1.5
低危
58 个模型检测该样本为恶意!
重新分析
更多

125e5a62bc03c25cee58773aa4b35758ae93612dbd989cb2e0ddc3800ab6e6f3

125e5a62bc03c25cee58773aa4b35758ae93612dbd989cb2e0ddc3800ab6e6f3.exe

分析耗时

193s

最近分析

369天前

文件大小

196.3KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM CERBER
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.70
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba None 20190527 0.3.0.5
Avast Win32:Gepys-E [Trj] 20190925 18.4.3895.0
Baidu Win32.Trojan.Agent.eq 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (D) 20190702 1.0
Kingsoft None 20190925 2013.8.14.323
McAfee Generic-FAGO!3B7417B88148 20190925 6.0.6.653
Tencent None 20190925 1.0.0.1
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报) (6 个事件)
section .rdata6
section .rdata5
section .rdata4
section .rdata3
section .rdata2
section .ta1
文件包含未知的 PE 资源名称,可能指示打包器 (1 个事件)
resource name None
行为判定
动态指标
在 PE 资源中识别到外语 (2 个事件)
name RT_VERSION language LANG_RUSSIAN filetype None sublanguage SUBLANG_RUSSIAN offset 0x000380a0 size 0x00000188
name None language LANG_RUSSIAN filetype None sublanguage SUBLANG_RUSSIAN offset 0x00038228 size 0x0000000b
该二进制文件可能包含加密或压缩数据,表明使用了打包工具 (2 个事件)
section {'name': '.data', 'virtual_address': '0x00009000', 'virtual_size': '0x000282b8', 'size_of_data': '0x00028400', 'entropy': 7.237360699397127} entropy 7.237360699397127 description 发现高熵的节
entropy 0.8277634961439588 description 此PE文件的整体熵值较高
网络通信
与未执行 DNS 查询的主机进行通信 (2 个事件)
host 114.114.114.114
host 8.8.8.8
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意 (50 out of 58 个事件)
ALYac Trojan.Ransom.Cerber.1
APEX Malicious
AVG Win32:Gepys-E [Trj]
Acronis suspicious
Ad-Aware Trojan.Ransom.Cerber.1
AhnLab-V3 Dropper/Win32.Injector.R59840
Antiy-AVL Trojan/Win32.ShipUp
Arcabit Trojan.Ransom.Cerber.1
Avast Win32:Gepys-E [Trj]
Avira TR/Obfuscate.adj
Baidu Win32.Trojan.Agent.eq
BitDefender Trojan.Ransom.Cerber.1
CAT-QuickHeal TrojanPWS.Zbot.Y
ClamAV Win.Trojan.Redirect-6055402-0
Comodo TrojWare.Win32.Kryptik.AYQE@4wlbfl
CrowdStrike win/malicious_confidence_100% (D)
Cybereason malicious.88148f
Cylance Unsafe
Cyren W32/Zbot.JC.gen!Eldorado
DrWeb Trojan.Redirect.140
ESET-NOD32 a variant of Win32/Kryptik.AXYQ
Emsisoft Trojan.Ransom.Cerber.1 (B)
Endgame malicious (high confidence)
F-Prot W32/Zbot.JC.gen!Eldorado
F-Secure Trojan.TR/Obfuscate.adj
FireEye Generic.mg.3b7417b88148f58a
Fortinet W32/Kryptik.AYCK!tr
GData Trojan.Ransom.Cerber.1
Ikarus Trojan-Dropper.Win32.Gepys
Invincea heuristic
Jiangmin Trojan/ShipUp.jb
K7AntiVirus Trojan ( 004cf6b81 )
K7GW Trojan ( 004cf6b81 )
Kaspersky HEUR:Trojan.Win32.Generic
MAX malware (ai score=87)
Malwarebytes Rootkit.0Access.ED
McAfee Generic-FAGO!3B7417B88148
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.ch
MicroWorld-eScan Trojan.Ransom.Cerber.1
Microsoft TrojanDropper:Win32/Gepys.A
NANO-Antivirus Trojan.Win32.ShipUp.bqoajw
Panda Trj/Hexas.HEU
Qihoo-360 HEUR/QVM19.1.1FC3.Malware.Gen
Rising Trojan.Kryptik!1.AB8B (CLASSIC)
SUPERAntiSpyware Trojan.Agent/Gen-XPack
SentinelOne DFI - Malicious PE
Sophos Troj/Gyepis-A
Symantec Packed.Generic.459
TotalDefense Win32/Gepys.IXKMQPB
Trapmine malicious.high.ml.score
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2013-04-03 17:01:50

PE Imphash

1212bb394230917bba02f5504de6d2f5

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000b67 0x00000c00 5.551251633230636
.text 0x00002000 0x0000500c 0x00005200 0.385812208376995
