SmartHawk

1.3

低危

58 个模型检测该样本为恶意！

重新分析

下载样本

1a13b67186b8bab9e54e31c632027bccd9636af8c51091a4cf5543888d2ace41

1a13b67186b8bab9e54e31c632027bccd9636af8c51091a4cf5543888d2ace41.exe

分析耗时

196s

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.12	Unknown	0.07s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.03s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.74	Unknown	0.23s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	Backdoor:Win32/Tofsee.3f142289	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200908	18.4.3895.0
Baidu	Win32.Trojan.Kryptik.rb	20190318	1.0.0.2
CrowdStrike	win/malicious_confidence_100% (W)	20190702	1.0
Kingsoft	None	20200908	2013.8.14.323
McAfee	GenericRXDC-WQ!16575750ED0B	20200908	6.0.6.653
Tencent	Malware.Win32.Gencirc.10bab4ed	20200908	1.0.0.1

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2015-06-11 15:05:41

PE Imphash

d50d4ba4558cc8345b7086fb12584c9c

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.	0x00001000	0x0000bf50	0x0000c000	5.63379330903638
.	0x0000d000	0x000138d0	0x00013a00	7.973517591473164
.	0x00021000	0x00000a31	0x00000c00	5.396645538582122
.	0x00022000	0x000006a0	0x00e9b800	0.16237330596960717

Resources

Name	Offset	Size	Language	Sub-language	File type
TRAE	0x000223a0	0x00000300	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
TRAE	0x000223a0	0x00000300	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library ctl3d32.dll:

• 0x40d004 Ctl3dUnregister

• 0x40d008 Ctl3dEnabled

• 0x40d00c Ctl3dCtlColor

• 0x40d010 Ctl3dGetVer

• 0x40d014 Ctl3dRegister

Library cryptdll.dll:

• 0x40d01c CDLocateRng

• 0x40d020 CDBuildVect

• 0x40d024 MD5Update

Library user32.dll:

• 0x40d02c LoadBitmapW

• 0x40d030 MessageBoxW

• 0x40d034 GetMessageA

• 0x40d038 CharToOemW

• 0x40d03c DialogBoxParamA

• 0x40d040 LoadCursorA

• 0x40d044 LoadMenuW

• 0x40d048 IsDialogMessageA

• 0x40d04c IsCharUpperW

• 0x40d050 DispatchMessageA

• 0x40d054 CreateWindowExA

• 0x40d058 SetFocus

• 0x40d05c PeekMessageA

• 0x40d060 GetClassLongW

• 0x40d064 InsertMenuW

Library shlwapi.dll:

• 0x40d06c UrlIsA

• 0x40d070 PathIsRootA

• 0x40d074 UrlEscapeA

• 0x40d078 UrlUnescapeA

• 0x40d07c UrlCanonicalizeA

• 0x40d080 UrlCombineA

• 0x40d084 PathCommonPrefixA

• 0x40d088 PathCompactPathA

• 0x40d08c UrlGetLocationA

• 0x40d090 UrlGetPartA

• 0x40d094 UrlHashA

• 0x40d098 UrlCreateFromPathA

• 0x40d09c UrlIsNoHistoryA

Library kernel32.dll:

• 0x40d0a4 GetProcAddress

• 0x40d0a8 lstrcmp

• 0x40d0ac IsBadStringPtrW

• 0x40d0b0 CreateMailslotA

• 0x40d0b4 FindNextFileA

• 0x40d0b8 SetErrorMode

• 0x40d0bc GetStringTypeA

• 0x40d0c0 GetVersion

• 0x40d0c4 SetFileTime

• 0x40d0c8 GetModuleHandleA

• 0x40d0cc WaitForSingleObjectEx

• 0x40d0d0 LoadLibraryW

• 0x40d0d4 CreateSemaphoreA

• 0x40d0d8 GetCommandLineW

Library user32.dll:

