1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Nitol-B [Trj] | 20200224 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200224 | 2013.8.14.323 |
| McAfee | GenericRXBM-PT!DF96AA0D2440 | 20200224 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b8b1b8 | 20200224 | 1.0.0.1 |
静态指标
动态指标
在 PE 资源中识别到外语
(9 个事件)
| name | RT_BITMAP | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d248 | size | 0x00000ac4 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000c370 | size | 0x00000ea8 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d218 | size | 0x00000030 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | filetype | None | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | offset | 0x0000d218 | size | 0x00000030 | ||||||||||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意
(50 out of 61 个事件)
| ALYac | Gen:Heur.Mint.Zard.30 |
| APEX | Malicious |
| AVG | Win32:Nitol-B [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Heur.Mint.Zard.30 |
| AhnLab-V3 | Trojan/Win32.Nitol.R205727 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Mint.Zard.30 |
| Avast | Win32:Nitol-B [Trj] |
| Avira | TR/AD.Nitol.elgkq |
| BitDefender | Gen:Heur.Mint.Zard.30 |
| BitDefenderTheta | Gen:NN.ZexaF.34090.eq2@amXqoikj |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.Nitol.A |
| ClamAV | Win.Trojan.Nitol-6335025-0 |
| Comodo | TrojWare.Win32.GameThief.Magania.~NWABI@1775fs |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d2440d |
| Cylance | Unsafe |
| Cyren | W32/S-d8c1032e!Eldorado |
| DrWeb | Trojan.DownLoader24.55874 |
| ESET-NOD32 | a variant of Win32/ServStart.IK |
| Emsisoft | Gen:Heur.Mint.Zard.30 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-d8c1032e!Eldorado |
| F-Secure | Trojan.TR/AD.Nitol.elgkq |
| FireEye | Generic.mg.df96aa0d2440d287 |
| Fortinet | W32/Generic.AC.2D85!tr |
| GData | Gen:Heur.Mint.Zard.30 |
| Ikarus | Trojan.Win32.Agent |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.daixb |
| K7AntiVirus | Trojan ( 0054d1101 ) |
| K7GW | Trojan ( 0054d1101 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.MalPack |
| MaxSecure | Trojan.Win32.Nitol.B |
| McAfee | GenericRXBM-PT!DF96AA0D2440 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.lm |
| MicroWorld-eScan | Gen:Heur.Mint.Zard.30 |
| Microsoft | DDoS:Win32/Nitol.A |
| NANO-Antivirus | Trojan.Win32.GenKryptik.fnpyle |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM07.1.74B5.Malware.Gen |
| Rising | Backdoor.Overie!1.64BD (RDMK:cmRtazowW8p71L6GieA4xlttnVlw) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Agent-AZNX |
| Symantec | ML.Attribute.HighConfidence |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2017-05-07 00:04:14
PE Imphash
286870a926664a5129b8b68ed0d4a8eb
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0000511c | 0x00006000 | 5.825276504152636 |
| .rdata | 0x00007000 | 0x00000b3c | 0x00001000 | 4.0677369231603935 |
| .data | 0x00008000 | 0x000014c8 | 0x00001000 | 4.925372910738758 |
| .rsrc | 0x0000a000 | 0x00005300 | 0x00006000 | 2.8167558926641685 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_BITMAP | 0x0000d248 | 0x00000ac4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_ICON | 0x0000c370 | 0x00000ea8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_DIALOG | 0x0000e0d0 | 0x00000826 | LANG_ENGLISH | SUBLANG_ENGLISH_NZ | None |
| RT_DIALOG | 0x0000e0d0 | 0x00000826 | LANG_ENGLISH | SUBLANG_ENGLISH_NZ | None |
| RT_STRING | 0x0000f1d0 | 0x0000012a | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_GROUP_ICON | 0x0000d218 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_GROUP_ICON | 0x0000d218 | 0x00000030 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | None |
| RT_VERSION | 0x0000dd10 | 0x000003c0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVCRT.dll:
• 0x407078 _controlfp
• 0x40707c __set_app_type
• 0x407080 __p__fmode
• 0x407084 __p__commode
• 0x407088 _adjust_fdiv
• 0x40708c __setusermatherr
• 0x407090 _initterm
• 0x407094 __getmainargs
• 0x407098 _acmdln
• 0x40709c exit
• 0x4070a0 _XcptFilter
• 0x4070a4 _exit
• 0x4070a8 _except_handler3
• 0x4070ac strstr
• 0x4070b0 strcspn
• 0x4070b4 strncpy
• 0x4070b8 atoi
• 0x4070bc time
• 0x4070c0 srand
• 0x4070c4 rand
• 0x4070c8 realloc
• 0x4070cc free
• 0x4070d0 malloc
• 0x4070d4 sprintf
Library KERNEL32.dll:
• 0x407000 ReleaseMutex
• 0x407004 Sleep
• 0x407008 lstrcpyA
• 0x40700c CreateProcessA
• 0x407010 TerminateProcess
• 0x407014 ExitThread
• 0x407018 GetStartupInfoA
• 0x40701c GetModuleHandleA
• 0x407020 WaitForSingleObject
• 0x407024 GetModuleFileNameA
• 0x407028 CreateFileA
• 0x40702c SetFilePointer
• 0x407030 WriteFile
• 0x407034 lstrcpynA
• 0x407038 lstrlenA
• 0x40703c OpenMutexA
• 0x407040 GetComputerNameA
• 0x407044 ExitProcess
• 0x407048 GetCurrentProcess
• 0x40704c GetCurrentThread
• 0x407050 CloseHandle
• 0x407054 CreateThread
• 0x407058 LoadLibraryA
• 0x40705c GetProcAddress
• 0x407060 GetSystemDefaultUILanguage
• 0x407064 GetTickCount
Library USER32.dll:
• 0x4070f4 wsprintfA
Library SHLWAPI.dll:
• 0x4070ec SHDeleteKeyA
Library WS2_32.dll:
• 0x4070fc setsockopt
• 0x407100 recv
• 0x407104 __WSAFDIsSet
• 0x407108 select
• 0x40710c send
• 0x407110 WSAIoctl
• 0x407114 WSAStartup
• 0x407118 htons
• 0x40711c inet_ntoa
• 0x407120 htonl
• 0x407124 socket
• 0x407128 connect
• 0x40712c closesocket
• 0x407130 inet_addr
• 0x407134 sendto
• 0x407138 WSACleanup
L!This program cannot be run in DOS mode.
