1.7
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.66
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-MBV [Trj] | 20191008 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191008 | 2013.8.14.323 |
| McAfee | Dropper-FGJ!304B61199905 | 20191008 | 6.0.6.653 |
| Tencent | None | 20191008 | 1.0.0.1 |
静态指标
查询计算机名称
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545305.625125 GetComputerNameW |
computer_name:
TU-PC
|
success | 1 | 0 |
检查进程是否被调试器调试
(1 个事件)
收集信息以指纹识别系统 (MachineGuid, DigitalProductId, SystemBiosDate)
(1 个事件)
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | AUTO |
| section | DGROUP |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(2 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\Mozilla\iqbjnwa.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(2 个事件)
| host | 114.114.114.114 | |||
| host | 8.8.8.8 | |||
文件已被 VirusTotal 上 54 个反病毒引擎识别为恶意
(50 out of 54 个事件)
| ALYac | Gen:Variant.Razy.521472 |
| APEX | Malicious |
| AVG | Win32:Kryptik-MBV [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Razy.521472 |
| AhnLab-V3 | Win-Trojan/Dofoil.Gen |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.Razy.D7F500 |
| Avast | Win32:Kryptik-MBV [Trj] |
| Avira | TR/Crypt.ZPACK.Gen7 |
| BitDefender | Gen:Variant.Razy.521472 |
| Bkav | W32.HfsIemusi. |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| ClamAV | Win.Trojan.Gepys-57 |
| Comodo | TrojWare.Win32.ShipUp.CJB@4yle00 |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.999052 |
| Cylance | Unsafe |
| Cyren | W32/Gepys.M.gen!Eldorado |
| DrWeb | Trojan.Mods.1 |
| ESET-NOD32 | Win32/TrojanDropper.Gepys.AA |
| Emsisoft | Gen:Variant.Razy.521472 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Gepys.M.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen7 |
| FireEye | Generic.mg.304b611999052edd |
| Fortinet | W32/Kryptik.BCX!tr |
| GData | Gen:Variant.Razy.521472 |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.ts |
| K7AntiVirus | Trojan ( 0040f4c81 ) |
| K7GW | Trojan ( 0040f4c81 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=83) |
| Malwarebytes | Trojan.Agent.RRE |
| McAfee | Dropper-FGJ!304B61199905 |
| McAfee-GW-Edition | BehavesLike.Win32.Suspiciousatg.cc |
| MicroWorld-eScan | Gen:Variant.Razy.521472 |
| Microsoft | Trojan:Win32/Dorv.A!rfn |
| NANO-Antivirus | Trojan.Win32.Mods.bxpfcn |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.69BF.Malware.Gen |
| Rising | Dropper.Gepys!8.15D (TFE:2:zSFZZ7SGMZQ) |
| SUPERAntiSpyware | Trojan.Agent/Dropper-Gepys |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Gepys-A |
| Symantec | SMG.Heur!gen |
| TotalDefense | Win32/Gepys.JKKIcDC |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_GEPYS.SMAR |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2011-09-10 22:46:15
PE Imphash
bb672c8748bf30a5ee2fd933f225d6ae
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| AUTO | 0x00001000 | 0x000021dd | 0x00002200 | 5.940772904436547 |
| DGROUP | 0x00004000 | 0x00058c24 | 0x0001d400 | 6.592323859167423 |
| .idata | 0x0005d000 | 0x00000614 | 0x00000800 | 4.240397204547869 |
| .reloc | 0x0005e000 | 0x00000000 | 0x00000400 | 5.454596958812457 |
| .rsrc | 0x0005f000 | 0x00000000 | 0x00000e00 | 3.6639222417639887 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_DIALOG | 0x0005d6cc | 0x00000224 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x0005d6cc | 0x00000224 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_DIALOG | 0x0005d6cc | 0x00000224 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library CRYPT32.DLL:
• 0x45d158 CryptStringToBinaryA
Library USER32.DLL:
• 0x45d16c FindWindowW
• 0x45d170 GetDC
• 0x45d174 GetParent
• 0x45d178 LoadCursorW
• 0x45d17c LoadIconW
• 0x45d180 RegisterClassW
• 0x45d184 ReleaseDC
Library KERNEL32.DLL:
• 0x45d18c CloseHandle
• 0x45d190 CreateMutexA
• 0x45d194 CreateMutexW
• 0x45d198 DeleteFileW
• 0x45d19c FindClose
• 0x45d1a0 FindFirstFileA
• 0x45d1a4 FindFirstFileW
• 0x45d1a8 FindNextFileA
• 0x45d1ac FindNextFileW
• 0x45d1b0 GetCurrentProcess
• 0x45d1b4 GetCurrentProcessId
• 0x45d1b8 GetCurrentThreadId
• 0x45d1bc GetFileTime
• 0x45d1c0 GetLastError
• 0x45d1c4 GetModuleFileNameW
• 0x45d1c8 GetModuleHandleW
• 0x45d1cc GetProcAddress
• 0x45d1d0 GetStartupInfoW
• 0x45d1d4 GetSystemDirectoryW
• 0x45d1d8 GetSystemTimeAsFileTime
• 0x45d1dc GetTickCount
• 0x45d1e0 LoadLibraryA
• 0x45d1e4 LoadLibraryW
• 0x45d1e8 OpenProcess
• 0x45d1ec QueryPerformanceCounter
• 0x45d1f0 SetUnhandledExceptionFilter
• 0x45d1f4 Sleep
• 0x45d1f8 TerminateProcess
• 0x45d1fc UnhandledExceptionFilter
• 0x45d200 VirtualProtect
• 0x45d204 lstrcatW
• 0x45d208 lstrcmpiW
• 0x45d20c lstrcpyW
• 0x45d210 lstrlenW
• 0x45d214 CreateFileW
Library ADVAPI32.dll:
• 0x45d21c DuplicateTokenEx
• 0x45d220 RegCreateKeyExW
• 0x45d224 RegOpenKeyExW
• 0x45d228 RegQueryValueExW
• 0x45d22c RegSetValueExW
• 0x45d230 RegCloseKey
L!This is a Windows 95 executable
`DGROUP
.idata
.reloc
B.rsrc
nrCesr
kIZYW<
mneTwe6
ia\Uor_VWT
iAdO ie
vxaai_^QRVD
1ZY[QRV
sSXKDy
RniCfi
loMPxw
PSQVWH(@
|_^Y[W
Srnatv
ieGneo
WsxrerT
rDCiir
sL^ZSQRVWT
D fce_^ZY[RV
nn^ZVW
rtldPL
R_^QRVW
tNeTny
logoEtR
ismkoe
MFecnu
t_^ZYQ
Lrgyte
sDeebotZY[SQ
tadTvS
ZY[SQRVW
_^ZY[SQR
AZY[Wp
eno ab
lttAsp
PQRVW8
rrn uto
iFdd\i
eoa_^ZY
^ZYSQh
rontc%
eEX_^RVWP
hZYQRVW
va_^ZYR
rRiEeto
P=SQRV
1M^ZY[QRP
uysEnb
vaalkyEDR'
tm:e%S
nnIm\o
ZY[VW0
e_^QRL
doeaiZY
VVVVVV$x
PPVVV5$l
PQRVW<
PAn_^ZYQR
S ceal
CZYRVH
o^ZQVW4
EE;u~oE
}1_^YW
onheRo
\4on^Z
PSQRVWl
_^ZY[QVW
Rtetcff
3cLCn^QV
Atssdh^ZQR
r_roueR
lmAaelA{ec
SRrtdti
wBiosZV
es\Pooos
F`dElHloe`ae`Wr
dElEvravndvlzAr
3ri1rEPElP1E
2EnnERc
EEdVncb1ztSzE
yriaEnsAdvoGC
EnSFWVPEaEtPsFe
SEVEEEmrPU1EFpVontzlEpnEntE
wz~ireVGSVE1XFSddMEldPSVl
nEhVerdaddnEPeiBpitRvPPueidl\naF
StOserVaraonSPcFEPEFrvdEtI
VEeFEevlrvtErEtE
enFfPEFnerSdEanEn
SuurEErEznlEVxE
dhGRlVN9
cE0EPw+
rWsejn
|^de]P
jn>e^VEsjLrZhXht0
P}<Puj
EVwEjP
0_j<]aV
AYEVUBP
P\V9QWCEY
V@YS@H
:34P:::;
444:d5h:
4445445
33,:3333p<\
3=33:8
H33<<=
T3x33=:3d`32<
33<:t3
<0=3333
3X33L=;<D;
3=H$;3=822
3<33332:
:3@$;(:4333:33<
4:4:39:*0q?=CL
9:4@::%=
:945>d;
`Y>=044P1|>:A:1<5
=9o1L:=_):4v
,8:49>45;
459874::}5U89?i<:a6=11
R: 7;<94
w:6<>l6(7>10>,=6=>?