• 0x40d0e0 GetFocus

• 0x40d0e4 GetPropA

• 0x40d0e8 PeekMessageA

• 0x40d0ec LoadMenuW

• 0x40d0f0 IsDialogMessageW

• 0x40d0f4 LoadImageA

• 0x40d0f8 LoadCursorA

• 0x40d0fc DialogBoxParamW

• 0x40d100 DispatchMessageA

• 0x40d104 LoadIconA

• 0x40d108 ShowWindow

• 0x40d10c IsCharLowerW

L!This program cannot be run in DOS mode.
5A!dV@
A-!dP@
A-!dP@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
5A!dV@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
=A!dW@
5A!dV@
5A!dV@
A-!dP@
5A!dV@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
5A!dV@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
=A!dW@
5A!dV@
A-!dP@
=A!dW@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
5A!dV@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
G=!!dW@
=A!dW@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
5A!dV@
A-!dP@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
A-!dP@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
A-!dP@
A-!dP@
=A!dW@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
A-!dP@
5A!dV@
A-!dP@
=A!dW@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
=A!dW@
5A!dV@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
A-!dP@
A-!dP@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
A-!dP@
A-!dP@
=A!dW@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
A-!dP@
A-!dP@
5A!dV@
=A!dW@
=A!dW@
5A!dV@
=A!dW@
=A!dW@
A-!dP@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
=A!dW@
A-!dP@
A-!dP@
=A!dW@
5A!dV@
=A!dW@
A-!dP@
5A!dV@
A-!dP@
=A!dW@
A-!dP@
5A!dV@
=A!dW@
A-!dP@
^P_[u&;W
[)jX!S
=A!dW@
=A!dW@
=A!dW@
5A!dV@
5A!dV@
A-!dP@
A-!dP@
=A!dW@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
=A!dW@
5A!dV@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
=A!dW@
5A!dV@
A-!dP@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
5A!dV@
5A!dV@
A-!dP@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
A-!dP@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
=A!dW@
=A!dW@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
A-!dP@
=A!dW@
=A!dW@
5A!dV@
5A!dV@
=A!dW@
=A!dW@
5A!dV@
5A!dV@
5A!dV@
5A!dV@
=A!dW@
A-!dP@
A-!dP@
A-!dP@
A-!dP@
A-!dP@
A-!dP@
5A!dV@
=A!dW@
5A!dV@
Ctl3dCtlColor
Ctl3dEnabled
Ctl3dUnregister
Ctl3dGetVer
Ctl3dRegister
ctl3d32.dll
CDBuildVect
MD5Update
CDLocateRng
cryptdll.dll
InsertMenuW
DispatchMessageA
SetFocus
DialogBoxParamA
IsCharUpperW
GetClassLongW
CharToOemW
MessageBoxW
GetMessageA
LoadBitmapW
PeekMessageA
CreateWindowExA
LoadMenuW
IsDialogMessageA
LoadCursorA
user32.dll
UrlHashA
PathCommonPrefixA
UrlGetLocationA
PathIsRootA
PathCompactPathA
UrlCanonicalizeA
UrlCombineA
UrlIsA
UrlEscapeA
UrlUnescapeA
UrlCreateFromPathA
UrlGetPartA
UrlIsNoHistoryA
shlwapi.dll
LoadLibraryW
GetVersion
GetStringTypeA
FindNextFileA
lstrcmp
CreateMailslotA
GetProcAddress
GetCommandLineW
SetFileTime
CreateSemaphoreA
GetModuleHandleA
WaitForSingleObjectEx
SetErrorMode
IsBadStringPtrW
kernel32.dll
IsDialogMessageW
LoadIconA
DispatchMessageA
ShowWindow
IsCharLowerW
GetPropA
DialogBoxParamW
PeekMessageA
LoadMenuW
LoadImageA
GetFocus
LoadCursorA
user32.dll
;2|I}993>
RoW;pm:w^}x
~g8:,lA#
AloZ.u
r;1yRK1
jX1vjX1VjO1bNP1bNP1bNP1bN1
KYJKVx
6U<K,|<g~vBU7D
vQ?4n$
!L+I;2
[lji-bv+{
58QAzp_
Ex+~q{L0O
 a6 ;K
-)9DQ;
P&#Ub@`#7ROM
}^G5`v
dR@CIN
^V:ll^x
 Q6kl:
8X"9jc0<H
"Ukv]o
Ya)%R`
085(zx
<BOBAe
/TM!rV
b2r2#m1
BSA+?r
"DsAT,g
t[WvZec
wlC^zBcV{3WM
Uhe)CW~v[?s1
=];PE7$_s7
~.vc+E]
:/*aE@_8A^
M8jzbH
.6&w.2
J5eycUh
iMH/0qbp
