0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.75
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Dropper-NGE [Drp] | 20190830 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Urelas.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20190830 | 2013.8.14.323 |
| McAfee | RDN/Generic BackDoor | 20190830 | 6.0.6.653 |
| Tencent | None | 20190830 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 53 个反病毒引擎识别为恶意
(50 out of 53 个事件)
| ALYac | Gen:Variant.Graftor.118524 |
| APEX | Malicious |
| AVG | Win32:Dropper-NGE [Drp] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Graftor.118524 |
| AhnLab-V3 | Backdoor/Win32.Plite.C203542 |
| Antiy-AVL | Trojan[Downloader]/Win32.Urelas.ab |
| Arcabit | Trojan.Graftor.D1CEFC |
| Avast | Win32:Dropper-NGE [Drp] |
| Avira | TR/Crypt.PEPM.Gen2 |
| Baidu | Win32.Trojan.Urelas.a |
| BitDefender | Gen:Variant.Graftor.118524 |
| CAT-QuickHeal | Trojan.Gupboot.G.mue |
| ClamAV | Win.Trojan.Agent-1296053 |
| Comodo | TrojWare.Win32.GupBoot.BFC@5szi8p |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.fe5730 |
| Cylance | Unsafe |
| Cyren | W32/Urelas.E.gen!Eldorado |
| DrWeb | Trojan.AVKill.33377 |
| ESET-NOD32 | a variant of Win32/Urelas.U |
| Emsisoft | Gen:Variant.Graftor.118524 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Urelas.E.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.PEPM.Gen2 |
| FireEye | Generic.mg.d4cae3ffe573072f |
| Fortinet | W32/Urelas.AB!tr |
| GData | Gen:Variant.Graftor.118524 |
| Ikarus | Trojan.Win32.Urelas |
| Invincea | heuristic |
| Jiangmin | Backdoor.Generic.aajr |
| K7AntiVirus | Trojan ( 0048f6021 ) |
| K7GW | Trojan ( 0048f6021 ) |
| Kaspersky | HEUR:Backdoor.Win32.Generic |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.Urelas |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| McAfee | RDN/Generic BackDoor |
| McAfee-GW-Edition | RDN/Generic BackDoor |
| MicroWorld-eScan | Gen:Variant.Graftor.118524 |
| Microsoft | Trojan:Win32/Urelas.AA |
| NANO-Antivirus | Trojan.Win32.AVKill.dqnovj |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Backdoor.Uinsey.A |
| Rising | Trojan.Gupboot!1.9CEA (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Urelas-Z |
| Symantec | Infostealer.Gampass |
| VBA32 | SScope.Backdoor.Urelas.3114 |
| VIPRE | Trojan.Win32.Urelas.ab (v) |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-10-01 10:25:09
PE Imphash
09d0478591d4f788cb3e5ea416c25237
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x00035000 | 0x0002e600 | 6.193593434180542 |
| .rsrc | 0x00036000 | 0x00002000 | 0x00001200 | 6.091395994082571 |
| .reloc | 0x00038000 | 0x00000200 | 0x00000200 | 0.2162069074398449 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x00032298 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MENU | 0x00032700 | 0x0000004a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_DIALOG | 0x00032750 | 0x0000026c | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_STRING | 0x000329c0 | 0x00000048 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ACCELERATOR | 0x00032a08 | 0x00000010 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00032a90 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x00032a90 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_MANIFEST | 0x00036508 | 0x0000015a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x436680 LoadLibraryA
• 0x436684 GetProcAddress
• 0x436688 VirtualAlloc
• 0x43668c VirtualFree
L!This program cannot be run in DOS mode.