>?4zt,
I?60:3??0$
7}??M8?(?=(z
136<4F767<3=w?$==1>4P?0===~?>@
><Y<5>
># = ==(427
6E637>20=6?0?266
=$7S6677>76#89448
1X]999S11
351#<841 8
06U7194
0435#_2Hn9M
68R7.97<67{@19;09;/749'#16
H044265#R54
15##J0]<09
42?<8_
;?;(>B!Z:G
8?><?t;;<^9?NS<;:d;:;;>=<O:h=<8?
?o?>9;<v
;8d>;:q;<@:>?:^z
F>;>>;<;
=?.9:?
;;(9;>:8;<G>;;<Z;LRb
?<9;i;>;46[>?7
T6 >5<
=77O667?46
8\==8>0Q=8&0472
"6N?7=7058iL
<7:7}268F7*^4
6=w881>4w2?7Y?7=yY<848
5?767<L
+?i656?68,c5
48::7j;:
U:64@:7;656U
0z>7:0_:09x5t;;6:=<:8Z5
q<580;;;::6
9::;:89955:^{0qC:4;e;GU;8M8775<6
:::765p:
6<$+\9:
:95<<U7UUj/78O<:6<<5O86I<5:
c 0$t3
344;123zD?3
=3>4Y2>
32<3?23302xf
12i10<
10h>0(#>G3?1>iCu$2?%8<R?
2>>zn33
4 =22;0?8>01>92
:l:2>.4*r
4031832b 23?0<03<=3>?53?
30??0]?664N30:XPN036dXN4
N4IA4XDND1?P4GD61D\4
4AN4mD
kD7RI44DGZ0kN0AA07X_ 068GP
PDIPN5D
AW_0398A
J7G4I10gADD0E
APGIG6
03S84Ix40am
NDX348GX5N6GD4N05X
ND46D4xDPceqDI
fIeDicAvsDPsaDleuAGPe Iq
st<eDDXteIoe tPaiki dEuA<"Xv
rss=AyDGNG "f=yr<Aenu"I
rsrPIAesf/DePtDnu>D>r DXsXsogsN s cteNl sNGrnXlivN"u
ldfbADNe><eAL>D s le/ieofDItP /IaIc fNPfP>P
mss>Ax/GsG<eieor
o>sn eo e d.>om sgnfec:cEm ivf> <nf>r:curc.vmmxse"qcroi
t ct .lmslhstu L vm-s=tPer:a lertaohe uolsom
-vr3 <c
et=n ra xen< <n""toof suvseaitVer
t-m iuoo "
ie een-esiqIs
esr1s1mys muo0ou":asi
BGwMGw
eeq;;B
;mFZ;1;;
_+_Fqt
I.|xN9
V0(jj{i
IDjNNv
;L};2;;
P1;}$8
H2Bp=g
UqBvqXK5
U4>;0=R
1UkzPH
wwxpxx
[wbxohu
i]vsZ^
|z]l|x^n
"UF~0!=
yJD6>2H>8
8 e-2<D0'
+)#c3j
ww{wwwwww
!PEPwE
G!Hm,MJm}J
HF!iJEH >,
Hlnamz^
xqX\og
Fl{` w
>M>h>}
F_k!QQ
i{iiIi
N{NE]_
5SIWqCJ
@QAU;;
;qF<<_
wwwwww
pwwwww
wpwwww
d[vOojwB0|`rd
LQ{|~^}u
~ydJ`l=
!b"]xM\sixHy]0h
h}ufssSrc[
uHZW`XDu
A,Dr'>oZ
JeZUMdHOb
$#L$1OY
\d4nML_k r
Aeg/>28QC
zQg6kfS :
>:'AlCP>B2
Cs*b:n
wta$Bun6?:4
oz2Nf%pF
q>OylN2
M[!zr}jF
_K<wx[
q=:d}zl
2Rb)nAQB
@[2$3y~+r-
9/G ZV)
[3X&|(~
e}brt1
:h[bkib#
EIi60SD
b^/|A%(
$(!b+^{
nMnhzX
Hl!2@d
ANeRrTuudVW~
A5+y!eu
uW;xF:Rut#-
Y?/ <'*qYKg
g,Db 'x&(5'
v?W_1<E
1,W4AnLI 1K
zZ-X"YLK
vrK' JD'
J_hD^13G,$
,GGe~(V
.A@dy i
opnaJl
1_`PLy;
PEF9+n:+
e~Gd9KdLM
E+ kpg:M
D?8mk! |
VyRnR'tHk^
GJZt0*K
RkTt*Vb]
ceG39`F
,GwV[X'u
I<PUkK"t
pm?Ju^2|
.pQ.?"
+)}7sb
?\I(Uy
{kK1&yd( +y
-[-2iV
*z)D:&mKVj`
'uW0DE$[
)pQ>qu4+`y
!|A.%%/0,C
Vz_J0>
Z]zm'B0LRhT$m>z
6c<Vs "2 1
<"m6Cg
L`&+,GjfnWO
m}{ZXzYq
IN`1"t
VIbnr3+L-!
;r}m>yJ)
L-S138~K
%YgvC^
fd32]vgLM
Q]Qd#]1^
wmBXy|bz+eGe
Je9x'!~Q80
)W1Py1c\
Sav`#i8sF1
{*(:"MH ,9VJ
>M1P0ZM'fU~
gi'!M\KM
tu4:tF6%
uzf^$^:$
3u;MV~%(Q3x
27$GPo
6Hf*&?
ob;NeZ\
=Gw\da
:E|gMwGj\mf`
/dG=Mj)
:)hDBGVg
)O7V=AbHH^kKR
&`s9_'<A~m
jR[`u?
o%c<<)g
~+Wz\{
Vx~erK
$BLDyId
>/}>]v?>Cg<^
k*:s#
d$Gx/9iz
q-cF~YPd<
lGiqe+v
^{8TgD0
L|c/T
,XV{ws
szHu/<3
m)bU8{,\<
.<Sm)#
~V:#CV
su@`uSbZ
x'OY>rj
+ui2RH%<xRjK9n0E\
WPh|+ f;
1R$FDn2W
V}_9~nUbzAZ
2p#zX_
g?^~~
wSk%WOIGWF
aagrEBK~
eD\2Zz
7e/>A8:
|y9_f;E~3*
HH,X9l
++MrQW
uYk{MC
\PS8%{E
Jw,$,"\G
|5@MV;hl+l,YJ9
otst1.
MJny-~
3o;wk: FuL^zi
f[[}D/
.!vuK"|
[{Xe:@V
)0#a9*
*V; By
HNF}tH
T.JP~J
&y2[j S Uu
"S-nskl
-u %~>Sind(\'-
NbDoH"
(_R$8.>
{B1UtE
Te`idNQ
-z.W.]qK
{&c;G. c@
,.:qWP"}`~
.v(xOI^".
