2.3
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.84
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Trojan:Win32/Vflooder.d649718b | 20190527 | 0.3.0.5 |
| Avast | Win32:TrojanX-gen [Trj] | 20240331 | 23.9.8494.0 |
| Baidu | Win32.Trojan.Agent.atf | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | None | 20230906 | None |
| McAfee | Trojan-FHOD!1B5AC108CEF9 | 20240331 | 6.0.6.653 |
| Tencent | Trojan.Win32.Vflooder.wb | 20240401 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | .vmp0 |
| section | .vmp1 |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(3 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.vmp1', 'virtual_address': '0x0001f000', 'virtual_size': '0x0001f9ee', 'size_of_data': '0x0001fa00', 'entropy': 7.775123788381461} | entropy | 7.775123788381461 | description | 发现高熵的节 | |||||||||
| entropy | 0.9960629921259843 | description | 此PE文件的整体熵值较高 | |||||||||||
读取系统的用户代理并随后执行请求
(16 个事件)
可执行文件可能是用VMProtect打包的
(4 个事件)
| section | .vmp0 | description | 节名称指示VMProtect | ||||||
| section | .vmp1 | description | 节名称指示VMProtect | ||||||
| section | .vmp0 | description | 节名称指示VMProtect | ||||||
| section | .vmp1 | description | 节名称指示VMProtect | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 93.46.8.90:80 |
文件已被 VirusTotal 上 67 个反病毒引擎识别为恶意
(50 out of 67 个事件)
| ALYac | Trojan.Agent.CBGS |
| APEX | Malicious |
| AVG | Win32:TrojanX-gen [Trj] |
| Acronis | suspicious |
| AhnLab-V3 | Trojan/Win32.Agent.R162802 |
| Alibaba | Trojan:Win32/Vflooder.d649718b |
| Antiy-AVL | Trojan/Win32.SGeneric |
| Arcabit | Trojan.Agent.CBGS |
| Avast | Win32:TrojanX-gen [Trj] |
| Avira | TR/Agent.xwbc |
| Baidu | Win32.Trojan.Agent.atf |
| BitDefender | Trojan.Agent.CBGS |
| BitDefenderTheta | Gen:NN.ZexaF.36802.iGX@aGqvDvl |
| Bkav | W32.AgentATTc.Worm |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| ClamAV | Win.Malware.Byfh-6999008-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.8cef99 |
| Cylance | unsafe |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | BackDoor.Spy.2465 |
| ESET-NOD32 | a variant of Win32/Agent.WBX |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.Agent.CBGS (B) |
| F-Secure | Trojan.TR/Agent.xwbc |
| FireEye | Generic.mg.1b5ac108cef9977b |
| Fortinet | W32/Agent.AHNL!tr |
| GData | Win32.Trojan.PSE.11NXXLN |
| Detected | |
| Gridinsoft | Trojan.Win32.Agent.oa!s7 |
| Ikarus | Trojan.Win32.Vflooder |
| Jiangmin | Trojan.Generic.etfj |
| K7AntiVirus | Trojan ( 0049c30b1 ) |
| K7GW | Trojan ( 0049c30b1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| Lionic | Trojan.Win32.Generic.4!c |
| MAX | malware (ai score=88) |
| Malwarebytes | Generic.Malware.AI.DDS |
| MaxSecure | Trojan.Malware.7164915.susgen |
| McAfee | Trojan-FHOD!1B5AC108CEF9 |
| MicroWorld-eScan | Trojan.Agent.CBGS |
| Microsoft | Trojan:Win32/Vflooder!pz |
| NANO-Antivirus | Trojan.Win32.dyljez.eaqekt |
| Panda | Trj/Genetic.gen |
| Rising | Trojan.Agent!1.A403 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Kryptik |
| Sangfor | Trojan.Win32.Save.a |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.VFlooder.cc |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-06-26 06:58:59
PE Imphash
4c0a507f23040bf4e66403904d18c032
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x000037ac | 0x00000000 | 0.0 |
| .rdata | 0x00005000 | 0x00000c7c | 0x00000000 | 0.0 |
| .data | 0x00006000 | 0x0000062c | 0x00000000 | 0.0 |
| .vmp0 | 0x00007000 | 0x00002da9 | 0x00000000 | 0.0 |
| .vmp1 | 0x0000a000 | 0x00011ca7 | 0x00000000 | 0.0 |
| .vmp0 | 0x0001c000 | 0x00002a52 | 0x00000000 | 0.0 |
| .vmp1 | 0x0001f000 | 0x0001f9ee | 0x0001fa00 | 7.775123788381461 |
| .reloc | 0x0003f000 | 0x000000a4 | 0x00000200 | 2.280538200644304 |
Imports
Library KERNEL32.dll:
• 0x420000 CreateFileW
• 0x420004 FindFirstFileW
• 0x420008 FindClose
• 0x42000c FindNextFileW
• 0x420010 GetWindowsDirectoryW
• 0x420014 WaitForSingleObject
• 0x420018 GetModuleHandleW
• 0x42001c GetTickCount
• 0x420020 Sleep
• 0x420024 CreateProcessA
• 0x420028 GetModuleFileNameW
• 0x42002c GetStartupInfoA
• 0x420030 ReadFile
• 0x420034 GetFileSize
• 0x420038 DeleteFileA
• 0x42003c CreateThread
• 0x420040 GetProcAddress
• 0x420044 LoadLibraryA
• 0x420048 GetCurrentProcess
• 0x42004c GetLastError
• 0x420050 GetSystemInfo
• 0x420054 GetModuleHandleA
• 0x420058 GlobalAlloc
• 0x42005c GlobalFree
• 0x420060 GetTempFileNameA
• 0x420064 CreateFileA
• 0x420068 CloseHandle
• 0x42006c GetVersionExA
• 0x420070 CreateToolhelp32Snapshot
• 0x420074 GetDiskFreeSpaceA
• 0x420078 HeapReAlloc
• 0x42007c Process32Next
• 0x420080 GetCurrentDirectoryW
• 0x420084 GetSystemDirectoryA
• 0x420088 GetFileAttributesW
• 0x42008c GetVolumeInformationA
• 0x420090 OpenProcess
• 0x420094 GetDriveTypeA
• 0x420098 GetLogicalDrives
• 0x42009c Process32First
• 0x4200a0 GetDriveTypeW
• 0x4200a4 GetComputerNameA
• 0x4200a8 GetProcessHeap
• 0x4200ac HeapFree
• 0x4200b0 HeapAlloc
• 0x4200b4 GetTempPathA
Library USER32.dll:
• 0x4200bc GetWindowRect
• 0x4200c0 GetWindowDC
• 0x4200c4 ReleaseDC
• 0x4200c8 GetDesktopWindow
Library GDI32.dll:
• 0x4200d0 CreateDIBSection
• 0x4200d4 CreateCompatibleDC
• 0x4200d8 DeleteObject
• 0x4200dc DeleteDC
• 0x4200e0 BitBlt
• 0x4200e4 SelectObject
Library ADVAPI32.dll:
• 0x4200ec GetTokenInformation
• 0x4200f0 OpenProcessToken
• 0x4200f4 GetUserNameA
• 0x4200f8 CreateWellKnownSid
• 0x4200fc CheckTokenMembership
• 0x420100 DuplicateToken
Library ole32.dll:
• 0x420114 CreateStreamOnHGlobal
Library ntdll.dll:
• 0x42011c _snwprintf
• 0x420120 _wcsicmp
• 0x420124 sprintf
• 0x420128 memcpy
• 0x42012c memset
Library WININET.dll:
• 0x420134 InternetReadFile
• 0x420138 InternetSetOptionA
• 0x42013c HttpOpenRequestA
• 0x420140 HttpSendRequestA
• 0x420144 InternetOpenA
• 0x420148 InternetCloseHandle
• 0x42014c HttpQueryInfoA
• 0x420150 InternetConnectA
Library IPHLPAPI.DLL:
• 0x420158 GetAdaptersInfo
Library gdiplus.dll:
• 0x420160 GdipSaveImageToStream
• 0x420164 GdipGetImageEncodersSize
• 0x420168 GdipDisposeImage
• 0x42016c GdipCreateBitmapFromHBITMAP
• 0x420170 GdipGetImageEncoders
• 0x420174 GdiplusStartup
Library PSAPI.DLL:
• 0x42017c GetModuleFileNameExA
Library KERNEL32.dll:
• 0x420194 GetModuleFileNameW
Library KERNEL32.dll:
• 0x42019c GetModuleHandleA
• 0x4201a0 LoadLibraryA
• 0x4201a4 LocalAlloc
• 0x4201a8 LocalFree
• 0x4201ac GetModuleFileNameA
• 0x4201b0 ExitProcess
Library KERNEL32.dll:
• 0x4201b8 GetModuleFileNameW
Library KERNEL32.dll:
• 0x4201c0 GetModuleHandleA
• 0x4201c4 LoadLibraryA
• 0x4201c8 LocalAlloc
• 0x4201cc LocalFree
• 0x4201d0 GetModuleFileNameA
• 0x4201d4 ExitProcess
L!This program cannot be run in DOS mode.
`.rdata
@.data
b.vmp1
b.vmp1
.reloc
p!!O#f'
C@WHv3*.
?)40N/
:Md0^;.I~E
%|.=Jo2,
O\$8K3
`bOl}}(NK$4\Q
hLf$$d$
R1BmHg
}o\%3ZqeiK'+
2\8VYO
+!,iX=m
6l=;}ec{
K>o$>GF<eh
E'cS7[
b=E@_f
/U7D$ 8
$V7,X6
m5t^K#
z`ndE2p!
