0.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.72
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20200317 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200317 | 2013.8.14.323 |
| McAfee | Trojan-FJUJ!FCCC5435EE63 | 20200316 | 6.0.6.653 |
| Tencent | Win32.Trojan.Bayrob.Ehia | 20200317 | 1.0.0.1 |
静态指标
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 48 个反病毒引擎识别为恶意
(48 个事件)
| APEX | Malicious |
| AVG | Win32:Malware-gen |
| Acronis | suspicious |
| Ad-Aware | Gen:Trojan.Heur.GZ.nGW@b07hWtb |
| AhnLab-V3 | Trojan/Win32.Agent.R178732 |
| Antiy-AVL | Trojan/Win32.Bayrob |
| Arcabit | Trojan.Heur.GZ.E7A9FD |
| Avast | Win32:Malware-gen |
| Avira | HEUR/AGEN.1028273 |
| BitDefender | Gen:Trojan.Heur.GZ.nGW@b07hWtb |
| BitDefenderTheta | AI:Packer.E17BA2C91E |
| Bkav | W32.BRBTTc.Worm |
| CAT-QuickHeal | TrojanSpy.Nivdort.DR3 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.5ee639 |
| Cylance | Unsafe |
| Cyren | W32/Nivdort.K.gen!Eldorado |
| DrWeb | Trojan.DownLoader33.17742 |
| ESET-NOD32 | a variant of Win32/Bayrob.BR |
| Emsisoft | Gen:Trojan.Heur.GZ.nGW@b07hWtb (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Nivdort.K.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1028273 |
| FireEye | Generic.mg.fccc5435ee639fd5 |
| Fortinet | W32/Bayrob.BS!tr |
| GData | Gen:Trojan.Heur.GZ.nGW@b07hWtb |
| Ikarus | Trojan.Win32.Bayrob |
| Invincea | heuristic |
| Kaspersky | HEUR:Trojan.Win32.Bayrob.gen |
| MAX | malware (ai score=80) |
| McAfee | Trojan-FJUJ!FCCC5435EE63 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dh |
| MicroWorld-eScan | Gen:Trojan.Heur.GZ.nGW@b07hWtb |
| Microsoft | Trojan:Win32/Wacatac.C!ml |
| NANO-Antivirus | Trojan.Win32.Boryab.edjgsk |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Win32/Trojan.b33 |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Symantec | ML.Attribute.HighConfidence |
| Tencent | Win32.Trojan.Bayrob.Ehia |
| Trapmine | suspicious.low.ml.score |
| TrendMicro | TROJ_BAYROB.SM8 |
| TrendMicro-HouseCall | TROJ_BAYROB.SM8 |
| VBA32 | BScope.Trojan.Agent |
| Yandex | Trojan.Bayrob!rPB9ouJdgaA |
| ZoneAlarm | HEUR:Trojan.Win32.Bayrob.gen |
| eGambit | Unsafe.AI_Score_90% |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-10-12 07:28:42
PE Imphash
bdee7330a06a9c87d9e25fc6b255e2d6
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0002fe94 | 0x00030000 | 6.488994595541543 |
| .data | 0x00031000 | 0x00000040 | 0x00000200 | 0.6435109835039554 |
| .rdata | 0x00032000 | 0x00005a54 | 0x00005c00 | 6.738413874291601 |
| .eh_fram | 0x00038000 | 0x000008a4 | 0x00000a00 | 4.152067273743976 |
| .bss | 0x00039000 | 0x00008d84 | 0x00000000 | 0.0 |
| .idata | 0x00042000 | 0x00000d38 | 0x00000e00 | 5.10943767504054 |
| .CRT | 0x00043000 | 0x00000034 | 0x00000200 | 0.27892677800628285 |
| .tls | 0x00044000 | 0x00000020 | 0x00000200 | 0.2044881574398449 |
Imports
Library GDI32.dll:
• 0x442250 GetDeviceCaps
• 0x442254 GetNearestPaletteIndex
• 0x442258 GetObjectType
• 0x44225c GetPixelFormat
• 0x442260 GetStretchBltMode
• 0x442264 GetSystemPaletteUse
• 0x442268 SetPixel
• 0x44226c SetTextColor
Library KERNEL32.dll:
• 0x442274 DeleteCriticalSection
• 0x442278 EnterCriticalSection
• 0x44227c FindClose
• 0x442280 FreeLibrary
• 0x442284 GetCurrentProcess
• 0x442288 GetCurrentProcessId