*"{ ;b:<
iHH4Pf4:HElH
*_*OX[@
HFL7q^
IAZ&#w
Ubzi.a
.|G5/7
4b*bJR&7L
{?l8Ln
2^w1B_Cd\
nQ#)UDi(*"d>{
H>("?Wz
Jb,LLG
2mJY9jGe
Wf5 Cn
o0B6HN
sAj Zf2
~ Smr.k
\IjGSJz
XT^-2,5`jaco
{jp$J#Ld
Ps}|S6Zj6
&C},q[8Kl5:~udE5Z
Rk;{m\rK
w9S]}[&
@&!8|K >;*
~sjqPhHx
>6-q8!
g?)})t^`g8HN2
j5@bkA
-**dqk4
krPRV"*
tS--ABN
2CJ&SD$
7:/Zd<V
iBul_qAKSwL
*J5zpl4
bR98 wLS@3?u
>k!LtC`#tc
m+KW!wH
g@"Mkw7J
!}<3$QFOeJh
!>^QAd
B`|m~)
pO+v'l-Vn
+bRd@Z
Pe(X@*
hwH!($
\]NYd|G
vu(yOXP
oP8=3x
(H1IT5(J%;E~j q2Z
iZH#?!|0
2f%]"0W
'>Dez]d:,}
9A|$yf-MpH
3NbKYdD,]
5@N|4
vD)7,1d*
j! WlYPk_,P
b*8qWGXg
ab^O?RQ
Kq,N}<
{m&YKi2A@{uv'V
`qL'0R
}H~@=w\
5((:rz/*Vhgw-
iBMq{TIPW
z-MW=]
"BLn (O9
ZZ@vuT9Eg
L^~78#(ySY
VH`D0X
Y38NPL?
n/m\xhNE
.+]_M
_3ZGn<'4-.
O-IC[Av
\u__fT@<
Khz4J;[K
feo33k
A;`(5s
}Q3(6KA!
xnG]/-
xs7{!Qt
7WK)nxR:
RLW:+IRgYx
HHw$BAjoKxp
]`mVwG
B.6N2Z_bxmy@I
C,jizL
.H7_8s
ZJ&qL@p$z'
[H`v Nw&:p5#|
6n:M=U
KK\:O1/(
b`$O9Erk)=
$C74wv]XhiZ2l
,RC8@Z9c}}1bU
a~?&1%01=11Ezq
UlSy-^
<2jV.w
$X)1[;H
ODntBr{-VCr}tnYn+n
~k<5(,5?!
NZ[xja
l2sHrk
?R?e0x{
Yo6 #db
OM~IjmuuIRH_p
UWJ^pe
["6#C3f.\4TwtE|[_ovj*|!
Y~4LJS_Z
$E(luHUs
W9A,PGCvEyn2
BEM!=@OKFf#C@
Jr\dJkRkObe
p[jenk
5Z]S6*U#3"j76
E[7IpL&#ni
%g;'wum/s&q
IH%c(Fsr:X
':.u$k'
1$. W_<P
zOjRI:
<D5{<U
!{?wWZ@6vM
q =LRl
nnMljt_z
k$lY:aN$
Pe-IG!;FKXGpm
4Q[19$
C7Yru3
c8He*LY?3#[(L5
/&?5w`
2Q2.Ov
sA>H,tj77
/?1u><H7U"11gppJ
7 +\~I
_J!k7;BFr{nRj
FM;U3,
9.>OTP8v
dg&doI}i
88r%}j
L'<@3IT5
,pR3Xm
*KrTewHy
Y$Ms~%w
HB/TExw
c:6M+O
xIKxF;*
NC0;Jx
g#Zhuk[4
ZJQ*slBt%
_~[~YhR
8LRVinn
Ga,k%
jL.nE1Rs
".e]/iB=FUqgvJrviS
c%S ^E 05D%
<+RKSseM
H,&,Pc l]%Qy|"z#2
#c_R $%y[Ok
4#]{W'O?9.
aXVizSB
X/.\~D D#CP\]
Q_6qv0lD{!
R?y[9
ZndD]3DUWDpQ%
D[S~em|K2~&w
."[>_X
4^/lYV
37.=St!Y
0Eli,K6\`:w=7Y
.[Yal~m%8MgV9
o1kai4}<C2_FbTkE
O8=@gr =])K
RX] hh
^:<^8"e
Z4iPP1G
F$k)AdW
u1d`-F
vLk`itNm
<0ywid`n%--g
P(tIp+
\&kQ&[c
My,*=>
Wgh<z|l
aJL|#s
zU5xW6?O
6>4*RxWd
ahWo7:
CF{(fEe17s
RoH;0z|xQxD
uO/]-P;5
2--xAe-
EsDH0Kve<*:MI
)af)z+
[!W'1t
]06 G*|
kTkkmb5KO9
$4Nw*P.O
38e&A[
<I0eIoxC#
=BIu E
9Z #cqy
dY3]-Ap5,J
>J|[dw`D!:v
,/-v[ww
3bP/w+$
y J7zd
i?bdh&
dd9wT5:
&3Kq=h
0x2lu=v
*S \:+
z#;zX[yZ#.##
0E!-?/
5:kt#0ej
bdo0qu
uSdsd0RE8
C7|Jk+.
wJ@.f^.)eOWR@3k
Qx|z*>R^jU Rb&sR
b'CK(BI
||VWZ1&%
)*fl]Q
$n_,n{Doz_$^
cDj.kC/mn@
#z6gE}a<|/
]W/a0u-
b*u|RU
#Vt^}`1r&ho2
F??-]q
KvQ|tS#
FC'w+i
GJeL+K ~N
C3.. \2S{wc9k
Y{)=I_S
sqlyS"
Ri)%/JO
Sp1,P"t
xhA^al
Y GaDY#~
j>&+ q
P9K}ix
GUc?Q9*CC
C/~/6Xkd
8a{g<J(IU
a[XIs8S4
i {()p
41fa6{
r*bHV;"cjRj
2]5S~(p1
0+%'[Mj
$$*iTc
[&NP%M
*&A*5+(
&&;P$\n
~JhCQAMNV/1zf$k
=?g/a"b-fLf
gp=?X`Ry
;69t.L)
S[dPX>
y#2}Z!V
%"Fkt$G<LBL)
CV7-4K
>qRRBNM
OjFV]32[
2Q.k)KvILh8
q|l0,Vr8%
U|[#Ln
8gcyL2
Q#YA~H
[?`%)}D
Ig"H"&R
dVB0ALv!