\-e@?20]=d^'dz.
HttpOpenRequestA
`S'']F_
(a$;d$vmV
`Sq>6)Zk
A/4dqDI1
|'L-W+
%\9YQ:@G
Fu/c**wf
Mb2.]Ha
gA+uf_TFl
xQCW/Z>J
}'gzKB
@{"F5t
5djzi[jVD>1H
AcJjZP?
%Z<`3
)*fj]k
[Hky|)6
#@bs.:
xf3{m'
!U8`E]
P{Uo,a
664_n<M6{{M
26GJYQ
f7KYj~`bHeaTd
Z=>_a"S
#S)(sqT.i#
LtTF)pX
_=\aqkC:es(q
D7k}6yF
Nin]Bw.e
c^]#y
eLK0t=ZY
i[R?rn~TfEm ;
yaYsG%W
UNX;qi@
m@[3kL
<YwSkh
0/"}Z$
V>HJS`/azl
oN2]}F]:l
SM!)]i;
#=NBP~Ws9b6XQV
uJAu k
Qg/p@oT
AWni[w
-?Z05KQl
L|34^Cp
cNE1_;|}8K1-J
m2sL{
+.Nb s6T7
=0Y Xm
+/xr5Zuz )4z
:f#&I1
J-+G ,e
z&C)y}s@
8#^N)V?
Uj}!?f):$vGx
0~N;WE
,#VR:Si
q=Cb4R
]K&$IA
)[X3W0N]~ `e\C,
xL:q5FX_
EU<cB?
A@vV%5`~
xyz/W[![
#63xxC]ZayY
f{"!+-
InternetConnectA
GetSystemDirectoryA
"9q~?i"
XmB^vN
V88g:y_t`
zh:hy-:
`$x'>\$ f
hzjd$(
$XvX9I@eBD~E
6Z:*eMTj
qVkm r7zg
N=!TV#qI\n
,&)0o(]M
@EE,<QI,b
h9r,0<
QD$D4$f|$
sprintf
ReadFile
GetLastError
DeleteObject
LocalAlloc
GetTempFileNameA
BTvE9Q}a\F**ei
4F1%IWSY5
^dF7m8
=vpz}zo[\
zv0eu
8$a/R|8K
0VQEIM
{Q14`V0
4Jc<dxf.
Wwsy\9y
CloseHandle
HttpSendRequestA
GetCurrentDirectoryW
4$`d$(
AM-$Z>
)}I9<.oKRXr+
$kqsXzhp[_g=Z
+zlGc+
MD7t\
- -`J 8W{n
I"jXmM
heC_N>
CQ\,m X"
%]Y+7Z
;@(z !
.Cip0d$
Gx~h~\
\:Cn\%]@z
h>c:``,$L
MJW*d$(
Dp6`^8
iWlpSYsXQ(@{#G:Ow{nZd
ORrKH+h/<ut|F<0C
:fAU)pBW2~U'K5
=-P*wKJ`
U,V3_>|1CDtL}
GetModuleFileNameA
_*2>sEBm%
xrcQAMb<&_[g~LU
7\n+NIYs)q
8X,&>m)
Nu:3%=
'SKO/N+$:
- &UVr18I@tN]aabT
=yylt*
Y,GgSo
CreateDIBSection
CreateToolhelp32Snapshot
DeleteDC
$d$ {?#
GlobalFree
t3,;rb$XVA
@UU@41X
Z3^\?'/
Pyc2fy-
$)CZyNtGMq%~
WaitForSingleObject
w@ntjdRt<l
0#9St
q~0[[e)
\p~lS^>MoR+u|Zl~c
(U}>-je
|S*ch~uae}=D>[Eg mfpf
%PmGtdH
zr XLJ7
j-xE)!|BOk
(?4@(Z|
5)d,&^
WtV8d$
$4$;M`h.\Y3Q
GetDiskFreeSpaceA
OpenProcessToken
`d$,cU
$`;EW^
fv|z$&K
N2\ ui
GetWindowDC
InternetOpenA
SHGetFolderPathW
UW`)PS
`ffD$"f
GetFileSize
GetProcAddress
MWV4$d$
zZ[fT
-$$@P_Wo7/
G>_J\"PPr
ZB7:@jam02oS.vOH\H
Cs[[g7+v#
7wo^^+
[CYfYQ
SP*K H9IP
\(-|'k
=Ww=,3F
rY%NhN8#
s.%bE~D
M%!eQ-bGB
_[J >#Cx
AqwOEKo
4$`d$,
CheckTokenMembership
`S`d$D"
GdipGetImageEncoders
InternetReadFile
LoadLibraryA
CreateStreamOnHGlobal
CreateWellKnownSid
CreateFileW
+*g|9q_{Vx
uyRVB?4
:LfC!y,LZ
hh3-k*
`J\b.B
A/< (/\^m*F"Q
od^'SaH
[ u@$Y
Mq_S{_os
{;K/7j~?
CMV">b
VuQ84R\
dMPR.dll
GetComputerNameA
GetCurrentProcess
USER32.dll
f3(f7D$
d$,@d$,
4$4$d$(
IPHLPAPI.DLL
zvUiE!
8^pt}]h
<tb|pxyJ5S
r z8Q<
a1f;Ef
RH$GX{WF
HJ3Gft%N<~#
R``d$D
9qS?=J
1mYWmF~M6
Aw,g9`
g ^ci.L
WNetEnumResourceW
S5a5::
14577M9;;;;,<`<v<u>,?@?
^1112S344555H6S6:<==4>
C+7SA
GetVolumeInformationA
DeleteFileA
Process32First
6 95-*'=29n
fQ@im2
Fg6L!NQ"
-Q6Au
t&K56UiV|i"9kb]_
9in:9;T.8Eo*
5g9h@pP:
8H9kUn;E9di[ 2r#4f
9_w8l2mI/H
u9"_/ Z9
9K=)Z<S9
98Y+lC9$2;X9U
WCfv=9
e&"R93
$9#<LF5
W;2UKQ,^
[yt9Yl3
X^e%9$H
)#b9XW
2M=A II5
6aZxYy")12c
XGg9 1j
8IEMB&l
"C9$5/hz
&8!9>:H'^
*-}R#49y!+
InU&{]514%
uv{'j%7
Gub;+h
X["9H{
hhn6+0
bi)+p*zO9>QF:
9xL-P9
5* k%SK08e
xI!8)POy/
@NnV:*
[xmyt7
<g;-ys$
168P/Q R2xN,fnp
B4`=wCD
QL4*E?
7U77*7
'655,5-
5&mp)X
86$)p%
y!`ALq
s17/-03O
`7w6:u
xF=8lX-n_9W*
K=YE+Z
GZ6%xi9
6-32>E
9Q )Q90d?`
k~8X+tE
9`Ay9$
9G2Pj5V(o
ga_9n"#(Q9bT02
9(T!j2
h MKKI2~\
oEj9-0
eQU,9
D9t"?IK
:gx9 ]?5)9c
G(q9|y
9kI<93
Iu9]06"
:9\d8!3VM-{8m&EA:0
YNec9| 7f.p-9m
d_v^9MPS
`=90 F
}QQ9*uk
?.wqc9
&f9g5dj2_
f;9O/09KHh
2%W/l9=
6PxZDsE
EmU9u$>a.l9d?
YC M/qT9AK'9lZ8p9
-?3y9D(j9
"9{ _U
0I6<MIq~19-5"]
6aN6@P
939l2)Fc6|
k7brpEg /9
SE8AFO
94K%|hZ
9[>Pn"9
tGVjx)Ah7Ni`;9
Q9d?|i9
z*qDtyPs+
8G2QSu4$YypWrY71NYQ9#9"n(km95U
VCy_=M9RmX:PU3Ck;
2taUx@9
0zQE*G<
=9TH?;8#
L/`W59
C2^Y!|'>
9h#9 `
uzW9^#
vIy9tcz
Ai97'_'3;9'I
s7#q-Q;8
RGy'9fgF<N
CVByfH9v5
9]J8If06s
rlt9x^8
)v4z10
S~PER9<
Xn39ac$
9Y"g*9
#no09X
";#9+$
9[nX19
IJQ9Cn9
+9_KakV%
*>;(9{mt9zI2XQ
`9xO'JC93
>sruY9NMfT9i
okI;89Z#@Pv9j
LuQ/9a,BT
M=k2v7I?H|GA9
IBWgG4.y
\8P9;C^.T%"V=9qQ
3F95"C
9M9,y0wE
'E9;Y:H9
1[5j9h
l7NZ7,VJw 9#f93
X94($F9m]
_ EU+D"yb6Wrz|P.9UI>\9
Mp{Zv?;9B
9,~>A8Yd`
g2|y]9
O#"y]0
vAa'"9
N6x*C9U|p*}K%Y
{ 9na`*,k
+2my C{s
`vFb9s
K.u9)]g$8N
yZ^7cD+u9*RT
cb`yp2
\9!RP F9
9?\./9W
b4Yn9l
D6702y<^y
&:0\L|
'o*Q!9{f%DcYPvd
Rw9*SD
x\*uvv9U
FEy5*"Q/yG6E
t53+)(!Q-91:F
9d3n#9EqN9,0p~ov
Wl9O.qr9g
tue$++V
9t*9~.0
RK3910
H9Gl@\:_8ev-EY
9dCtw9
9'm\9doOiR~9UV
9oR.D9
69d'B9p
/dl9 -.
v!2H|:
NP9\uB/.O9[
x2&'PuI9V
u9vAVd9N.*9l
4{/pTgzR9q6n9lS53)hRD9/o$68
VA9w .%
9P9|(d
9j!S+Tr
9ql]S+dJ D|
D~6?&#p2sv
fv0n6hX
`t/9Lekw8m
F93Lb9d1f
O^d9Xn9l#9&([T
!d0D?,
&9Y>nT
ev9lko
X7n!9$
3[=91tB
Qv9Z.p39~
y0.2dm
ELf9"lRp"Pi=9
8EF9z*j
$iG%Fb9Tl#9 v'8Jnd+es6 q
2TV[[j"M9t09
9]Be9~sX
89Ef6u*%
UZQ^3c,6t6
`9sx9Yb_
9cl./+
!zq9tE09
d4_.H9
Nr_9A,
y9Yt*S5
uKp5g-WK99c8dZ
tD/91
= 6kWd
2+ey{ 3
9~W2gR
KJ1:9}tjn#90g
.d%PYnl!