$]bw]bw]bwTwobwTwKbwTwbwz4
wPbw]cwbwTw[bwCw\bwTw\bwRich]bw
PEC2NO
.reloc
SUVW3h
3SQ\$(f$,
3SPf$T
3SRf$L
3SRf$l
3SQf$,
3SRf$<
3SQf$D
T$,SRN
fu+t!$
fu+t_$
fu=l0B
RD$0j@PN
_^][3N
MSMPuh
3WQfD$
f;u+tyT$
3WQfD$
PL$6Q3fD$8N
D$"D$&D$*D$.D$2D$6fD$:D$
PL$0QN
tl_GBP9{
fu+u0Sj
SUVWjd
3VWfL$
D$"D$&D$*D$.D$2D$6fD$:$D
L$HQWWh
T$HD$DWh
}L$@ 3N
D$$D$4D$LD$dD$tWD$
D$ D$$D$,D$0D$4D$<D$@D$DD$HD$LD$TD$XD$\D$`D$dD$lD$pD$tD$|\$x\$h\$P\$8\$(\$
c;33~iN
;|_^][p
8MSMPuh
3VQfD$
$SUVWj
ID$@PN
QT$LRN
_^]3[Y
[YVWVj
@u+VW$
D$ P$,
j@htIB
D$ PQN
D$8RPN
L$8QRN
]3[YWh
D$DSV3Wh
D$ D$$D$(D$,D$0D$4D$8D$<D$@D$
k3j>QT$
RGPfL$ N
Qj!XWN
[L$D3N
H_^3[L$D3N
L$P_^[3N
D$8D$@SUVD$
t$$L$ D$
fT$(D$*D$.D$2D$6D$:D$>D$BfD$F3N
3ftD(f
ftD(@;~D$(PN
D$ D$$D$(D$,D$0D$4D$
fu+tWtSD$
u34SUVD$
GWVjPj
L$0 3N
WPhP0B
3_^[L$
QT$2RfL$4N
D$!fD$%D$'X@B
tmD$(P$4
_^][3N
L$&3VQD$(
T$ Rt$
,(L$ Qh
T$ RD$ PL$
_^][3N
u#u T$
tJ;~8+
D$ SPN
_^][3N
RD$2P|$0L$ fT$4N
\$(\$ t
t$ 33f
$D$(ST$
~yT$ L$$RD$
_^][3N
WQD$$N
3VQD$,
D$.3VPt$$t$ t$(fT$4N
RPt$ N
PL$$QT$$R
uTh(PB
T$,RD$
_^][3N
PL$RQfD$TN
3D$"D$&D$*D$.D$2D$6D$:D$>D$BfD$FJB
fT$ D$
T$$RD$
T$ RPh
fu+u/hl
fu.hJB
<D$HPN
uFD$ P
PL$$Qj
^][33N
SUVWQP|$
_^][3N
:{tAST$
u3@;rL$
T$(U2N
jgVjdhEB
v&f=tLB
jlPD$0
^8ULD B
^L$H3N
^L$H3N
3^L$H3N
3^L$H3N
3^L$H3N
L$L^33N
yZ3#3L$
>yZ3#3
T$ 3#3
yZHPT$
3H<#3H$3
3#3l$
|$ L$ L$
yZ#3L$
)yZH@3HT
3H(33H #3T$
yZHX3HD
3H,|$ 3H$3
9yZHH3H0l$ 3H
3H(3#H(\$
)yZHL3H4l$
HP3H833H0
3H$+n\$
nHT3H<
3H(3\$
nHX3H@
3H83H,H8
)nH03HD
)nHH3H@l$
nHP3HH
3H(3\$
nH@3HT
3HL3H,HL
)nHX3HP
)nHH3HTl$
nHP3H<
3H$3\$
nH@3HT
3H(3H H
)nHX3HD
)nHH3H0l$
3H *n\$
nHP3H8
)nHT|$ 3H<33H433H(T$
3H,:n|$ 33H8
9nH03HD
l$ H<HH3H@3H4
H@H83HL3HD
3H<3l$
H@3HTt$
3HL33H,#|$ |$
HLHX3HP3H0
T$ HPHH3HT3H4
HX3H83HL33H #\$
3H$3l$
H@3HTt$
3H(33H #T$ T$
H HX3HD+
3H,3H$
|$ H$HH3H03H
H(HL3H43H,
HP3H8|$
#H0#T$
HT3H<T$
3H433H(#t$ t$
H4HX3H@+
3H83H,
|$ H03HD
H<HH3H@7
3H43H
H@H83HL|$
HP3HHT$
3H<33H(#
HHH@3HT*
l$ HX3HP
3HL3H 33l$
HXHP3H<
H@3HTl$
H HX3HD3H,
HH3H0*b3H
3H,3H 33l$
H,HP3H83H0
HT3H<l$
3H43l$
H4HX3H@
3H83H,
H8H03HD3H<
3H43H 33l$
H@H83HL3b3HD3H$
3H(3l$
HHH@3HT
3HL3H,
HX3HP.b3H03HD
HTHX3H8;b3HL3H
;r_VD;
_^]SUl$
SSRD$,N
Q\$D\$@D$H
#EgD$LD$P
D$TvT2
I,;v5T$pVR\$
Un0W~4D$
F,;uen(9F4u
SUVV N
L$0N0T$(V4
D$ ;s9
D$ ;s1|$
D$ ;s0|$
D$ ;s0|$
N(D$$;s
F,+L$$D$(
;N(rL$$L$
F0N(;t
u[V4T$0RN
TV4D$4F0
;u N(F0;t