.rdata 0x00008000 0x00000d70 0x00000e00 5.163059369611217
.data 0x00009000 0x000282b8 0x00028400 7.237360699397127
.rdata6 0x00032000 0x000003e8 0x00000400 0.16032872589902852
.rdata5 0x00033000 0x000003e8 0x00000400 0.16032872589902852
.rdata4 0x00034000 0x000003e8 0x00000400 0.16032872589902852
.rdata3 0x00035000 0x000003e8 0x00000400 0.16032872589902852
.rdata2 0x00036000 0x000003e8 0x00000400 0.16032872589902852
.ta1 0x00037000 0x00000064 0x00000200 0.712453444966878
.rsrc 0x00038000 0x00022238 0x00000400 2.121919023567427

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000380a0 0x00000188 LANG_RUSSIAN SUBLANG_RUSSIAN None
None 0x00038228 0x0000000b LANG_RUSSIAN SUBLANG_RUSSIAN None

Imports

Library KERNEL32.dll:
0x408038 FindFirstFileW
0x40803c FindNextFileW
0x408040 FlushFileBuffers
0x408044 FormatMessageW
0x408048 GetCommandLineW
0x408050 GetCurrentProcess
0x408054 GetCurrentProcessId
0x408058 GetCurrentThreadId
0x40805c GetDateFormatW
0x408064 GetFileAttributesW
0x408068 GetFileSize
0x40806c GetFullPathNameW
0x408070 GetLastError
0x408074 GetModuleHandleA
0x408078 GetProcessHeap
0x40807c GetShortPathNameW
0x408080 GetStartupInfoA
0x408084 GetSystemDirectoryW
0x408088 GetSystemInfo
0x408090 FindClose
0x408094 GetTimeFormatW
0x408098 GetVersionExW
0x4080a0 HeapAlloc
0x4080a4 HeapFree
0x4080a8 LocalFree
0x4080ac MulDiv
0x4080b8 SetEndOfFile
0x4080bc SetFilePointer
0x4080c8 TerminateProcess
0x4080d0 WriteFile
0x4080d4 lstrcatW
0x4080d8 lstrcmpW
0x4080dc lstrcpyW
0x4080e0 lstrlenW
0x4080e4 ReadFile
0x4080f0 DeleteFileW
0x4080f4 CreateThread
0x4080f8 CreateFileW
0x4080fc CompareStringW
0x408100 CompareFileTime
0x408104 CloseHandle
0x408108 lstrcatA
0x40810c GetSystemDirectoryA
0x408110 CreateFileA
0x408114 VirtualAlloc
0x408118 GetTickCount
Library USER32.dll:
0x408120 EnableWindow
0x408124 EndDialog
0x408128 EndPaint
0x40812c FindWindowW
0x408130 GetClientRect
0x408134 GetDlgItem
0x408138 GetDlgItemTextW
0x40813c GetParent
0x408140 GetSysColor
0x408144 GetWindowLongW
0x408148 GetWindowRect
0x40814c InvalidateRect
0x408150 IsDlgButtonChecked
0x408154 LoadCursorW
0x408158 LoadStringW
0x40815c MessageBoxW
0x408160 MoveWindow
0x408164 PostMessageW
0x408168 RegisterClassW
0x40816c ScreenToClient
0x408170 SendMessageW
0x408174 SetClassLongW
0x408178 SetDlgItemTextW
0x40817c SetFocus
0x408180 SetForegroundWindow
0x408184 SetWindowLongW
0x408188 ShowWindow
0x40818c WinHelpW
0x408190 wsprintfW
0x408194 DialogBoxParamW
0x408198 DestroyWindow
0x40819c DestroyIcon
0x4081a0 DefWindowProcW
0x4081a4 CreateWindowExW
0x4081ac CheckRadioButton
0x4081b0 CheckDlgButton
0x4081b4 CharUpperBuffW
0x4081b8 CharLowerBuffW
0x4081bc BeginPaint
0x4081c0 GetSystemMetrics
0x4081c4 LoadIconA
0x4081c8 LoadIconW
Library GDI32.dll:
0x40801c SetTextAlign
0x408020 SetBkColor
0x408024 SelectObject
0x40802c SetTextColor
0x408030 ExtTextOutW
Library ADVAPI32.dll:
0x408000 RegQueryValueExW
0x408004 RegOpenKeyW
0x408008 RegCreateKeyExW
0x40800c RegCloseKey
0x408010 RegOpenKeyExA
0x408014 RegSetValueExW
Library msvcrt.dll:
0x4081d0 _XcptFilter
0x4081d4 __getmainargs
0x4081d8 __p__commode
0x4081dc __p__fmode
0x4081e0 __set_app_type
0x4081e4 __setusermatherr
0x4081e8 _acmdln
0x4081ec _adjust_fdiv
0x4081f0 _c_exit
0x4081f4 _cexit
0x4081f8 _controlfp
0x4081fc _except_handler3
0x408200 _exit
0x408204 _initterm
0x408208 _wcsicmp
0x40820c _wcsnicmp
0x408210 exit
0x408214 wcschr
0x408218 wcsstr
L!This program cannot be run in DOS mode.