9~(tx9d
gnu0^i
d,9Ojvl
9DuXv8i
djiWO2R&e
j@]T^.
Cfd6ZF
w7d9+Ux
IN6urC i
Bt#/A9vz.
"9HfB>EV4_tU9NF
974t0)*e,py>
qv,k9l
o9:0*12!I
9OedHR
X%9d`>8.
>i9SPc6v4G
I9lzc2.Ab
L9. dp^
b88%saZJ
pDI^9srTK2?6Id
b.\r9,lB^+fFt
R oy.>9r
yhC/9( O%V9ET
m1jHyC
F^9ab(p9%
C%`-,me
jcL?79-f8N9d$,
mM`V+o
68[v_AZ9o=\
g2xnr2
IY+/f[m
&6,89oWm
=/9jSn-
l8tsu
k..rgw=W56-#,g#Nu8zHQ9m0
ntj^H>W+3Nw
sv+q%l6_.0jQZ&T]
jpo`}6k1
)zLV9
89rx1Y
0]7.ZtW%
k9^*c.FO*wr
uy9_kZ5^+,46p
*9.zN*p
9Y4:n9b2IL9
]9wqd-t
9}T^c9'q
2f/2^#
5b9Fx{
09BN5;Q9y(
ZW9]P'~
dml;V9
s`= ^9
I39l95%6O9d<9N]
"49l>d9rX%ce`kU9xli>2
9Jv,*`dBL9t'4
2;ftae9~
Bl-F0U
> 76u%zyR91\l9L8hp2uNA2g90
^9mkv]B9&-)b9Ot,aL9k
9l\1=J9:zSo9d28l6-
bfAQ/d4
t~yK=o5d
ry)^jR*t2]y]Fr~
C-9V67b.kI8el7@
mMX9ua|P
i9d,V[
#9hj?6*!d
c.90yt
=9jqJ9d&}T9OQmC
m>P6 6loi0
9Lu9UPZ
23(4idx9
lIV E9
:&9ud'9)Zq
*wxWKjA4i
o}IE9%
LXCg"^f9
YhT'.9
WG48^&xj
Ke.9Ddg
i,@2q_
G9l;'Y9
9:4vWul9^+
9vqz>D
rVg9^BjF_9n}
J.~2&pKhbT2
)09'19is&+9
D3lZ9;
9Pce9n@
Q<9%lYa9t$ N
/A#9b@:9^
@9uy^9e\
x09HO69t
9gG&cq
9^eo"6*B.HM
<))9_`c*r$2 s*x/9
%~lKV%O9t$*
f)~#69%t6
*8a?+)q
[rhEi_tF8deDy
v9o t9Q9nb
dF.s(y
d4bQ^9
9j"fou9v
F>&9=4QIt`9U^ul
9nd$9 ^"Y>W9Dc
fFm3u2
T#E9dS=9Bt~X2+!
5p7%d_-D3
b9dF (9ZC
0@e6u.q%I9/
l9/tUXA9*,)Y9R
94N%q8jw]d
9 p~6N9
WB8d#q
v{934."~q6IT9
1\Z9jU
9Ru2bv59h{
egj?,9[J
M#>n2<KyD
v25v9"#
09gl3}B9
#R4H6yt
Qj9GFvc
9o;t91ZPB
9Am9+~W#9
9l9!V/95[x9v:
y]g9cl>
4\8o$Y=q9Ot
V9l\&
8K=t9|0
9`rBv\mMpSz61
J9k"cpu
7a"+wY
rS29.el^FA9du
.*9$39
`n*9jMv7+x
5txlpi}0
w9.UtC9^da$'
W(mt9E6
zh:=@.
oa%.r8
~d^t9[$Z
"6RNv9?
l19yvJg9oh.?
9Ul=_9tc~8
Luo9tOd
%*`QYk[9
N1\k4JqZ8r<a9]l9J
?Wn+(^940<4
9~{. Ze+F)dv
%66csdY
6nyp3y.
q0739;k.i
6`yIG9>
9Qler.D39
4}i$y903;9c x
>5'9?o+ 9`\
bnpQ86
k8FoUO6M2}aL9
vAS9.gnk"903
E-y@ w}
e9]J>4
{ E7>)A?
ghc9>m
Lq|9-@.!
J_$}Yef4$\j&9
=b$RIZ803[kIi2
9"sHoV9k-j +#n
BZ9?d.t9]
.)96\u,O9?9
[A5X|#
G9}Z 8+4{5
`9/?_<9ALf8\9d
xJm96->
9KG_48
9{%Up9
q")M9=c
<CW6;9Anv
_29e.,N
9d}9q$]
.09f)9g4
L9~'@9
)lc49~
B&9;,T
4h9]X\@9
euD8TOe2
&}_S!1q9
+e;%Yg9W~Uo^,8[
rPcjYd9n
.S+9]j-,
9)EQJ7r}
u79.d-"P>9/t&
.60lnx
$19j&0
-uB&92.t0
[J+v]Z
9f8$-2u9j?
wd9G~u6Z
"9^$Y]4B
U_D9/yM~
<{9omQe9
hkq=8E5(3R
:9# lg
1Q>,9BmW9
7i$NK3!+d
Kr"u9nyp
9*Qt9n
,XyGxA9
y.9~Z$9l0&63[
hd_s)5jQYv
P3/2+%
P`9H.8r9;D
<r9^w89Xup*|
o9S:m|
e9y5Od
E8 |(8m693%#
m$71* 9
:d;IlA?8^AUP
|6*T6$
HJ8^*xRN
,6M{jY*
l-Gt9H%G@Q9
9=!f04D\;AyZ9
_7B@eY
uCay%/t89
K;1+H9
o)A8LQ[
WK}!k;t-@m)cm
58{!p5W+7v<~9c4
z8!9cl9Q
[9K$k<n9X
*]n`zX<9,
Cjl8\"
K*J9k.4]'
;8GthmW9-
61m*_Y[Y+
?8i6Oo7{#
8;vCi57Q^
1+Dn:5w
fEC3^@gV
a6FQy8Cu
=8c6:s;
f!PbyI
V/8@[ZFiJ
`2]6w)
*<q.8w9
9N2~T9Cz
WJ9tsbn
$0C`16T9FN:9Z
46Y1Y'6:eN_K
a9qdg9G
i9H!h?9DU
rIfW956u'9WrUY9
=7'3)C7
9jKh|F9
P[-.V9M
7(9\|r?9XKL
bQ 64+
J9s]9gZvQ
q8;G?mc9T
ijl-9bxq
:o2|Z/
OC8K2`uNm%
\2qL<i/
q&qAV3N
{v4"c2xQ
8h2Mw/L1P
9[r9^vK_u+
`v$_9^
*t9fUk
jWXY+*fyP
Nw2n1Kx
y QfA9
9.mo+9P
[9it-P97
!p9,|4
+eUA9z
yo:\-9a
9N\<9yw|
9|,t9oz
S'+>*Y-%^9V
tF9LWCl9
:y9Ow9R
K9?!]G5P
tF9^vB
:#G?84
)1/9]ext}9p
sz'r9J
L.+B3<V\Z9FU06O.j?vwM9
M*<u*[
9|^ 82
y&79t`
,V)9?%c
L$`/k*w
{7uRUy6
":0U9a_Us=9Z-*
20&]F
0;(fnQA
S49[Mt0]8
/9@b&H
L9]>3v"
ctFSL.