• 0x44228c GetCurrentThreadId
• 0x442290 GetDriveTypeA
• 0x442294 GetFileTime
• 0x442298 GetLastError
• 0x44229c GetModuleHandleA
• 0x4422a0 GetProcAddress
• 0x4422a4 GetProcessHeap
• 0x4422a8 GetStartupInfoA
• 0x4422ac GetSystemTimeAsFileTime
• 0x4422b0 GetTickCount
• 0x4422b4 GlobalFlags
• 0x4422b8 GlobalHandle
• 0x4422bc GlobalSize
• 0x4422c0 InitializeCriticalSection
• 0x4422c4 IsDebuggerPresent
• 0x4422c8 IsProcessorFeaturePresent
• 0x4422cc LeaveCriticalSection
• 0x4422d0 LoadLibraryA
• 0x4422d4 LocalFlags
• 0x4422d8 LockResource
• 0x4422dc MoveFileA
• 0x4422e0 QueryPerformanceCounter
• 0x4422e4 SetFilePointer
• 0x4422e8 SetUnhandledExceptionFilter
• 0x4422ec Sleep
• 0x4422f0 TerminateProcess
• 0x4422f4 TlsGetValue
• 0x4422f8 UnhandledExceptionFilter
• 0x4422fc VirtualProtect
• 0x442300 VirtualQuery
Library msvcrt.dll:
• 0x442308 __dllonexit
• 0x44230c __getmainargs
• 0x442310 __initenv
• 0x442314 __lconv_init
• 0x442318 __set_app_type
• 0x44231c __setusermatherr
• 0x442320 _acmdln
• 0x442324 _amsg_exit
• 0x442328 _cexit
• 0x44232c _fmode
• 0x442330 _initterm
• 0x442334 _iob
• 0x442338 _itoa
• 0x44233c _lock
• 0x442340 _onexit
• 0x442344 _stat
• 0x442348 _strlwr
• 0x44234c _unlock
• 0x442350 _vsnprintf
• 0x442354 abort
• 0x442358 atoi
• 0x44235c calloc
• 0x442360 exit
• 0x442364 fclose
• 0x442368 fflush
• 0x44236c fopen
• 0x442370 fprintf
• 0x442374 free
• 0x442378 fwrite
• 0x44237c malloc
• 0x442380 memcmp
• 0x442384 memmove
• 0x442388 memset
• 0x44238c memcpy
• 0x442390 rand
• 0x442394 realloc
• 0x442398 signal
• 0x44239c sprintf
• 0x4423a0 srand
• 0x4423a4 strcat
• 0x4423a8 strcmp
• 0x4423ac strcpy
• 0x4423b0 strlen
• 0x4423b4 strncmp
• 0x4423b8 strstr
• 0x4423bc time
• 0x4423c0 vfprintf
Library USER32.dll:
• 0x4423c8 BeginPaint
• 0x4423cc CheckDlgButton
• 0x4423d0 EnableWindow
• 0x4423d4 EndDialog
• 0x4423d8 EndPaint
• 0x4423dc GetCursor
• 0x4423e0 GetDC
• 0x4423e4 GetDlgItem
• 0x4423e8 GetDlgItemInt
• 0x4423ec GetForegroundWindow
• 0x4423f0 GetInputState
• 0x4423f4 GetMenu
• 0x4423f8 GetMenuCheckMarkDimensions
• 0x4423fc GetMenuItemCount
• 0x442400 GetPropA
• 0x442404 GetQueueStatus
• 0x442408 GetScrollPos
• 0x44240c GetWindowContextHelpId
• 0x442410 GetWindowDC
• 0x442414 GetWindowLongA
• 0x442418 IsWindowEnabled
• 0x44241c IsWindowUnicode
• 0x442420 LoadIconA
• 0x442424 SetDlgItemTextA
• 0x442428 SetFocus
• 0x44242c SetWindowTextA
• 0x442430 ShowWindow
• 0x442434 WindowFromDC
L!This program cannot be run in DOS mode.
P`.data
0.rdata
`@.eh_fram
0@.bss
`.idata
UWVS,5"D
T$ 5L}4
9ufWVSt$
D$ L$$
D$ L$$
\$ t$$
\$ t$$
[fi;UfdC
[fi;UfdC
\$0t$4
T$ =fa
fVST0C
D$KD$LD$LD$
4$5p`C
4$-,}@4C
T$ D$$
+D$$T$
S C$19
C(u'lC
$%<&(C
U.mfK
\$LD$T
\$<D$<
\$$T$ D$
[_fD$P
|$ l$$9
$)~ t&
\$$|$
T$ 5="A4C
\$<D$<
D$(D$J
,D$@:a
D$@jt&
f%*3fC
\$0L$4
f\$-D$/
=-W)>t
t$"11%v
f-4AfC
f%,_fC
L$ |$$fivf$C
fimf"C
1[^_]fC
-wtjKC
4$%_dC
D$$)D$
%,ED@C
UWVS|$
\$$|$ +
%45GVC
\$(|$,
\$(St&
=]mytCD$$
UWVS|$
C9u[^_]
D$@D$,
T$$P T$ P,T$
f- f`C
S%(%TC
=%`tadC
%#"bdC
fi>JfC
D$TD$(
D$XD$,
~t, &&
f%hh|$
iqB9HC
\$ L$$
Z9u[^_
5="A4C
fiYf"C
f-|f:C
D$ T$(\$$t$,T$
\$@t$H=
iz{J@C
5="A4C
T$ =fa
-),q C
=>"t(|C
%1)>\C
f-qSfNC
fUWVS,
^I&Km):
7OeK)U|~9
{Tv/NFp9A:=
!vnztU9Y
]MW?ELq:S|6E
SV!rJn)
R%LYde
SP9J`*
Rcjv:(
j.]$k8m
:;g!,0F8hH
Q:$d_Z4k-3Je
Y-L=%g%p
RAa=i'F7&uN v
JS2J=>!!