'9qt9qt9qtnt,qt
t0qt9qtIqt'#nt8qt9qt8qt'#yt8qt'#|t8qtRich9qt
`.text
.rdata
@.data
.rdata6
@.rdata5
@.rdata4
@.rdata3
@.rdata2
@.rsrc
]U]U8E
]U]UQE
]UQEPj
skQpR%
3_^[]UQU
ReadFile
VirtualAlloc
CreateFileA
GetSystemDirectoryA
lstrcatA
CloseHandle
CompareFileTime
CompareStringW
CreateFileW
CreateThread
DeleteFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
LocalFree
MulDiv
QueryPerformanceCounter
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
WriteFile
lstrcatW
lstrcmpW
lstrcpyW
lstrlenW
KERNEL32.dll
LoadIconW
LoadIconA
GetSystemMetrics
BeginPaint
CharLowerBuffW
CharUpperBuffW
CheckDlgButton
CheckRadioButton
ChildWindowFromPoint
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DialogBoxParamW
EnableWindow
EndDialog
EndPaint
FindWindowW
GetClientRect
GetDlgItem
GetDlgItemTextW
GetParent
GetSysColor
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
LoadCursorW
LoadStringW
MessageBoxW
MoveWindow
PostMessageW
RegisterClassW
ScreenToClient
SendMessageW
SetClassLongW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetWindowLongW
ShowWindow
WinHelpW
wsprintfW
USER32.dll
ExtTextOutW
GetTextExtentPoint32W
SelectObject
SetBkColor
SetTextAlign
SetTextColor
GDI32.dll
RegOpenKeyExA
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
ADVAPI32.dll
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_wcsicmp
_wcsnicmp
wcschr
wcsstr
msvcrt.dll
222TWARE\11asses
clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{129d7e40-c10d-11d0-afb9-00aa00b67a42}
\ffffffffffffffff
V2V2V2V2S
1T(1T:1Ta1
Uz1pU1U1Uo2
We4Ow4P4CP5Qd6Q
6zR6R66R6
S37R=7R^7Ri7Rx7}S7kS7KS7R7R7
\,8(\G8F\`8r[8[8[8[8[8[
9\'9\,9\@94]O9\m9
\9\9\9
: ^4:]K:][:]z:}]:]
wl!,cn
vMvl+cn`
oaL2keS)dFU
0'T$du
j kn!bjtujon
<mbaP,
cwcccQc
5qzkdD4iV\dTkD$cV}
IP3cE
+T;vtc`
+#~WzC]]
u<d`X6-6
B|!8yv
@dh1dh|9
,'{hlGb
2!hNQ&`*s@e4
`Hga$|A
rS?n)Q
k])Vcf
~OLza;
xEi}EkX
:XRSNGY&z<d+v6V`nA3A
fdCu#T
cbA`cr9$+g#
p7:Bcv
b0X)_wX1d<R\
{KhAdh9dh7d
specTPr@
%`1\GS
b~<{~\w]
K(akcd
bw]`N8
ff^[ac
0o.5b"T)8\
;U)96eQd
acRb=`
Aj|SEff
wSP,|tK
hRXRL
.noS\x39xC3xkNfW
m$xIDB
5`5|Q7
tL~~'U]c
f\_d~NGD
pct~.$8
$tlI\{
~I}\5/;`x
ckRbKw|C|
3l<~^qzT[|dx~F
Bvz4;|tx~&i|
4hR|mW/A9
c^6y,K
t1Nx1)Py#91
=8wS{y`
4w#',nQyl~Ay\1c3Lww#yp
GxPt~7
Rbxb}f'
rkRVjyEx
@1w/}q
w5BNeyk
^3Gvbt+
S`u[rL
T`u\rL
sk;NvwYu|~Ee
dvVxfLDul
w>xpj$t
`/l4/wH
r$+tb}S
g1\%W}g
Rw9p<}Uf}
dHySfGrtoh
Bt%pOBuA
Rj!pc]^N
80^/P,
\0Z0ci]hw~cr^c
c@2i^h3j
b/Ncl7i64
;r^;6yM
q|0W#<
w2HHy}
J4dV@q@}
HoT#[D
sHNcHSHc
iSF%dh'
f`wPhF
nIpUd1
zxEd;u#x9x
fS<#v1p9:xb3@c
&\dF4-
e`]tbdH
HQs8=qL
sx83Rc7mxH4*c;M
(szcO3
cBJ<)F|[
Kwb9bT^
VRPs@UN$
1V%Q%e
]"A\cwCK[
]ccCiH@Cb
^K:c[Kc)kh
e9jRwe
p8doGH[
c<dbWLp'3<d
ZWbFtco
{vY=p
qpee1U
r@tq_Rp
dCKW\$O*h
s5<d-7
cZ+h/
rJrVb^
cy[LL^j_4,;Kc;H9d-
.>#GIB
E5s@e~
&KubjE
_.<6/h
9<dwSh
S..[pgr
%u*~{gQV}\
bz:NHC
etBH.>?