BN9{>p5
9)% 6U'qejy94
9#wN-9ou1+9}a
2@L!?YEW3
3A#!7eI
19lJo^51(
y5r9[}.'Q9
RA94zx
.(V9#N
9L aUO8#
Js?=T2]
#f9|t;
U9v8]9F/ ML;9X
["9Kt198}$p
9cI`$9H
>sSB9+R.9U
pb8$}6Qk~.tR
9aJM9q
X536y%*
Y\/Qi*K
v079=gY
4_p8ez
9*g^).9
@9WG3!ke[4
8FG_fON*,0
7{Q]fcW9
d_9facY
gsU9~;iJ
yDuCq9R7z9
9JZ# 9
^;3+mN]!Q)*\*
~0j?8y#2
`B-9l+
8uZGY95
p-UyH9U
CS6h~|QqI7,J
5=9C}|*
.E)55Ck4M'9_-Qj#k*i;^Mm8B
9^y`=9
KI9/b=X9Rm
9G71.9/yK~>7R&L
QZ!ya3
%a+-Q,P
t9.~x9je
N6sMWQ+
A93"}K7?I=Y9&ei
88@D#]
~p9e|d9
z"*<AB|9Sj10V*9
G)K9tr
u902Npf_i}w
A0D9@[
{9@>G%
8ACTB#E9z
G9)*oR0
70%y9f
)kyWV6r9*
9+]&J9
8f9sr|{i09IGy91]*i9Xq6
{8]&9HV=
k9lscyJ
rRRRyRrRJRCK2
vfEY' UP>vfVlFAI,%U
MIEA~=i=\<yUQMIE}Av=O=+
m+&j*f
{tXrQX0
!ph`XPJH=A
pi_Xr>X
ph`XP~Hw@m
-S=;=+UQMIEA==s=c=,
a4=C?;IEAU=
`XcPUHL@B@;A
UQMt%)
j*qeJv
UQMtHy
7n=Z=O=4
gNG=+6
FFjFZIUQMIEA={=u=:=0
|lIph`XP~HwA,%#^IBh2+
RhRaUB
vvfbV\I6
Y891a*y
9KMg6v?IQ{Ji>
Djf;uB<:8rvthG:18?
q;yC+a
^QBp1u)8@=4a
SPb)F.c+158gI
>{?yy-8-VP+
)Cx1?Vs@
Eq%`>rM\@Q#\
3P2RM-e9L/yo9;
9{aIGW)9
9ys]93
s@ti9{H
i9qY1@
PMv4DL')g8+
'3Nw[yY47
tiMCOSv9
pA@0CiPW
ZpPNBIDg#4
2B`8w;
@8*hGIG<d-@n
+{x9At7P
wlScaw<1
$19*wz
gE9*\IQK9)
zT%9{E&
P?_8,+<{
=Do2/xG\Q88r
C_G\YC
W\'Q3'rFI%
<vV.CS68W#(pxe
nhy@EN#]7
QgH\^7*
{Q{r8xd2I
,+*>~9Qsa8M#+M_
9.~CTl91OXQ!
Koq9"M
f9v_9wmQM9xg
9l9CK(
W^9us\
9 2~}9fm-?P9|
}+S9r54!hg09%kZT9#t,O.yQ
9wE9\8(`
|ky9p2I
`5;1]C6y1c5SA
5Tf~d"
;8rDQx!F 8
xr;vBw4^'@
L%>MsQ
Asjr6|
g diP
#/8H|Gp
j$P\!_#UQ
L 7hRS:4.
p)/yio+PkYff:8VU
b09ZCagq
vg//]~
*RAgpv4
%j3rPY9*ZU
9U5=9A
%@7I;<
9'vYO/>l
n`:9S JzD
2c9&y9't/
g934A9WC
^Vm8otI
T8DiZ0tYU
7{Y\2Xb"9
0}WP;)+
qQ7~0i:vau
71`WY0)
c82aL*
J+dqst9X
g@e!I8
i*%E*Z9
Ib]9"l:U9E
#L2q>=V9
w|h9x7
y`:8%d*.Yq9,E
u07Ci5\0 4
%/eQ?*k8
w|z9oX
ov e{U$9
U+l*nGZyWa
Y+&:_1R9=
fSM8w|:}GMjh9
6,)Pn9
Xt)C9Q/!9
vySsZl9b
jyV9Tc
ql4ES9
`Q>9)x
(Rw 9Q
0a9RF.w]h
9'IvR`9E"
9JyY2P
lx9v6_m
9ZgI;q
z`p]x~\n7
^y5 QB
c5JCVy0^ E&-
C7D9gP9y
eG1PG&9<
|9Qe#z*9\
\HK]f 5G9
PLYSM!9
t7v7.m|f3YoY+*Al:9F;
W9o{^77<Q+\
y%E]:@+k
{ytiJs
'@FD)0
TI8chS
Iom/kln'9+a
'9X<_D
3Q.,-2
r#952;0OK
]>D+UCX~7"9
J!#8~c
m"e9-
9Bi 9LbY
Zx-HUglC8
?%n|yY9s@J
"lP9)
D`%$7IwG[@?|7
s9xZl}9K"
I9@-+l
:96U|x9;%CfvE9!)u
V9UKj?d
"0<i]!Ac
ykCerDpnCfB.0^QPI
fx9M8L\
xY'1Qm
u5*8C_@
_WkT9=;L68?A
>M(3T9v
wZR9Gf
VSgp#Ky
3`^9U>~
=/9ADje9~8o
t9oSZ91
iQM9hSbDqO,9+)
ICTk6e`#hQ[9+z6
5_G-fy6
\MydQl
9C?j,P
sO9_~Z03
]rn*W2
evjw0y
9x:3Z%9
AGPItf#J51&+9@:
zb\ye9hV_31R
C9K$qn."AW9
:A6E5K+
gPnX:m8
ZN7Vd=Ft^{
+4\ak7
xUJv'D
'9)w 9
.}a6;V
v%6u`tp
}73MyBD9
Q 9r3;[
x6W?<"P9jg
r?H0)Rji
@Fj#9]SP
9LFp9'
oK9&R"9:4
39C9hK-
"iD,Ro9
x9V05B]
&?6roPQ
s9G5f/]
\t1(BZ
Q6Pei)
'bU&P43"5
6tPL*Q-JA"#
}Z9qi@
'?h9iA&-~
_1YY0{A
2i5gn<XEQ
3T4Cu)"GQ
q@9"{9w
?w2_#YFHb
pbS9=r/*8`2iGAJ8
ULlA9L
|Z4nW)9C4R/^:91k<[
9mP>yh9t|nsD
\Sw$3c09^
foh5QLuk=P9g4l
jSfL2=2x_#)-94akN
2=zRq9jC
wh9IyXP$
ny9ohP
9Kd !.L8ZlNe6*y!2Fu9
V_a2L=0K<F/2
#%9de3$_[51\9-M*
*uLpZ9+<259
8lrZ~:"u_9m
(7;9yctUR9
B9FfQ\"~9G
-!Z9wC
f|@89p'=9]6
sS;3T9
k A9Wj?o9cv/
5Q1 _9,*k
C9U28c%h5S9y
n:}*wJ9N+9
+jCy3$
mJsq}2H9
*|p2$I
\m[M}9
eb|9=8$
=^R|/VK2M
yI64 &'9+
TbwL:m9{ID
Q+Bdlj2
ExP[<)5
zQ7IE3C8`*pDix
t-wd]*Q
X,Vj7BvE
>6? )%
<sa@4ly'=
+Djmgl^0
YNw*7hQ#q17yPWif*wge
iQqU9a
M%"tg+
6gu*wAST
`Q)0*dw+j
QU2CtD'8r.C99SA:Q
5c03E~
bYRQQ6==
Z2xS*hPyDbQ[; ~8S
{CePw8?@3:-*siPAP
'*kBs_tPDH
fshc0x:4
-@?Uk%56d
~I9 "9,9
^2v4Y9u&p+9=/]a`9h
I9xbRjDg
b9cLs0Df9
EcP5mdQ
C_ bgs
!="RGN'xH;yKZ&
R_8AKXr
)*)) 7
t#9GK9.s 92:RI7@8
1SH=9N"g
6!9EjUh+
`\tb}g2h
S=mPxUf8/
"OIz2'
?-6yay9
8>qHZgM$
{)xy&p6-Uc/S
Zt]Jy;o%
wD#23
rnB9IE{,Jge8HK)a19
9P!#9%
9yV-?D.g0t
r'^L0y>7R4iH
TNICdv
s*6`3rA6Nq!"P
C6G0Q
cW=qxC',)?=0@Q
xH~ E]yvbr@L
X}c9Wp
wyu9F7Tg2nM
%)9@9 1G08D
>6qxG9
oqr2U3#z!a3i9s
^9,&u}9
@;yJm<-D2
h#{|;:[AB
f72D<.
QRy>W9
o6*A|9y
_S.8Db7
5?;o%6
ty-C9TD
i sWQ9
y9.@>xB9b
9J ~2y
A8Y 9)1j9X
Vc>EM9U
Z9FpM 1;9/C
Z#cg7(Y{
~]v,90
9EG5N:9
98J;I:/h9C
q5t2s@.
91^m8T
9R 9-|
xf8J0)#4
V2l;H2
gQNVw#D
V@F' P>
U.yvf9
[<N}u9s
9j`;Z2Y9L^c
QoM/9|;v
0HqY\SAb7CxK@0
"W.T*0PG
W79a@0_9
9Y.}2$jg9
&w4weV
6\fCtIaW9
iA91 k2WTyRQu9d
9MxF=9
&u8 zqF{
nJQC -
:F@PJ0v8*w8sCc?Qgw
(v2&=k7
J09;yDCaQ
;0qPa6^Qw9'2lkX9
Jw@.[*93
9/.i0Twm
y@I99D49
oT9'Cj8ZR?5e
s0tw&/y4f2hE$;
w9mSY#
6'OyIw66
/3Y*2
=oqu9`1
92Idv9igTp
)QeN};,
9=fj.PI
()UO9~BMnz
*$E9L=8#zrQ
8sB3Rj m
9zjxG6(tR
<2/9om{G9W(Hj\I9%w2,o$97NER93U
G`(2,OF) :6)A\ZY**&!L2
2aXY~*
9)G.YKy
0>;u9e5
?[PQo^%R}
I\K7%8c
i;F2%d
f#?!8["F
Le+@mG
/^y3x_f|9H$I'QI9
J#'Od89 /Z9_<
avR9"k
8}y:EY
E" .9B
k"h9rC#$#9
}+Wh9<"Af9Mmo\
8?RG A
.P@`H5
CgL593;w
#/PR[p
V:pT@A
[&-WM)
U9DY32
=8&DU."