ZV;=T{0q
epTm@:/
@J/lnb/|n
dpeKyH8{
%k*y>
%+m=Jx
>F@:Xqlxj
.C6B~v>
k'/Qj)
yu[p224
3I'" }^J^
obh\B}D9
n</Pz;Mjw
rl.qW1k
'8f$-$P
F$:tC!$Az
.3UJjJsMLf[
SkE/Youh3{}qtTf
 ?qPBO^S
sOrF7Y
}Nxw{`|
]siRA5
jeI*f=jc
""O8^l8`
I'oANP
<89I%.
{Ic1+W~^ek5n1ttj
R,+%3 
eJOHES<vJZ
-K/b?Bepp
1Y3</H/
`Qh< ie&A
k3Op!/V0g
hrv"`*
fLpRx
e_eV^e
o&m[@&&OK
H,vi^d15]kD
(m]pKn!DF-f
+`Ama"of]:
f2L*nou:|O
q>n_/}O
h`SZN`]
fM^8Jl8
22QHRrC
1u9`?:
D}3-8y
jAA:tLO5z
uyc uCQ[:U*HkYm
a'lyc]g))U#|n\N
] >oefm
1O&DjeG9
5)}:tQ6
UIVy(#
LJ8-&^oh^yz 0a&$E
U#mgeI
bwY@y;
%{$m3$}
-iNrL,
JM$xsS 
06eb.bZ
jR<gbdV@}
Z}5-h-eF[
Q;Aa`#
EvAQL1
4IZjJ?XC0b&
"o7]<@}i
?\:0q_o&m%1~3w
NvJ0bQ"rk
%|ac{NJq
=mRIA2)n
$\jVd'>}
/= IbLm~,uCyZgr@
I/5L]~~f&MgN}
5$OP.P}/Apa"zlTi,}g
dfIls,r
P{0NH7
ru(`V8
Q*-!8@e}
F|\|lM);f
C9xN\]
M7|L}$
0+}y?/`u
r:Y_I"
TcRxg+r7>l
~PgV9g5[i
lMDnD3@
v[{$6NEa_Aw
9JfvJ+
WG"w2org2(xWT
Xg>V01
4ekE:l&
q?K@2Y
v8"}M~;3&E
X{vg;p4Mc;t{p\]
!KK1kypCI
Q[OMfD
Sv`H'@ 2,H#/
jGQr}g2,9Efx1L TC9
7E#v7Z+
+gSI"B
KS63ya
oCvi4C^
X:j?HWz
LNZ'ukfF
edGVTj}=f+GlkUPY
y3_RNd:
<0_pF>^?
GYytPH:q
B6>&sS:0#s`
?S%{vNPLG
uL0G7M
k%[Ydx
1=xy$hW
B\"p B6vg_
!@ga<.>UCz~
GC[x[R
5joD+`~egT
(j*!cBj
C"G1in
(Cf)mvf
P?T4fOT
G`[.r/c
Fi+k:)$~
QzJ@V
e&oyr6
)D<2kg7$Bw{
6T[U@o
`.#\l\im6
,X#Q1m
Yb/WF]tut[
_[Z78k9H%lzdb*7
#'sey 
X<77@<
6WMwN+hE
t']--U
NEm%dd[n6.b
"pmE.v
Mf+}ST*~!
gj'-}c
-^h^dS_zG1K
#aZ>Z6iM
`MOWjC|*
 J$?XF`3"v
@-jf`>.
;YQXk%`
kIuKce)eVA'
,#y,JxE
|BY.i#q;s
JQIj`di
RZpZRNJM:
Vl5`)2
]kW+`@0$
"W@(cw
!F9%H
NZ;],{:F
Fg*_PUk~
co9&PD
\+zT-eWT
Eu8A@*
qX?_Oe(m&'
/G0L.L
H]]V)5}'
A+K<Qq
NjGhyu
}cag~:
U:d01g\
Gd,:C;-{m=|,0%f
 Nmfm7NT
GT+UYpy\
5pTM[#
@hrMKETgv1#l'P^
EWupN-
B'G'*D
sYA7m{_cm<
E]e%Z|0d
-08xj/
Rb+Ya:<I6O._
yEWUQ=
MO%p#~
W^QWO.v
0U}2Lt
g2P2!V
bgpKnq@a
iK%v;c
}8 _VwD
FO6}_Bh
%(_[MivLu2(2A
.,E%~ 4A0u
gF#$$O
tdhB}/+d;-&
^M qk 
:jG0o"zi_
~w(!EH>
X>f)\l
xGxpn/{JgzT<ewz
tfrU[T
Pxj{)`
x*c>4R7
P)`iOyiCyduVPy`<P`Us":;Q{Pr%l'
Es}eAr
94P#zt@
+=$B%"G13
57g9sqZ[Z)6
z^X0g5
OTjJ;5
aK8:&@H
]SVMY0o>d 
?aJ`U`7:yP
X40jLwx
Dix [H"
OeW,,!q>
W"*B)vn4z)jM;
6DC5tyo~6m"
e\z@xz
"q\@Xt=#0W
! `}<XChi
~F2^f,m
\|{vPM<
mL"NbO,iS$e
!'wPYct[
ng`qQ!H
"lW4BD<
,=2Fq+
%&Sjc7
n9mVK!^
!s/`\Vu
SFkDQ!r
,Z7/RtP
}q(aJU(99
YnGpX:
|EC6~.mGmj
.oY>xe
F:7{.}=
uokX]>vU|Z%$<D8
\"xUO/
puX.'v
~m';_f
0p/C22
PH<\/|4
"qft%IW5/
YY\"&P|{Jr&_
%Tr+-d8Tw/#=W
ho.kbG
M?L<~nrZ]rpI>
\5iE:>c
tOoy*o
5kIYb@,Q
Jop{.164O1
=RJScd
Uf:$T7~}*Z
&g~!-s
g{2B/PI
t\*9e[
;0I*G6
jI"d2z(Q
Z?U\'9m
k/u,Fkk[
o^aD t(T;F
]<7w>o
L~ ~X:zW
Y:nq"i2'~
P(;iS$/?,*
S]i?YVO^W
Z@Gw+#
pE85ac
NC>Tc}
]&e 9b]K
,+M],
dpRa,ycOw
nbqum !
{n$=@C4o
l3*_6I
La]3$cJj
//nW$dM
~Utvw}\a7Mo#)'g44
"88jPy
=y'5tM
P8%kNRoV
>UHF]0Wx9P
'zE7\pb'Y%
-@`{X!BEp\|@
^2)};V
b2!_~BAM
zX9+[rC
qc@>x1xJeJX;
9}f6nyM2u:
`fHR'FYD
"L]h!e
jb',J1~*
5emuUiZcUQH
zLAS!a
u-Eb8&{
k&YgdsAH9J
;c(?,'
Mz{lJmK-
Cfn]$yLOXT}
%?&J3rdi7VvM
I)?h6
_A2qR'H
WzSe;39)
ldZS~)O#0};.Tf_f7Y@$tY[)}f.e
VWL,a=m6
E%Rl<=
5qv'cR
zXzU Tgap{
BFv<nU
i_M|m(Yl
Xq[P=5dV(hrun3Sy($?
#N8^O'V{
,)<< mK
{3V?y0
tc&{.5{"D
<_mmpDVW
qNB[`q
LA-=x0
|+tB.c
e|\MN#?"
&dS}x>
RzW;kz{D
vSw2G-^r
gj'iX;DsAAgL2Xp
85+x3U"NFF#BS}X
>Pe.2d
/r-\}nnJe
mi)zKidc
a#H"%I?
gq]|y6PWe]SE
 ^);{x
f4C5('b1Jv-e
~1zp.ZbI#*
r[ZPOLrb
Dd%K ~(
;}wO!SE
B+'akk
8tm_Yg_
Mz'"J&x
OML`jBv>O|
dN>T-L|G5|
NFG8snGZ[0xj
OLe8}#L
R >ag'!
P5_oO+M}RO
j?hPu!}MNa`
7Ll-+g.
l>Z@=Wxn~ygs}>d
Q_6S@H
bb?0g.
S@K2\u
lC|@Hf+Q$fC$V4df
7n"x+Ph`
&@qSY"q
3jrX}S
!N"+r+
u(j~o<t/
xX[n?[vu@5N
4izM#?z
.AR6cMX~
x;f"e,g_d
>]ZzH|Q
V+8z9/
X5GnODE
^m_g.[gdk?;^j5g