|*8D8D8D
4DJ<DWN3DW@:D
O:D8EvD@;DO<DB9DRich8D
`.rdata
@.data
SUV5Xp@
D$tPhL@
20D$(ND$)T\$*L$8D$9D$:D$;\$<D$
L$@D$AD$BD$C3\$DD$HVD$IiD$JsD$KtD$La\$ML$ D$!8D$"T$#T$ST$,T$
D$QD$RD$
\$$D$07\$1L$PD$TRL$U\$V\$-L$
w0|$(3u
+t$h|$h
;u!8$j
PD$HSD$IP\$J
T$lD$xRT$xL$lPQSh@
PD$$MD$%HD$&z\$'
M D$XFD$\D$`rD$YiD$ZnD$[dD$]CD$^PD$_UD$aED$bD$cD$doD$e\$f|$X3+
T$pRW&
t$(S9^
D$$GD$%bD$&pD$'s\$(P-
D$,MD$-bD$.pD$/s\$0R
L$0D$,@\
QSUVt$
<=u>D$
txHtnHtaHtTHtG
tOHt>Ht#
n_^[SVW|$
WVWSMu]
_^[SVt$
WVSOu_
^[U@SVWj
Ku_^[U
SV5Xp@
j Y3)hl@
PQPPEj
SV5Xp@
VUVV_^[UjhPq@
|PSXSh
|Pd\SVhEj
PSpSxQuPVV
@|Pd\SxQupP
SV5Xp@
SEPhD@
SEPhX@
SEPhl@
SEPhP@
SPj@E3Y3j@fY3}|fj@3Y
|VPEPECEOEMESEPEEEC]U
EE/PPEcE EdEeElE ]E E>E EnEuEl]U
Ej@E|EE^h
]EOEpEeEn]]]uUh
t9VuUh
SVW=Xp@
VEPhl@
jL3YSh8
EuErElEmEoEnE.EdElEl]EUERELEDEoEwEnElEoEaEdETEoEFEiElEeEA]
Ht!Hu@
j@3Yh@
PEoEpEeEn]PPP
SPPEPS
j@3Yj fY3%$fPh
$PPUEP
j@3Yj fY3fPh
U_^[VSh
VZjA3YEVPh
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
V{jA3YdEVPdh
PESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]
SV5Xp@
SEPh @
E%EcE%EcE%EcEhEoEsEtE.EeExEe
YaPEPLP
E\EDEeEbEue
}3EgE\+P
YY3jAEaYEt
EbE E+EaE e
Y3}E+EsE E+EhE E+ErE
EPU_^[U
SVWj@3Yfp@
j@Yfh
jA3Yp@
SV5Xp@
SEPj@E3Y3ESf}
3EYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\U+
X3Ujh`q@
jAY3ESEYESETEEEME\ECEuErErEeEnEtECEoEnEtErEoElESEeEtE\ESEeErEvEiEcEeEsE\]u
SSSSSu
ttPV83<<
`\hdpl
\H@8Pj
uV9u8=1
_^[39t
SUV5Xp@
VVVh.@
VVVVVh< @
SUV5Xp@
Ht~HtDHHu0j
VcYt e
EuPEV7@
j@Y3fPaj
33%p@
Ujhpq@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%xp@
SUV5Xp@
T$!D$"D$%T$&D$.D$2D$8D$:D$<rlx2D$
\D$ ID$ nL$#D$$nD$' D$(ET$)D$*p\$+D$,oL$-L$/D$0\D$1iT$3D$4p\$5D$6oL$7D$9.T$;D$=D$BL$
D$@PQ_^]
SUV5Xp@
D$0IP$P
t4-4q@
SQVOuj
SUV5Xp@
L$ QfD$
SUV5Xp@
D$$Ph|@
L$0f|$ Q
1tGT$ @j|P
SUV5Xp@
\$4\$8\$0\$(\$,\$$
D$LD$$L$ PT$,QD$8RL$8P$
t4D$,L$0T$(D$
D$6|$UD$:h
fD$FD$Xfj
t$Pf\$@
SPD$\T$dT$
D$8fD$4
j5fD$6@
D$TED$U
L$8fD$X3
ft$ZPD$`D$a
ft$bL$h
j5D$dfD$j
Rj fD$lft$nfD$lL$pj
L$x|$|
D$xD$p%D$p3
JBuCD$
D$}D$~
j,33L$hT$tfD$d$
fD$nD$4j
PVL$`j3QR
SUVWhp@
3|$<D$8D
D$LfD$P
D$ RPj
D$dL$dPT$hQ$
D$dRPl
SUVWhp@
3|$<D$8D
L$Lu.|q@
T$ QRj
tNPu$T$d$
PD$lRPQ$
SUV5Xp@
fD$(fD$
trj(p@$X
SUVWhp@
QRVVT$
SUVWhp@
QRVVT$
_^][Ujhu@
3)f(Ph
RSj((PMQ
SUV5Xp@
2.\$:L$;L$?L$A\$B43j
L$GL$HS3Sh
T$PD$Q9T$TD$U6D$V8T$X\$]fL$b
RfD$b$
Rt$ h`
@PfD$$$
5fD$*f
D$,\$0D$4PD$5
fD$6f\$8f\$:\$`D$a
t$p|$tfD$^L$\L$x
t$$|$|T$pj RF
|$xfD$<
D$xj(P
@L$DPh@
t$ f\$8
t$pt$$L$\D$(D$ L$x
|$|T$pD$tj R
|$xfD$<
D$xj(P
D$PL$`j
QST$|j(RP
D$LHD$L
SUV5Xp@
D$TP$t
D$HQ3j
_^]3[p
T$1T$5T$9T$=fT$AT$C=@
D$ D$!