scTtBx
%c9g;a1t$v
>?UbuL
P]?:y3
v$PcH?
wL|1@GU^
w+"Mun
^@dniah?z)H>
d@Kj?`
'T-;Mc
TE :ac
3f>#uQ
UedL9Wf!t
3N[fTfs
6dnP[O5b~!
"YhH~W:H
#`DJE$p
&<dE"v*Ld
G[hGVHr
bo~$du,P
LT]b1>^2\[
ZY^VTWm0
9VrP(p<;@f[HVP
>s@k;9#
^cvtc
<^h<GDh$ck$
<d~Kwj
j`Cv~<2N-
l8?r*$w
FEiN|;6
tq@}Nq
&Pjrpf
DrjLlF
d0~<LA9
.F?dc1
eF}S@U
thB<pgEQ
B;1{f@
cR-K5K=B:-
)dRAjR
C#v/Lc[r)dR
CE]Dy)
;rL8dv
Lc[58fc;c
aUT2"G[=9
f[NTh][B
Z<pf v
@$|<M4X|L4E
uo'V8dR
c<dh{igc1$UH
`rgZD8#}G
jg8v'P
=@W5ec
EQ"G3e
WFELEK
$Mdh<5df
.%wdb?
p?"6|,
L[S5pJ
Kk35p>05=w?.C
3%uzD<v
<7_s!D<j
p<bI16
7c<dr#
aI?d]b
iY*6*b2\
m@U[20
5j#eBic
_w3G}#p|
HbY!t&
W*a[> >
%`RPq@
:51Ex}
.O:Edh
|d!S&`y[Hs0?7w7`H
+Lc>*>y
vyDX(f
Nl{@Vy
)jDXl(
(O|p(duj
)PLM6P
~A\H;(
/$(?r+(?30w7`@
K@dj\bTr9r)w
M%bhDhz
a 9TR'c
`[YP!v/dO(
,r@_u?
`E]2%|\[
%`[YSP,r@
j2)^.#V
C+3;rM^
//`1zAlc8&d
"](z>(@/78//0/`>zkp;
cRjdlQ
#eFf$M%
+=JAZ#aGydw
$(`gD?
xkcp[:d
w`Kc+r6fC@
%t7`v"EtU!h9Em
*KMHwE
1ydd=r
tlpugo
pE8fZIcCbj5
Rdd`i()kAM
k) K`Mw
>w,d`Vj
W1um0I`}Au8
s1E]^pE%u
$MiKe~8
yY\yUwVc{)l
{S{llc>
T[dkc>
Btc9E-a!j
re\bOa
I?cO+d?#d?
{cscOcCc
bj\@'s
rj\6I'c
1'dkS\kK^*g
&(eKM_:
8$(lR@eJ
P<I???????-?
cpq[r[`gbzgvpc
7c)aRU
6Wq@,N
a1gRca
tf12M
[^GK_A}1]S*
5SbGt#
4lDc*/-
j6'|yY
^yW1}!t.G
%W>jyYhv
mSrCnrF
tu$![Uo
Go}i5ha
:UboUwE9m
c(xSxL{
zW*b\*~ztPz<dhG
"e@2dufW
MWyRjd(;m
{2T~2Ts
`}3MWX{Rh_
SZkfvMD~
l`4y[+
`wAxX?