9_Z5O9
9XEQ&93
&P9Q.W^'2O
84f6Ahx^
49"qyQWy
$j9SkmF9
s} 2R#29~
N8\.PA
hRS,)*z#H
%;L0,C+4
c#u9/G
hq:2Z9Mk,+j
.9Cc H]
I9|QJ$
'a76BZ
%^uO9I
%6f\mF(Ajx
2Jev9A
"h2|JyNn9@
iX9YJur9sgozl"Y
9#|Y]94
p 9K$*9BJta;
|9&L0o9*/9B
n"$ak%9
t9+?)9zqF
*?9p;Jb9RUc\920z
4G5LhOyN9(
YBi75TXBuQ
?7UVQ%*
D//iqSu-;Qr
}F3.PLIx
.)>y.7!DyQ[
{e3>O2
?9l7$*xf8^
Qi?9*LT$9
;O#@9"869
pr0c#1a<
5A{%(V
k+8eT"J7y)@Fij+9
Q9J^#9
6Q`P#?_(
^3%tDba+y
=[+,J;Q/wB9
n dQ98&"mU
{A//23?y
=b>EcM8fyq4BgmQz
]T".Aw+d_
B Y)9%{2-+.j]
a^*2KIGQz
+2.'h}SI
r+=|DymM9 /81
@,9#G9juN="92R'
kTjy<3';tAE
[fSGK1a
knGS'PT
a+"-Dwl
bgpL ?&3
?]y3Qn
QX6Q#c]1
R-P?z3D
4[.]q 0N8fnvChIqH7
W<98vD
xy4#iLH yG
5(.]_P-GOb%Ue!UP1sv2x@g8rD
&PV0y9s4.<Z9QK,BSV9
+zj9|UH}EOg8/j=|8
Z'GC9Oh
k9O+*%v?ID9,
u9wb#Ty9r
+R$8y*
LM4=^0
4J9+=VWmL8}
aB6^'t9i=&0Y2tA
a~7MGA"H-
4V<tQ9~I8e
\6cP2F_9YfWK;6
F-q9pj[
^w]&qT9D
Y9A:$54
d1Xo5$bJ9S
,YoX+W
9zvli5
/M&}T4B9{
98">z4
A6" msR
+9!jpw
u8OmI(
-9}AK^
]'9WnXq*
2Yw<4R9xhD85k+
PO7=c5
Ex*yT{a?]
y@CaAP
[8(RU~BM
v1&.hn
)$>9{U
h`~;W9
XSGu9^
!Fc9ZpIyk90vQF9{Ju9%t`
u12 Dv s8\
0J2k=)6%
.19!A-
.`5Bd>b/
*4>N7P
h1w-w<9 ,N9GW^e9
w,;i!v^|a9
,q19w3F
#r/Vu9
ukDkU9j6
cQ=q9}sZ<
b<YF%C9@*3md+Hj52)(
A;E>4u'l
SYMK'%^9N
8: 6l&I;2'@>))9
ah4X8v;l!q1@-
b.=P_Qf
YDAE51>8
EB{s8X2
2{xiBWAL
?8yg7;owU
"|f,Z0(x? }c
1s2vou
Yc9QX3
9Mv4lL
`FP"nw8
Ou)OPie=[t"gX
.b;FA2S}9N
\9m"W(W
TEW9''x0
+^Yb7`;wd%Y~C60{
w1Z5+A1vy
n9gD-j 9I~&m
UIQ9 o
6}c81O%N
,w"~l5{j
1t/iS9)#97MF@
NG9tgV#%U9'aH~
.|9`m9
xV*ZWB9
y~SBZ5 <0Y39M
9+ I6=oA')=ak
uI34Ir9x
Q%9BoG
h9!(DL%9Z
yOy[2*D8svU{h
[0e x'T7R5-w)X
>zfPc' P
fK3C7cc30S
58rAPE
?-G9kmf#I*@Y(5+8
?39.8nV~9=
q]6{E2
$0bID9t
C@8!u& m?
=993|}9
cIM<$J+W9obx9
?9ndvS
T>rId2
848%UUQ.
];9y.!Y
+D9pKW9
9F#bo2N+3
940(9p*k0:
#+M/9wic]
\byX[9
D0pm)y0r2CZi[V1?8
jZP1:VJ!
~b1nh>/6)-vCf
F-'^'A0#P
E7CF/Us
9 zJhA
9)jxZ'S9Cc
."8bzT
seu7P[9
9^X6s6
.e2&1EY4yZF9])[
0-`W1]6Ca
.YI'PuMl/
9Ci@DP
>~9tCsga+5yA2i
r(Y8]yP
pvP@%6
:<5c-Mc PUN\HGH
/!^sH6.m=/%pC`
DO'yEF9K,(f_e.9LMh
}9ol{Q7P
s)t'H9S
{'E:9W
M9/ @U092P
9/zfv9
~tO0yPO)8
bsH0qO
adR9qkH91*
j8OlWm.%
>0~4#2q9 ,H9
O9SCKB9&^0E
S3#@XIa/Q
I2") .9Ew
yV9'n`gL1
gQWgMa{T0
k|idJ#xS0AM4TPz=D701li\$j6&>
2xW2hYc
s,I}cY.P
7wQ3nI(9^.I0kg9W1"0i
EIV;&
#7mCW9_z
G%{y48EB.
(>)r9;L
?#1x9L
a9cdV_
^-iE56IK}s9^/ M]
O!rIV6l]9
p5gqh(3,c +&.2
`O9zWA+
Im):4{9+C
N/6~fa=eb\9
2%tg9ARB61
zA;#vf>0
gxa4*EiwvW'
PiYG9=J
5P7Q&BcVam#K3[t
|hC[a8o
"WlVF h
\`t9[jp[4T
N9*cq.97
l9r|~{m
6JLHOAn9w
3Ge9KE
mZ_;9L/Cb9
J"@GK|2Y;E7hMli^8:!#/dTr
G9bSEVv
}L~W9K.I]
9LN5DQ'
Oa9\Ks
d9HG$-J9)Z
YTI*!s]IgH#7e2yoq9jI6
H6^IOQJadE8[
fYr9~h
Z;06)qjTPsMJ:9R
26~OdI+p+
PqyDxZ]L5
a=`8^sHy?8=
$K9:^b9nd ~L
M7QwYoM9Bd
/ u)?J
'tf&rQ
=J9Cr7
*v"jx,3?mQY
$h|TJ9WDB#7
9Y^Et98@9
8'G}a&84`zX
9{L<: %=9
*#)5l'^N6X:0
K?YAM9
i72;4 gvot
7IVZ+Yz
;9Y8b U8r^nj
+pb}c9L
e9[2F9t
9;`VQ9/6
9wAU*7
wLbpA82e
/Q q8H
e7^;Id
F?@..WV
|I!%89 L
88mwVD(q48$
Q.XL<L\vI&;/
<&w~3FFUO48rYu%#3L
gB'vf8
Y/y*[+J
Z`=8\zK
s8M]R3
N+$\#9M
:l9ah_27
9@f7I9(*L&{*|~?KV5u
g]?I9`
aj9^="
,9OiG9D'
*8`F*o
59zg~hu91KC6
@SA9"?
&u9E=k2
[8*u+e@'PT
u=M624fy"
E.Yy_0xb3QBndy,
9"}lzO
z)*5-W
2/!KPY
2{ijy%^`9
@9H<GBb2~d74Hc
dM%_6XS8+
ls"m93
WQ\M9r4@YJB8:%
c7G|m9Ff
.%9g`Hfn
&1 o2H
9S=V?9i9[@^9tpY8>P
be&L)V)>9<'
H-&{o9]4E0
k@#9[O1
I9J`R;
9n4#Jx9
k:I9;l
5~YkGbZ0*
')Mw<.h)
lG!Qw@!)gy
5PtssBy!
9) F<7=5Y
"y2yfC9=
's.{I9pqe&9Jh7
ja{7HR
Y"9N)x
U*m'R9.}d
6Sf3']=4
9nB|1^U&9PW
&0aw79
#\fC%bU9WNx9
y>Q!9@
Z@t,Kp9I
2,GfO=
[S4=lW0
c%8A~yw*,Wq2=7\H3,
A;6%[ 3
!@EM88V{M
3X!BbZAD0
io.tDQq%x
P+zkr/.w(g[qwx&
t1{nYom+
kX8pe&9x
P+%D0g_=
94^F.MH
.8[\b46?5J(yH+z
8{w(9L
v8QSI#ri*9yZY
;92:m69
Rr'N9F^N>;y}Q8
|_*qn-b9:
Iy%I9?YNq
<U!7 CHy
.C\.~x
UIWD#)q;
I4(pE 5nkm
5;kNiI8gn
W-q\T:
P/Dyq-7Qd'!vk<
.])1%k;
9Qm&9-
l{t;;9,.