BRT$@h@
L$TQD$(
SVWhp@
SUV5Xp@
D$(IP$
T$$-4q@
SQVOuj
SUVWhp@
QPVVT$
_^][Q=
B8t6t8t't
GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm
MFC42.DLL
malloc
sprintf
realloc
strncpy
strcspn
strstr
_except_handler3
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
GetTickCount
lstrcpyA
GetComputerNameA
GetSystemDefaultUILanguage
GetProcAddress
LoadLibraryA
CreateThread
CloseHandle
GetCurrentThread
GetCurrentProcess
ExitProcess
ReleaseMutex
OpenMutexA
lstrlenA
lstrcpynA
WriteFile
SetFilePointer
CreateFileA
GetModuleFileNameA
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfA
USER32.dll
SHChangeNotify
ShellExecuteExA
ShellExecuteA
SHELL32.dll
SHDeleteKeyA
SHLWAPI.dll
WSAIoctl
WS2_32.dll
GetIfTable
GetAdaptersInfo
iphlpapi.dll
ExitThread
TerminateProcess
CreateProcessA
RegOpenKeyExA
RegCloseKey
GetVersionExA
GetSystemInfo
GlobalMemoryStatusEx
RegQueryValueExA
KERNEL32.dll
ADVAPI32.dll
0.0.0.0
%d*%u%s
HARDWARE\DESCRIPTION\System\CentralProcessor\0
%s %s%d
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
KERNEL32.dll
ADVAPI32.dll
WS2_32.dll
CreateThread
closesocket
GetTempPathA
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerA
lstrcatA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
CopyFileA
RegSetValueExA
StartServiceA
RegOpenKeyA
UnlockServiceDatabase
ChangeServiceConfig2A
CreateServiceA
LockServiceDatabase
GetLastError
ExitProcess
GetCurrentThreadId
CreateMutexA
DeleteService
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
SetPriorityClass
SetThreadPriority
WinExec
RegOpenKeyExA
SetServiceStatus
WaitForSingleObject
GetModuleFileNameA
GetWindowsDirectoryA
StartServiceCtrlDispatcherA
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
FindFirstFileA
WriteFile
FindClose
SetFileAttributesA
3d3d3R3m1h3c0eQJEhYQFxRD
Serpiei
Microsoft .Net Frameworek COMi+ Suppoot
Microsoft .NET COM+ Integration with SOAP
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
www.baidu.com
%d.exe
GetTickCount
gethostbyname
GetSystemDirectoryA
lstrcatA
lstrcpyA
setsockopt
WSAStartup
closesocket
WSASocketA
gethostname
KERNEL32.dll
WS2_32.dll
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/%d.0
GET %s HTTP/1.1
Referer: http://%s:80/http://%s
Host: %s
Connection: Close
Cache-Control: no-cache
%s %s%s
GET %s HTTP/1.1
Content-Type: text/html
Host: %s:%d
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Content-Type: text/html
Host: %s
Accept: text/html, */*
User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE 3.01)
GET %s HTTP/1.1
Host: %s:%d
GET %s HTTP/1.1
Host: %s
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s:%d
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)
Host: %s
Connection: Keep-Alive
GET %s HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: %s
Connection: Keep-Alive
%d.%d.%d.%d
DDD@DDD@DDD@
DDD@DDD@
,",D@p
DD@DD@
D@ D@
DDLLDDDL
LLDDLDD
DDDLDLD
LDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDD@