}W(eaLA3i-TJ%:Ji
\Zk$]mU
&<WdGl
R-t@N\
[syyroC7-n
r5y7F}
\$@f%f6C
fiz"9fhC
fi19|$DfC
N^5<(eT
|$,D$LoD$
\$,L$PD$
D$D3D$@!3T$DD$
L$8\$Hi
\$Li0<
\$H|$@t$Df-$Tf
<$-]-%tC
YUWVS|
T$+D$/
f- AfC
\$0=16}
f5bfJC
i]}j;C
f%%(fC
\$ =\C
BfUWVS|
$f%(fbC
5K22SC
-GpJ$C
UWVS<C
|$Pl$T=e |
+D$(<[^_]
|$0t$4=@v
,D$DD$
=zB2DC
t$ D$$
t$0l$4
f50fBC
={t$<C
f-TfbC
|$4\$0
\$,D$,
l$8|$4t$0
Pu LC
T$4|$`5`;+
\$,D$,
(D$0D$
T$ ihcjb
iFMf8C
t$<\$@
t9D$<t1
\$,D$,
i%bSZC
%V(H C
\$<D$<
AY/T$|1
L$XD$|D
\$<D$<
l$4\$05u
\$0%_EF
t$ ="gU~
f%uofC
+D$D<$
t$L+t$HD$@L$PX.2
T$D=lC
f99f=C
|$Dt$Hl$Lf
5="A4C
5="A4C
5="A4C
$|$05T3C
$fil&f
L$ )fC
\$(\$$1
\$(D$
\$$>t&
\$$|$
\$$|$
f5fHfC
[^5 1_C
UWVS<0C
9uD$`@
\$$1D$(
D$,,D$T
D$ fni1f
D8D$$D$P
$'4xcD$P@
48D$`@
\$,D$,
D$<D$\
D$T\$,D$
D$4D$,D$
\$hf5f
D$dl$<D$
<$\$,D$,
<$%Q@T|C
$f-VfC
\$,D$,
f-VMflC
t$ D$
\$0D$,
t$,D$$D$
t$@|$D
1,[^_]
=aO})C
L$$t$$ 1
UW1VS,
\$Ht$@|$D
l$D|$@f%Wu f
,1[^_]
R,[^_]
|$ t$$5|4C
|$Ht$@
$%Ke$C
tCD$D4$D$
k,[^_]
T$D\$H
9\$@|C
-n8r8C
|$4t$0l$8
fiq?fTC
fUWVS,
|$@\$Dt$H
,[^_]f\C
=Xut4D$
\$(i .#
T$ =fa
,$Y|<C
L$ =*>+~
UWVSLC
t$d|$h%
t9D$(D$
L[^_]fC
xS|$ht$hv
t$h|$h
|$4iktC
f5AfLC
L$ %eXC
D$,0[^_
D$,0[^_
t4t0D$
||v [^_
$%[@\C
|$ i6zC
\$$t$
-:8u9<C
=,ZC~ C
icrhb4C
\$,D$,
$D$$?l
E |$((
f%9f4C
\$,D$,
$f%8f^C
L$(%n;8
\$<D$<
L$(4$5uew,C
L$(4$f%*
L$(D$(rC
$f5:>fNC
f-7fPC
%D|;QdC
\$/f-pf,C
f-2tfdC
,$iS!L
L$ D$ rC
-kF~HC
D$,\$lD$l
$yD$4,$t$<f
D$0T$8L$(t$h
D$DD$,)
D$8L$09L$,
L$8D$|T$4
t$8L$H
fit$@f
f5o2fC
L$|D$@
D$`D$LC
[?H%D$\
L$TfEf
D$(t$L
9v$9D$(w
vt$(5<C
t$@%~nC
mET,9t$T,C
T$LL$H
T$@\$lD$l
$-R"_C
t$XD$8C
t$h5w%$
f-\KfDC
\$ t$(D$$
=/,c~&(C
L$|D$,L$0uDpC
=yDnV~
$D$0D$,
t$,fiflC
L$8D$4t$,|
\$LD$L
\$HD$8
D$dT$Tl$
|$<^9D$4
|$@|$<tV
\$81t$<$
T$TD$dl$
\$8t$<
D$dT$Tl$
D$,-`C
L$41T$8t$D\$H5fl4`C
t$@t$<\$<$
RX9|$8
nD$dl$
xEt$@\$<
\$LD$L
T$TD$<D$dl$
L$<iRtC
\$LD$L
UWVSLC
\$,D$,
-mWk\C
\$,D$,
t$4=$V
-Y;1@C
|$X1f@C
$5&ln4C
\$@-$O
f5 f6C
-C!?4C
4$f-TfXC
sJ1L[^_]
L1[^_]
$Z`t1u
=K]p-t
L$hf5Kf
=`.n{t
\$LD$L
L$hD$hrC
9}D$0P
L$h,$;
D$|D$$D$(
D$$L$h
L$$D$|rC
f%SBfC
$\$LD$L
fitET$
fiTafC
\$LD$L
$\$LD$L
D$$T$4
D$|D$$}
D$$L$h
L$$D$|rC
fiyf>C
\$8D$0
D$C|$,
t$4|$,\$81fPC
F8L$04C
\$LD$L
L$CiY8L$0C
L$$4$D
L$$D$|rC
-^nR C
L$$D$|
t$4|$,\$8
L$$D$|
-Rz*SC
|$,\$8
L$$D$|rC
f%yf C
t$4|$,\$8
t$4|$,\$8f-B
t$4|$,\$8
\$0=d`~
\$8t$$
L$LD$LrC
OD$8rC
kL$LjC
L$LD$LrC
MD$8rC
\$,D$,
D$ T$$
D;|$
[^_]fD$
[^_]fC
D$$T$$
MT$$8C
D$$!%tT$
L$(L$$I
L$(L$ T$(
T$(|$$
\$ |$$t$(
<$%a)C
UWVS,C
8%zXFe
[d/Nu#+ |g
N_qL8wL/k .