*C8|/
.VvWAE`
D;c"\%,
{hJxt`4O4DZ>Lh
\k6`vjU$*T
sK/Nh2
Z;??fW'O'
LXb!~d
@r_c^RJ)'
Scp`SJZbXhj`_|RZ
;Q46#xTJ:
ib.HooQ
Zd Q$DGJ
jpC}<X}
cZ.#^IxR9
MvnD/+
ndr%\Ig(z_H
=|\8DM
9E^X3_i9q2
|k)Y>s|)%p$>t5v$
pLG^t36dj
_c2#xS}
PoS=YZO
.JBtp6C6
@I2G7x
^{[5*
^y*x3;E2
`x==M
eK&$rRt(8>
\OiG(S";
t@ImE&
k*TweNC!M
-c<"F.w
Dwg`CBGfQCOG|
Me^c%A
AjizKG
 4Ss4f
b]B3V%
he7kJ*
#f 'GN|({;yBi^s&cL1;3$hI,;b
XY5YNt
`6]s;T
\tY$Mce%V
x/5clV
,nwm*j>
@<j?hHN
?R_g#\.er
MMM&&t
n|Kw`x
h*2F's
m+d&Kd
GsaAo$Eo
gR"G)c$"'$!98 jX&
o=. HK
h1vih@
2`kRP{
s9TlCXw
Jte$V_mW
b9q U O~i<4s$
%~A$f7|QazF
aM %@A:
g`*KB`
H>Azo]2DnvFg
y+/*;2k
bayK9=`!No
^#WQ~q
3|FR<Q+
=q;28}|G
HS53s0Z]Rh;4:
t?4`3`H)d_o!Wa6Owh6J=#x*w.6
FaKl|6f
/ Gm.:
%-#d:{sk5z
5o1ks
EE%{eG
YM.4oME
mBd{HVd
XZ(B`qO*
Ms{/`@$8
AFE2I)IOR
0>pc3?98A2
cQY"7V
AJSL~}Q
V:b &:Wh
/\@xPE
ZF.kAGcr
Q3ncru6K49
Rz{sSa9
>B|Tu1
]B"ak=pR*~@;
RI9Uh;I*
!L`1p8
`p#!.sa2P'si-Q
(7HWz
:Da/>{
rmy<r04hw
r@JQjSm}
)-xL9}V\
g:4HZ!zvBd
La~$2V>3
I(=,C=5q
&gyHf&Y2
E}@qw,
M},}}bkN
FYc%{Ujfqsu
8jdkVb$wX
^*K,d:
1q4hYUhx
?]7[U|EL2H}
U>xX9o^P
XQr~zCCy
kGIF5j
[pB #=
u2?_RHqa
RkGYVY
D@HrZ
Kr1YDf
&v#cBJ
1*p%E=)Tf 
Z]gho3sW\S?
CwWjtY
mw]^%P
%tbsPg>|AU
"(cBF"6^Qd
m2/<wu5
/Y-nHe~}
CbuzhM2
-M@8Ce~KWN!jVD710
QT7S;{:S }>VO
!|P%^t
e[0:xtb
o5^@Q;r$
4r[7=?qi)@
z-#zb8
9],K{T)N
T`}3<c
yZOn3kZ
mT`@q!
sow.p{#$*M
S;MzBpXK%jrmX3f2|
zu3K<r9A33
k|z"sPIb
rKt\z_sK8A
_KMrR4[3
 R$^g+;Li
]/mbOM6Q
)_M#G2%
$^eFado"G
&'\2iz&
Q@RPf7
t~<uCRRn=f
.MP5`lT}n
wE6#NxE
nE-vF1J
=~i:ezxWFzQ
Xs.v|c9~yTL
hm?~6N~
{j|ln#p
6UM1=O
,ss# A8
B[Ti*]
~?Qf'n
bKM3~I&
Sf|P%J"d`[>
SjI+2I
CQ2iF#
oSOF]t
VFEdvV
J4"4\(
TzcQ)#)!
HPn^P
Uaggr8D
]VU&t|[=Kd`%7T3g7<
aP&Y>K
(z\z6-89xK
i'{+NI
7rJ3=
g_* ;/At
kwk*yE
9VMge&
+Vz1'd;~=17k
fWeT-glpbGs3
OMz_^Stmv _|lm=25
>,aJ7>
K*#m\d,v
-P3=l"O-
2a#f?P
;:yl@^]
:dedNoP
uCseMex(H
c?U#gxv9JI,
34$Sez
7e9x",C
{#`&a+N
p:1R95
tTJF1R,
YRSyEktF;
"o[NAMy7]
7g#(["Z,wc>B
}5GO$'
g29r'91i
r+{A!B!s
sLi4Z[&<
aToSvjE
jvuGOy
dv|[i[i
(U,hyC(/af
x!N (q
`b@H!DuvN7#ev
pL-mv`Y7c
Fn&:2`u
$g;3r'`8Y
TcD~M:
Ofga-=%M]
]MdB` ;i
pBcqdC;Cz
|CG<`"b,
IIvPVTd
[wm6awp
hA<?}|s
ejC6OG
rBbYXfy
#d;6;q
"J1]fv'W`
+q*z1H
iS(vI/br5?vC:
qU7htR.ZlNPf
W7WX3,E0lEe*bQ}
~8jpGXfW
WYTqf;
m(tr*/yv5Xr_LmR3
MJ!e#9X
M{X?iQyQr
G!{j_>WuL#
6zoy&9;<
[K>tTXs
zzY'kR
}vzOnh
SRc~5%aeA
_S!_WU6
$`'eC:
:2d{|\N
l%MFieXf
B=*'S^j-:\ 
IxuWweW
&>w\|%b{Ex
 _,a 
7zPUv+ (xJK7
5D+95sm
j6c=Ew5)
u".,GM
`&t7n2Dvd^fN|
yy[.TI&h
(aYh`MMDn3f\rFo3Y2fc
!:z0*zn5N
`kjz+f}>b
<q1A`H"
{|4H=d%Gc
CW#%W`3
[815tq
C]Gb+OS
k(-`qy'D8taF cDydZZ 
f'3duDVj#?K46Prc
NQ.A]~o
T1Dft8\r7_*~
MVcx6y
B(Gb&_
2.lPp|cDP]
A0X8+,b
qE#N`7J#
)UghK~
6[46Cwd
ULs gj
]/;a_m7M[
.o5^1o+5
x:mb=_zv
?V7#e!WW
x4TJ4D
mo7o`q
>\j(SS
}e},<f&UDWY<kq
=:8L+i
}4/i)ndQ|~?e
h:aU O;@a
M15xpG
.W(eD.W;]S<
d,@QrA
RpH!-=)
@<^&e$L
~5nIbB}
Nu>Dgw&
()-(c\,c
E[]?hCbh*K- *I
k+.);IG
Uv7Cqzj#Jc
UC3Kuy i2
DnL}"+I
a)0/a%(dT:$
L0(,rh5{C
,[E7V;
\&a?"$b7in)uS&,ag&2
^iFw2/7_5V!P
I@v=S6i?[
BpC*B?
YjG>"rL
k7]$ru
'5aU5,$
rLpJFk*3,Z
Nh|Y:lX
/\u1R,xj
mZyNAx}[22xk
g2gfZ'nY&B
 {DCn0
m+INH#=
)3DBpld_
LJluhU
sXK>5j0
\h`oL!=
hMZ|NJcxOI|
q$kDYefhv
stNEMO
}[@?iU_T
B{/p}GkQ
@cFWNt0d<&
 yrV3bRrp
sc>,'G
s]ZE(i`8y
M&^a!D$7
r$jk}$es
e2BHU3*
r3[(*u&X4
OpQ3x=[M
E0mRZOY
br+,?r2o3
MlM#?0
AOdvPW
mx>Y2sW5!
WK:WxF
(p#1mo%P
r o9EU c Lwg6S=\b\
~m!L,x
q[rUgr
b6hw-([
ke`Kyx"# w<0
YG^G5t8~
d)'c;UTx)
[Ui+mAL
bw65vf86m`V
3.E-R$<
9Z,7n
Z\8kI&_+vQP?(H
|L~krLOrJX5h
l1hp3sHC
$8et5Gt%4VG/
H9EyZHDEr/
$]u.lm14=g
-H= `
{&\#LyZM<
ocPJ^=
l=&3PU-^\.
'))8d$-Wa:
HjFf<8!j