WbF9'Bo
nh}Jh\
uIIp'@D
(Gjt9v
+Q?gUwd
0gOIu2
{<3scZ{[Yc
U@jF;QF)8#}
=d5a;+(
W^s1t<ln_c
PAKeRQ
>V[P>m/<
E#,\kdbL
mx@&\f
4x@Cr_v
R[~@Z+Rgf
*cg'S
S$fW3#iO
aJi\5J
L'@^_QI^
4hhcOdc
nOl/q9VZE
ec1V61F11W
VW_Ph<
%c]^>U
SWYD@D8D0#
#7tYFh
dClBw,d
nkKcYCd
cC"KDD
LtC$ic
&;``1?h.?
BnB>he;
Dp+]hXQ
X[@_)j5ZDOG
UV]kM1
\uTU(}
"oy]?R3Bd~
]oTWc;l
U%h^_s_TkW[#d;l
UCv*hd
Aam9a}zy
X{]_N+_
Ov=QvTMQv
e]QvTOv
2]{#d:]k'T
K^gG<@R
Q<c%Qs<cQc
cCP#NL
N<#c[M
VdwaS\?rIUw
tX#IYw:
@O~a{F
MIY:<@p
P_{Fc
_;\J,$'ac?
h][;JE
8/rSMQUe
rKQ3G-
?9+cB`L7+_
R![CuN;?|
w}cJB&c
ol-!6"
;,vV"C}
~KmRn}%i;
NQ}BrL'
2 ]GsVr]_
qVpUd1
>ST:CRO
XBIx4
?W1g+1G2(J{F3d
c&:p(_he
K/LB[6c
~^Q5OB
lk1QP]YD
g!O$!e
c&>Mrc
cqc[cccc
cccAcMc
c-cacAcyccc
RnD}q9
+oGVafdr=Wn_
s,b!V%n3`(m
s)q;dm
shn7;s)h/h&vwr+d%VW
c?&?:c
Jf ;{c
93(K%[EgT^?pc
'1g<@pc
(>wK{c
odDndts
].9*U6Q2M>):EFAB=
-L1P5T97Y=3a
aei(mc[6W2Su-Oq)k~fzb|^
ztnvxjrlnpJd^
C\f>`bTNXJLP*D>&H:"<F
@B:4.68*2,V.0R
A7=3/+)%!
I%U)QZVb
"#&'*+Q./2367
>?BCFGJKqNORSVWY]
MlQpUSuYw
{{,wo0s4o
g_ cc$_gh[[VORNJ|G?CC?GH;;c;5.61R2-V.)J
m\.oSy^s9
u1]p`sa
{h5Xi3s
nX]@(}
c,JqLcr HMBpy:n
{jskc,[0STKC2;
/3{SuIuzrs/Mr;utdd
#nnnsn%A
`Nahre
g?L4pV[p:I
12+5nl`
Cc65ne
cn6btCe
gslc[sae
Ra*isH tCX
C. at!zin
m]tceec
h3yh_;
d^c|S]Tpc
OT]<pc
)7.R/V_
U"FA4KAfE
kawedB
7uydml8S0.Im
4120nld
0cpM]t5^owatad
[rfaPr[sz
fh]\lY;x_ vte
dFU)reN}
j]tIna
b^ _Kg6
de^iNdG
uuj"p`[1gkl@eok^
aFe9ue
eVlV(nl*
vew-mc
peXkt`q
wtA)to.{
wtAIto
iboaed_gr_enz
9caEreWc]Ue_
btYdYENV[_
d,g$(Tc
wU&wYd
gO7kcUd
gH06g(
0/4pF
I@I@I@I@I@I@I@I@I@
?cs3dg
3d+d#d
dd<dd<dd<d
cd<dd<dd<d
D"D"D"D"D"
amjeanilmPqTuXy
A>DE:HI6dO1*3-
b" ?" B" B" B" B" B" b
TnPj\fd
cD>!@:
L6)H2%4N
?CCCckckckckckckcVVcgcocg?do?dg?do?dg?dS
AR'T"q
n,{/D1VD
X~&B3RaC&
L2Jd.K;
;~y1;X`_xd<@&b
epPZJS
~uph$\tI
jWW;-6uXD
<Jd\ty
;*{[0'
rBFTiU
3ULz&q
Mne/Y%
?Bp:$3
<];)|Z{
8VLl[FFWD-
.RN mg
&;p*NSKPI
f]fxT1
}]!!/w)Z
QL^RcF[eY64
h[~q|5N
<%1h`1
*9WTx8#{MNtxjrR
%jw83KKs
f<m3=rhC
hru;~Y(cJ\[Akd{P
"4KkQ4a+
P0e$qH
3=}C[kI
%qaxo4/C
Toos8D
6UUf{K