zoqTvEpt6yzoqTvEpt6yzoqTvEpt6yzoqTvEpt6yzoqTvEpt6yxjF80X66xLxjF80X66xLxjF80X66xLxjF80X66xLxjF80X66xLg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hg6ewSb7d9hFd1X4yzJdHFd1X4yzJdHFd1X4yzJdHFd1X4yzJdHFd1X4yzJdH496cfnLzub496cfnLzub496cfnLzub496cfnLzub496cfnLzubTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDTM1iXxfUQDEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZEpIQsLGPUZWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFWxNZZCsLwFlwhyo9u8
lwhyo9u8
lwhyo9u8
lwhyo9u8
lwhyo9u8
5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl5UaCpRQpCl56zU5vfpY
56zU5vfpY
56zU5vfpY
56zU5vfpY
56zU5vfpY
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
rC0Va4CXM
OtItbzkpjFOtItbzkpjFOtItbzkpjFOtItbzkpjFOtItbzkpjFpTVTzZMY5bpTVTzZMY5bpTVTzZMY5bpTVTzZMY5bpTVTzZMY5b95nLyoLfgD95nLyoLfgD95nLyoLfgD95nLyoLfgD95nLyoLfgDKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgIKQ3ugM2NgI1fufFwDgia1fufFwDgia1fufFwDgia1fufFwDgia1fufFwDgiacSqjPHqz
cSqjPHqz
cSqjPHqz
cSqjPHqz
cSqjPHqz
0yRlsO2gZa0yRlsO2gZa0yRlsO2gZa0yRlsO2gZa0yRlsO2gZaKpuc3IlpojKpuc3IlpojKpuc3IlpojKpuc3IlpojKpuc3Ilpoj4JLODqkL5
4JLODqkL5
4JLODqkL5
4JLODqkL5
4JLODqkL5
FKQNeJeZJkFKQNeJeZJkFKQNeJeZJkFKQNeJeZJkFKQNeJeZJkjaRdVntNDHjaRdVntNDHjaRdVntNDHjaRdVntNDHjaRdVntNDHaUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
aUjSiSVWZ
8vHUOJtOm98vHUOJtOm98vHUOJtOm98vHUOJtOm98vHUOJtOm9S3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrlS3ZMsYtVrl2eyE00R
2eyE00R
2eyE00R
2eyE00R
2eyE00R
xhcH6tDRQZxhcH6tDRQZxhcH6tDRQZxhcH6tDRQZxhcH6tDRQZuL2uZIJXpnuL2uZIJXpnuL2uZIJXpnuL2uZIJXpnuL2uZIJXpnoagu2FdRlloagu2FdRlloagu2FdRlloagu2FdRlloagu2FdRllfGiLbI7vPmfGiLbI7vPmfGiLbI7vPmfGiLbI7vPmfGiLbI7vPmj5DfejXGm
j5DfejXGm
j5DfejXGm
j5DfejXGm
j5DfejXGm
GrSEzXzjn
GrSEzXzjn
GrSEzXzjn
GrSEzXzjn
GrSEzXzjn
xJWkb4kQt
xJWkb4kQt
xJWkb4kQt
xJWkb4kQt
xJWkb4kQt
UiPoW2IaXvUiPoW2IaXvUiPoW2IaXvUiPoW2IaXvUiPoW2IaXvPkZrSvyrVJPkZrSvyrVJPkZrSvyrVJPkZrSvyrVJPkZrSvyrVJZZKwzf41s
ZZKwzf41s
ZZKwzf41s
ZZKwzf41s
ZZKwzf41s
DJguf4lUF6DJguf4lUF6DJguf4lUF6DJguf4lUF6DJguf4lUF6oDbpRyl2swoDbpRyl2swoDbpRyl2swoDbpRyl2swoDbpRyl2swL7EFbk41cjL7EFbk41cjL7EFbk41cjL7EFbk41cjL7EFbk41cj68C0aGELMX68C0aGELMX68C0aGELMX68C0aGELMX68C0aGELMXQxyqb3L5PFQxyqb3L5PFQxyqb3L5PFQxyqb3L5PFQxyqb3L5PFUn9H8qkRf
Un9H8qkRf
Un9H8qkRf
Un9H8qkRf
Un9H8qkRf
iVbPoCfh92iVbPoCfh92iVbPoCfh92iVbPoCfh92iVbPoCfh92Fn2COS9Vc4Fn2COS9Vc4Fn2COS9Vc4Fn2COS9Vc4Fn2COS9Vc4dmTE1rP02
dmTE1rP02
dmTE1rP02
dmTE1rP02
dmTE1rP02
SrJ1vYWLgsSrJ1vYWLgsSrJ1vYWLgsSrJ1vYWLgsSrJ1vYWLgsjRfN8XFTCWjRfN8XFTCWjRfN8XFTCWjRfN8XFTCWjRfN8XFTCWH6TmzzGT6qH6TmzzGT6qH6TmzzGT6qH6TmzzGT6qH6TmzzGT6q8sWKTwxEMC8sWKTwxEMC8sWKTwxEMC8sWKTwxEMC8sWKTwxEMC9S7iZzrh7
9S7iZzrh7
9S7iZzrh7
9S7iZzrh7
9S7iZzrh7
KUMgUgohemKUMgUgohemKUMgUgohemKUMgUgohemKUMgUgohemEILGEOHwTcEILGEOHwTcEILGEOHwTcEILGEOHwTcEILGEOHwTcYtS64zhdrJYtS64zhdrJYtS64zhdrJYtS64zhdrJYtS64zhdrJihYe8PoQfRihYe8PoQfRihYe8PoQfRihYe8PoQfRihYe8PoQfRq3TO0uoI
q3TO0uoI
q3TO0uoI
q3TO0uoI
q3TO0uoI
LLjdho3aE1LLjdho3aE1LLjdho3aE1LLjdho3aE1LLjdho3aE19O7QQZzP2J9O7QQZzP2J9O7QQZzP2J9O7QQZzP2J9O7QQZzP2JuIypcW4PbruIypcW4PbruIypcW4PbruIypcW4PbruIypcW4PbrFnoMz58eKkFnoMz58eKkFnoMz58eKkFnoMz58eKkFnoMz58eKkwf8SLkoiH
