e7d83b5fa169d616f0d |
| CRC32 | EC7477CF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2972f1c92fd1bc14_system volume information .exe |
|---|---|
| Filepath | C:\System Volume Information .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | b2446a28bd72c282ef3100b618e7d620 |
| SHA1 | 19a022cda5f3486fcbc6f11b5a73c78146b516a9 |
| SHA256 | 2972f1c92fd1bc14c23bd56b992825a4beb6c7b40163fa3d1c8f50f97c2a833d |
| CRC32 | FDF3F783 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 035dcc42ca5653fd_programdata .exe |
|---|---|
| Filepath | C:\ProgramData .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 755b2fd200d9c017ea0f1e6717707649 |
| SHA1 | 4631859ce41579741171f20596e4fb6254de117c |
| SHA256 | 035dcc42ca5653fd0c809f09e95b4a3b08f18aa29a2c4c1e9439474a41b3cda2 |
| CRC32 | E44DFC41 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dd15bc5cf51ac027_globdata.ini .exe |
|---|---|
| Filepath | C:\globdata.ini .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | dbb76f0a0ce9540b36b275395521a7ec |
| SHA1 | 04fd251895c8a96fe84a1f4c48d79e9229bdf1b1 |
| SHA256 | dd15bc5cf51ac027094309ef08f65ccd622cb6f9338513ac6567342df87f9cb1 |
| CRC32 | 7292329D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e82b2ab257d128e8_$recycle.bin .exe |
|---|---|
| Filepath | C:\$Recycle.Bin .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) 1332 (011c14f8e373fc618a42463ca2340a3b365f3d48ab458a7539414f9b9104571b.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 379518f3a51e832f0b80d4383ce6eed0 |
| SHA1 | ae9dddd2f2fcb068cf5f6ca6cfb83e25b36bdc5f |
| SHA256 | e82b2ab257d128e89be75de7e6a9f01834ca528d33895f891f78457fa3a6e034 |
| CRC32 | BD87B9CB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0ee1155182db0fd7_program files .exe |
|---|---|
| Filepath | C:\Program Files .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 22d18c45d8f3eebb603f3cfe85aa18bb |
| SHA1 | 9703eb76020afd81a8d3b80206c3b8e87e2514ce |
| SHA256 | 0ee1155182db0fd7668f13b5e0d49a40a2691497157d932d21faec839f8d5bf2 |
| CRC32 | 89F855B5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 772b71339243e3f0_iugtl .exe |
|---|---|
| Filepath | C:\iugtl .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | b7f32986f1109bb96b7fda05c9a4b0e8 |
| SHA1 | ca79b1f85e86f1893ae7f1d3fbdd9c0da09cbed8 |
| SHA256 | 772b71339243e3f035f567d758d9e95dadf767843d389dbd8ed134d1d18d9f4f |
| CRC32 | 31A9E01D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 82cdfb127173404f_documents and settings .exe |
|---|---|
| Filepath | C:\Documents and Settings .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 443434275e48433b9d8c3d1cbe0149e3 |
| SHA1 | 9efd2c60aae9d93eb2569ac236e2afd39dc32432 |
| SHA256 | 82cdfb127173404f9099132cc38f78b383c74529cc531c75f5bfb84520e3a415 |
| CRC32 | 42208431 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 729936c84010c0d1_program files (x86) .exe |
|---|---|
| Filepath | C:\Program Files (x86) .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 0df4bc36b058c82bba6ce4c464c3069b |
| SHA1 | 4d250922bc41f39f7c65b0c96345a0fe80121fff |
| SHA256 | 729936c84010c0d1c89239b335ad5caff8c31409d3a129c5d702ea15c42de596 |
| CRC32 | 6BCDD3ED |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6d1caa3e822eadf6_sfqxy.exe |
|---|---|
| Filepath | C:\ProgramData\sfqxy.exe |
| Size | 353.1KB |
| Processes | 1332 (011c14f8e373fc618a42463ca2340a3b365f3d48ab458a7539414f9b9104571b.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | bdb5c69974dddf35a5ec6c7990872586 |
| SHA1 | b7b095cc0996bc354d394ae0c22ece5edb9c98a2 |
| SHA256 | 6d1caa3e822eadf67845e10e7ffb0e740c1c6dbc37d4639fee46858024f283e3 |
| CRC32 | 7231CFFB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c231e26d036eaf8e_install.res.2052.dll .exe |
|---|---|
| Filepath | C:\install.res.2052.dll .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 7da2e28b99ea961b135c04c776947b65 |
| SHA1 | 129e79f9e84c48efd96bf6481b0c98e674c2a851 |
| SHA256 | c231e26d036eaf8e6785e96f2fc9d75d6a20fefab30f024d560d999e9b1ebe82 |
| CRC32 | EEFA759A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1191714c0c1cdc04_install.ini .exe |
|---|---|
| Filepath | C:\install.ini .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 5525ce71bfedfa0dccf29666d7d5b17e |
| SHA1 | 24289e666e5b3a17428ea50066cf1d7f1f5f1be3 |
| SHA256 | 1191714c0c1cdc04cc8b5093b31a2a0b74699751dff3a4ae66d7d2923cc3535f |
| CRC32 | 939CA135 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 88e724db39f8e9a9_pagefile.sys .exe |
|---|---|
| Filepath | C:\pagefile.sys .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 33e1967bfd539c4c102acb1290eaa4de |
| SHA1 | 07a61ef3d292975e732f8c7d7fabf647428922ce |
| SHA256 | 88e724db39f8e9a908cc0cc17d0015dfe028b6ffff5b206a905aaf79419643d1 |
| CRC32 | 311B866A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0f699e29d428943b_users .exe |
|---|---|
| Filepath | C:\Users .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 7ac25bda69fe2fe38b90ea3e4262d60d |
| SHA1 | 5fbd2a556d4154eb77b2a10b88bc572d0a9bb590 |
| SHA256 | 0f699e29d428943bfb31b6a92400014254beb180a781958c694f935303534357 |
| CRC32 | 4671EE45 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cbd1d4972f2c8036_eula.2052.txt .exe |
|---|---|
| Filepath | C:\eula.2052.txt .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | edb78b9548d2a1bc189143c9292ad47a |
| SHA1 | 5468dd657cdde2229536c44efe0a328247787159 |
| SHA256 | cbd1d4972f2c8036033cea39a0e286fc3599ec6b45820aabf9a0fabb8182ec05 |
| CRC32 | ED90B017 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b79fa16bcf191768_mira.h |
|---|---|
| Filepath | C:\ProgramData\Saaaalamm\Mira.h |
| Size | 255.0KB |
| Processes | 1332 (011c14f8e373fc618a42463ca2340a3b365f3d48ab458a7539414f9b9104571b.exe) 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 3b199066399b355a1567696853b81067 |
| SHA1 | fc6141e5285acc40a362420ee5779b90b16aea64 |
| SHA256 | b79fa16bcf19176850f07c841a98aefb3f149bf9004dcd70f71fdc980e3fec1d |
| CRC32 | DFEC9207 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1bd57bc2c3a61a33_360downloads .exe |
|---|---|
| Filepath | C:\360Downloads .exe |
| Size | 608.1KB |
| Processes | 1640 (sfqxy.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows |
| MD5 | 39b146438c5be6cddb955b66959d9968 |
| SHA1 | 600252ee2ae5349a3607e9b52977afd5b9647f81 |
| SHA256 | 1bd57bc2c3a61a3393f7c679a8e95516f914f0f1a88ceb0511be793ecf110f9c |
| CRC32 | 4AA371A0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.