9hW!)t
Vk!`-=tc[
8e}PkrU
^LJift
A:^{,dI]t$C
["$g[M
7;G):;?>=3
~}\3)5:v
/8yyom%
PR3X<#47-V:
`ze8_rf
bck9J>
i*#a<v
7vdFQ5rM
dI\?-g>kq
X{onjf7W
<!^fleym
p-GTstz1R@V
u@%"]L5h;X_
TO(Pi@_dl>
4\7Ygf/^'
8b];b!J@ajZ
V+'+w{uRZ5Rj(
>.{G\=
<9gpW{
9wVhU,
Gdzg6e4TQ_cL]#06[DQ
ER^tVD
0'k5>=
{4nxdw
a-w(U(1
Nw43V12?K:nm
{l)&w/pzX!f
9%6EN
Oz9hn@yYG
"{68n=
|xFEbz$
PGbMGM@
v3eI/C
8_d6<p
j8B;!w#`
\{JsD5"$]}
$`De}_T_
#f@c_/fs@
e^~%^J)<
ubw+336Qv5p*
e>pS[%>
@bqG2V[K82\
2"]hJ7V
|oaKX"_lFO+g|
1=<t:>
AIxj}"
E!bJ^K
n<r+ZHt"bpi`Cj
_7?fe
|)hj%i
{}1I?`p2ls
H!I d
ZFp:aj7<XncIH{p*$
?a%zw#
uP^Tk%&5"+jzw
N;|PV
=KG{Jw
Lqf# Sc
T?/V(=g#t,
e$yn0:ke
^_*I0{D#
=MWOgtK[dP3sM
n\TMTk
c"a @Vk^
04(PFI
a2hBS9H6
a}RVJB
4TlT\
tL("7pn
KbC^8za;
-Kw<Q7/HZxQM
R05,f!
PK]E;y
]V6o/P
]_`P+?# N_\
ki.:]^
36"xk?
X1@p~Ww
Fs()6q
=}JpY"
|S=lVr\
,9B\90!
efj>s%;
/JVM7LYc:J9
:J?A<Kh
Uh'&3J
#gfjYZS
?Hiaem_kTRU-)c
6F0HZLS
F M.s+!T%|7XQ
'nr/[dxqGe
Rb~/9KID
i="/j[B
,f 2^Hf
>._h,Wr
yqS\uS
(ysdc?u
ORCl#x!L
G$$c{$.L
*t"v}I
>stK~"
Oz_21m
UZlNs=m;jds
)%~I6#
j+ii-D;
\Yw>?6
1p=K4Co0hyn
Oz9XK/1
>;=]^M b9
V!kwEm2;]D
y/d|XO
E}h@_&
s`HzTW
6&Sph@i
^0#[5aY0
W\G"R,2
xK^Evx9wM"
-Q^C3o
Z32S?W
%UqEe?2t?=*]]do{
FY;XF4
T*T6'"
o &mSwU
.K\k?*;
KU`o5=DS&,\uS2Zms
EM40$b
F&@hzz
y{v:D$B/) n%RL
3(gvMbQdNe`Ex{c]~<M{
Rv{VH?x-H^7
sO't;wW&ZJ[
O]%|nUU-
J)uXm&v/
V]|QkI,
,K&gnm(
C5AWM{
d>RGuyX>V*
|$=I0':__
7(|%v @/
oSW<d4
IZ`KUVg]$}3K
- HkR{=#d6kRC)
$s8ok??u
N_,O$@
m.EqPm
S6zeM#H{
Qcd-<X
kp=*Vh]hY
/D>?uByD
\hHw'PC~u5*
F4+qNZ=^f
-2QjK XH2
0EX[7fH2`6>7W]a
?8Odk`9fO
33L>ie
wL%JFJ
cv&$kZ7
L7S/dG
^'l["Jj8}1
J#a06?
K=tJ4+m
f~$QA?wX9EZ0D,
FPhqn]an
uc[XUJ_#v(1u}
xwtPRI
`E$Xsi
O(dbC?
YJ!q:OvraLpY
IOn&Au-
jQ-\1^(O'
{@+/gd
P<JQ[I
OqK&h])
A<dkg
=&!r87
uoW%FUUj0C6]
c4@Wo7e
]*`}}jfB
!q\I6J5;
-Ft`od
Bn"BX-
7#"s[[F"}Ia
Z;fVwJW8X*:i3GB-j(
h*DCO2V87b
Fusw$x
$hsUe8yF
ZghUj}
c*[mPz|J
S'[ {'
AnPS>}2%
?r;gf[J
sh/yRR)
7jWIY.
Lm0QBJ}Hu
]S7<kdn]/bhMD(4Gbi
_u%B>>
ozpGN^
BTIL\Q,[i$;
TB9%cEK
8p(kL-,fnt~
I8Htn,me
"aVlSx`q
^dlv_j
o@R;^U_=;
J[N'@/!