X/%k*K*30s=jL[O
qR#7wAtnM'qoyq2%kzyY
pc&BrwM
Of'|=G
Bb^Q$-
)#m0Hq|k*k
tp?#B5
59"kd@vX
&Mdwsz
uo4S11{X
(eFj0bo
JkQ/Ybe;C$lc
"*w  ;
S{9Ix(7C\e
VvonE/GGYS.{f"I'al&)P^|AU
jB"Q"cnI<&!`5
:vntGx\
=sibO=#p
$l}d8u$7}F
dK{y)*
;VdzH~sLWot
sOmiE1#O
}3FXX*iI
Jdj[EqD)Qua
"SNBmQIX
N8yz3!;6Qj
mTQ;A_
7173+I
l8<t}shKa|
ANQ`>PC!\
n^F;:)
ut[7@Z\EER]
p*\dYP(k9L
/F>vqvjs
kZ9kQ}
@2\OWoti.
7Di`K[!
]S7PM|
fEzWHZ6
'mz.!q%+5w16Q
B-kl{,o
8;,KKypD
dzO&>BgO
";-;[r-4j
{$0,Wq3spe
1)w|d,
"3"xBX\e~sH1J
{rBTs.FM%I
R-T@RU
0TX`khj%|
d}k|AR;O3
^~(25_At
F8HEV.J
}O4O~8lW
yar;2!x
[{pdL'
8a?! N
 afJ\ 
R:wdGqS92@
(RZz`h
),X"g!xFcQT
AY_]"G//Ss2
O~6=%4=
A>5@Ux
zFt*k3
=sB:{qt`Cla]{@S
|/6RN>}2f
k&(SY'dqQi?B-@ff
<}eNht
c_8q6M
`QK1._
H/mc4M
Bi{BOR
T3Ys9Y.@~Ke?U
Ggy[X%
"[[Ihxh9
"ILF{HmC
F}/zI%upz1b6b
p6.}<J}Fh
t_qI<t
y5_s8+8,T
4]U|3'u:m#H
4owuSCr
Bg`R}sN#kI*Ai
zUD-_;
T^BBt'o%
'gBUy6vW
W T><>@Shv
_v.iD/s;F
|SGGX"
Y,Bk=J
'&M0B?V
~d'L!L
C](l6/
3HeFv.
_B}ELI[
fOO22f:
qETY',.#w
dv}e,sk
9G@)wR|
[3v~!tc{/}[
b<MN0nS\
Kzf8uZ\Z)`\n
E^Hw3l
VF--O/
x)=!!4
a#faN)+x_2tL]
TGE<;{eG?"2s{ 
-uqlA-
x~Gu9H
BSc7aMA*
E~9)iKoX>U
va{ ij*
(leR$%qM?
HT?FyD
u4Wm=f
KZa4Is&"AS
K/?BqmQo
&7  /_-Ir|IOb{{SO
ZYK=>t
tPo\S0
BcpXja
,SZ:Db7up
#%t5ew3W
Bg:"_Om
x_,7tt
pft\f
 1ted3{
t::pcF`
1NKpND-
e=P9)}.&
2sp^33"41^S*W
^&2tkgc
Ze^Xh5q@t
fxM:|6\Nv!i2Yww2
1Ii@xr8oJ3
Xu7eXp3@aHM
{H8zIal
(FepY1
5FteU_Ag
z0}HXz
na:dy}!8
6[*mE:l
f9dpot
0##TU%yXhx
ZXQs`R!gKm!@
MwL|O9Yq
48{KI}@
0fZwn '`
@aGF&$
dQiIiZVb
.u2}Y>O
-d|xHQy|]ze}
i-xxBd4s!@
7g\-ve"
U8*Bu-v
tYt5YDT{Y
,6?m{}Tq
C9{-MI<18mI_3fqa*z
"[G+R:{:k@nI
qb&fW|
7^-#.+/or
=Bc/dL#
&rpAc?sr8ym.
&[]0m,\m>mV^lQ}N
G/0a[M
V4/du|V4
RP8\1"
FgIx!|J; ;.
}Z!Y~!
M`ggL$h
3`,umG
1p5`)R0D>
BUc(pv=3
mO;EG
J/B$xV'p
{BS=ln
`3FOat
cE!F 
d8nvoc4
C~dq?A_$@ve^X(&
j.+mI{d:(
i?<|N>EF
i}yEY_.-v
Ilpgx[]"h
U)_8nm
`o4!mQoUW
EFv$y$
bU(|q=
`(BAC[
lXB)q<yK!u@5tE7
bla?V(!F9{5X[It
'n+>-8
tvZ~yl
W&Cfzn
Len`&j4+
z I)Px#
nf1R\/2:jTcoIMsn-
I2?w-DZ
!m NxSYd"HWcB
>`K[)T
Ppj[#_
LmK~;Tc\Jfi
(V=Bt\ J
n/3.]5`*
r1-y@p)gGxyz9p1y
/JG 8G
n/ca{SU^Z
bsXz9T+
l&#@ewp
f=;*0|s*u0{{n8hTcf"gg5
ahtFQyo5z7z
K;Gf\%&
rj_E@q
?,`dgY
U!1m;-
m!]Y+A
s?,M~PJUxN
cuCi#rymG$I5~
dQ8%@'{
?+O.3PL
THV>Rs"
D$<1Yd,
jhv"Ey4WF*6lJYQ/k1M6kH
8ng]#
E{:;;4z\%/
^B|z\2
wO0%cAJED8vi8x{4&
BUs(=s!Ou
\f`j~;$z~
6U2gSa
qOAE{![Njc}hz=1Wp
[Z[Hh]
|[|%ISv`
UO<Nz-
)gUf}&ed:-IMd*o
Mg^oXkj+
(waE`JF+M
h0U8$ziP<
TJlf_zb!9
5 O?gHF#wonW,
B>\Z7N
oWfmeVU9
y{olIdzi'
-Z4kTbXu
ryYno /\
Gy|p1yrLAr8x3\Q
qbQYSf'uv
_;cuOR
27nvdzAQ
NOc2kh
fc0I+_
"^)-Oo
u%W{<:
~l?p~Tg
`7oFRvO7I:av
 PP8b`
r\O@JUO}
VBtQ80b4n/
?s!hhkGm
T{ 7)Wt9Y48U,
"YNc?v
3~Ds:R&=6
:N:qI*CW^|-^7
_z^=3L2(1s@
@{"CG~*M'gt5
w6~6S1
~\1L)#9\`]!}D
t%=e:]x|NK
l7_7m+
>U; zuW4
v[mB"QV)f
;mZhqb
!(op$ 1i
0Q%M+A
.*`yt 
.}.+o}f"r&M,
LYd)kf1>"b
-X2-&OD>
v&yo{\58
ZEiY[kbNp
*z1cmOm-7;
*GU4u:
a8#P;Q
I`@Z\|{
M.p&9wR@$<H
MZsQ"vJN,!
N!9T3S<GSL,U
5wgvty1u>u6
(8P{:c*LCklM7l
`?Os%3
ki})LRM
TcYVye
ySsx#wR
kuW&No
rMcDiLZ4C/"D3
qwL8to
@7}EJE\5z(
"QPp:da'4-qi
q8(qto,
5Ax8=<EFC-_Y H
OQh\C^/']ln&
!#j.//,0(Ijid
L-u0l!
FbNVUe
S}<HqH
}l=vF%
h\[uK"J
^_#jH#e]zK%~'sgk?
.Uum5O
4_mvwmm`_,'ax
]RV v_Un
@rIJt{1i
8yiis['
m4`ra=WIxC
^K.\^4h4)o_
2?G7'v
c%cEce
c%cEce
c%cEce
c%cEce
c/cUg>cgiWc
2cbmMcX!GceQ\cK/Zc
\Jc)T]c
KUc@nc
c!cs%:ccIcSYcC3icScI<fc/LVc#\
'cr/cic7
cUc<UdcLaTcE\1Dc5lCcw%cr#ca4cI}
c]; cG
c.+vc/c?cv5C)v!uGvQ_vMm
`>R%`R
`R+`R9`R
Tf`T@fT`fTfvN?|vNbUvg
\P\p-ll
OsjqXa
Rw"~*I9f
/,<e*N`9Q
OF5k=/1
c3wmch
#L'+$Qp
X{'!O\
-47KW
1I2N}
f)fh;):
id_lz)O
x6zppC
ke0c #
tF9xEN
id&k8mEX