L$$AHBD$0
N(L$$L$
F0N(;t
u[V4T$0RN
TV4D$4F0
;u N(F0;t
+V4T$0RN
MV4T$0RN
G(O$RP
G(O$RP
F(F4F0F8
G0VWG(O j@j
t'W(G h
O(W$VQ
G(O Sj
F(u V$G(O$RP
W(G$VR
(SUVN4
T$ $<w@
de s.|$
u%F0N(;t
T$ ulL$<D$
TN0D$@F4
D$()D$$
D$ )D$,
L$(;s9
QT$8RL$8QT$,RV
L$$T$ H
K(S$PQ
C(K$RPD$D
_^][(j
F D$<~
V T$<~
K(S$PQ
S(C$QR
C(K$RP
_^][(PN
O(W$PQ
O(W$PQ
F4F0F8
G0F(O(W$PQ
F$O(W$PQ
G(O$VP
t$Lt$Pt$Tt$Xt$\t$`t$dt$ht$lt$pt$tt$xt$|$
u9l$Lu
073_^][
uT$,;v
T$ ;t
T$ G;$
t$4HTLL$<T$
L$@T$,
E;v.l$
A+;r|$
t<t$(T$
L$0L$@
+T$1T$0
(L$8D$
l$ T$0
rL$<T$(
T$(H#;
D$<@;D$,D$
C(K Ul$
D$$L$ VT$
RPQL$(j
S(C$VR
C(K Ul$
D$4L$,VT$
RPD$0QL$0hA
L$4T$0VD$
PD$$QL$,Rh
u&T$(9
wdC(K$VP
S(C$VRC
u"S(C$VRC
S(C$VR
K(S$VQ
T$(D$,J0SU(@
Vr Wz4D$
L$,T$4#
l$8](+
T$()T$
;sim,l$(+
;rl$(+;v-+
uL$8i($
\$8s 4
{4_^]3[
] tMT$<J
\$8s 4
T$(\$8s 4
{4_^][
BYS3;t
O(W$PQ
O(W$PQ
F(F4F0F8
O(W$PQ
_VW3;u
w(9w$u
uK_3^QSUVW
_^][Y3
_^][Y_^][Y
U,1;]v
D$ PUSQ
uHE|,H<
t$$D$0L$@$
\SUVW3l$
E_^][\
JD$dT$`
\$,T$TL$PN
T$8(l$$;
{kt t$
uXT$xt/D$8L$|;s
_^][\Qu
NxQV(F
NDVH^L;u
^@O<39_4NT^PW4
^$^(^,N
G@FXODN\W0
FqgE#FuxV4;t
w|^_]3[
SUVt$ 3WT$
h|;t9U
]<)]X}l
t%3v um
G;rt$$EyM
W)E\+)EyM
E]Vw|u
F^]9n\u
FP;FTt
3RfD$&
@u+@PN
}V3t@~
VxRF(PN
K;T$(RD$0PL$LQN
fuD$lt$8
L$PD$HT$T(
D$,D$$PL$0QT$8
D$$L$(\$
_^][3N
}N3t@~
VxRF(PN
3_^]L$
3D$$L$ PQD$ N
SVW3;t
^0WWWWWN
AAKu;t
AAFFf;t
Ku3;uf
SVW3;t
^0WWWWWN
AAFFf;t
Ku3;uf
DDDDDDDDDDDDDD
VVVVVN
;t3f97
uf93u N
jEPhD B
_VVVVV8N
VW3M]9}
2;]rh}
E+)E(VN
3PPPPP
VVVVVN
WWWWWN
@@fu3_[]
SVW39}
}O;]rOt
u+WuVN
M+;rP})E
eYYt)EF
VVVVVN
VVVVVN
E3B;r9]u
VVVVVN
S3VW;t
^0SSSSSN
3_^[]UW}
@@fufM
7GGEPj
RPjjEUN
[M]EUVN
Yu)jAXf;w
E;ErCE9Eu
3;Er/w
wQuuuN
u>9ur9w
`p33_^[
GGBBft
tu=\RB
^0WWWWWN
U S39]
;t$;u N
;tU;|BMx
eYYt"Mx
39]fD~
VVVVVN
UQSV3;u
^SSSSS0N
^SSSSS0N
IGG;r3_^[
S3VW;t
^0SSSSSN
U S39]
;t4;|"Mx
SSSSSN
YY]jXh
,ffffffE
MYV5!B
%+YYt:V5!B
BYF\=A
~lt#WN
_Y;=-B
%+YYt4V5!B
Iuu}]U
+EPRQN
eN"EEN
3SEEESX5
PZ+t Q3
%+YYSB
%+YYSB
1 B8"B
;r"($B
;r =($B
W3E}}}
FFf> t
at8rt+wt N
E}9}urE
E9}u:eE
FFf> tj
FFf> tf9>
aY]3u;5cB
0FYYSB
+SVWD B
1E3PeuEEEEd
Y__^[]Q
E_^[]E
9csmu)=
CSVWT$
URPQQh@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
b_^[]Ul$
dYt.VN
dYt"VN
jXEU;u
SSSSSN
VVVVVN
6 YtPRB
6 YY;t
WWWWWN
W>+~,WPVN
aY}3u;5cB
YY3BUSB
Wt1t'PN
UQSVW5PRB
;r@PuN
%wYYt1
V34809u
P4UM`8
?Yt:4+
<PVEP(
=ZYf;@
=ZYf;@
r3VVhU
QH++PPVh
,P+P5P(
\D+48;E