{BTgx![2]
xYL]^'i)s%+
FTki3o?=
'g)tmg"<-g.}P
**}yBV("EPO7uev
3a^->+
K_}0n?E
Eh'rD!
@OAZ*rP$\'
;J3qhBU5
!^e+gz
Dy7^}E
/&">ud/
S%E`Hm*<
Wx,-_+i_Y
xL%whv
4Zx$0*`.tK3
W_-er?
bSM)k.cj)i
p=" dIwoN!Mo
1n5@\}q"|
zp8bS,
Fl`d~l
[gFPPat_
Nu)MseqVc4
qu7qn.Zv
(-Bj&c
zs-M0UcK}6<m_h
O6<4*d]
NjJ*?V
9DX]VK
X>99"U89
O].qkyUh
m\%D6#AW
tw'Y[2ec|
'=w$j
-/^LND0w&K
n,o_T6ATW3Qq|*
EoVq^W
uw<&p1u
IS2#FqzY
o98&Dz
h,cy*zrVX
~@[RwE
tiG:UR<
o'2,>b*
xI-!;?
-=Hc4XJ
uMqp,KQ
TxudW>_qy24Ngd
zjx.x-5h
n0knWfP'
(uI(PGF
|QL[Zy
=o ~]$v
GptQ@wO
\9VGb)
'T;<]fY3
z6Ms+Uv0
/+(7 6p
<fQ<+(Go
puE=[Mc8
].} $]P
M"[ZQ5
E{t,mGPuG0
BRpZ 1djp'
dcUk%C
b+]8OU
EYkE26
&^^qIL
Rs}1x"
1"xOq,jtSA,&Sd
0S'`dDa
EYs6=L
pZ#KX_R
za e[(tAId
QPVpo{T_W
+H*^oA/
t'dFnO2rj
b$U>'2e
K=:ggQ^ $
(hewsBxt
s*U{Z*HT(e,R/{
k;f#PG|d:i
%qV&{Bl
IS}<F\
oPb=B"
dj=Bj2EU
?rcrff
cuAQ9>
#a5USAR
4q>8aA
cLnSk6
:K]XUnngg7
uQ EQ l8
(4}]15Ku~MdR*
q-u_#s5gB
R\e3%K`
(^xFg4
o"3u"<
%A%u\u
}W.se;N
ZQnG1xl.
Y^dnxLH
j7s65
MR+kY:p}
\!^(rn
/\)<zQj&|h\h~m
!y#!"3qc
lJd![0
'c#\Xia|
6w).#8
ylM7J~E-?!
(0O6_h
%`$ _j
L qh#x
BrKw=0
XJ~&c-
Uc>9*O%Z
sGt8#%
gJafx}
h?'h*c(R
&VT"^]
{y4XvT/
^Mgfbq
?BZ`;
E}P ^fq
p\K1Q]Q1(*" UT_
G7xZ;)
+2XQgk
!^`g5W
o*<Dl(?5!d
n5?\er
:PD4p]jEpFT
98Q3bht
2!mAPCNw
QF\`(V&
%H6O _
{s:<_oI
dG|Q94
q7Oz^Y
Q?+zg `!U
^czNq-U
4bZ6G2]
}[9D!^<d
MJPtu&
[w!_W\L+l
I#PwQ5:UzNprG!~
E',;5FN-9
ny>`\$s
:80VE>-
(2pF3!9e5
"7PVMP
SVxyH=-
%+L(0`u1k&
[Fb DM#!,
hyA{qL
tsd*[3Rp
~vK+ciSiH
E3GfIek
@z#n{f
.fq(QF$
Amq7eEb"N
I[}ei?
*<dEGoj3#A1
TCXyN55Szt1s(ccw_
c@Wh97
E',}^1L|
-^UdGfznj<i
He 9AD^
N-l+.bNC:
m4Vz?Tt$
2]q?{ZJ5
::a'vFzhF?('
8N7i(B%N2{n
(~:} 8=7
th?wPmLXA
JB*Lsl
2F&2Z\\af|
SR%s#`
bpd/Tv
yQGq&Es
<23k?r~UVJ~
L-Rjlf
6u,#cK9,u`c>jR
4xwrf"
TVU$`T =
MT7{@n
{0NaVkkA
JDCE',i1
QO(19zA
J,'(-{1
VHfe",Ijc
iS-!9Ke
-Ag1S:T
_; #N|
I@}m:n+[e()cVN
VEeX6vF/
,5U%`6nKDa2cU
cTTIqA ;7OS,Fbbxgu]\Wy
&f0OdDn7b\V
-0Q)5`)2q3
qc$++6t#Poam
lx]7m9d
&uF5xz1
pk[h(1j
70*5Md
GZJ5bc%
1*/WN1C39*7R
N_6|iQ
I-4):eNX
%}gkR^
[_1gMo
ph+tDl|
Z{9OgIYZC]
la_y,s!z
e<;mwn
{9-L)TK
Hj]]qe
c+6hTBP>
3,2UOO^Z
5TN[U
{$Gjt5>+
8&xfXj
"ZaL^|T
Aw52()c3q
8?l'."