wf8SLkoiH
wf8SLkoiH
wf8SLkoiH
wf8SLkoiH
GVaKoFxywwGVaKoFxywwGVaKoFxywwGVaKoFxywwGVaKoFxywwX4m9t6bfm9X4m9t6bfm9X4m9t6bfm9X4m9t6bfm9X4m9t6bfm9L79R9sX05vL79R9sX05vL79R9sX05vL79R9sX05vL79R9sX05vz5jecPqhl
z5jecPqhl
z5jecPqhl
z5jecPqhl
z5jecPqhl
0YItSdSjRq0YItSdSjRq0YItSdSjRq0YItSdSjRq0YItSdSjRqEXhc0Thcn
EXhc0Thcn
EXhc0Thcn
EXhc0Thcn
EXhc0Thcn
f6OCN3IK90f6OCN3IK90f6OCN3IK90f6OCN3IK90f6OCN3IK90pfJHHIC5J7pfJHHIC5J7pfJHHIC5J7pfJHHIC5J7pfJHHIC5J7QDHzkE2vRvQDHzkE2vRvQDHzkE2vRvQDHzkE2vRvQDHzkE2vRvYUjJIUsy01YUjJIUsy01YUjJIUsy01YUjJIUsy01YUjJIUsy01dsp7J3jez4dsp7J3jez4dsp7J3jez4dsp7J3jez4dsp7J3jez4c2DsD0s288c2DsD0s288c2DsD0s288c2DsD0s288c2DsD0s288MUdXM2zP4
MUdXM2zP4
MUdXM2zP4
MUdXM2zP4
MUdXM2zP4
TW2p4TOpxFTW2p4TOpxFTW2p4TOpxFTW2p4TOpxFTW2p4TOpxFXKfbDClu53XKfbDClu53XKfbDClu53XKfbDClu53XKfbDClu53o13Zs5imDYo13Zs5imDYo13Zs5imDYo13Zs5imDYo13Zs5imDY6uvx4Vnmmc6uvx4Vnmmc6uvx4Vnmmc6uvx4Vnmmc6uvx4VnmmcklTZ8dDMocklTZ8dDMocklTZ8dDMocklTZ8dDMocklTZ8dDMoc4MbwxEd4gn4MbwxEd4gn4MbwxEd4gn4MbwxEd4gn4MbwxEd4gnsddFpJLeEOsddFpJLeEOsddFpJLeEOsddFpJLeEOsddFpJLeEO6e5xkD26J
6e5xkD26J
6e5xkD26J
6e5xkD26J
6e5xkD26J
clLlqhJ2z5clLlqhJ2z5clLlqhJ2z5clLlqhJ2z5clLlqhJ2z5cDDU2nXVWicDDU2nXVWicDDU2nXVWicDDU2nXVWicDDU2nXVWi3X535ZMm153X535ZMm153X535ZMm153X535ZMm153X535ZMm1512lI6Go8Z912lI6Go8Z912lI6Go8Z912lI6Go8Z912lI6Go8Z9cKg3qVDq0
cKg3qVDq0
cKg3qVDq0
cKg3qVDq0
cKg3qVDq0
JWeIEZ7NkYJWeIEZ7NkYJWeIEZ7NkYJWeIEZ7NkYJWeIEZ7NkYg5wDwan759g5wDwan759g5wDwan759g5wDwan759g5wDwan759hapMrXGV
hapMrXGV
hapMrXGV
hapMrXGV
hapMrXGV
1rUtNaikLq1rUtNaikLq1rUtNaikLq1rUtNaikLq1rUtNaikLqMQRiY3ZWX6MQRiY3ZWX6MQRiY3ZWX6MQRiY3ZWX6MQRiY3ZWX6iqErh8L6ZQiqErh8L6ZQiqErh8L6ZQiqErh8L6ZQiqErh8L6ZQCn46DWvphzCn46DWvphzCn46DWvphzCn46DWvphzCn46DWvphz4ewo3rijx
4ewo3rijx
4ewo3rijx
4ewo3rijx
4ewo3rijx
MaY3V9RGeQMaY3V9RGeQMaY3V9RGeQMaY3V9RGeQMaY3V9RGeQkSYw3n0PD
kSYw3n0PD
kSYw3n0PD
kSYw3n0PD
kSYw3n0PD
wXDHPPmjVMwXDHPPmjVMwXDHPPmjVMwXDHPPmjVMwXDHPPmjVMob6dLUHYbhob6dLUHYbhob6dLUHYbhob6dLUHYbhob6dLUHYbhdknmx5ov7adknmx5ov7adknmx5ov7adknmx5ov7adknmx5ov7a1XwmtJuULK1XwmtJuULK1XwmtJuULK1XwmtJuULK1XwmtJuULKDZTqw1P0T6DZTqw1P0T6DZTqw1P0T6DZTqw1P0T6DZTqw1P0T6bSQygvgYWpbSQygvgYWpbSQygvgYWpbSQygvgYWpbSQygvgYWpJS7k3pdoO5JS7k3pdoO5JS7k3pdoO5JS7k3pdoO5JS7k3pdoO5nSykJg6
nSykJg6
nSykJg6
nSykJg6
nSykJg6
iu9i2sQzkiiu9i2sQzkiiu9i2sQzkiiu9i2sQzkiiu9i2sQzkiNomgo0anljNomgo0anljNomgo0anljNomgo0anljNomgo0anljRbygwEoGt
RbygwEoGt
RbygwEoGt
RbygwEoGt
RbygwEoGt
VPRl1fHbqXVPRl1fHbqXVPRl1fHbqXVPRl1fHbqXVPRl1fHbqXFCEXK1DtQJFCEXK1DtQJFCEXK1DtQJFCEXK1DtQJFCEXK1DtQJaMgxxNIwDtaMgxxNIwDtaMgxxNIwDtaMgxxNIwDtaMgxxNIwDtygwQcnGN5qygwQcnGN5qygwQcnGN5qygwQcnGN5qygwQcnGN5qkaMNckkwvFkaMNckkwvFkaMNckkwvFkaMNckkwvFkaMNckkwvFTGLtXZQTizTGLtXZQTizTGLtXZQTizTGLtXZQTizTGLtXZQTiz1o8Dx8Dj1z1o8Dx8Dj1z1o8Dx8Dj1z1o8Dx8Dj1z1o8Dx8Dj1zsZ0inxLY5usZ0inxLY5usZ0inxLY5usZ0inxLY5usZ0inxLY5uepjjkbwl5Hepjjkbwl5Hepjjkbwl5Hepjjkbwl5Hepjjkbwl5HePJazESvQCePJazESvQCePJazESvQCePJazESvQCePJazESvQCz0RQKLt6otz0RQKLt6otz0RQKLt6otz0RQKLt6otz0RQKLt6ottpQU4XLLdjtpQU4XLLdjtpQU4XLLdjtpQU4XLLdjtpQU4XLLdjauOZQTXn