8+0_[M3^N
WWWWWN
77YUWVu
DDDDDDDDDDDDDD
WWWWWN
77YjTh
Ej@j ^VN
[j@j N
%+YYtVM
;rE9=xRB
0FYYt7F
F$|3@_^
;3G}39
MOI;|9 M
SI VW}
HD9#U#
MLD3#u
]#\D\D
]3@\RB
SYYuBh'4A
tx5LRB
t;rJ6N
VW33};
VVVVVN
3PPPPPN
:@Y<v8VN
3VVVVVN
VVVVVN
VVVVVN
;t$t j
DYu =@ B
WPWPWv
whu;5+B
8]tEMap<u
Zf1Af0A@@JuN
@;vFF~
XM_^3[N
BY^hS=$A
Y%u 'B
3W;to=.B
BYY~PE
BY_^[]
USV5$A
t7t3V0;t(W8N
Fpt"~l
Pf;r]*
3PPPPPN
t4+t$+t
ItQht@lt
3F tBP
itmnt$o
MYYYfgu
MYYY>-u
jj0XfQf
t-RPSWN
`pM_^3[N
3PPPPPN
t4+t$HHt
ItUhtDlt
?PYYt"N
HHtYHHt
2itmnt$o
MYYYgu
MYYY;-u
t-RPSWN
0@?If8
@@u+(u
EPFPFN
u(9t MN
`pM_^3[N
3;v.jX3;E
WWWWWN
]wi=\RB
;uL9=<B
8csmu*x
EYF`[_^
Gf>=Yt1j
tPVWPN
3PPPPPN
3Y[_^5p9B
UQV3W}
@@ft<uf t
@@HHf9
@@Bf8\tf8"u8
ft$9Uu
UQQSVWh
V33Sf>B
!]YY?sJM
$Yt'EP
!EHY\9B
u+@S@WSN
_[^SVWN
E3E3;u
SYYu,9E
_};=cB
SSSSSN
tGHt.Ht&N
^SSSSS0N
Y+t7+t*+t
;t0;t,;t =
uEPuuu
SuEuPuuu
$ MeHM
;tSS6N
tSSS6N
CSSS6N
E+PD=P6
_8VVVVVN
9ut(9ut
SV33W9u
CCGGM
tBft=f;t6EP
Map_^[
UV3W95<B
GGBBM
B(;r3_^[]
SVWD B
1E3PEd
Y_^[]USVWUj
b]_^[]
P(RP$RN
UPjh BA
t:|$,t
;t$,v-4v
UQPXY]Y[
EU_^j
WWWWWN
WWWWWN
u5=@ B
S3;VW|[;
t58t0=@ B
]V3;|";
aY3C]~
7j@j N
%+YYEta
SSSSSN
tAt2t$
WWWWWN
SW5T9B
3]V3;|
EV395-B
tO=$/B
tVURPEPQ
?PYYt}E
?PYY]QL$
Y+t"+t
+td+uDN
3PPPPPN
u@OdMGd
u wdSUY
MYYt,t(
3_^[];t
^0SSSSSN
^SSSSS0N
f;v6;t
Map_^[;t2;w,N
j"^SSSSS0N
ESV3W9
u8SS3GWhA
39]$SSu
H;~Ej3X
3;tAuVWuu
t"SS9]
Jg]]9]
JD~=w8
3;tuSWN
PWu uN
e_^[M3N
u(Mu$u u
UQQD B
SV3W;u:EP3FVhA
39] SSu
FEYu39]
e_^[M3N
u$Mu u
BYv$;5
BY^]UV3PPPPPPPPU
$s ^UV3PPPPPPPPU
dYt"VN
dYt.VN
dYt"VN
dYt.VN
dYt"VN
]39}~0N
eYYtG;}|fE
]YYM_^3[N
u+9uv&N
E`p3[_^
@@fu+E
wIVSPN
sYE;t'CH;r
9}uH;u
VW5T9B
E;t CH;r
Yt vVN
L1$!_^[u
^s)EPj
QPREPN
Map[3PPj
ffffffu
-WWuuj
WWWWVuWu
%+YYE;t+WWVPVuWu
FYEe_^[M3N
EPQEPEj
AAu+Hu u
RQMQVp
` YY]UWVSM
B:t6t:t't
WVS3D$
$UQQSVWd5
SVWE3PPPuu
E_^[E]
UQSVW}
Fu^8Mt
_VVVVV8N
SSSSSN
F80t.G
E`p3_^[
^VMQMQp
SSSSS0N
M_^3[N
^WWWWW0N
E`p3[_^
^03PPPPPN
iWj0VN
E`p3_^[
^VMQMQp
SSSSS0N
M_^3[N
_WMQMQp
SSSSS8N
EHE3}-
M_^3[N
et_EtZfu
VVVVVN
]EuMm]]
t3@_^]
=csmu+N
8csmu8x
t*9csmu"A
gvYYEN
>csmuB~
YYtaSVN
v[YYPVN
YYt)SVN
Ht Hu4j
v[YYPv
v[YYPv
t+>MOCt#u$u u
EPEPVu WN
;Es[S;7|G;w
@u"u$u
;Er[_^
@39>u&~
vYuO39 ~
EPEPuu WN
(u$]u E
)u$u uSu
tR99u2y
u$Vu u
|W 3@_^[]U
VW_^]M
EP3SSSSWEPEPN
E`p3M_^3[N
EP3SSSSWEPEPN
E`p3M_^3[N
^0SSSSSN
:@PWVN
3PPPPPN
WVU33D$
%#Vt1W}
_VVVVV8N
YY3^]Pd5