E%p'VF<y()GPs)HLs* Iks+Jr,AK-
[=an\FE
N=Hp#1Dj[b%TS"o
l#ezR*.
fj|>/{Y[WifN]
V<v\0'W[[EZP#rQF9
QMnh!,r
]Rh$?|I
OJ\vVD'$
SjR/Wch=
Kc"7v?~Zs>@n
{1Z*`hk
rqh+iP
AkWw'w>0
RK~D_{
8?7_>m
\euBmT&
0\-qKVfBs
XyiM^ E
4CGby9me{9
T,VcV'
B"<vyR[
,|IQ-"
nxWQR!L
ibI"60
(:v;*;S`
@V+aLdj\
d* m]w
t~*5lWN
~cHattsvTl6E8z
PM~p0=8~
LH3uN=>>L4
~-;LlRKN+g!
,;a!5{@ge
st^M8/J#
/ J[.<
/EF)6?
G>v*a2cp
*tYpA gnw_2
q6EP%!Q0D
[VQbQA
UgnGFy3]
GTlR?R%@]jM5
3b1P3z
bOE5LFTI^G[' t
TLCNZV/
8MaW3PwN8C8)k
MiY3!YB
XK4>^"f:
<#R+4C*$4j
U5/cJlOR+!#Q`
s`jF0`G
>p!gp0Ul
zQWu|Is
5IUvA2,
BvRuiVzq!$K*l-}EZK
_eLvngBUn9w.M
bvBie^}
?-1{'|!
-Q2/q4
=+|4Hr<@}4Hr<\|4<D|4=d|4<z|4
<}4"<<|4p<
4l5~44
4<f4DLV4^D4hn4V%4D
4x,xu464D!
rr{TG!aI
5?b&}0
q*}WKR(
.x7H#y
Tk_;5gJ=%BO
qA?82X
qdQOCW
xybNN/x
9-\5&B:1
_txaT gx"Ly
uY{nu
`G^qu{
mK-'O$6-@:v{
Lj78Jn0e=
?xQSp'
Oum;sD
HkO8N5
(g=E$!~
(yHdx3k
fv[Hjj
(<s>;=B
[Sp^+CqmtDLt=
k}rb{1O}
3]`n~0HB
3?!>D'
f^WUt-E
2L 4f~
yb}bHsj|H6"B
S8tkLR,
}%^wbHR.
wz\rF'KW
zB p*h.!"
CP\2%!s$
O).P*4
"j:X=}
zUkKumM
<%V{:9(J
U47_<$
Ayc[>I6
iz;c5q
,d_[Gry
WVJ!89
y$~)v~zvv*sSIL,0
a~COM}e
]gZk~0N
NSjG[>s2.F2$cAL(1B
b$bDbdb0b
b$bDbdb0b
b$bDbdb0b
b$bDbdb0b
b$bDbdb0b
b$bDbdb
c[AE.n1
,&qIW|a?a?a?a?a?a?P8
\n0nXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXnXn
M"Pz^`?=F.
'[jJQ5
\1[uQn
FL6,TZr#i$
5wHY;[0DM-PVWx
7.Dk+14S_
_kn5D8
5xMuW0
>tw:NLY[=
>[8e> 
C#+zEQxq 'S:ScFJ{
F/+qZ+A;o
-ntlm0c,_pAl7
ftR- OSG
9-=/@QDsDHfhLW
Ngt\#>3hF
S&=lbD
0F=/.XT
\m']o/E)
&W#0Xgg
C%uVn8e
wj r^K-
AZ4+(v"$
|>w@B 
t{r]:r91
(Bi<ope04tS[1s
'`rS91
b\3z4$-
[p Zx9A;^
/"DTSE~^
62XrCM>
{qXeNV
N"!Vf]
%mg-5bR"L1<>
}#9o!G]rpl]6\
-WyWJ+{(2Y9`
Qy5@f;&
-zdJja6<
D"L/S)
C'iFc(
[Tg0j>77(BKI)
iRK<']SS
{"l,RM
Q|i=c_
E[1FVbR% +F"uf
3tB">j`k 
au{BJ$~x
8hMA}fL/s1_
rhE~/)c_
6SU$|)hdx5c
'9&Y0$hg9
RU8{X/x]y?W8X 
3kvso3
iJ}'s;2X$@xr2j
N.SF 7$ln1
,//OHZVxO2
X.IiR^E
5)!oV`\
yc@TrqB
Tu'b,
0Zz 'T{
=kAkN
y_.'Z)`?1
S6=UA%V#6
55JZsm5
jT0C*TIZ
/4y2JpnW6
F!_N|g
Pali(4!9
qHQi@]I
=R\M!M
l1IP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+bIP+
4,474H4O4^4i44444444
5%5-545<5C5R5]5n5|5555555555
606<6L6j6v666666666666
7*767N7Z7j7q7y777777777777
868A8Y8e8v888888888
9&969=9E9Z9f9~999999999
:&:-:5:<:D:K:Z:e:v:}::::::::::
;#;>;E;T;_;v;;;;;;;;;;;
<'<7<><M<Y<i<x<
<<<<<<<<<<<<
=-=9=Q=]=m=t=|============
>:>F>]>i>y>>>>>>>>>>
?%?,?4?;?C?J?R?Y?h?t??????????
0%000@0S0_0w000000000
1)151E1L1[1g1
111111111
2*262F2M2U2\2d2k2s222222222
3%353M3Y3j3q3y333333333
404<4M4T4\4c4k4r4z4444444444
5!5-5D5P5a5y5555555555
6&6-656H6O6W6^6f6m6u6|666666666
7 7,7=7D7S7^7u7777777777
8.8=8D8S8_8o8v88888888888
9&9>9I9Y9`9h9o9w9~99999999999
:#:+:2:::O:[:s:
::::::::
;&;2;I;U;l;x;;;;;;;;;;
<&<-<<<H<X<_<g<u<|<<<<<<<<<<<<
=&=2=J=V=m=y=============
>>'>:>A>P>\>s>
>>>>>>>>>
??*?A?M?]?d?l?~???????????
0#0+020:0A0P0\0m0t0|00000000000
1/161E1Q1h1t111111111111
2)202?2K2[2b2j2y22222222222222
3'333D3K3S3Z3b3i3q3x33333333333333
4!4-4E4Q4i4u444444444
5*565N5Z5q5}555555555555
6,686I6c6j6r6y666666666
7$7+737:7I7U7l7w7777777777
8$808@8G8O8i8u88888888888
9/969>9E9T9`9p9w9
99999999999
:%:,:4:;:J:V:n:z::::::::::
;+;7;O;[;s;
;;;;;;;;;
<,<C<O<g<s<<<<<<<<<<<<
=)=5=M=Y=i=p=x===========
>">.>?>F>U>a>x>>>>>>>>>>>>
?)?5?L?W?g?w?~???????????
0#040O0[0r0}000000000
1"111<1L1S1b1n1~11111111111
2)252F2M2U2o2v2~22222222222
3 3,3C3O3g3s3333333333
4#434:4B4R4Y4h4t444444444444
5)50585?5G5N5V5]5e5|55555555555
6#6*62696H6T6k6w666666666
7 7'767B7R7Y7a7h7p777777777
8&8A8M8]8d8l8s8{88888888888
9 9'969B9Z9f9v999999999