+y`9-F
t4r0*w8~@m9r
D0/9Tv+"9
1^{gG2
9xno@9X/t
2{x0ha91a{LLl
BI Fu9
/G1=;9*
6DC9xlT
=Vn96b
+WN}ybj7e9CL9VSf
9uD^80
9kxMF20
9.WU9QaV
q9pR4x+9i
9YVX 0;
iwV*?7)
0<5L9t
7*Wy/9$
cJ2sxuN58
~6Y}20M9lw
.38cv5l
E)C?*(vuN9~B`_
F4t-9o%
q-9`/@
Bf?8 ,xFI*k7*_f9uL9
Z(9*F
9eZ*Lt
}9yI*t9l
8~j9sL.p9
+9fATL
Dk9n 6^
QWS9WM5k;
9#EL0IFI
s?9uR8]W
+F[rn9Cv8
9lB,*N.Yqy/>
nu7vF9A
UD9?=O
}b&643%
or7b-yln9qB
M2&"1In@9
k2]3g6
59~tJ%6;u"n
zvn9*cf
NXQ~y)9o7Z2\^@5UEnl
9f,Y^K9x
"O87Bru9tT2!g
j9&SQ9
r8Op9=
4Q?t9[r5~87ZW
9`U/p.A9
NQ- m!9+25:
fR>&2qKl
>InZ94'R
gj9 `hZ*9p2if9
90;]Na9+
WH*aq{Vu
)9vF&Eyr
t-@*Ta9
R l4Gr>*E6t`
Il9~P7
;U87kisNy]6hx
#@ar +9Le?J
9NR/jV^J9vx29MU^G
:7jnh,/v9>M
!5Wc9XO~
neJ~+ 2Z0yF
\Z%8a9&
;9u-9<tO9A/ CuNu
9F&u 2f
$9 %@B
0wf4{8
0,9W2ko9h
"/2*0^w
Otqq_Q9
9i-%(.2p9>89
fq*-xV
`LA|81E<'=9
&o`9*~60.9DJ
9$ O{S9
@0m?usS
n9iy-U9p
29'&Kw9
u9j0{@?9ln
0o/9M6t(6n&i:N_9Z
9ABb/Q
9=Ng>30
)1q95a#r7
90o'gt#bAe2Dw7h6o
FK9mJG2{9"Q6W
^_ET9?Bm<
;gId_*U
8gih52
,0FE+/L>V3O985k9|
FpnW.8P
NF.9W>5plZW
9[q#j6X
9.?X8rA9
NV ^h9+
'9/-X9rO
v("i^9.-Ab 9C
i$,-j6Z
#)9tegi^-09
!39'_b
F`9k:m
9P_9^r+6
qFZ.Sm9r
h<+9.6BF-
9Vp/.cv9~O92|
^W(9-]g21d#yl9nZK
9`)dmG9
;9ha"t
*B9h`r
n80=D=2+
2t&(nP
s0%XvN
1A92vKj9
9iszAr=9;v
l"n9uge?
E}7:Odyt2#
dV?94tn8E9
dePw04V
8otgU6EQn
9u@!ti9~
39<T4'2Ny
!*ul-F9
9Kj.l9
Vp89$76%
9|/h!9?9
4uMn2J
q9#fm-|9^iklA~2c>95+.z9a*o'8
~0cJ9\
{,A9}1
9l}Y9~:
W*?960LAT2
r*-#7q8'^+W
L9sDE6d
S?I\Cr
RwT9zA
9[Fb+".
Y2D9 !"G9_/ 4Z72&^zy$p#c93(v[x
'vk*j2'N
= 8jXrI
+\tMp7>
}*aGHUw9"t
&qrGG9
}.K97UBu~
G~^;<9
OZV9/<
AxNhL9{
qI8S`iJa8)_
oWN;~9n
i?f\9H(
rI6f{*y
90^$S&
< *P09x
~694p!q
|C9&i/@
9 9K(^9
DF19,@
9|[zCnl9
vso9,<
9!Z#9Ytl3^90
+.y]'8Dl4;
:O96rRVN9'
/j91\6uFD6>'*9stnlP9
|}{j9@6N
#f5~&l8ao
9&/<7 .8
ejv^v.
+5P9xLO
/Qi88O!xzE$
S5{*\y
;R9ne^
K2*IAg`9OaY;8
0aV.9sN
i3J9r-4)\9y<F
+_/YcoT
\0m9IlW
~p Qt9|P
9. n/v .
Vj19g:_la
AI9;77J~
2n?E)9A
9)Ap*fO
tufx*Hy9X,
fK=9MO
.`bQ91
9,ZA_9
wYE+5 $K9XKi*w
t!huIv9
9caF9n
e9 >TJ
A9c5*^D
yw {9;~
3goI/9
:x8%vlu
7Z&a_6
<C.4i{9
A&|g6<2
Qv7Q]=".
tOz%@P
Q-P8{y
;9a!Vc66K
NY9EtQ9
H1N?9DK
,U9M~vFlzm
x?pQ HWA>
5d;5p:1QFw
PV3DGBg{g
2SH,qS9#QoH6+
bH?im9
6 _RIl9D
x%3~q4
.DPd9|I2*
2,Th2 y
2_|7?;
v0a.OMS9
9[5`+ +
Nj}9t)|Y
qvi==9)Rx3
2Uh%Q0]@
|qy<4rt
sna2xv
5Av hBFeJ(omCPX{hg#x8wCQ
S94a&14
>}9BLo)9+
9a.U3?;
m}8NOM90!
e9,-[T9~c
C"d`Au
xiZ2Gv(!mF
lc"Pnk/)y
2\<]+DE+
mQa0\:9
1|2Nn/9vr-
\9O. 0J#9
m~,OG9%
Y^g*_2
(d',v9C8y]9#sc
639SOD4)5
w9x<,Me
XrA+\Y4#2]
<)N2(UxT!w9
bICe9s
g'9Y~(yr9pnv
9wP#f9&
9(43yt9bm1e9~x^
ow!IL}6n
5<w9Us
56=(?n28~%
9Q-9I3(Jo+
vyS.9*${NGX9b
9b )l2&|5^3
ewb2c`T9x
W9-a9#T 9
>6A,79LxK{M94^9
9fKMS9J|i8e2aq
jS9s?N
~AY"p+K!.L2
9)Fc9;,G
J8'/My
q/C>C9
KL9~RA
\9ub<"5Ny
8\ZC?J
Mh"6I}qd9)
`+3cM9yJ2?lG97@|P
.P.?6Xx
b*)s|@w.9@
)Jg0!;qAp1'Z
+B!;YA92*u5
5)-ESJA,t
6I3M[#P2
3Cex}s
Q%'X!}C1~ckDQR38Bw.PN
e5k~<`s+
vAgQoi0U
S6#P!O
?)K-14
DJ!%O|P
Q4/]Yy
C3IXyJABiDSg'r
/vU7u/0&-
v{'.8Q %OL
H}i*2V&P/
:0H0e(\o
17EtwB
6[WCig2vY8_
hY&-6@
MvQ=$3)<U
P1TepbH3j#
q~!ie&WEj.{35w<9
5)6y-8o*?y7ZBxt
aC_^06;s8
7!Icq<o%"W12g
'y0 DKD
:@9;fYP
oI8oRH
BF.>XQ;-F"T6<DbpYOF
QU|+*u
yp} Q7v
}aX/O'icmTfhx iPsQz
)7h$_d:4fogK5A0x
\)/-ut
4poR?%P!
c0P*&ha
>M}!wD]
g3!Sys6T8
-*fD#P$
zSPN(U>81_X{eEg
%!/P%QLBVa}
-wC<QnG
o!)rvp
lZ@'(!tcn5qhCd
<B 8\;l
aTy%7Br
.Qt8:!
3'gA#c+
aBUay?5d8Q
vN9@fQj[
\CRH0@K8u
A,@Q24]G
WPn:F)
`w6u&0
hwg5Ps!m
6eSaiE-;M
.,PT-!
I.Qy#x
)7BvD'Q+
TP,pQ0D9lx
&*qgX8y
(6#i_4EfOp.Wo07MEu=0fh
&5]#cG
6u%,CMPk
7b1t)'
8AfYkw
@#*q![n8BSg)%I
4>+0yA8]VI>
)8B2:jfSD0=
(y)M`-
4PU/g
ad&jTjvv
`@k`O%
c@''AdMql?^
|Wh+(|f~[W
B#QrtPh1ov
=txg1|iyW70v8P%
a4Gy$)
>3#BV*Z
;"w)gq
)uX&d%6
1d=`A:g
(&1h:\
>s-Q);%3pZC
@OtMgTT.I>Ys Q<l&P?RS1S1
Q'8NyCu1
555\)!
c5X5w54
8-8%6%
N%cu[m)0
Lq!U9%
Q666PA).
M5DQB<'1
j~IZ<=
a9fF@r8
84fdq4Kt xs. J6ppr/U \
BA(lSx,<6Si!_EB83;tMPM]
d5Q+1G
[.=b2A
7lyQ4i?IGe=-Ty!
j*{vg`NQl
V)X4Br37]
UE+y/wjI
uw\20UQ
Q^5U]=6xq@
!UBU/&D
yW+g/QH
&[n@5C
plF(5'4
F44uAW
I(R5l!M
[!(#P
C(VK[pB5k
'C5ewq
l}.c5Z
7s5BlPLE"iq4j
q88jDux
<{wI8o{@]!
uf|jt%=iW{
#MYyaf\S{
Cd5P4GZ01?6ds
C8VcE/
0cvmI.
*KdCf+
O)GTD)
~>b4]l
~,z.h<N3
7<>s9Bg%
9m@5NP[uQk~wUqvMpcz
9^i3&)
G$0%xg5A@
iQHK('
uWt-Ady!