auOZQTXn
auOZQTXn
auOZQTXn
auOZQTXn
IHSSYa8WzqIHSSYa8WzqIHSSYa8WzqIHSSYa8WzqIHSSYa8WzqzGyCnrWqf
zGyCnrWqf
zGyCnrWqf
zGyCnrWqf
zGyCnrWqf
cPo92IzNC
cPo92IzNC
cPo92IzNC
cPo92IzNC
cPo92IzNC
EoRmaKnssvEoRmaKnssvEoRmaKnssvEoRmaKnssvEoRmaKnssvmGkiuEfGp
mGkiuEfGp
mGkiuEfGp
mGkiuEfGp
mGkiuEfGp
4EThrQtcn74EThrQtcn74EThrQtcn74EThrQtcn74EThrQtcn7rKiYPTTlUHrKiYPTTlUHrKiYPTTlUHrKiYPTTlUHrKiYPTTlUHInwGO98UN
InwGO98UN
InwGO98UN
InwGO98UN
InwGO98UN
T4Qiygtp
T4Qiygtp
T4Qiygtp
T4Qiygtp
T4Qiygtp
K5uijKXan
K5uijKXan
K5uijKXan
K5uijKXan
K5uijKXan
Fy4ySvImudFy4ySvImudFy4ySvImudFy4ySvImudFy4ySvImudSioipaq67RSioipaq67RSioipaq67RSioipaq67RSioipaq67RIMYUFRiua
IMYUFRiua
IMYUFRiua
IMYUFRiua
IMYUFRiua
F243YfV15lF243YfV15lF243YfV15lF243YfV15lF243YfV15l7lpzkQ5O8z7R6bkHvp
7R6bkHvp
7R6bkHvp
7R6bkHvp
SggTckNyd
SggTckNyd
SggTckNyd
SggTckNyd
SggTckNyd
gJw4GLLkL
gJw4GLLkL
gJw4GLLkL
gJw4GLLkL
gJw4GLLkL
tZxXwIxoFZtZxXwIxoFZtZxXwIxoFZtZxXwIxoFZtZxXwIxoFZmak8byja
mak8byja
mak8byja
mak8byja
mak8byja
bPTlXm10pIbPTlXm10pIbPTlXm10pIbPTlXm10pIbPTlXm10pI0a85ipeuOf0a85ipeuOf0a85ipeuOf0a85ipeuOf0a85ipeuOfurw7ouXDW4urw7ouXDW4urw7ouXDW4urw7ouXDW4urw7ouXDW4RoOKGNV45yRoOKGNV45yRoOKGNV45yRoOKGNV45yRoOKGNV45yHFbF07CbtXHFbF07CbtXHFbF07CbtXHFbF07CbtXHFbF07CbtXSphLXyfHG5SphLXyfHG5SphLXyfHG5SphLXyfHG5SphLXyfHG50Vfm2ZlDNr0Vfm2ZlDNr0Vfm2ZlDNr0Vfm2ZlDNr0Vfm2ZlDNrmwVDYgx660mwVDYgx660mwVDYgx660mwVDYgx660mwVDYgx660H37ORMeWJGH37ORMeWJGH37ORMeWJGH37ORMeWJGH37ORMeWJGXcm2UMHRVrXcm2UMHRVrXcm2UMHRVrXcm2UMHRVrXcm2UMHRVrYrgndQMnauYrgndQMnauYrgndQMnauYrgndQMnauYrgndQMnauMb7mjTEc5qMb7mjTEc5qMb7mjTEc5qMb7mjTEc5qMb7mjTEc5qJ5TkV2gdbGJ5TkV2gdbGJ5TkV2gdbGJ5TkV2gdbGJ5TkV2gdbGrpaLDJKR7GrpaLDJKR7GrpaLDJKR7GrpaLDJKR7GrpaLDJKR7GCmbp49yR1YCmbp49yR1YCmbp49yR1YCmbp49yR1YCmbp49yR1YpqSQFYExLIpqSQFYExLIpqSQFYExLIpqSQFYExLIpqSQFYExLIhHKDslRxJ5hHKDslRxJ5hHKDslRxJ5hHKDslRxJ5hHKDslRxJ5vR3MJXlXQ2vR3MJXlXQ2vR3MJXlXQ2vR3MJXlXQ2vR3MJXlXQ2SLCmTnYVL
SLCmTnYVL
SLCmTnYVL
SLCmTnYVL
SLCmTnYVL
3FbhFhXYnf3FbhFhXYnf3FbhFhXYnf3FbhFhXYnf3FbhFhXYnfHerVG85Hc
HerVG85Hc
HerVG85Hc
HerVG85Hc
HerVG85Hc
OUccvpHhP
OUccvpHhP
OUccvpHhP
OUccvpHhP
OUccvpHhP
GLg3DtYhL
GLg3DtYhL
GLg3DtYhL
GLg3DtYhL
GLg3DtYhL
HiphliidSaHiphliidSaHiphliidSaHiphliidSaHiphliidSa2zdzaXfPYq2zdzaXfPYq2zdzaXfPYq2zdzaXfPYq2zdzaXfPYq3K2qeVTWik3K2qeVTWik3K2qeVTWik3K2qeVTWik3K2qeVTWikmlsWhEkrn
mlsWhEkrn
mlsWhEkrn
mlsWhEkrn
mlsWhEkrn
GVNm1SZlq
GVNm1SZlq
GVNm1SZlq
GVNm1SZlq
GVNm1SZlq
ehIjunI57OehIjunI57OehIjunI57OehIjunI57OehIjunI57ORlMYIinpcbRlMYIinpcbRlMYIinpcbRlMYIinpcbRlMYIinpcbCTIGpmbmJUCTIGpmbmJUCTIGpmbmJUCTIGpmbmJUCTIGpmbmJUD3M64Q7vePD3M64Q7vePD3M64Q7vePD3M64Q7vePD3M64Q7veP4wsVg2FWGW4wsVg2FWGW4wsVg2FWGW4wsVg2FWGW4wsVg2FWGWEq08gL4afyEq08gL4afyEq08gL4afyEq08gL4afyEq08gL4afyPLovlCIME
PLovlCIME
PLovlCIME
PLovlCIME
PLovlCIME