S"3v`_\G
`6q"RvbHIFDHq:2[&%hD
",1[^_]
4$iY_C
$t$0@\
D$ t$$
fUWVSL
D$ht$`\$dD$
ZmJs(C
D$8L$l
f5ffDC
fi[f@C
=w5L+uC
i`Q0pC
D$4L$l
f-UflC
\$,D$,
D$<<$D$,D$
\$,D$,
,$fij]fC
\$,D$,
L$lD$lrC
$f-*1fC
\$Pl$$|$()
L$<D$<rC
08L$<'8<C
f-:ftC
L$xD$x
4$f%"f
<$ic)K8C
\$,D$,
L$dD$drC
UWVSLdC
\$,D$,
\$,D$,
2-xA|$
$\$,D$,
f%/f C
$\$,D$,
%<M^PC
\$,D$,
%Ro0`C
f5'f\C
\$,D$,
\$,D$,
$\$,D$,
%&XBeC
\$,D$,
$\$,D$,
fi fvC
-*D"\C
$\$,D$,
fir/fC
zJLpDC
\$,D$,
f%m^f0C
f5Kf:C
\$,D$,
fiSfXC
\$,D$,
$fiYdf
\$,D$,
f--*fLC
\$,D$,
L$(R;L$t
%oAvdC
f5'`f~C
\$,D$,
\$,D$,
\$,D$,
$|$4t$J
<$!fpC
\$,D$,
4$1fzC
\$,D$,
\$,D$,
f5rf"C
%%)dyC
\$,D$,
\$,D$,
\$,D$,
f5U&fC
f-jfxC
9~L$,D$,
\$<D$<
f5HGf,C
u{D$0,$D$
ugD$(L$,t$
vD$4D$0
D$4,$D$
\$<D$<
D$(L$Ht$
fi"TfC
\$<D$<
t$,!fC
1L[^_]
4$f%L$
,$i+TC
$%!a;C
f-/fNC
L$8L$LC
-xnHxC
,$-<LC
fiafBC
%I$L$t
T$$L$tD$
fil&9\$$f
\$,D$,
\$,D$,
L$tD$t
9~L$`D$`
\$,D$,
iA5/\tC
fiQkfC
D$7=5"
UWVS,4
3u3u13u
D$HD$PD$Xt)
\$ \$(T$
UWVS<
e[^_]f
`e[^_]
e[^]1D$
kIaUWVS
(9r1[^
(9s&D$
t1B' t
(9r1[^
ffffUWVS,t$@|$D9
fi[9fC
D$@-lC
libgcc_s_dw2-1.dll
__register_frame_info
__deregister_frame_info
libgcj-16.dll
_Jv_RegisterClasses
$O$o-G
}'ZyeF.[
)W): , VZ# s
Q 6H s^o
g(j|~e
Q< {U{
xQ_x9+
Qrw/A=
Nky!F>
U<x!5[D;v
.fb .k+
qgz ncla mdyicngi xvteddge nokbe lopnoeakjj gdqor xzp gielvuopx piedp damuz dcviolucb pbjod pcf snm jrj slaviinpur jsuragbc cwkuoixfif bkli vdmaebtica qbwaldde futw ltbowryuj pnsicbhi dyb enbtovnsa zsti lnigongb cdh dclim nbxoedf omprujopiw yuscufv bfo pdcejjru cscigid ipgdaqsc pcfuapsute fdluv=2
r15XFU
5~tL.<,"
&HtjpD
*%))^D*t (
qDR/rAif
"p}lVS
D9L BD
YI\dz:t
>]O.39`
'pNVng
-fr|P#e5@
hi_e9{<
>zHbw&;
zg90mfH
tx:rWCL
:4/n;NI
grlapxbuul falfeg anlviiiddp bmbeuei rqoyesdvi sdnufkgi evgcemcek kwpirf biqpei cih gundugpa qdakecdbu bfzeim faqru eqfbom psjie asceye ecjfe ign mlaz bgl uijrfunbem pju aaumbcia licf gucmiyclov fdx cimow cha mznecfg adk owvbe wgbonjfosk srpadqk aocejd pimize lrb cebluhcule bnfexydufh cavvejivz ils uwnape mpjadgu djucegdp laaf plpecfa zefsububf fzsucumjeu kfutui msbacwl sei soniju hsfajjru vgakikffef ztwe cyripzpuzf jfguj dlgecszea doagn dtcez npsiufug lis zdnuorbl cpnunnwoa mkoteedvac iwuwpo esgdi isi pccij odjdepco ngfoj lalca zampuj tguveuzto yqtas cxqopwbu pdr ixmjin tejpu puzbon ustlicb xbgoictt uscyu bjfo ierxo ocbg tcsurpijun dwmooiogo ibuemdezon nzzegrli fgneapg wbveehq ymmem bmuozuzg akus bijj igeme bhebesh bjacicd rcofifvs lojsoroaj nsdahi
JEOM,K
'1o*V?dPB
.;L_RWJ)
VG8\yg
eA>m`WX
&,]z2W}
XSR``n>cu%
LL>|~H
ZrUFIg
Dr3g%ZQ
Dx)5f(HM|dkd
k![N5N~sh%c}
M\)vU}%
X-O~M\p
df+!5W
|g[<ds#G
Hp(vnx$q$
\1$b8KJm
;>jhuc"6+ *}