:!:1:J:V:n:z::::::::::
;';3;C;J;R;Y;a;h;p;;;;;;;;;;;
<%<-<<<C<K<R<a<m<<<<<<<<<<
==+=B=N=e=q==========
>>'>.>=>I>Y>`>h>o>w>>>>>>>>>>>
?%?4?@?X?d?{?????????
0'0.060=0L0X0o0{0000000000
1.1:1Q1]1m1t1|11111111111
2+272G2X2_2g2n2}22222222222
3%313I3U3e3t3{333333333333
4#4/4G4R4j4v4444444444
5*565F5M5\5g5
555555555555
646@6Q6a6h6p6w666666666666
7+767C7e7q777777777777
8#8+8E8V8d8p888888888888
9 9&909:9B9G9N9^9j9{9999999999999
:/:;:S:^:v:::::::::::::
;+;F;M;U;\;k;w;;;;;;;;;;
<<&<.<5<=<D<L<S<[<b<q<}<<<<<<<<<
=$=0=G=S=c=u=|============
>">)>1>8>G>S>k>w>>>>>>>>>>>>
?-?4?<?C?R?^?n?????????
00'0@0L0]0d0s0
000000000000
11'1.161=1E1b1n1
1111111111
2#222=2U2`2p2w22222222222
3+373G3N3V3i3t33333333333333
4+424A4L4c4n4~44444444444444
5,5E5L5[5g5w5~55555555
6'6.6=6I6`6l6|66666666666
7(747E7X7_7n7y7777777777
848@8W8c8z888888888
9/9:9K9R9Z9a9i9~999999999
:%:5:Q:\:m:t:|::::::::::::
;';7;>;F;T;[;j;v;;;;;;;;;;;;;;;;
<!<(<0<I<U<e<l<{<<<<<<<<<<<<
=!=0=<=T=`=w========
>>'>.>=>I>Z>a>i>p>
>>>>>>>>>
?(?4?D?V?]?l?x????????????
0#0*02090H0T0k0w00000000000
1-1=1D1S1_1w111111111
2#2*292E2U2\2k2w222222222222
3*363=3L3W3g3n3}333333333
4,434;4B4J4Q4Y4`4h4}44444444
5'5F5Q5i5u55555555
6$646;6C6J6Y6e6v6666666
77&7.7I7U7e7l7{777777777
8"898E8U8\8k8w8888888888
9$909H9T9e999999999
:2:>:V:b:r:::::::::::::
;-;4;C;O;g;s;;;;;;;;;;;;
<)<0<8<?<N<Z<r<~<<<<<<<<<
=-=9=Q=]=m=t=|=========
>*>B>M>]>r>y>>>>>>>>>>
?-???F?U?`?q?x??????????????
0$050<0K0W0h0o0w0~000000000000000
1 1(1/171>1F1[1b1q1|11111111111
2272C2S2Z2b2i2x2222222222
3!303<3M3T3\3n3u3}3333333333333
4)454M4Y4q4}44444444
55&5.555D5P5a5x5555555555
6"6:6F6W6k6w6666666666
7 7'7/767>7E7M7T7c7o777777777
8!808<8M8a8h8p8w8
88888888888
9 9/9;9R9^9o9v9~9999999999999
:%:A:M:^:e:t:
::::::::::
;&;-;5;<;D;K;S;Z;b;i;q;;;;;;;;;;;;
<3<:<I<U<e<l<t<{<<<<<<<<
=0=;=S=^=o=========
>%>1>A>[>g>~>>>>>>>>>
?!?(?0?7???F?N?g?s??????????
0%010I0U0f0m0u0|000000000000
1(1/171>1F1Z1f1}111111111111
2#2/2@2G2V2b2y222222222
3*3;3B3Q3]3u33333333333
4/464>4E4T4`4w444444444
5!51585@5Z5a5p5|55555555555555
6%616H6T6k6w666666666666
7"7.7F7R7c7j7r7y7777777777
8!888C8Z8f8w8~88888888
9.9:9J9Q9Y9p9w99999999999
:):::A:I:P:_:k:|::::
;-;3;:;B;I;X;d;u;|;;;;;;;;;;;
<#<:<F<^<j<<<<<<<<<<
=#=2=>=V=b=s=z===============
>$>;>F>^>j>{>>>>>>>>>>
?&?-?5?<?D?K?S?p?|???????????
0!01080G0S0k0w0000000000000
1/1M1Y1q1}1111111111
2)20282?2G2N2V2]2e2222222222222
3 3/3:3J3Q3`3k333333333333
4-444C4O4_4m4t4|444444444444
5+565M5Y5j5q555555555555
6;6F6]6i6y666666666666
7777C7Z7f7~777777777
818=8N8U8d8p888888888888
9+979G9N9V9]9e9l9{99999999999999
:#:4:;:C:J:R:Y:a:h:w:::::::::::::
;!;);E;Q;h;t;;;;;;;;;;
<#<*<9<E<U<\<d<k<s<<<<<<<<<<<<
=&=-=<=G=W=^=f=m=|===========
>5>A>X>d>u>|>>>>>>>>>>>
?$?,?K?V?m?x?????????
0#040;0J0V0m0y0000000000
1!1(101P1\1l1s1111111111111
212=2T2`2x22222222222
3%313B3d3p333333333
4"424>4E4M4T4\4c4r4~4444444444
5!5-5E5P5`5g5o5v555555555555
6%61686@6G6V6a6r6y6666666666
7%707A7H7P7W7f7r777777777
8,838B8N8f8r8888888888
9$9,939B9N9_9f9n9
PJM}E2<
`XXXX?O ^
NIu^88e
mnCo|2tPO
U`{y$N0Q_
[]!]VsO
Tt3h\,}
Fzx|xtf)p8
u#6^1/unyo@E
gr;dMZ
G,{p[QqH<tI
W#Y7]D"tl
fM)MC"
{/t-vj
?>79=Fz;Cb
FtFFFtFtFFFTFTFFFTFTt1<
9s;d?S|WQ
Rr;1d<md>
yl(3uT!
TH?sycP'@4&@4*<~;Rf
w!'3dRUs.INC?H..`8[=
d.Tr~8
\2)rmKA~
rSr+O8
F zc1otRtu
AN.Z<l/`>S.
 [(+;N(9*F5&O7 E''&%h
@Mc"]P.
f9tbnyunmiertvecvarcvrt6tbnyunmiertvecv
fcccProcess emory
kernel32.dll
firtu_lAlloc
vpbqhgfhfpwrwqti
tPPthJ#JP
HTDbeP@LePF
OHO*~L
vfbajet32.dll