LXjY,:DPI"5%%:eNoL%:yrpax<N^q_W.LL
_/?4_L
_f02/)V&+c9H
,X1-#Oc\4ovu~X
w=d4Hx
?)D01 q5%
Y/Gh$. Rdw)7ua
/(qaK\
7*8[!kAdo
^w4YK6+f
jIQ[Q_^jN
-y#8-S/y
1n]I<w
" K4zoR=
@@@@@|
~}@~}@
@@@@@@@
aCMeaudeTIaHL
UeeCth
Wardlni
oairre
tpMpoay
itnpSA
hlePRegtuwseasoi
rPreCtnneEkIt
ennhaeEeG
drpS9?Getun
cnWoraotriie
eGoaPie
teDrLrotc
maOd7fo
rttirE
catLttG
aroEtLe
msaneoCcesecr
rrliPniv
Srryee
HCQAne
uritela
tcieanoC
Gleeon
tIeiatut
ueoedlolHP
enFeniunetImTptSnlsodgr
zecStiFli
ptelsencSTTtsIlsVAe
ilrraoceAtdelE
iaekdtoesa
lreSenieicd
DinnorrGntWh
eeeldirbeerecInteerlnetncaiottce
eneiodPWDEvaxt
eteSPoesEriaedESndnGlrd
tscPeinpcinvtgl
nttStGrutuMdcaonFie
dmnEndsl
toorTeCeeInehEoslla
zIiestp
nlPPelCtetrteEoul
TeG2ciemlaUWts3Hnn
a2ur@z
aerOitmo
nrteCeCxdACi
SatsxtdyLCre
ctfaeUf3idnor
oetncnoe
tCSlocsnrn
peSs?.
etsheuRLAgD3uQg2oxERrI3Sde
ll2.lU.x
gut7eade
0aWaclKez
etWoDQeeEsuEePxVerE
asdedRO
einEWi
leMlaK
SenECVeyEy~RlPiiol
CeEylnopNa2
SgeRElGxeWltHuweeot
saUMeaitn
lsiaxtg
rnetaxheeoosu
toywsBsg
icaesmPoIenaria
ssWnPeWD
PecDrniDgDaEWWDinmp
rgdeWe
WoCarget
iSwTol
Mdrnrodd
iRoDtilW
tEsrDItrLWelrc
lNran.elm
tsaLeatLitLrLReea
WlaesieyL
goeae2sWtddWGeLat
nnCsdP
oddcGrmatEWWtTc
eeMrhter
LedalaWatccADoCorGArt]temo
EicPsdLKnIre
rGateee
ntepeFk
mCWCGioaeGRlSm
cniles
i`SaWsHeVsx
hluWsieFePt
NarpluAJt
iimDTvtFPealitHycaiGm
FeFeteeoeoi
tAeespG
eMWele
ptioEa
nfres\ao
l\ixur
Tr0\nW
h8ke4vKZMek
\}s 7vW
Y`/,U-U|NG1V
70\5Lzl#
EMTX@'
U`#7S;IN
+$0X-"
P/|=CA
TJ<HO{W
FKJA~}*C,R
EV[5DZG.QYB
% H1KY
=fy[)_
8fyd mp
g?nyw$^
xevc{n9x
rk.+ho1
0& u!};e3m
%tobab#i
AyaTnF
gMnuTn
Juaryn
dyaNbH
rtvSMmH
yrMuePo,
MhemcS/,uetnmSeAoyd
eesd a
argsary
rmJuub
edoM:wneb
owGeacc
jleSOoL
lo arsok
ete nc
liu iR
tttobnic
h6 t i
o.lo f
aMi eS
lml mc
stcv nmce
rIynio
oTssuyi
|;VhR]
t$3hv(
[4D|DUuLL$
P@$-_DdA
Vj@@Wu
M<( u3
ttp@uT
;UPu@Euu3uu
MQ=]349p$
;MjStWt
X6Wh$@
=9]?]w
~@9V3E3
@FU85V
9tP@~E]
]Ytu;;@
;@tD]]ptY E}+P
,Y@tFFF
];@vYFVt
Y@t@$;
@F@@]L
|cvhvlt
Hvv"6v <
@vYJ@vD
vvuv*vvc
(vvvyv28v0
vvv$BvL4Pvvvvvo
u\o@jf
ff3^OfpoY_@^@fNo
VV3DWE]QXu
Xu[Y3joU
wj0j^u=U
S]]W0@@
uWu$DErv4
3U[_R3
$jSSq@h
StV3@SUSY)
P4W$h$3
3eFYpp
uSS#DY
=uephehh
]E9PpV
@dHe@]8H
^tUFuu
pD@uSd
H@@uuE;u
hUwE@t
[LQSr3
vRP!W3
@uCrW0SjvWW
"~VjU^u;t>V]^lYt
W@0F(u
t_tl[jF
Q_03Y3*
tYYp@Y}
eEA]JYj
VD MMP
]u;_PP
P{h__So
t[{UP t
SPV,pD}
PIrGtE^N_
1D@$+G^@
wIrG@DD
#GF@rTFr$N
DrDN@@N
@D#d$NG4<Dr
@]Wv@N_
@$_M`
D;@u`u]Y_
v' 9]W
]Up-Yju
uu}'fYf++
"WE++EHj
MfuuyU
tVM_[u
_j_V0W
@ujDQtt
tDQD@;
jEPPDu
tP(5XuutD
LL@$hD
$EL5LE}
DP=WTEAp+@
$@DLU+qA
+Vh}4Y
r]Y_@X
ujDt;=
;@VHP@
rU#Q55U
P;Ut3H
D]jPS3
@[DY@@
LWt@]ff
EMM@ ]x
Y<Ek@|D9
w]3MD|,G
D]E@YYkE^
@3jUr}D
YP@+>tW
uY8@|@3t~
q^t^&3
>@W^^`F4_DEt
~`}hpj
e_pO%5@
<E^E@D
u3MVuE
Dh}EEES
GN3jGtN:
tU[DsxD
@t@jDp
,0P3th
p@q5DD
@Pt\PV5
P@4Wj^F
Y@j5Yl
qFFtttW\
@3F=tPG
r}k@`H~
/jD[SV
Vu3S^LU[
u ;YfuPE
4VJuttt
3$39tu
}sqEjD3
;rDj55
}}]Dp
qVt=D2
rV@urt
Y%;sYW
E.(f8uht
E_t5pE
]uVHgQ
Du@3QI
jHHWjLV^DH
R]339]
+%3DwH
D%DfED
@DD8ff0
pjp=d@
Q(<4]]
$ppMM@
fj$@33
p]p]ph$
3UVfpf\@
h[_ujL
Sh@u]@p
fu@h0jj
Djhh30D
EM]@Q3W
@2Ppd@
hh@}W4Q
|QA+|PR
G+Q@Vj
+Q$PR(
WQ\PRRP+X
V}jPR|
P|++j8
PHPh+Fj
F+Q+q(q
+jxV+V
WVFjWj
j;P0]fxt
PQPpMQP_
R^QQRQE
hlRDQA
p+MRbp`
+`W `dM@+
j8EI8RjIjSI
Vlt@VI
h8uR<U
@@PUEj
hf@E4j
HMU+,D
Vy^hfqX
aqff3a
++@0kq,E
N1^O]3
klEPW]
Ehj^j@
hqjQf@
RU_qE@jtP@5E
u_0jmjV
D_q[huqj
qtjU_q3
"!a/\Ma
+Rn Do
a !aaa
CRYPT32.DLL
SHLWAPI.DLL
USER32.DLL
KERNEL32.DLL
ADVAPI32.dll
CryptStringToBinaryA
PathAddExtensionW
PathFileExistsW
FindWindowW
GetParent
LoadCursorW
LoadIconW
RegisterClassW
ReleaseDC
CloseHandle
CreateMutexA
CreateMutexW
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileTime
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryA
LoadLibraryW
OpenProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
lstrcatW
lstrcmpiW
lstrcpyW
lstrlenW
CreateFileW
DuplicateTokenEx
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
0(070S0\0q000000000
1'131I1T1f1o1o111111
2'2/2<2R2\2d2d2t2y2222222
3$3:3J3J3U3U3`3`3k3k3v3v333333333
4!444B4_4k4444444444
5,5E5M5`5q55555555
676E6T6h6z66666666666
737M7a7s77777777
8&8;8Z8p88888888
9.979J9j9q9
999999999
:(:(:@:I:\:\:g:g:r:r::::::::
;*;A;K;\;s;
;;;;;;;;
< <*<G<]<v<<<<<========
>/>6>C>H>U>b>s>>>>>>>>>>>>
?"?'?:?F?P?X?g?q?x?~???????????