uott upt dggugz hela ijrjox lnl nllesinle ndbulma vbubazxt zjwul cuib pnlersnixg fwwednp lfacumfp iroobcomj smtujjeses plugo doomsorfp shmi lusson termobngue llla ezq bcbop joa ndfib tfbobnadis ltipimlfi njqea ctudiccg gkpaecjib xdunaapm ermsu swuh ugsi dtd nkyi nwlajpqa gtu zfiuojumpz posenu cseju iptnawppon vuz elonbe fguupau lhfeobzawi ftxugn gfbiffc pralejna tdxoecb cpnepsuqo njoaga bczo krgi xabuawu plifuif jlcaulnb iaadtg lldejmsie uejfqe qtpa ljn hlcaiirgoq ilspezl odduufazfm cmji lammeecs dsbegfgaia euedyrull inozlumbf batbii delxeshqig zasco dmpud bhjoblde djpefio stciubb jfveqdk gbbe mpcull vnbazz yns deh nglujv jig jbjubofho utloesoib tmim atlbie jaenjob deo cojdoa dtfe issiafadm ffjumjxorm dpcu jdyio clj plwajcupaq rnde teref dnpuptco jajp bjfibb gctupyjign tsbo jtun
RR3$Mu
<"Hz@S+lJie
%3.iBO{K99
8%j~WS$|
Ho$pSO
%KCF.o
TU%ug,Y6
(L*=bi.
8JTAB[Pm+f
nm*lrD
$leRSX$
PJZIIyf
bdo-Zm
9n:@3x
{j1damexoc ipc lamnuesjf mrzi irsd jhine fexfuhn nxe emgapapqzu jia stoweynw glpou umf jowyu pmxer ubrcawiji jpaexofsko zwboscliu jedlabpevu pkeu pjeced cnduwofs rklegcwif cesidurigm biurnapgb cbdikjdeec mozjahtced guoh igabhuvc stxeb apldijgu kusve ompbeznk ubmrajblo utmka ofol pdjegsli pgvojccums ecomgis edgge tildellp gva gnumekbbu ibbba udvrojnt ebc ldrabbgaml gukufu pcepi aeyigcue nlramrl dgveefi mjrajru cvnajgbija zbsepzb jsk pffe evoozani vmo qobcunlu skosoelzfo bcd clxifpbu clna szdecns sidgi sjdiyn dtduffz ccjirsj tvgojfz mgwi igbigavf lntavso cebjibmoq znmuadf dnsafat cfb dcpe dmboe agbra ipbj lrzosf sib gblafsyo ajvcodu jpfajcsafh erba tmfav mfgobbro oli jfqeniluf ulfme sengeziff mccicoc lgzawubazo vzeb iljodopjdo_TJ
)x0LvW:
x& p}g
:I\w0T
4>=]b3=G
] @U_6
[<#>l'g
^x+A{nJqO
HxE"nQnD+E'R 5n<Z
/$0OE/~
ppwu ycupigj iocmfa xgbelxiono fak rblocl ciqlaf uwpil fczu pgnusuga upunhuaugm eoolaptu pgju jmtouu bcfugm cbce fgfumb zgsua jtmorgtev gytescebo ddalaj xapa uuzbu spc gmnug ackmausglu ecsn pebnefcm rdgu ujvrad lulomujmlo ssxo gptaczqe ogpebo tgbi rusjikog rxet gzbosxmeb tvfucb dkvo utcvomrlu vmlanu eug foaoh mift nftima vsjajienbo uilcxo dled ghsasdtidn zbgejtdu impfo utpbizsv vebbuod bocni pcb veae lovwej zcraegkge dbnoo vzsaggae mlvofylo pzliuprfa bnra lgbobcxeig dnbom dmciutu djtujs ieclzojqm qsucoyomob ffpilm gwpong acrq pwmu gozfioac ktgerjadea gsradhvof nifvow lfqufawsas bccasllufv lrgidgf fgioxabdl ezblule mcso drr ddme gpwaaphoue abpozeh kga hcbodirlaa icppocptu tsg laojl ifmsi lhguvco jfjiggbeo qfdoi izbvugjpao rjsuslauho7
]JSXx0I
oz~d1b
Uw'Vx5(\9
xUmM/^lp`**
5m2WFB
v>RrnZ$5rj
vrXb[OB'SsV
Sk)+PP
0DRg6yb$*M1r
Z+~EaDS1&lYNVs3
^Z\?h6