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.

ALYac	Trojan.Crypt.Agent.BF
APEX	Malicious
AVG	Win32:Malware-gen
Acronis	suspicious
Ad-Aware	Trojan.Crypt.Agent.BF
AhnLab-V3	Trojan/Win32.Poison.R347010
Alibaba	Backdoor:Win32/Tofsee.3f142289
Antiy-AVL	Trojan/Win32.TSGeneric
Arcabit	Trojan.Crypt.Agent.BF
Avast	Win32:Malware-gen
Avira	TR/Crypt.XPACK.Gen8
Baidu	Win32.Trojan.Kryptik.rb
BitDefender	Trojan.Crypt.Agent.BF
BitDefenderTheta	Gen:NN.ZexaF.34216.@tW@aGuMmNh
Bkav	W32.AIDetectVM.malware1
ClamAV	Win.Packed.Tofsee-9262754-1
Comodo	TrojWare.Win32.Crypt.C@7vajd0
CrowdStrike	win/malicious_confidence_100% (W)
Cybereason	malicious.0ed0b4
Cylance	Unsafe
Cynet	Malicious (score: 100)
Cyren	W32/S-2f57b56c!Eldorado
DrWeb	Trojan.DownLoader25.52002
ESET-NOD32	a variant of Win32/Kryptik.FYQP
Elastic	malicious (high confidence)
F-Secure	Trojan.TR/Crypt.XPACK.Gen8
FireEye	Generic.mg.16575750ed0b41d2
Fortinet	W32/Kryptik.FYOB!tr
GData	Win32.Trojan.Kryptik.IN
Ikarus	Trojan.Crypt.Agent
Invincea	Mal/Elenoocka-E
Jiangmin	Trojan.Tofsee.cb
K7AntiVirus	Trojan ( 0051b4821 )
K7GW	Trojan ( 0051b4821 )
Kaspersky	HEUR:Trojan.Win32.Generic
Lionic	Trojan.Win32.Generic.4!c
MAX	malware (ai score=82)
Malwarebytes	Trojan.MalPack
MaxSecure	Trojan.Malware.7164915.susgen
McAfee	GenericRXDC-WQ!16575750ED0B
MicroWorld-eScan	Trojan.Crypt.Agent.BF
Microsoft	Backdoor:Win32/Tofsee.T
NANO-Antivirus	Trojan.Win32.Poison.eutjoj
Panda	Trj/CI.A
Qihoo-360	Generic/HEUR/QVM19.1.5E41.Malware.Gen
Rising	Trojan.Kryptik!1.AE8C (CLASSIC)
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Mal/Elenoocka-E
Symantec	Packed.Generic.493