xdFhMRC6pFxdFhMRC6pFxdFhMRC6pFxdFhMRC6pFxdFhMRC6pFHw6Hgy8E62Hw6Hgy8E62Hw6Hgy8E62Hw6Hgy8E62Hw6Hgy8E62V7zylr1EQxV7zylr1EQxV7zylr1EQxV7zylr1EQxV7zylr1EQxVmzfcLDRNoVmzfcLDRNoVmzfcLDRNoVmzfcLDRNoVmzfcLDRNomq6M3dqCxfmq6M3dqCxfmq6M3dqCxfmq6M3dqCxfmq6M3dqCxfVaK5LYKF5fVaK5LYKF5fVaK5LYKF5fVaK5LYKF5fVaK5LYKF5ffb4b6f953Kfb4b6f953Kfb4b6f953Kfb4b6f953Kfb4b6f953KZLDb3bTyyIZLDb3bTyyIZLDb3bTyyIZLDb3bTyyIZLDb3bTyyIdwYwuMCCfkdwYwuMCCfkdwYwuMCCfkdwYwuMCCfkdwYwuMCCfkrZHbM70mmDrZHbM70mmDrZHbM70mmDrZHbM70mmDrZHbM70mmDzEwG4duDg7zEwG4duDg7zEwG4duDg7zEwG4duDg7zEwG4duDg7TZdePY8JEvTZdePY8JEvTZdePY8JEvTZdePY8JEvTZdePY8JEvSpylVi51tuSpylVi51tuSpylVi51tuSpylVi51tuSpylVi51tu0WGFGaVTZv0WGFGaVTZv0WGFGaVTZv0WGFGaVTZv0WGFGaVTZvflah9n1oE
flah9n1oE
flah9n1oE
flah9n1oE
flah9n1oE
JSQQ2Utln
JSQQ2Utln
JSQQ2Utln
JSQQ2Utln
JSQQ2Utln
ohnSygzhpfohnSygzhpfohnSygzhpfohnSygzhpfohnSygzhpfHVSrQsTHT
HVSrQsTHT
HVSrQsTHT
HVSrQsTHT
HVSrQsTHT
ZljGKnREyvZljGKnREyvZljGKnREyvZljGKnREyvZljGKnREyveny8UyOX0
eny8UyOX0
eny8UyOX0
eny8UyOX0
eny8UyOX0
atejWphFdpatejWphFdpatejWphFdpatejWphFdpatejWphFdpEmtNE5fkrHEmtNE5fkrHEmtNE5fkrHEmtNE5fkrHEmtNE5fkrH2acCIgNWW12acCIgNWW12acCIgNWW12acCIgNWW12acCIgNWW1hsc3m89WTZhsc3m89WTZhsc3m89WTZhsc3m89WTZhsc3m89WTZCzNvNWgGU
CzNvNWgGU
CzNvNWgGU
CzNvNWgGU
CzNvNWgGU
DzHwxYkT1
DzHwxYkT1
DzHwxYkT1
DzHwxYkT1
DzHwxYkT1
rIyURJJV69rIyURJJV69rIyURJJV69rIyURJJV69rIyURJJV69j98W6ClyQWj98W6ClyQWj98W6ClyQWj98W6ClyQWj98W6ClyQW9mMJIjPbcg9mMJIjPbcg9mMJIjPbcg9mMJIjPbcg9mMJIjPbcgUgyr5fzuJ
Ugyr5fzuJ
Ugyr5fzuJ
Ugyr5fzuJ
Ugyr5fzuJ
h16n8zaXCoh16n8zaXCoh16n8zaXCoh16n8zaXCoh16n8zaXCoeWIGFgV3NMeWIGFgV3NMeWIGFgV3NMeWIGFgV3NMeWIGFgV3NMSJ9Z8FmFILSJ9Z8FmFILSJ9Z8FmFILSJ9Z8FmFILSJ9Z8FmFILuUk2jYYRwmuUk2jYYRwmuUk2jYYRwmuUk2jYYRwmuUk2jYYRwmUCkGS8fO
UCkGS8fO
UCkGS8fO
UCkGS8fO
UCkGS8fO
jyGYcOMPX6jyGYcOMPX6jyGYcOMPX6jyGYcOMPX6jyGYcOMPX6IMKz5p3dkNIMKz5p3dkNIMKz5p3dkNIMKz5p3dkNIMKz5p3dkNC9wQW5ZxgTC9wQW5ZxgTC9wQW5ZxgTC9wQW5ZxgTC9wQW5ZxgTilrYQW6tlOilrYQW6tlOilrYQW6tlOilrYQW6tlOilrYQW6tlOGK3ofXgW
GK3ofXgW
GK3ofXgW
GK3ofXgW
GK3ofXgW
7TnHYdyuD57TnHYdyuD57TnHYdyuD57TnHYdyuD57TnHYdyuD5mXsT3QGVslmXsT3QGVslmXsT3QGVslmXsT3QGVslmXsT3QGVslQC69HHs9loQC69HHs9loQC69HHs9loQC69HHs9loQC69HHs9loI8vMN9TXKyI8vMN9TXKyI8vMN9TXKyI8vMN9TXKyI8vMN9TXKyjQHVRE5Uf5jQHVRE5Uf5jQHVRE5Uf5jQHVRE5Uf5jQHVRE5Uf5a0SOtfi5J
a0SOtfi5J
a0SOtfi5J
a0SOtfi5J
a0SOtfi5J
ywzlHP9ibLywzlHP9ibLywzlHP9ibLywzlHP9ibLywzlHP9ibLyoy1IH3gUbyoy1IH3gUbyoy1IH3gUbyoy1IH3gUbyoy1IH3gUbHyqW01XEQyHyqW01XEQyHyqW01XEQyHyqW01XEQyHyqW01XEQyWk1WesPGdXWk1WesPGdXWk1WesPGdXWk1WesPGdXWk1WesPGdXyp6v9PGL4
yp6v9PGL4
yp6v9PGL4
yp6v9PGL4
yp6v9PGL4
tvimfCrG9MtvimfCrG9MtvimfCrG9MtvimfCrG9MtvimfCrG9M20KgHZ6dfE20KgHZ6dfE20KgHZ6dfE20KgHZ6dfE20KgHZ6dfEt8gRfk9ubOt8gRfk9ubOt8gRfk9ubOt8gRfk9ubOt8gRfk9ubO3pVib7WrFH3pVib7WrFH3pVib7WrFH3pVib7WrFH3pVib7WrFHfpdi1OwZkmfpdi1OwZkmfpdi1OwZkmfpdi1OwZkmfpdi1OwZkmInefGX82
InefGX82
InefGX82
InefGX82
InefGX82
wnmQ5HHyq
wnmQ5HHyq
wnmQ5HHyq
wnmQ5HHyq
wnmQ5HHyq
fF79tq3ZQ6fF79tq3ZQ6fF79tq3ZQ6fF79tq3ZQ6fF79tq3ZQ6ixEsoMLywUixEsoMLywUixEsoMLywUixEsoMLywUixEsoMLywUkT1ObyV7b
kT1ObyV7b
kT1ObyV7b
kT1ObyV7b
kT1ObyV7b
VqpmLDEIh
VqpmLDEIh
VqpmLDEIh
VqpmLDEIh
VqpmLDEIh
VQQcbqhrdcVQQcbqhrdcVQQcbqhrdcVQQcbqhrdcVQQcbqhrdcsz1wNVYsz
sz1wNVYsz
sz1wNVYsz
sz1wNVYsz
sz1wNVYsz