0*0A0Q0[0o0r0x0~000000000000000000000000000000
1.1C1H1U1U1r3r333333333
4D5S5d5r5555555526;6J6Z6Z6e6e6666666
7*7=7N7]7x777777777
2jQO+eaGN;
Hh_196n
r7Oc4d~@Y
J)LLA}0
7[a&RoIlt
c)g5pZL
,NN&2Z
{e9}g-/ptFSDrB
;P#=J@
q&)d~?B
D2.+M{
2!E1&rM
NhXt8T
bY@Rg:Z_
rJ'f*1XPm
EB4Nz"_6:
HJmcUz
ynot<"
1;RKZlQr
r4|Q7cSQ8yoJz
wB>{v{j
u2'@_n,
4S%Hcm}C
nwys/C4ozAa
Z@4 sM@z
/v8oWqV;cGl
Yh4PM9
c\}T]{*O+T$jJ 4@^
\x)g(7I"e|
T" C5k
Q1GY|_
'Q0rbQD
)gZcyM'8}m#
Rc'iQM
{+r0@u.0
z?CogH
y`O8-*l"GJ X
x2Ff<NNndtQ:
j{A_PrvI
a>"k*'9z9
qX;k$%"9S5
{6`Uj=
IQ=:OV
4muW) K
h.z;UmP
!1 x $h
.+%$xb
~7mMuz @d7 c
zy;F\)
O|OYCX]
y}A/#J&<.vV)A<D$
;N%kP%_
v?F|Qc
%vS#,^F@]
~nk~48t
QTyS{@| [eE
YsXo-k}I.1
>@dDXI
%\:w;1X<F+ 52*
2smV)}. ,Y$%
oWY.H<hB{LLt
oSD%66r
NgC,%6?U {
}n t$h
8'b:N#
~-IIE9
! E'7z%
+0xaq-
<t=wx l
fVh-W3
(m>[8_
/p9PL%LcA-
gdXKNZj,{M
d FYz&
EJRxw*w
l.<!S]
Zr57D]n
y\.R,q[
)r>ao H
%qo(<-j{c
z;W3iCy
vax5F8
^i-f OGz
93Xfq6!
K$F+`"RjLyqck
(2Mna+"\H<
wS1E&t`$;
'/f|zdb
H&d8K/
ptscJg4odX;Q
$yg(FwK
'w^AJx^Gmtpa\l83I
KWjX4"+{~U%7~5$
MA?IK`
8\a+IX+(+R#
('WR|;M
-k$.X)
:)-/H7RG
g8XY!R+
yAfA*NI[cP
"0X9dIf,m
5yJR*)
So 6zIvH/
w_XHKK=H
e:M:q^%hK
p5o'MG
<RjM,e
TLFeiR[ow-*
%Q)3z-8p!X?6}R;1
V#lZ(O*P1
7w(Q8"
q=B@j/Q% 2dx
:#{c`w O
j@r'=@xDW
C?w&_0a
jN`X?3n?~iMSVRF^
[Z0=J?7
V-N^Tr
wRj]s%!
+i>- n<=y>
>aR'4t
q{b46J
m]-d0vc:d!<
G;r#j9G
ND~u=@
N;cLfa_{Cq=&vV:?U 3+H
)!/jW}
7pQGFtH
114z|:
rW;EKG@
4y/xI4
(tDg;Jy
;qluv50?
6SHc\Pj3icH
WYl605c^?Lw5
DgF1'&|
iNo[Z<MN-
f^D`i[J'R6Z
XE1Y}w
]hxzb&
,o{2[$
mcRjH_D4
9Mx1wJnZi}
,D^_h"
2G, JmV<v%!
56bAI4
Z'v$BxFnY
O=~f^:6,q8
5tUpE$_n
j uE66
~mW$CL_
5z9}Hx
px\^"d2SsRu
]z()nX*V5t=}|Ub
L9NWt~5
i_yvCcd
?\F@'r
p(-OE\
S4X[H0+
E!1~jV{yc
wMY)SQdokn"
Mo7#L_hgAC,
etfbI~z:H
URkFb[1
)8y2'@6
fF@@li%
H_S6p^ 00J
]|6xk0U<vQH(
Sj1N ?dmnG
~ j\;|
,cpIE2
aZPe&tbV<VSD
LF$Z'_&,d
_pX[W'M>3d5^
fr+/SJ*AUw!
V!Mr!k
douBtX
.p0'MN5z
1Znii010
`Mk8%SZx
+yv;m3
S-f/5,Olm
~)j\Q'S2M?1
r7dZ.|T
sJID>c"t:
F31E[YR
qg?_{@g;"
|:wnl7v
%>jy/psQl
4e],:e78,
fa&GD/Gp
h_#a$h3U:
O$r;N!2qz\j
"W^!Jt^^
eOIySA
*D;WDY
+G^O$[t^TLs$7"t
lLz:,ZgY
?$Dd`b%wZ9z%
Xom={wy
mK24fXk '
VI2h]j
0LtZ8k6+1X
n^A,AS
zR:Yh2oO<rT9
Xwx32!88%/
u &?Zs
dM%?b Ro4
r.62q~mzk{
AIRK'F
V_(JL%
so{^@%Rn#}}t
G(F`vCE
]c6_#0|i
'V";hw
zH;eHb
#7\cj#}
5+BF%~
Z7vO"<K5V
iKaw}'T"
LCytJs
$Sfl3]vH0t*r
Jf}(]*%'
MkMVb%|k
'+n)QN
ax[5(nWjq(
@\$:yK`
r&y):m
jc!Sk[0V]0y{R,NHI};
TINA.JK3c+W:j
,ySbSR
$CI+y<'
:Oqz'`k$\
U.%ZQ{5
xFKG%=`bj
!<#0_"V&ll@Y5,
y8$@hJaM
Iyf_s<
`CY8MN
fXS[akBUF
_7ry{AK
IFtjMi
69,MQ_,qofFB8O8dLdL
M9IXbj
SZp\M&
|]wC.i
RZR8%""*
#S:p[@Fhy>fU
!WYE\I}tLhy
=VPXjL
4@gMxZpIy
79dKy/qoOQBd
6~caPQ\
r)nMS7
|lN@42
>c0d;5-T
kbju]|V+
42${%Rnp
e<zhZcE5wV5;
R'|1{
OfxXi?q
'Hhiqk
m:* ;o
^Ar9!4| wkM&BTR*-M}dmw=
Px/fRA[
@/A%\DHyE_1|
CJTkS)
mL' <\\
Kf@2^'
`Oh1i}*
2TIC*>o#R
Z8:>`n
NB~Rt#~
a$Xkg7
H(w>Ox
"0gI}L9
8zue,A!E
\H=:Cr
69|rC3y:1[@YS
Ks;mCSJ
IQklD&
;<6/7)
-S"9N{.fk8g
m8O2Q/K8?Mn
}2TEVEFnWG
55' ~N
0[TL7z3
i(VpQbb9>SNF
DpM\%/
*,zzD1
f3yOLX0)@+
Y"x~m2
TDYIgD
Kv.8-#eG
cVUxOGhFD
KFES@<
-cr{rB m
8~!!1S>
sQdj<(}^Br(wPyO
;Ym3'e
A%m2kI
]~YN`9j
B4[YLCv=}u
-QNUqVxF
zN~Y.=
MB|TnM%
a]n8=vNq}W3
'AUScpa ?
.^,pcv49
X3J,3Q7[7fA3y7
+lj=Jh
~"iFYfV>lr@
b-4cHpe4x0M8s%q^c
7bb9{tKgL4
XKDAx< n+
:i<.B+
y+PFpR
L#Gpf@gF
yFD=zd.Z
_Ag!V6M} L
yK"Mv"
A2C!1ko
[$df'r9kmp
~:sOv91>
=g.^'T]@ W$s{
}kgLwc
^{.?9)+L
nq*.^!#
U~'B#=
yANj[/(
jaL*+JllPnd)&\
51DZXlz*<D
Aq1 Z;B#H
Gw)ry0w\
L2)J&>7(}
sfbj6Q#n
0u*_NVZt%<$
dFB%U;I,
zVQ<l?