58=MDnPGq5PeWADI
!0J%!Y@/&
AMu,Q:
O0&$G5
N8n]#1/{Q
m<[pP%%Q4
$?SZzxQ6b
Q0uJ&;p=
fQR?*rF0X69
X5gDYa
Q7r1kL
Lf77EW&SN
"V9X-c|\@>y55=%'/n<=<#Po
.JO`^@
)qF/gry>0vn6
<Sp--P
JD7PEwX2Qa;
W|BcYKQx
`gG4I0yP7DI5\%
Y2?*p(N
[)0; **tP(V!#
"~Qfm.?SX)
P$ JQLy@
lW6}9A
,YEMzdF2Cu=gYG;:
"B|nf =
%yQmD`
vgWitu
kMm7Ss"\N{e0
{QqR4yI6@
4QDS .4C>#PsS
fUt4Aap5\+f?
/Y4w6dc
O7C`;q
c)ph7lDPqQj]
P#:(J5u
%Amf5xy,A@z8v
J@7ZOu%5M
TR7O3;wKg~GiGC
enj-X;6
v8oU)g
8\F99T
4y~f,$d$
GetModuleFileNameW
GetDesktopWindow
CreateThread
ole32.dll
$.`4$d$
GetVersionExA
49,NC,88E
bMYO$;c
U7CV\=
|%p90<~
1mtFHyGB'
'-F0e.lsiq<4
%bgg\z
,@%!%H$
Vwe5L6[U.
user32.dll
HeapFree
7AdPIa]^H
GdipGetImageEncodersSize
`d$,t$,pf
!pV5gHVlgj
y>p~_H
j)43/jHEWfh
Ei6S*:H)wc*nfu)T!
?MkK#d0A
DjnH~/P
dCIkbdJ<
h(mw/[gM
j44:-S]
GCi6 [ay
GDI32.dll
;G9Y(D\w
G:cIy#
a]y9LZ/
.`%!)_Q%o
Vb<FW11xbPQq
'\v"&'
(:q>ub
]!TN~nl=
>_w;"o
E`>pRK
5Ixt|V?
_-;O2EE
'Me]D~
GetUserNameA
Uv1"=D
\btRFjY
}fiL/EF M
sdfGR<Z|^%
Pgg2dRpj+
o$\GJ<6V$ipnhv*AHM9
g{!PgY
:YekW?lj
3Y1dF[gF
GetFileAttributesW
OpenProcess
'`HY_`;
lk_.>T5O
_;j`-m
Q!p2K-X2w}V} [
`ss %-
7Or[_wX(A?
`"_^0'A,
)okB4%l
]Gb(}G`
fpmy]\Jkn
|dt8$i
M]8]]i
hBwWCb
GdiplusStartup
ADVAPI32.dll
`d$$d$
(<5)Wvi
AlpjbY
fv`Zr`1q
`D$ GC
uquMQu1
yelsGZ\
)T&c~h
GetStartupInfoA
{y2Y$1
)LrdMeSs1Af
^g*.k8Vx%
\[`c?js=
<+>GB9
P5U0|BRl*
>`KBN&
<~%kmE
K*@5}Wc
8? Dj)1
a[(v,T
;S.f0<
_aA=)5
LSFnM{
V:+3]IkD
d$$hY1f
z|n[ J
]d*=Ir.+!J
P\SD#P9
HPAj%L}
HL=P7 +zC1
>H=8 A
{B.*`,
U-5`b2W
|jtr&?7B
HIZ?E%
4vMWV@|k6
Ab7C1>WG|F
owo[Sgg
R^{Bp;
;wC rE[
*Fp|nR
y+xn!I
_c6@<[
U;>3a.g
T0mFmQI
g.,gKRh)y()MyR>G(agdiplus.dll
&R&RxZ[
\Z|JNZh6
/N,yQ$Z
Jq!t6g
GetSystemInfo
InternetCloseHandle
WININET.dll
``d$@J
S+'aa(l
!d~`^x&*
!\^<J`
27>NJPg-I@v`vz
38d=Y{O
L1O{Oo&+
z-E^DWm5
k_}ipW
#cXl&GO
!\w`x4j
qiw2)$s>
%psW<g CKfqq2
IP;%&.`S.
$[Az:76
SlR(o'
Cn`AQi|n
|qskkQ1L._;j`!fx
k[4>_}VO
GlobalAlloc
U~mqa]y
i@4Z/&[|G
3o8(Iy
T`d$(j
GdipCreateBitmapFromHBITMAP
CfL1UmqK`F2X
'saWTUR67>R
2/(>o9
|<~D-5tm
AW3r^,
;T`fL$
SelectObject
KERNEL32.dll
vE5dB`
>b:s]]KChnv:
0:;} K
AlI _%
zwTNO3S
>VeQ}9
],a +J@
^?@HWf
%U@i` f#
nh:C[[
jyG2H)[RrP[{2
/J(xf$u=pj
DuplicateToken
mi``cfibn
]``t$@T
h}St$$(
&`QvH3VDg-Im
_~xR\T5
WcWfLY`dJw%=hnx8w
}S&}aZ
;bP[;3
}Ht|rK[?Jjk^*;
8#,MeN8G
k[s*!P
wSBlj\n'
L^/k6D
GetProcessHeap
$/@`D$
`h{d$Hil
`4$d$0Zd$
hdmN$R
l}YI\!#9
|0^8N?6~
Jxfz@W75,
$6<qR|!
#y[U[l:bX*8)E
3`B#"oU..
'^Dl:u/.
F>*x)dcR0
9`Z R Qu
u U"2.f<C
GetTempPathA
SHELL32.dll
ntdll.dll
BitBlt
memset
GetModuleFileNameExA
z|hG:|$tQ
QY1L8~DZRd|r_V$
4WE!(G
B_JAS7^KB&o
FYt|)\Fo
7+vLQi4
tt!&1h
uF6zYp13
?[*<6[GBP%Ehm[p~b
Process32Next
GdipDisposeImage
FindNextFileW
`d$$N`D$
mi]u$R|>v%(
cviQGiUahNl"
Np`1N63.\&4-P
]@M[E<[
t{cPrzk3
p*oCFL)A@Ql4
V8C[>48X>,
(6hCKb^6L,.
;-Ej4z
h)7AAXZ/11pR;p
tHfQ;'8(~P
E%}){^7<jCGf
Q% Fm99
"?0Y2/
W9`f91,0`
$f,$d$HL4$d$
ReleaseDC
5Wh%.FfD$
GetTickCount
m%p:SkSZ
%R%YzyeMX
C[/jQj~.w*J@IMu$4%: \@~h~Pft
e-Kbp!V.2}2G
Yr\C0@
T6K7ZHEU$Iqeuf7
`d$$qP gf{
P|m}py
EPSAPI.DLL
u`wyd$
I)!xnzXDpR9 Fh2R5,
I7R$QXz+
IB*VM5
E%X*jg2S
Ah2sWN
.@cr}HdU
*sGR`M bTn
H<TQ2-gjUX"P6)t
#*Rn\Rl
@YY8jC
GetWindowsDirectoryW
D$ Pt$$(
_snwprintf
??8,z9T
4.C}A/v
HsCwk<
nj'n<As ~e
t7Q8H\T0R7N3FM
'Bln<YP
7 fO%U
J@9j|h
\_+x]7
;d$$cRWd$
CreateProcessA
mQ^uZ%0
WVJi6u}
]T;'HB,@l
:yWFJ}5#|
QjLLDrZK9=/V>W
xjtbdf
q=sat&
Uqjxgv369I
E0g5h4n2K>
z$`d$,
GdipSaveImageToStream
djU(^p-
gz%~:$
YIH;wCH7
i-< ::U<=
$g]l.[Y2Os
zt^Ontd$
GetAdaptersInfo
[sAa7em%tr
hXu[I?
E^MkNJ
.lZ~1yd
UO6vwR
ytnXs^dK
`6biMA-
`gSW!p5
.](*1Y
JV!fn45WFTf
d!18`3
9LQ0lfk9
hK"5PJp:q
>'OY*jgR
ml|RliW,
|l)RCBj
8~dVj;
H`wS6<f,0
m,4$$$D$
.qN!97#*lrK
f{L6gcCh
GetModuleHandleW
CreateFileA
GetTokenInformation
<$he{d$
u.XR/rz
q#9*fT$
f4$Ud$
ft$Lfd$R
RGnEppYQ}
4Zh62uX
O}miZcp1d9\V#O&T=,
HttpQueryInfoA
FindClose
GetLogicalDrives
HeapAlloc
InternetSetOptionA
G'"KVu."
'+6z'-==O
sTtQT?
%@p~"Ws
&Yr/1u,
rjYy!P3*
,]i[%7
1V*ACvP-
?6Cu=:
-C1wP4
yA9HYC!xD
g+Y3@/a
L4!'*R
-x1)P+&)*6]
e9P'w!|%
W@dqEyk5m?2FISt,1Q
vCtIoV'
hgA%7'*5-
]8/*)`x_3
P,i5NWf ghnCwry37+
P(OL#7
{LY*5R--N/;r%^W*Y
P6s8y<5x
;M=*~5
6f`g\#7yq)D+#
dvE/>atrqf
A@6=M0pW
nDJ*)3'g5cQC
Q+/(c#
/x92-8
OgigP;
![Y q;
s )_Cr
0!kQ?fafyeb0t
/O5Pw0pbw4n.