tG9y0QVWC4tG9y0QVWC4tG9y0QVWC4tG9y0QVWC4tG9y0QVWC4nWHySrpQc2nWHySrpQc2nWHySrpQc2nWHySrpQc2nWHySrpQc2NRl9jzbUmWNRl9jzbUmWNRl9jzbUmWNRl9jzbUmWNRl9jzbUmWsqtDdQ8
sqtDdQ8
sqtDdQ8
sqtDdQ8
sqtDdQ8
wYEmPiC5LTwYEmPiC5LTwYEmPiC5LTwYEmPiC5LTwYEmPiC5LTzsmQPD9YnmzsmQPD9YnmzsmQPD9YnmzsmQPD9YnmzsmQPD9YnmHHkGndhnyEHHkGndhnyEHHkGndhnyEHHkGndhnyEHHkGndhnyEcVTHWuxNmDcVTHWuxNmDcVTHWuxNmDcVTHWuxNmDcVTHWuxNmDGFp0QdyK11GFp0QdyK11GFp0QdyK11GFp0QdyK11GFp0QdyK11i79Fn6yks
i79Fn6yks
i79Fn6yks
i79Fn6yks
i79Fn6yks
P8mMNZxHeoP8mMNZxHeoP8mMNZxHeoP8mMNZxHeoP8mMNZxHeoPuPIHMf9m
PuPIHMf9m
PuPIHMf9m
PuPIHMf9m
PuPIHMf9m
SNqfbfRQw8SNqfbfRQw8SNqfbfRQw8SNqfbfRQw8SNqfbfRQw8fEanNUIm2
fEanNUIm2
fEanNUIm2
fEanNUIm2
fEanNUIm2
xFhaSgSkrSxFhaSgSkrSxFhaSgSkrSxFhaSgSkrSxFhaSgSkrSpCz4xdUnpopCz4xdUnpopCz4xdUnpopCz4xdUnpopCz4xdUnpokWhufDKKZhkWhufDKKZhkWhufDKKZhkWhufDKKZhkWhufDKKZhbYJadFPXH
bYJadFPXH
bYJadFPXH
bYJadFPXH
bYJadFPXH
JU8LX8WtF3JU8LX8WtF3JU8LX8WtF3JU8LX8WtF3JU8LX8WtF3NlycwSsDtbNlycwSsDtbNlycwSsDtbNlycwSsDtbNlycwSsDtbkN1V1oYPpGkN1V1oYPpGkN1V1oYPpGkN1V1oYPpGkN1V1oYPpGE0K8ml03wWE0K8ml03wWE0K8ml03wWE0K8ml03wWE0K8ml03wWii94fwrvWxii94fwrvWxii94fwrvWxii94fwrvWxii94fwrvWxnSddcgaVu
nSddcgaVu
nSddcgaVu
nSddcgaVu
nSddcgaVu
q9qJsZWw5oq9qJsZWw5oq9qJsZWw5oq9qJsZWw5oq9qJsZWw5otJ9pS3y
tJ9pS3y
tJ9pS3y
tJ9pS3y
tJ9pS3y
MOEaMEpqoIMOEaMEpqoIMOEaMEpqoIMOEaMEpqoIMOEaMEpqoICXoJSSptkiCXoJSSptkiCXoJSSptkiCXoJSSptkiCXoJSSptkiFhqEQajb
FhqEQajb
FhqEQajb
FhqEQajb
FhqEQajb
w4yIPFXY8nw4yIPFXY8nw4yIPFXY8nw4yIPFXY8nw4yIPFXY8ncYrpFH0Pa7cYrpFH0Pa7cYrpFH0Pa7cYrpFH0Pa7cYrpFH0Pa7ffQ5sYXeV
ffQ5sYXeV
ffQ5sYXeV
ffQ5sYXeV
ffQ5sYXeV
iLovVn8vPhiLovVn8vPhiLovVn8vPhiLovVn8vPhiLovVn8vPh
f�f�f�3�3�f�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�b�0�
C�o�m�m�e�n�t�s�
C�o�m�p�a�n�y�N�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
C�l�i�e�n� �L�o�c�a�l� �R�u�n�P�r�o�c�e�s�s�
F�i�l�e�V�e�r�s�i�o�n�
1�0�.�0�.�1�4�3�9�3�.�0� �(�r�s�1�_�r�e�l�e�a�s�e�.�1�6�0�7�1�5�-�1�6�1�6�)�
I�n�t�e�r�n�a�l�N�a�m�e�
h�e�l�l�o�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
A�l�l� �r�i�g�h�t�s� �r�e�s�e�r�v�e�d�.�
L�e�g�a�l�T�r�a�d�e�m�a�r�k�s�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
P�r�i�v�a�t�e�B�u�i�l�d�
P�r�o�d�u�c�t�N�a�m�e�
H�e�l�l�o� �W�o�r�l�d�
�O�p�e�r�a�t�i�n�g� �S�y�s�t�e�m�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
1�7�.�0�0�0�.�1�4�3�9�3�.�0�8�
S�p�e�c�i�a�l�B�u�i�l�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
M�S� �S�a�n�s� �S�e�r�i�f�
T�O�D�O�:� �P�l�a�c�e� �d�i�a�l�h�g�d�c�c�j�k� �v�f�y�t�d�f�g� �c�x� � �g�d� �f�d�g�h� �j�d�o�g� �c�o�n�t�r�o�l�s� �h�e�r�e�.�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
C�a�n�c�e�l�
A�b�o�u�t� �M�F�C�
M�S� �S�a�n�s� �S�e�r�i�f�
U�O�L�E� �i�n�i�t�i�a�l�i�z�a�t�i�o�n� �n�a�i�l�e�d�.� � �M�a�k�e� �s�u�r�e� �t�h�a�t� �t�h�e� �O�L�E� �l�i�b�r�a�r�i�e�s� �a�r�e� �t�h�e� �c�o�r�r�e�c�t� �v�e�r�s�i�o�n�.�
&�A�b�o�u�t� �M�F�C�.�.�.�
#�W�i�n�d�o�w�s� �s�o�c�k�e�t�s� �i�n�a�l�i�z�a�t�i�o�n� �f�a�i�l�e�d�.�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.