SVW(D B
3PeuEEd
u'339\u
JB|j 3Y+@M
JBj Y+3B\M
3+BL1<
}3^j Y+
u'339\u
JB|j 3Y+@M
JBj Y+3B\M
3+BL1<
}3^j Y+
S3V3EE
F3WE}]u]]]]]]]9]$u N
<+t(<-t$:t<C
]<+t<-t
+t HHt
B:t,1<
+JMtHHt
tEPuEPN
3f;u BE
f;u!BC
u4}u+e
f;r#33f9EE
M_^3[N
]EEEEEEEEEEEE?E
u}fu/u+u'3f;
;u0u,h8
VVVVVN
VVVVVN
`EfUu}M
MMMMM3
3f;u GE
90t!uuE
EFFEM}
EMuUm
HuMu9Et
u4}u+e
33f9EE
f;wK3EE
}fEEEEEf}
E\3f;u
f~7}x+EMe
EM}Um
H}Mu9Et
u4}u+e
f;r#33f9EE
ufEEEEEfu
~(E]Mm
0K;]sE;]s
EM_^3[N
K;sE;s3f
SVW}]3
M_^3[N
bad allocation
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
Unknown exception
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
(null)
`h````
xpxxxx
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
CONOUT$
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
invalid literal/length code
invalid distance code
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
inflate 1.1.3 Copyright 1995-1998 Mark Adler
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed distance tree
incomplete distance tree
empty distance tree with lengths
invalid distance code
invalid literal/length code
unknown compression method
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
-1.1.3
invalid window size
incorrect header check
need dictionary
incorrect data check
unzip 0.15 Copyright 1998 Gilles Vollant
%d.%d.%d.%d
1.234.83.146
1.234.83.146
133.242.129.155
<Embed File Info>
DBG :
_uinsey.bat
GAIsProcessorFeaturePresent
KERNEL32
bad exception
1#QNAN
1#SNAN
GetVersionExW
GetModuleFileNameW
GetTempPathW
GetFileAttributesW
DeleteFileW
OpenEventW
CloseHandle
CreateEventW
GetTickCount
GetSystemDirectoryW
DeviceIoControl
ReadFile
CreateFileW
GetTempPathA
GetModuleFileNameA
CreateFileA
WriteFile
CreateThread
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetFileSizeEx
SetFileAttributesW
GetLastError
GetFileSize
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
KERNEL32.dll
wsprintfW
LoadStringW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
EndDialog
USER32.dll
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
SHELL32.dll
WS2_32.dll
GetAdaptersInfo
IPHLPAPI.DLL
HeapAlloc
HeapFree
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
GetModuleHandleA\A
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVtype_info@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