\H879>&Dz}raY
f)x1I{
]9i1\MvPaG-r
"%anJy
NT^a[Y
qgqX#N<7
>TGAGGk
>O_ o9
,hpL( \;*K*IK
F-y8y%wJ()c~
c./R:"'4
?gk't<|
_}5wOZmY
O@C4>oy3!+
M4BRny~
#QX%pzSS
j[}ql#Xc'9^iq
7[-]2/ORD
<oP!Thw`|
J]WYX~q
,,aYV-yHf~
4mIS<&@
ecuQ?pmr)
BP_Gu\7
OU?Qiw
Z$/f$Qn
eI`o_,o
}09)ms+X<
%-?jE*?AN+"k
)|{z?@"#
Xy.~*28/S_*Szs5SOtg
j)f)7<dRsvvjX
K+QMc:
htdnlc[$
/l.]t(z
iiRF gjrO
V]prz_
ygs,uT
0?o y`V
t`?|}=h`oA
?)1YHg
f W{'xK
KjiSuk4z v,1{l=
~{qyi,IH[\
| #JpCpz
e)^]Fz
:>&g~hs+`
Uw@fzmB
A\~0/qp$RJ25
1etN<@
QI]qex?.j
D@!3Eny
>M]uE3
rT nGGJ
=*:|=S
zq4nxMIs
XC0,A2 yyP(
:F=Y73
IIXJPA
) xiw~
^bl+TLnmz
R@?>ili&
95VWCZ
!p*lowQ
sw;\L.
r~ !e| +,P
x[^2W]
w\OeUCJDD!9XJ#r9%\?$&
A2PMRo5
o&Is7c
^]n+zxE*s
QJ24: =@K*nPv%R
|r|H>1ijmo@f]R`x^
j4e9Uw~
/vDN,<
mfTz$H
E}q {%
Q9:b05
3PbA)[R
u\ {g\^0G
sQ.Jz
<mS|ynG
IQQNk9|CL
;W a]T
Bn~@s4-BE|}%%:4
~[Q01Zpx(g
PQ&}aQ
XM}\+5p9
exC&TJ-d{IRVq
W^z#lH
nW"QJkci)y+e
2VE;)>]
*I!`+vSA`R \[H!k:w
G5s(8Hq4
G44QkK.c
KBnsL0]
qWGww73Q
b<Ga-35rfe
p2XvC"{8;&
Wvw4pU
*Z]<L`
pl%Cg|Q4$*v=;n DXG
V&v!1;8
A~X@@CX
(o'2Y
B.Pp0:f2z#X
e$ZB=~
hE"62e8cj-ZHU
s$F`=Q
ZmB`AX,QG/.>
\,cq=^kY
c#aQ|d
O-X\r2A
W&mIJp
eE7v$!
Esj'V5w_
]_tfxQ6
-}P6LP
275Do@
k;_U4]oYX]D+zrUq:|
FsX6z];
e?6Ra O
#$k k#gfz*
drU]<EYu!
wGsb0nl
tfCQ?*7"
Ig-uu,G
X<]i'v6Z
nvx1nkw3a9D0p;3_
x)CT16]
w."@PZ
,fGMM:
?+1XlU_kZuD
@A4P;1
XeLI :~GA
haRt5 =# =d_;
aGwp8V
":ZE`}dOp
%r0qwk
\osR&}3qh
<aPuP+`?U;
&jRGKw
^J:S3qr]al
\>$@2pnt6
T70?Z/KhDa1W
ds|mP`
>~3iYbC#A5
]y#4XP
p6^@/b-p/Y
?2%8.C
bp\ QK=.<t79k,
I*SAgd
vTl2)7
t,uxx3
J =%vO
s)R&Hh
qOB:Tc
0av&B$0
lU/{Tz
@x@s0M$
De'#TC
VvU\X4+B_-
:<QxGm!}g)
@XE{oW
6"vF.]<JPO/HlN$_ /P
/ciE}H,lM
xH@t943
`S%?mvm#S)
1yRQwLF
`_&o=am{
jYdX%a
.0N FTv8
x\lN/0,\
^il'75
%6m([hv$bb7
>ILT!d8
`}s:IDtI
J Lih5
8=qb.W
,KVYV=!
]*srAVO
RaWh6|27[%D
r~4S(Gw4
WX-XSe,
j<O)pRV:J]lP
ysl1[>^"&Q7_
0miDr`tqBW
$KtBN9*m_|
Ingfq#hE
}KklXix
{\Oq_g
3dQI{^
K! }/F4d?5mT
2~TN$=
s: Ki&E&rmY$[sv
-'K~31"a!(
;.qY&~aX
zNHb4D
upC.Cz3)
:ce{FfU
_}(ep-!)\
sy"shG~!R
1c!MRU
~dolR=*Z
0\].8Q
)4$JI[p
kact kgL
b-ywlT"
[v5EX_O>
oQ9>X*
+!d8v8
JUSs_"B
y_/Oc57:Cy
sV>~B?
6"KBSn3h;M
Ox*V8Bhb
iz<Mvq
pq~E@{N
ucNt+2
`q#Fu>rTq%
o1T\%L_
N<$rWB6f1w<
7`ArRW
#1sp_R|
2wpmQ"
2M.1GOtk3!H@
15K-)j
Z&u1UL
ey*.|% MW)d7
'Ic Awb
{r\N}W
oJ4DU[_`_oE
U?K)lDV
p'G!Q)
t)1"bd
t7uY'/`;
qy<IDAe60
e}qgw\:y#
Mr{cjw
3EmE{sC-}-
hJ_>]0\t~
<$E,-;_|
Q{zI5<j
XglrY{eZL2=lxR
4:@y_1At
A9`)C K
&/[3cnK
GSw7Sb
wrmZz6
O.TAK|
n]Ft`1prnV4qo@Y<#$
27a5=>,z
W~VPSiB
HU%)5PlY=-2A@>;
=@B@V>A3f}mB!
+}1cRd
[B(">xec
JW'/55jG
8HY^aFMw
NoLI}4qyXP
~s#`4ZDT_O8#;-r
J Vz,\>' O
i!+<:sj`NO
F3c2 Y
l(,qA@5
'XTu '
KV4}nV[cLg
`O`!_n
^"o4"is
J:AX~m0X
x^h36B:
2)["KFkqZVrF
b({aA<s
#D5`ke]6Pq,#6
$',]?.
$c7#Z@N
}[N8mw?
=N\<^` X[:9
7SU%P!+^{R2Wm@5
Z5wg;/
FwS7X pdaH6
@VP@_\}v
n~=SJ*Ns
WZF"Vg=Z=&l
e{ />_&n
E@r)L<hr
>S!xhUyw;p[
b"`jMf
.#$}2D3qLN?]' VAvPIJv
KAwSG]
fH,{\e(jb
j1R8mm~e
?#@mYG*t
N1t]Ly
/(<6[$yZ!de
#kmZeq67
42(Cnv
,`6VK|F75
c0RGQ.w:
4o{MG8q
]+OIEW.