Q;f2]`J
VCMg!Cb
]P_x w
1Q7,) M[
eh,2b8`
>)V8P|
prO0@fQ&
.mJ =M5 p
Pn<28.
w!Ma;sX5eP}'L:&
y$83aol|y
$>5YGR1n
Rq{LsPRD8
16=sQ)?u 5
C`(79AD[gY!P
}&x%9;qgKh
B'O08v;w
;TPRC68
DA8azQ(
BtT&q!
{?r=uPV
G0P/3'sjQR
Db")$i.gpQ
\Da@H0Bs{
fYQwSo
)Myx5{8O Pf
g@035W)*yI1ga
*rvl7w:hAPm
^Y\Ftrx4{_kS0-P
N'!D{a
*xlP;a
*1crx'n
48:u%*\
f*|;M}EhO8v!JR@UgyxtFdo
UCh(Ez`G!@P< '
0xQ6O}:
;y&P(,D
+?C#P3
P#_.SeW
igDO.7@&mK;Q
Qv;} ?RQ
]*P-Xx7q1gsD}i@U
IqDkpOx2q
/K&{48-
a?)je6QS/
B|Qh&A/50eP
{p7{5Qvs:
_u} 0wV y;4JWQ
1`D9Xh6
:oQ)Gi
PRx1@5
BtE@mC;G.
ucBv{[!P*Ty![:#
D*i&PK
es"uO2
Mm/?0;ye#
Z;5*yC]q/
%)*8md- N
;s(.%yc4
X8^8@f![-
/Hh]q(1x
!qAiA!
!)lI01tp5aq
YD6a63%86
9@moiAJ
!QN*OC?
yk6j_7
AZ17Q+'w
ZAv = T
!t:K{)
)s-P F}[
8X3avD*5
O7@8vP
Q!K#8@?]e
^Ge/*(hx3P+%Mf
C'g;s!c'?gO[f`:w[o
P3QA{N`
}-*t}_[^K0*P {
xG!&QDk
E[P&ET)
J9)Rl@Z-
Dp^&p\pi6Cwq
*5.d~A
Y)\*u9
0#PaNk
,i;xa`
h*2n:qxD$0
1(zPeD
(G9\'O
Gyb*xDyE4Jf}A@>
FgQ"PZRt
7/3Q|l 5:Y+
Oy$6QaPJ
#@wPY"iXf8ZW
9JTX9$
;A69,M
NF94#a9
YK9.#b69
@J;c9T
9 X|kG9
YE92gzLhO9
6ig9ED9i>%#jSFw5
9a9=MNHV99X
+?12;iE9j
0:V&8-XB
9YWgf9
Hg)11b"2
YKe'k9gLg
k/68=F)U9
8m=1'K5
xV`EO9V+1*9
n6>9xzgf
Y7i7:M9#
)2Kq49t5Cm
X'0;#9
I9Jh R1
`s,OjS9c
=Sv&HA
P/Hq%R5
s)^#9,
*F%>+p2JyrS5
95yi4Ox1*`6N%:k9
z!9n7yj
"9BiZ}9PTs
r.L.w9%8vj*
8]-F4J=u9ThQ7
%ey*yf
<9;6%(C
S9>n5Gm
T9y?ety]N]
$[]9kV9w
[]A(#F6
]AH7w9=(c
5'xy+9
K9nI; JF5
?J9wQk\
"xrj2
)cU9{irp
gQk9B{) x
YK5m-wZT9e&J1
K(M89>%11&
#"P9*<(X8
DJu]K7W
np5n6yf=LI~G1
5 SkD9K
[g9O0*S"QC2
"w]*9,lk
"F9'^8\M9
memcpy
tr[i=a
0BCi0.Xt"trrL1m$
VJF8R'Q;2[LcpSNTv'3+3
t?i-i%x
\7Kw&4
*/1VZ\8
~Da DZ
)EC}A*
o`|nbXUJAY8j
%^XS) Wg)
say\ DZhZ kCg
Go=|+[5/j)
PDfG3K^
Vq}U8q
B37N^7
?*0e{#
"8g7V
GetDriveTypeW
$WMft$,f
*>``Qd$H
$9#gd$H
WNetOpenEnumW
GetModuleHandleA
&`h`D$
Lg>;+>
FGE%L!
N~IE?hw
`Djt(
j?UEXBkL
DLUW!]A
W'dw}HD?hv<A%Wi
w`LDbhF>
*3bJs@64
W%@VUU\^U
WNetCloseEnum
qy>&9@M\
!z H3c[s~yWM
(a0`d$@
GetDriveTypeA
v#~d`Z
A]=`BE
M#|8o!:ug
4*{[[%8#NV
bqf4xg
mYV;G3
3yeV6L
/Ee<?Yr
pUgw<g
PnxUvAmuYDo
jvjtzh^"
iFDi"5
|zf{wB
fX3;(2
*?.*|,(r
R0`[L[
-oX{WeB
8X1[`D$
`D$@4$
LocalFree
HeapReAlloc
%D6xnxB
c b DQ
A]csrz 2
0C~VHb2*
~G\(H3
C[_3ssZ,Uo+9B~
'~:JL+
!dmj(/ewB?{
FindFirstFileW
hu^Jj},{
>uaeAA
*JpFs.^vdVVV
tuSG`K!XbC=
=h1Oo>
f,$Td$
>64$`d$0*
GetWindowRect
k|8f99;E4$T`f4$hT
_wcsicmp
CreateCompatibleDC
ExitProcess
iTAuqu]H
efD8gf
A`zz`G
ke%\$<
,$XqD$@IC
4$D$HQD$
`d$$_D$
F``d$@
9`Pd$$
/)fM=EG$ P)_fN
,$d$(K
$md$4t$
`t$tPd$Ld
L$(l$(h
`8f-I%`ff
|$0f4$f
f4$`hH'
$e4$t$
L$@4uE
D$PfD$
%t$|4$D$
$]`t$$E
Vhv*d$4+19D
edk3d$,
D$Dd$H
t$Xh4$t$$d$4:
$hbm=,$U
h4pSL$
`\$$t$
t$`hgd$4
hzh3ld$@
hys{f<$`
^D$$&C
D$Hd$H
$`t$$E
Ud$8D$
1ht$,E
L$,ft$
fN_f!f
L$,fh05GC
D$,f6Sf<$
<$d$PfE
4$D$,O
`t$ <$d$(
``\$<f
L$8f$$f
TD$HTt$Hf
`D$$`USD$
h4c.t$Pt$
`d$,yD$,fD$
D$(Tt$(f!E
d$06D$
$`d$@VD$
$il$$,$`|$@
`m`5GC
44qt$`
$Af,$d$8
d$(]`Ufm
$,$d$DFf
8f5Ef9f
D$,R5GC
D$LfD$H
`D$$fD$
`D$<4$
$D$<hU
D$<t$<L$<%>FhqN^5GC
kBfD$4
t$dh03
h<s|$(T$(\$
`D$@t$HE
$$$Vt$8<
t$l4$<$
gF4$`d$(,n
$f4$4f
X`t$(E
DMWd$4
`hp2jD$
$FYe<$6d$
L$,d$,
t$0`L$
f9T`d$8
4$t$84
t$hUd$<D0T
4$`D$0+
Vd$Dy~d$
,Ft$Tv
e`d$(t$0E
|$4f|$H|$
,$d$Pf
d$8K`E
L$,ZeR
D$(^J.n/
$d$4S4$l$
$#f4$d$0
$d,$T0|$
^^L$$h^?5GC
$4$D$8
d$ hV<E
D$(hUt$0E
$L$<hcdRft$
4eLD$<
54$;\$
4{t$4f
T$44$4$
`D$(K`*
t$X9\$
Pd$LPD$
A4$d$,|$
$:`t$@UD$Lt$
$4$5'7D$
Wd$4J}
2`t$ E
`SRd$Lt$
\$DfD$
8v hX]4$U
a8h9I7
$Cod$4}`f
8hp-5t$
$4$d$@Ct$
f,$h9i
`hc-ft$
$Rd$0^TD$$
=`FSd$0
`l$ |$ T>D$4t$
t$4W`d$(BQf
f5E8f)
Vd$4`|$@QT$@D$
jD$@ l$Df
`;9t$`4$f4$d$<E
hcS`T$0L$ `E
<$D$Lhi,D$ f
f-I%4$
L$ `h3
{hIf>4$|VJ
`$$d$,ff
yf}Tf,I
`,$d$(
11X2f25
667K:;;
===Q>Z>Z?
q00066l77$8::="?
0 0d222c455
C�C�C�C�C�C�
C�C�C�C�C�C�
C�C�C�C�C�C�C�C�
C�C�C�C�C�C�C�C�
C�C�C�C�C�C�C�C�C�C�C�C�
C�C�C�C�C�C�C�
C�C�C�C�C�C�C�
C�C�C�C�C�C�C�
C�C�C�C�C�C�C�C�C�C�
Process Tree
- 06724fdd8df1e981f8a09aefd57a42da811d4c5b39dae626eef53a06f8b37d8b.exe (2112) "C:\Users\Administrator\AppData\Local\Temp\06724fdd8df1e981f8a09aefd57a42da811d4c5b39dae626eef53a06f8b37d8b.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 93.46.8.90 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| google.com | A 93.46.8.90 | 46.82.174.69 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49162 | 93.46.8.90 google.com | 80 |
| 192.168.56.101 | 49165 | 93.46.8.90 google.com | 80 |
| 192.168.56.101 | 49170 | 93.46.8.90 google.com | 80 |
| 192.168.56.101 | 49173 | 93.46.8.90 google.com | 80 |
| 192.168.56.101 | 49175 | 93.46.8.90 google.com | 80 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.