218.54.31.226
:Repeat
del "%s"
if exist "%s" goto Repeat
rmdir "%s"
del "%s"
.?AVbad_exception@std@@
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
wwwwwwwwwwwwwwwpxpx
pxwwwwwwwwwwwwwxpxpxDDDDDDDDD@
pxDDDDDDDDDH
pxDDDDDDDDDH
pxDDDDDDDDDDDDDDpxpwwwwwwwwwwwwwwwp
wwwwwwwpxpxpxpxpxpxpxpxwwwwwwpxDDDpxDDDDDDpxpwwwwwwww
%%$$"#"#"#*+()''&&??<=9;7A63[4]5mm]5\]m]mm5\mm5555555\\\5\\\5m\55\\5ed:cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
CWkV21TSav^8{
}>qooggggggg1`_fhsnHK{JLp
Gl-FjNw~ytMMMMMMUbbrrrrrxxxxxxxxrriUMMMMMMMMMUuzt
.#%-0%:?%9>%8=%7;
EG@DF@MO@LN2Kh2\g2]f2[I3')+*+)))*))()*+++,6J!54 CBAjYPQTVTSkllZTTXRTUiHceWda/
iu`_<bmt^}zy|yx~
{|yvrrwsqpon
PPPPPPPPPPPPPPPPPKMNNNNNNNNNNOLO
JHHGGGGGGGGHI
JEEEEEEEEEEFC
JEEEEEEEEEEFC
JEEEEEEEEEEFD
JEFEEEEEEEEEB
O%JEEEEEEEEEFFB
JJIIIIJIIIIJJ
O(@>=77A779?<8;$O'
)O6530./21+*-,4#4PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'H#P'Q'Q'Q'Q'
R&R&R'R&R&R&R&R&Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'Q'R'
e)qjiPt
{rFpcq
S^EDIID:BI638?@=>>=======8,00-.(',0-0178
S(O$N!N!N!N!N"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"M"N"M"M"O$S)O"
QDf>.j~ro
*V=;?73?//87566-&*'!+3$357_
OO&F#C!C!C!C!C!C!C!C!C!C!
A E$R(
x(s o7|WRzW
PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
_SWVUP
PjRQA!
&}{pHwBD#
V6gr !
*Du c"
$P(u&H
R?!!S@
Origna;l mvezbus|:?%X}NVw
loctin(8AdrT!|
chyksum58
)Q]V`mtH^
1A`=C\ry
<sRQ44
RP(zYM
tLHX$C|'#btM,s
Z`;2=2H
Q&RV nS3
)},NnF
]i91\GP
!{PWQS
smsvbY
sNhNcD
MAPayfQq@dHIZ
fA+6kmhD E@<
Ap%li4
The3<cdl
%os5/l]ntPb[&v6idSDLBG5ed;%3*V
wtcxtf7
k8ll?E
xitPMLChHanxdOp
|Virt4A
cSn@*d
H^?39J
@@PEC2
DbgMs;k,y
Dexb=gSn)B
FV D\me(h#
`t$$|$(3
r+|$(|$
u]CUSQWVR;
ZPR3C
Z^_Y[]
<Embed File Info>
HanAgent_p.exe*
4AV?:c
q=$,!S
36/7NKl)e
#gClcGsxz
, Xp3={
X24zv>?,!!OXYsMU.m`
N.Gs60XU<:WaxR
UP- m9a
Q2!uAf(,
mP0]1w
0vx)k@D
n"7/C)wi
xj&4s{
k#q|0/aE,
zol]XKY
1`GWf/A
U!F?T%
iuO$tiVm6
?p%mywl5
Lf|F OG9
X/4OPS iTE(=C W
h +p^Dh(;P6!z
Lao}`}B
R.(+iC
$F]3HF]C
)H2CXk0D9>-"
8Xj+NL
dM%F-J
UEkN<fM-2Zu
`|&PU008>
o4p<5R
TZ!8[o
m:5KTU`
;~\xUc]\Am
N<"W-WX
4A#\|f
i$ie$
qtu{-bT
3&q?}N[J
qyzb wh
A8y[uuXNcB\>ePf
iK|2" HEZ_"N/,
Gtk"R:
iHE>@1P
Y>j=Vmv
Pe/;r=,=W9]c
j}TX,omM'
+@=cjB
yai`mun
,<PgHT7W`,4lZ
vf2:5.k[g7C]
e>'nQ>8
'vp2bq$&|X4&0Yzv9L
w[oJa*Lf
1Nygl[
UNzlo`n{FdiY
u&KmAX
6n/3<p-O^JAC&
~;P;mPz?