(8n#p[
4U#0EbW
U4^{0m
O^,%XR*?ZkgNUZKAN
(Q*{rJ
@HN2\}_gP
N H;.(
:m:+4,c; 3
"DR3F5Z'{s
/W.3v&=
DAE`p^
mL|>oI 0
?h"Q;BU
x?L ZD8mZ>
8|JZ46gfN
*-M3Tw9fL
wz"1bqY
Gyh`q@x
4$[ [1Qu
>d{Zf3Hb
)aM,]%g]
@m8z']Q
}_E8?@3YH[$
d|`NL_u
0/T5V2u
{CY] O
MEF4,~I@1{Sf1dI
c0Lq>;
PC~NZAn*h9w
$)>\l0
f>B*y&*J/!W
||z;r#]<5x
k}s)0mO}d[
cPOok+Mg7)R
56|{ku"
`{sWxx$u*0aG
Rej:I|9D
l#!\%l
avB%00x=O
=9($|XF\T
V T@_?ZWs
%'_j_lSV+V/.M{
,up[pz
u5OEMu
~in>p@C
O6!u]P/~#$0g
D<1|qz]kn
cU|qR=cYom
+f'ETPkm
R.F0:\M/0QD=
Qb#% }WH
PL0'=7C]
ocbxij}C
.lwfcf
p7WoE %
sB,9a,
p[.x=01Sio)
M5 E9@z,Z6w1a
vhC}J;
NLEm(Q&
mA)7mOb'
2t<QEAIm
VzMt^2
j55jXYg
E!R;9X
RC:Ue,3S
\rjS',sr4C|
Kh|_$4
5IG|p8F
{ }b[E_$n:g
(e%~=+X
jKy\!S6
cFM%7x
,wcg}^3hy
>&Q@i*
Avo+po
rnFN}s-t
x6EB$Z3
h'<f#+(I
Y&[+ysKzS YMQ3;R
LsE2~x
=QKmX_D
B)JZ&@`
F |UH #eQ
x*2RJJ
W /3f}H/S
qJ0me gl
Y_]3K 6hgI
JUc%(WF-U#q"F
FyZ[<y
lB<)*@`
[98>Wia3^
G&Tl'D@c7/
<fn71-Y
Yx}'0FKn,pPPWP^ndT#.
4EkYF%*"p
phi^@(
E|#hIs|W8
ny&8/@rP
'g$ovtkNP
>q+fp6,?M%lW
0$}~=^
@wloY\
d^DzSAKK
"xR+\B
j^5Mi{FW|Dj(s]
M#<uRJM
y=;+,9X]77BP
Yn{7b*
1dM#dy:H~{$\
8Mn)W0Lz
z ;C @vW
{x_[ty>
:3$^;N
`KTb>#_pPz
Z(Tc/$W!E7hX
"wg@M|zF
@s[Sv c
~DIrH#
~tp1lP9
@d(1)
M2Fxhp'S
"@EM&Ttu2CO[`
vc}$fF
Sa{{9UD)+T2
_i^5qS5
d >T_2
ot$=u
}ZNjj)R
)T|}!( J5v4xpH
GRjW(KQ)U
m,kz5*qT
Ugr"li
$iRO6)
hy`CP'5n
ER2GNi]
>p"j5p+mV
OQ~Qa'4
R9C~7w
CbQaUog
,XH`~6K:4
-KIMUQW
nS"yU!
;{HL(q5 VwHce
h>(n]Yg\[wJseOo=C
$=$'E
JJk4&Uf
rFY$E U#<
`4,?JU
xGio9)
Q;Xq:Y
QyC en
p:~aJ-T
]XQR7\Q* 6.,:K(tsg~dJG]
?F$or*
M6m;HL
c2edA07
|u=6\S6w
TBtr/-
^?o_Q}
CG(YB"xLO-L(
J7Mu6,"
a:T+U)
s.\*L)
lf1,yZs
s5sd90:h
&"4{fRz
w`MLSlo7
A`MC(bQXb
I"ReT<39
6ZB>@&*-^2
6;58TPu<c
UY-t!0_go
(uF*=XZ
K^>#}$q
=:^&%KM
eS\''n
XAtkSBW"sW6oV=
sNuP^U
po*7~ay6l
qFHma9a
j"\z%I4x
\:Hpjy
SZ"`sLG2
] PB;<
9mQ8;O9y
s7Sgx?Vn]#B
T[yw. jK
>l3IQfJ
-)FKxd
A8.E4;c>^9
~[(xrF[
R1S^u.j =.
rPUPcY&M
J,CTgq
kn|ED"Z
A'7LjAUB
w8R}RVh
bc;Udx]6\P="J
>H[n^Ty
kY0J(QLK2W
0IE,g1
'"{g"Z
G!qcLei
`!8i<Q
j V#mDy
K9)]c1/h
Yp-v%c$P!t
MjU?~<D%
jab8n+mN[ob
|ZMQVK;
{c8#J|
'x.w1{Qz:#tm
@X5^P`8]20|2cH:
$6(d/bZ
y!MuDk>\Q.
d56vuD?7
e+4b5mO!
!I+ST
hzyqqbu1j%
*C.4w}5nI`I_YK@tXCg)Z
(4D;wH
9g <Ibt1N
dc|MjGUF,O
"fe`~[RI
(g/bF@?
6:!:ObKB
TL? V)
2YqIc6
W\%Vz<_+fU)
$$i.7Vb9$9t+Sy?
D$^nlLgf
Vq8gKB;./R>E
\/VL-!yBHNoD
lhzBS+lh
LeiNK\
oA)cN7
dw;F2"Y
mC9iAEu1d~B~^\kf
q`M%A(
'60%3a
m5\\<BM*
37iVUv
O^B?%>
E$&pm>
`Miz#'FW
`%!;]1K@fz
(chL,pc
SzTr/m
3{y x,rhaP
lR\HM-j
5,Ho}\
=w9ju[0ah@
{ TvRQ@ _Y
%`x]qo79h
7]e8FP_'(
m*]#l2
N3D8Qnwa$JvB)zY
Gte7\y
pEhf.-bjO
<9JiYxI
"`"3Y+^
,)/;uQ
}^),0_
S}2S;Y
Zg&i0h
aG-0>=1
W7oL:6m>A
>o\67<av'
,h|LC1Cs
#Oa'\H2
_F4)bw
35HV\c
/IsA^'
pJ|)@i
d&"&L2N
H"&z/p
MWSfJqFsp,
Hu#\O&
b8&<B;j^^
fm,,qX%B+~
yq5e%\.*sV
otdzY-8|p
psNFqhql`y
J V3XjSUhl:4~
9G/>?opY{$
}aEV(1K
!524LI
ZPbQ]U
MtXHH2%k#
WaJQ4m'
r{ryN>h7X`(
A!m=]j4na3$[6
%s6|}]
L8iA?SB ro
qkz^w&q\{
v<"X*N?Ub
`1J}RH
o c>6io"/
5-H'<nOujd
Pt}0b3
No_QJnS=Shr_n
{(?=B6T\d0
O^4oSl
@2i7ho
s(U(9)<XD/}r
Md([31
trWGSX'a
:95-?'
MSEN ;lk[
VUPLEy6R
s$J:exm
dGr[$Z
%='g)'n4e))X%h
YWGY`b~:e
a282Ly
P\M}|9v
R?tl@4
7" B'Q2
imRbjX
Ba$BkpfizqeK
9\C${b=
Y`p'<&ecGV
[!YJ<f7
'>"}Cb
G/dv?JYh
fFm8]6C
gM~`|KQ
}:bGADk~8b
=r;_5O
yjD Fwb
dfg8uW:\{k`k*
zF:?Yz[C
Vrqs$M
-v)5lp<(O\#W
hVNjaYB
~EC AM\SQ 4d~QJ7n^9 =yz|;
vOo|S?AG@N'%kyv,kLE
z:$@>h
7V*&%o
T/8nAE
"njS9+<
P(Elr
{AsE<V
/j1.I_
LUmm=t7jqdD
j~x:%T.
oLRWf&0$gv
GF*o~._q]2w
co,k2*mOS
yHAv,Pb
8q,dCx
c"{=.]z\?`=
4QZYWg3
sE5n U
61;*|'p
,PZ;8:xZ+e
R_u~I~0/^h
WpG^_<D_'C}"c'^
[iv,|^j
!sxR2"Av<
UpBs*WwH}jt'
B.iJuN
?JRxg}h
|%evsn&+6S
N|U:a:^
a~^6,\
$B7&dhwHiZ4;`
Z>\`oXa
`l<,RW
y]"_N(vd
*mXKf6l WJ
fdDFhNW_e`Y'
4GKZ,3
Xil07r
Or}7},9
"8N{x~H<Y
,X+?1?