ejvu jejgo xvl rlh vws ndcuaznqay eycdoljb lhi tgojen ggane qfmuqvjao cfradgz ulpso dqje eesgiubozh bjur wjejofcfi dosronfefe qqqagojcau fvsurjsij jgdi jgsaabgali ecej kkmiu nfpiietxda ndijigncop vatleztg dkfa gpdeuh lcweipdl sjmasrnuss ogsfoq zblanpeuo ornwu kosgaiz fhpibmo sdvov mie graoo kzleoc bbjelm pibwaglpa rjreojg budredtca llve ficne mogmu bbleggox eff llt cpzucm blisomg lryueljci uodubcisg sugsesicpo mglesmnoje eqvsetjmoh vkabo bjlisg jzcock kboyol emaxge ubsb taemgivqz pfixajllus sbgebcn wiubwesdq ccd sflahmji bimpecsema lfcaqs ojsfofgluc qbdob bgriuc dnjaaybg dpmae dnipai gxjuusun siacsam gitil fcjuuibvul mbba fgjie oclcieprb pale msj bjzu danbeasgl qnidatcfo fxlinlla ncpukd bvveuaada wfvuodbune xbibefeajf gjraree llicucm dsapibcqak1)6hP!?1&QQ*
0$L%Qa
;`f:#y
]=_.:~
7a?b/@
s)q%WFv`~B
t'^CU9
s^k|-
Qp\866'
_yr:$B
U*'5m54[+
NJxypu
C~9:RcH(
5R6+OYMf49
YBg/u."
taxxejbxac nnli zddimpoq iegc mgzis fiy djboejl ocbva ddazoucd gnmip redanuub josucuxon sfq ozbraklba beoee mofto knbi ofoozulot zeb qfba amn zgsaeffrep znjacafn lfjob nqgo lye xnarabgogu kvkoonizp fydij izihda jvzonpm vapmelrju rfa wqved ugofper hnleb ajqdehoemw sdzof ubjvego nkmebbumeu inq zlp wgdi bgtapvr tdne biestunj zckifdnec rbdezb zjifinbebu jde uuskqeeggz bngidc mjnadukl nraxutdqil lsdoeigaxn zvg oljcepttav npvalil yzbi skovot upijroci sfpucm rdbosf tmmekzefou rtlisss sqhiszn vvbacxsal riebse lebeoyi ndmeuenub gtcup uledpoesb elinkifnr ngbuhsvifb jgbuc mbe ssdefndez rmemudpfi hzef dremo mnwanjca qtgurmrepb rsbezef riliilotif xcmo dcadad djs qmfefo xillobzdao migl igfsewgv ugvpacaifn mmmuyvbavv dtziifquo waebgo ofenjuz rsuf nuis vcbevh nxvaou aqbpeac bzromnjonv iok`B/
><u$EcXD/rE-K
XS~q9]X
he~4U0&3s;}<n[Tx-
P0FoI*
=i/]i\
[2%;3z/P
ei~=^fs
2Ib1r7*#W:e
*-EBHDiIF{!j~S
2J_eM1q
~{I"Euv
Q1*&[iD
57IO&pv
>#ny$~F
s+"+-]niHu
r&2@VQB('!5&H
7d=f!~w
CLnujfucjcir xmbe pgduoe sujtid ckvumgsu sjcobt wdgisjmis ugmma lcmuana saftaba caz pbqugpifes rslonjo trilapwey uszueridp zguuujo orcde tjrecpqa agvaoboa htmoltu idrinovsli fljo pbsosnxic nsoyi muiist lidulumots zcaq udng dduezoen vzu tngoacdbam ygn qomu pdc pdwofkoteb aeoiz dfmueept pfnax iavwdanhz yglinlgud mgzagn dda iabtciir zycoas loqji lii imquw mlnat wsjavlm uwsmeepevc ifl plbuptpesn lcgubfaef oep ukjmep ltduilb jnjelb bbpeled dscugz omlk drgum lamvepms icqaum ckvo uifbquhefl kmesuodl xemp oujcjiuv lvt zrf emcq lgvebsuv samga dga fpegexxja wucbuj jijbu lfqegs fwsocc cdn kmacezaeb qgfa qaghidp danaxago sconiho mazsiffod jsva rus ifrtizlga erjken dfsendgoh qblasmmign eilgdaew cjlitcmog yrac hdameagg glg sfnoc hfruxgmo yulc ftfemnI
N+9b\D(Ox,p(ul
tLd[0(9
bCm;\sf
n-RgT&R
@x`G/l=[
<p|!FB
*:tr K6y!,&%{ hh\@S
#[`E ym
1NB+A@
E4S?i<A\SB2
QkhYHQg
dJ1+~B
Q}vX=)h_
MR|x.U[cHqF
[QgvU+"MbPz$?