eeue\c
^\6'b,D|\l
5` Wr7D]qJ
@O#*=iX}
Z-}Sg|#I
_m2#:\*+
Qmdq1${
`J Dwd4&E6
CX~]xOQ@#"
'~%^W`xi
2z:Sb2|
pr&skSa6tl}'
xw:n'4
13C7a=
\<lEe+:BG1$kgDF
d+cy>8Hz
`pz|.Oc 3w
Q1Ui@'kO~
O>D)xp
JPYqm*
@vg06A$
_<Ec3\
H4 R 69
>G}:%JkvwX
WTg#1C&i
FDO,Lz-CE
vR7k:q|
Jt`(UCHB
M{8w6F}
.z\Z$bv|W]Nu\;
f^+e$-
*>a|F5A
[)1U/C
d5N8l`19u
H}O,\H
[`{lpv
8reT!/61bbg
#Wkt]rZ
lk<GA
6pJTN^N
21-958
kA3|V^J6
~&K8>u*
WFv;=dI
yn9?\O!tRs(08
4e[-K*g
7D]'#?-ZV
j0,:bR1?/G7y
{Ms-HP{T`Cf
M#<Pc2
,8QE[/d@
5]T1{vex9>F
U^BuCg|D
23}*D64<p
6p^-l>%x:
BA{VW)?,
VYxyPB\
4N^V^53{w#!XS
~O9Wpr#)vpK
vi<\]h;@
Wvt#!w*Wd
9!{P:S,t7
CvGIr2UG
=t[AX%s
:CI)dUQk`a>V5%
Uz_"zK
5y<Otp:k
z&K {,D
5@^bu)
x\G,lkWDa
`;e"W#
^`N9=SYFg@
IEyaHsu^
W9?=G%$r
pw'G>'4Fv!{YlQY@i
U<MXwa@
N:Wc`m c*n
@�I�@�@�@�@�@�@�@�@�
K�E�R�N�E�L�3�2�.�D�L�L�
U�T�F�-�1�6�L�E�
U�N�I�C�O�D�E�
m�s�c�o�r�e�e�.�d�l�l�
(�n�u�l�l�)�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�
%�s�%�s�%�s�
u�n�k�n�o�w�n� �z�i�p� �r�e�s�u�l�t� �c�o�d�e�
S�u�c�c�e�s�s�
C�u�l�d�n�'�t� �d�u�p�l�i�c�a�t�e� �h�a�n�d�l�e�
C�o�u�l�d�n�'�t� �c�r�e�a�t�e�/�o�p�e�n� �f�i�l�e�
F�a�i�l�e�d� �t�o� �a�l�l�o�c�a�t�e� �m�e�m�o�r�y�
E�r�r�o�r� �w�r�i�t�i�n�g� �t�o� �f�i�l�e�
F�i�l�e� �n�o�t� �f�o�u�n�d� �i�n� �t�h�e� �z�i�p�f�i�l�e�
S�t�i�l�l� �m�o�r�e� �d�a�t�a� �t�o� �u�n�z�i�p�
Z�i�p�f�i�l�e� �i�s� �c�o�r�r�u�p�t� �o�r� �n�o�t� �a� �z�i�p�f�i�l�e�
E�r�r�o�r� �r�e�a�d�i�n�g� �f�i�l�e�
C�o�r�r�e�c�t� �p�a�s�s�w�o�r�d� �r�e�q�u�i�r�e�d�
C�a�l�l�e�r�:� �f�a�u�l�t�y� �a�r�g�u�m�e�n�t�s�
C�a�l�l�e�r�:� �t�h�e� �f�i�l�e� �h�a�d� �a�l�r�e�a�d�y� �b�e�e�n� �p�a�r�t�i�a�l�l�y� �u�n�z�i�p�p�e�d�
C�a�l�l�e�r�:� �c�a�n� �o�n�l�y� �g�e�t� �m�e�m�o�r�y� �o�f� �a� �m�e�m�o�r�y� �z�i�p�f�i�l�e�
C�a�l�l�e�r�:� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �a�l�l�o�c�a�t�e�d� �f�o�r� �m�e�m�o�r�y� �z�i�p�f�i�l�e�
C�a�l�l�e�r�:� �t�h�e�r�e� �w�a�s� �a� �p�r�e�v�i�o�u�s� �e�r�r�o�r�
C�a�l�l�e�r�:� �a�d�d�i�t�i�o�n�s� �t�o� �t�h�e� �z�i�p� �h�a�v�e� �a�l�r�e�a�d�y� �b�e�e�n� �e�n�d�e�d�
C�a�l�l�e�r�:� �m�i�x�i�n�g� �c�r�e�a�t�i�o�n� �a�n�d� �o�p�e�n�i�n�g� �o�f� �z�i�p�
Z�i�p�-�b�u�g�:� �i�n�t�e�r�n�a�l� �i�n�i�t�i�a�l�i�s�a�t�i�o�n� �n�o�t� �c�o�m�p�l�e�t�e�d�
Z�i�p�-�b�u�g�:� �t�r�y�i�n�g� �t�o� �s�e�e�k� �t�h�e� �u�n�s�e�e�k�a�b�l�e�
Z�i�p�-�b�u�g�:� �t�h�e� �a�n�t�i�c�i�p�a�t�e�d� �s�i�z�e� �t�u�r�n�e�d� �o�u�t� �w�r�o�n�g�
Z�i�p�-�b�u�g�:� �t�r�i�e�d� �t�o� �c�h�a�n�g�e� �m�i�n�d�,� �b�u�t� �n�o�t� �a�l�l�o�w�e�d�
Z�i�p�-�b�u�g�:� �a�n� �i�n�t�e�r�n�a�l� �e�r�r�o�r� �d�u�r�i�n�g� �f�l�a�t�i�o�n�
t�m�p�8�%�X�.�e�x�e�
H�G�D�r�a�w�.�d�l�l�
2�1�8�.�5�4�.�3�1�.�2�2�6�
g�o�l�f�s�e�t�.�i�n�i�
2�1�8�.�5�4�.�3�1�.�1�6�5�
2�1�8�.�5�4�.�3�1�.�2�2�6�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�W�i�n�d�o�w�s�
g�o�l�f�i�n�f�o�.�i�n�i�
g�o�l�f�s�e�t�.�i�n�i�
%�s�%�s�.�e�x�e�
\�\�.�\�%�s�
\�\�.�\�P�H�Y�S�I�C�A�L�D�R�I�V�E�
%�d�.�%�d�.�%�d�.�%�d�
g�o�l�f�i�n�f�o�.�i�n�i�
2�1�8�.�5�4�.�3�1�.�1�6�5�
2�1�8�.�5�4�.�3�1�.�2�2�6�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�W�i�n�d�o�w�s�
T�r�a�y�K�e�y�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�W�i�n�d�o�w�s�
T�r�a�y�K�e�y�
f�i�l�e� �s�i�z�e� �%�d�
R�e�a�d�I�m�a�g�e�C�o�d�e� �:� �
<�E�m�b�e�d� �F�i�l�e� �I�n�f�o�>�
R�e�a�d�I�m�a�g�e�C�o�d�e� �:� �
R�e�a�d�I�m�a�g�e�C�o�d�e�E�x� �f�a�i�l�e�d�
D�B�G� �:� �
D�B�G� �:� �
A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�A�
A�A�A�A�A�A�A�A�A�
U�n�K�m�o�w�n�O�S�
W�i�n�2�0�0�3�
W�i�n�V�i�s�t�a�
W�i�n�S�e�v�e�n�
'�(�,�,�-�-�.�0�0�0�0�1�3�
1�6�7�8�8�8�:�=�>�=�@�?�B�D�E�I�I�I�S�^�
;�@�Q�b�c�b�b�o�
!�&�'�*�+�-�
*�/�/�3�3�5�6�5�7�7�8�;�=�?�
x�$�&�*�+�+�,�-�-�/�0�4�6�I�
s�s�s�s�s�s�
s�s�s�s�s�s�s�s�s�
Y�L�F�C�E�D�E�C�C�C�D�C�C�E�C�C�D�E�E�E�C�I�S�@�J�I�B�
f�k�m�k�n�n�n�m�
n�n�m�m�l�n�o�o�i�
'�(�,�,�-�-�.�0�0�0�0�1�3�
1�6�7�8�8�8�:�=�>�=�@�?�B�D�E�I�I�I�S�^�
;�@�Q�b�c�b�b�o�
!�&�'�*�+�-�
*�/�/�3�3�5�6�5�7�7�8�;�=�?�
x�$�&�*�+�+�,�-�-�/�0�4�6�I�
s�s�s�s�s�s�
s�s�s�s�s�s�s�s�s�
Y�L�F�C�E�D�E�C�C�C�D�C�C�E�C�C�D�E�E�E�C�I�S�@�J�I�B�
f�k�m�k�n�n�n�m�
n�n�m�m�l�n�o�o�i�
i�E�&�x�i�t�
h�&�A�b�o�u�t� �.�.�.�
I�o�g�d�r�e�t�
M�S� �S�h�e�l�l� �D�l�g�
S�y�s�T�r�e�e�V�i�e�w�3�2�
S�y�s�T�r�e�e�V�i�e�w�3�2�
S�y�s�T�r�e�e�V�i�e�w�3�2�
S�y�s�I�P�A�d�d�r�e�s�s�3�2�
S�y�s�I�P�A�d�d�r�e�s�s�3�2�
S�y�s�I�P�A�d�d�r�e�s�s�3�2�
m�s�c�t�l�s�_�p�r�o�g�r�e�s�s�3�2�
m�s�c�t�l�s�_�p�r�o�g�r�e�s�s�3�2�
m�s�c�t�l�s�_�p�r�o�g�r�e�s�s�3�2�
U�H�F�D�R�T�Y�E�Y�R�I�O�E�R�E�
7� � �V�#�"�
#�O�O�P� �U�
� � � � � � � �
H�a�n�A�g�e�n�t�_�p�.�z�i�p�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.