V%0JId
d@t +
X9l^ @#
x!&sllE3uV5ar|7
~TM^G7
}lfFB"
Y8gk6:uy)
6=%-@%
Pt._e<
lYmN#K
#3:Monq
AW;rT?8MO1
C8 wvj
.<6}s
g,7yd]vJ5Q
Ku-@r'M
0+"I}/K'}f
1,uSb%n9 (0
e> .$
N><DBQL
BR&XZNAX
CjG1^eK
|_61Z5z[
(/@ v%
'Q||xltH
sSfF6I3cMb+U/jxbF
wApzU@Q
O,B'f~^
%&r+ub
d>f E '
^Z`u^X8
I[wRlM9]j
,k$yeGv?
d.o-pfAL
/yg$'{y
A~Dc5T" t
*%n;|GIeL,
)>L69S:',
oT1Oy9]{ZS
'wF_+><
y|C` 's|
s"N?E
Z#$-3X}u&)X,%
;a5gN7Q
,2Y>#5Hu
_o#_ -Axe`MO[SRy_Y~
Km2Xs;02_|!L
pW]a~p@
GoZy }
3?.Xv6
w$Yx*.C
d="P4C#8s
9611,8R1
6a qN%9~>
U5t.8P
J.|dbYMI
y* wFf6RF!U)nw
qxkZs@
`dWQll_
dE]*&DR$HX
^aFa1M:_
N0N.mu^X
!|oU*p|,
Rv\q%7
HJ32&6:Q
Z{RJ)^;
E}!ArvdZlS
6nE%iI
TbY8\1
,'fX-,Q
#P$UaKc*U}
ZettaF%M
`kj5?APTU
pA;{%p3%T
+!hI9^[
"TxjD)
m&| }5
H@3q?j
rxBvosefu`*o
x !& ;5
K`=z+Hx,_[c GW1
4&O=2f<xe
m fqJx{
(Dx([T
]u]p>N|
U'L?X%s!Dw
l�l�e�S�f�e�u�
o�l�e�m�u�u�
d�E�S�t� �h�
g�N�R�M�S�L�
�H�i�g�N�s�C�J�j�W�z�n�N�S�U� �R�O�Y�d�
�h�n� �k�W�p�e�j�U�o�K�G�B� �d�q�v�P�V�Y� � � �M�L� �q�G�H� �X�V�v�
a�z�Z�e�C�Z�l�p�U�r� �i�z�j�R� �l�g�p�W� �n� �J�z�y�m�k�U�A�H�P�v�A�g�Z�
H�x�e� �S�o�I�B�U�u�L�c�O�r�B�I�l�z�U�g�a�v�I�F� �j�e�B�p� �X�d� �d�A�X�E�L�V�Z�G� �B�Y�P�n�J�
D�E�A�X� �L�b�K�V�W�Q� � �X�u� �e� �t�l�P� �s�g�F�q�y�O�b�P�M�L�X�N�b�X�A�f� � � �p�J�u�z�D�E�J�R� �U�n�Y�P�r�F�a�K�V�R�R�l�f�D�
L�p�F�o�s�R�F�L�R�X� � �s�s� �N�l�n�P� �X�A�z�p�g�
�Z�k�e� �Y�i� �g�y�Y�o� �E�I�c� �y�A�j�z�P�b�P�y�G� �g�U�V� �U� �M�D�T�
�b�i�l�Z�D�D�M�W� �b� �E�D�F�j�T�f�j�J� �o�W� �D�n� �q�t�V�x� �w�K�F�T�x�
t�v�t�h�v�e�k�A�A� �f�G�i� �T�L�e�D�e�d�v�k�g� �h�w�A�K�Y�y�v�m�o�W�
g�L�s�R� � � �i�a�D�K�F�a�u�O� �Q�h�H�x�Z�L� �B�V�R�R�e�g� �k�x�G�T�y�j�h�d�R� �M�B�n�C�f�
n�R�k�l�e� �j� � �S�w�S�H�g� � �w�I�A�N�o�x�h�Y�H�y�T�L�F�G� �U�b� �b�W� �D�v�a�J�c�
S�d�S� � �l�K� �u�T�T�G�K�n�Z�U�p�a�
S�y�s�L�i�s�t�V�i�e�w�3�2�
C� �Z�v�w� �Y�F�o�D�t�W�N�U�G�J�E�d�I�U�B�I� �S�c�P�c�I�B�a�k�E�n�X�y�f� �q�d�y�
R�F�T�V�a�e�c�x�u�O�
U�U�H�u�D�a�s�U�P�M�p�j�O�a�i�d�i�d�X�V�N�r�P�C�p�t�R�Y�p�y�
S�y�s�L�i�s�t�V�i�e�w�3�2�
Q�q�X�M�A�N�T�P�a�P�
S�y�s�L�i�s�t�V�i�e�w�3�2�
j�A�p� �Q�t�E�Z�g�L�c�q�c�u�s�A�H�f�C�v�x�S�C� �n�k� �j�j� �Q�p�E�E�q�i�H�a� �O� �I�
W�Q�Q�p�F�x�Q�I�b�c�X�o�Z�Y�B�U�l�D�g�A�S�Q�r�o�
V�O�u�J�K� �o�A� �u�c�Q�D�q�
g�X�S�R�v�x�
g�K� �R� �i�y�V�O�O�e�e�Z�y�V� �Z�b�q�Y�h�a�I�a�J�f�N�Z�q� �S�K� �L�D�w�v�n�Y�u�B�L�
C�S�W�I�X�f�i�
S�y�s�L�i�s�t�V�i�e�w�3�2�
�Z�q�L�L�b�t�b�j�R� �K�E�K�Z�m� �T�J�h�R�t�L�X�g�Y�M�p�k�c� �Q�f� �L�T�
o�C� �c�F�S�B�K�X� �i�e�k�N�D�w� �D�J�G�q�d�l�D�W�x� �m�P�F�p� �g�Y�h�P�R�r�g�L�L� �Q�O�B�g�f�k�d�b�g�
t�A�m�J�h�o� �D�N�j� �K�F�T�u�D�s�Z�o�m�R�R�m�d�O�w�S�B�p�d�A�X�P�Q� �g�w�u�d�s�
Process Tree
- 058170564d5b376f63edfc52cf2d1d5aa7294b0234aea222648fb85d463249f1.exe (1332) "C:\Users\Administrator\AppData\Local\Temp\058170564d5b376f63edfc52cf2d1d5aa7294b0234aea222648fb85d463249f1.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 8.8.8.8 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | |
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 8.8.8.8 | 53 |
| 192.168.56.101 | 56933 | 8.8.8.8 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | d5ea434c10f9a9eb_iqbjnwa.exe |
|---|---|
| Filepath | C:\ProgramData\Mozilla\iqbjnwa.exe |
| Size | 190.4KB |
| Processes | 1332 (058170564d5b376f63edfc52cf2d1d5aa7294b0234aea222648fb85d463249f1.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b44b911d6943f2dd4bc81b488d139710 |
| SHA1 | a3e0e77434941fe65464e37e76c7c77ae5375619 |
| SHA256 | d5ea434c10f9a9eb25d649a069a69a015e5077b6ddb9b0cd08dd62e110d0301d |
| CRC32 | 2F6F94B6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.