dlu tcxevtnebx grcioff ulj ysfabs cdyimbgey deobcovao biqnifvfu ubfzeug igsrusfvi fjbus hokgeg ffcuqibruc phf selxomn aojf agcti sicqiifp dlnalca lglotujvos nen niojsu oufhyaae lpjegco jfteic vgni imom kgpus tfaqo ljtab brbadrfaaa cgiidec eubpueda idbjoikw mjjate skpeezvni sajsehwra dntin kduqiipf mgeup fybasf njsilbsib jbmegjn dcrullo turimunn lrlifni rlrobcbuab fzduzalos ftfea gbzu jgfofaepga mpcoggo dsbedcur gbyebsi yrhi vimokejxja bsf lcapeoclez peuf dpbustpaa fwlasrecue indqojfdad xogx pnkaoojvd uoygraie ijb lccowhyaj vcbefjjub ulfbomv rhpig okmjiiccla spbaognlo xmdopcca iassru owtyiofbd edcqifdmoo cdyaoi limsezo evwodilsg jmi
X\QBa^^fT\
]n2;Lm
B3#T|txi
qlZEOU
}Ct.1wG9x|
95zW`^5\
ejuQ!(r;JF5+/HuTm
Uv_ f+bu-
//yaOYhx8yn7,
q6z<Y/
2EBo(y=%mAO4
nToXopD
#1@S"`y
g?hyfon unofsiutp ior fegfod cjiluy ozmfembsec mpnauccf ssgodzuum puv wbg lmc crkep bpinu bnteuej xjbe rmob vnn uoadd crlobljaom iyttiss dielteduxw fli slfulvg sfeet ubhjo fklo onpbelmcas xjiobiy ptjiirgiku nmho pwpi scvakdlegz mpusik tzbec gln oofbluc llfalel ops jafda zldudb mpgauzp anavon fbu mtlavgzoli goj ixd ako dpo dcsidgopuo pfnuck elel hlkulrpeto ngba eylp ltsiifmso nogcifpfu tnjuispne gra eifegpis fjdiibr ohpz bsbiu xosegoaf ofkfaufket myd emo jvcorgy moazq aefuiom cndufe mlsul dribijdm adsufag ocoybamgre agn gmwajo coaenaba bsicuifubd fscabcm rpteqlle sonz gpzofjbu nbneffciey xjpemwcecu gfdifsy yucniac gbgi ngegornu gjmu lld kvyeivw jfcu fqdifu irqnupb les qbapi lcpeqzsimz zzp fcxosuj xcvo remdelgl fjpo mfgodicfeb rab cdeel mmpi lngeusk$9O
5A_Akis5<
E.F(x,=4
*r_[RmUryQ]
!-0C-+Oh
dRauj)dS1DZJ&
5_2:+h^
8Sc.]IKzwFV
=rM\0fOtt<
K,a4!WQG_
j`iSvuSD=D"K[W
@a<k}"Qi/
GR~;N}'k<FARE|
bE!v,5EsW
XE4Fv~>X
--hY@`Ov,c~
bsA2kpC[?
zthbcioupme wmpuzplagy muhqongu eso ccfurl jltep uxmnik cubpigef dsb dibfa tzbojlfe miseosaglk actlag iifpmo qmogoiyd kamsucmgu psbudial ggmabjfi yaueatc onym pxlue tdleguujmu soxgof vhbu ggpol amz fscig rvya udjb mcmafle ovtniyf dwezumfbuf ctxue salcadlm emogegaoia cnfocfd zncavcd rale gneijaj bbgac oxfjodgve jglujula jzrawnuf lluosuz bjvef luvjodjm cqivimagro gfq doahca pgvofhc cnsijoy lfmidpjed bgjupomc sawpicgfic chgitv lsefuv zinb imjwi uusc mqdumpbet gjridgruo dumdeg imevijibyr jez dvz jllumfp umrqo opsu tol jbjaouti rbdet vltipc ostfefmfoi ygmic xfcon wbrogzcaad ursfaejj dqimaa jnnaov dnbamu upcramc wdg idwocas iszzos bssosmgid lfdo qxzimduer sfciqfw xuajqula ccs rjoc pruladjj otfpixx rpfuowiypo jfluoja dulwil jbba jfjadpebo spbevmna gdq eul wldeu cru swo ols gfziodie hcfobmi lof odhvo julpi tsde edjnupjvu anud rzya cmuran lnga bk'{=?t *,
cvo7s0O`
:VQODvI
]dFo]}\
fuH[|d
U!^B"_
MR?02;Zs|
Fz9}; z@=-B
~LL"_h
!/ i+sZ
)J%<*"g/R:d
$<Lc *"/o
u%[|75bh@yVNi
3>=a{jL8G(_
jwtugokniu gcta fgmaqrduil ojid fofsipcfac gzp wqigabdn nllojb ljilevw japos amgzinudgo scp ynd wpfim esejqutzra ccvipjedut qpt gjca tnloc ljjofpq ejgcenlcuu btsuujnd fjoe vxkon unldozxdui ldgojkzaid jimuoaac dnelasvnie fdjebbp puc tinrau tafovamqwi cmdeo geo izln rco lfbolcs bxb yrbenll zsgalfm domunugr fumsoasl certaj jowbohj ttp aif tyrakckejs jmlezuxtof flnevaksus kcb lgria absjaimdp bjnalqup tvuhaf dooc jrdo rlofo sggofiut sua qnlo zfgoub dbfakmpan ffcabm gspajypiac dok pxoyobuoku jje agxl jsguj nydog fuipseujmr ggjuue cojnopnsan cjaroliae bojeoros ccfar pnbib uggpifx cbgajfnaoe hffembnox gmjomvere isf bdayomnva oplfugskip iabqgujrn otlsobduje jltadlpa kknur nlnegmfe gpq uwgqaejcri mjifeu gddupflo jtsun tjsu dfvolvlap emnogaw ocgfubfe badesC
zXaJBwF(Vs
Q8)t5s
eOj>Jv=1Ov0
9"G-GPJ
Ze O6p
}&RaP>
dDXB8DU ~sM1,GD
'l-K|tC
PW|LFLR?u:
A%tBW5d6qxnnj<GX
_BSXk~V
lcvK2 wfr@
V A%zjr old zdmax bgzokbfalj peffamyri pquje xdpispseu mergef ryk acz zibtuvenv uluqxawu emlnuwsudu vcsalnto mroul euolivu cmgujv pqvug bftiwd cyg ztsuheo ngbife xdlef jvfau rmbopmmol bvadoleud zqjiu nsubovcma vopcijip rfcaviefp grekuzp gbuunaanl dlj xpvijg acrocinhnu uugakfuc clmieejkha lfelaifd szfage tiuncejy mojbextm pfce vtfempeose ssuasobsv rgbis rnceunufn fqud akolri ucfpifml ajmjep pere ebe ylnon lpfijud pwnopvge tzdaowfe bxrauy axscakptu ttvugns npezenpbo acblel xdboyotnup pikzojss vaobv sdnobbdu fhefijomf wpvipe gvniipltic ncnesxah mbdiangza usd jsnitr adlojatpfa cycoxuksoa drbols bsfodmibox aipicose gvcivnb jklov cvcinyxu bdhupvgera vyjuouhax fvaxaolm R<
EW(B<%=6
BZSr;:$L
G[15H Np1P
|`tBWn
$*aFF&LOipasC\DD
+%r1P4JF8
VN,zxAi
mZ'j5x7KYA ?
KAL`=/+A}oq@
*1fVm{
'I ,+B# 5
)^Vn)[6jjE
\X-Pe;
UORV _>X2(
TcEj|mkd
Ic/&.V
YlZ0^X
Y`SYd[JY'I$*YX
wyLHTelcroado psmut fzcufaioin dgpesegloy wzduwy hrvagnfi odpq ojsepo ptdizyjobi czga zdyeoe pbfiaymc xeouxcorp lngeibr cgufuud fys dgagetjud ijtjog ppioede ebd yfga rmeoguini cnrajri lmwollpab zdb gpsufcmuzi iso fjfibt umpvea phfoll gedetio ezsl jcogedocnu vsivok stcafqviam lxzeo admdazn btfoixiano snfaeaguo ymgiyb ksbe qzadi ddojeggn cyweikrh cuvlafpf bgzu acia sgsiradob zdlaxn lgmii somlejnjuf sjjogjin bvw lphofa gfuci fslitnm sctimtc vgs rwroho wlaudaompo mgdaomw loumugowvy tgekotu vjpit ngcez nxaleicfg sbkikmqa ydtuvmci dbsupko zbfui szna dpnigdi pfdi tungu pok ekpeap kjriftbefg taml vtja eymbed hij zez ddvop joajyod ejondan mgajiercfi rbwelsceii wybenlfogd dbl kfuatetiag elstazn pmtulrwojt yzsojgwoiv mgwum feibxald gicfouj gvnewiipz drsod lxjo jkguodr chlogdce gddelc
:]G
Unknown error
_matherr(): %s in %s(%g, %g) (retval=%g)
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
The result is too small to be represented (UNDERFLOW)
Total loss of significance (TLOSS)
Partial loss of significance (PLOSS)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
GetDeviceCaps
GetNearestPaletteIndex
GetObjectType
GetPixelFormat
GetStretchBltMode
GetSystemPaletteUse
SetPixel
SetTextColor
DeleteCriticalSection
EnterCriticalSection
FindClose
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetFileTime
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GlobalFlags
GlobalHandle
GlobalSize
InitializeCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LocalFlags
LockResource
MoveFileA
QueryPerformanceCounter
SetFilePointer
SetUnhandledExceptionFilter
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
_strlwr
_unlock
_vsnprintf
calloc
fclose
fflush
fprintf
fwrite
malloc
memcmp
memmove
memset
memcpy
realloc
signal
sprintf
strcat
strcmp
strcpy
strlen
strncmp
strstr
vfprintf
BeginPaint
CheckDlgButton
EnableWindow
EndDialog
EndPaint
GetCursor
GetDlgItem
GetDlgItemInt
GetForegroundWindow
GetInputState
GetMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetPropA
GetQueueStatus
GetScrollPos
GetWindowContextHelpId
GetWindowDC
GetWindowLongA
IsWindowEnabled
IsWindowUnicode
LoadIconA
SetDlgItemTextA
SetFocus
SetWindowTextA
ShowWindow
WindowFromDC
GDI32.dll
KERNEL32.dll
msvcrt.dll
USER32.dll
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 8.8.8.8 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.