OZ`ZWw5|
yZr}z8dC7
Jp/&zK3eri
S\Zw.V
F\Jm/&egmn
<R_vf{u<
Yk{@;LGi
;r>@Z3Xv
4x{lNE5.7oZ
GHq.nMn 8J
k)'rdX
4_Q;+YA!#cVdu]>~
8Cw3s<8EQ
)|$,W"
2d7>9|
_/.N1-gv+
:srXVF~
%;G(}>
q j<bT%*4
aLgSxWt
CoYz;v'Xw
X\AQtS5i}
,RKJVg.
t@DDu,
Uvpzw_
UR;TYc
QRv|=*D
;4/>hmv`
0PD[!ge*j
[RU9KY"H
*( 57@z3
Q4qay=]|%5
2k/\P+CnU
`{[nc+Z
Y#n~G0r+js-F
U/YT~
60zgqk
tR0"Wh%
xmcuy!
O?ansr
u#>ND$BH+]2XezDIa5du
y~0{:X
[^Nu=&
AME(.d/
S)Bw\:!$
dA tO(/
av(yZ{5
G\Y_o*
u8-&s<=
,_`yXJ(IT%
x!2j%0[irzK
=@k$&e
hfu c_
H{9B^b
f2W|>`#
I>]"Q[
UYZxX2?B
(R-4K0,0
k?~W/bK(=
i`bOyOe
L.xy70irwB,
i=kyK[{A
(&1<<P]QCC
3kob0F{LB
6th c".
t&:ky<d3
{L"j@(tQ
5~07Hb
#X%V0-n&
+P96OS
]9MIRa
Hh@P/_:_
wN*Js&Z
vS0~sEF2
.4&Jw%Y
^Xd}E_$)
Rag9,dDiue
)kdWP<jv.
>c$hqn=
VG>2}%"mB
_kmRpSk|X
qd#GnWB
1yM0fP
&f,E$>..+Dg(Ej
DM28H:
#-%CntC
@\Tv,Sr
VgMrY
3 "]*y%zi
TSq7nF
3PuP=~
r|<90r<P]
B%mh%N3[Sa
KOKj6]
dW6P@S
xKJ\SqO5
0i!cOr
PO$K2F
bku<k=
m_H{r@
mO*yy,yP6!J~r$V1n\eh<h1y
mAC-,0~
"15,'Vn83
}I_r;{
O ~'2Vjj
:Tx7N4
2bXTj"UT0
U,B_CeL
^&^ 38C)u=zj!~lcvKleh
_GR>\'
f6^F2j
8,_UnKR
PJ6LB|+%s:xq
sv%F&X
oRd7Iyt
`])+_9
wz^\FA)
=4j/ga
y Nd~bt
FfO>rU
c>rBV%
ev6P&5u$C
%H@,J9hX
3q{_8l{D`W
wj2wg`
<b*hVEw
FJ;_o
RMQE1.
D9U6%Q'^ 6Y2=
3{ZgAZ,et1
$g^\gV
g4#cp#
)owS9I
NkYLH#h<EC=
xrA>s7wqzx
VA$2)#w
_.IA"8!O=
q~PMp={+
ojQLAP GS)
GegCgc
6SN3>T
k(MNx9K
,7Ry;
$?&DA)6
tps_HQL
)oj[r4
G;y%+`
2w#uzF#
NLq+O"V`'
9Q34]C++CC
1g2@ -}>"k(
{dM"M
@jF0
`[*{+P_ZX
i^aMz]p
g2DSD,
*e2Yj
73=;>/BL&Xv2
iaQzNd#<+
h#md}QCji
$UUEFHZ
.//ElH.
|(0;h{g)6oy|g'.1
mK3m&mq+l
+x6<Qym37^Pl
cb~.KF
n/M3hi/w
;b-%l`#V,
VyJ~b|
EY07? y
FnB\=*
bdr&Hb
kz_%]N
R+m3W]
0{6%g2
P{CeV;+xZoD_B
}TB:$[rS
?jCRcC
d02x6@9
gP>q5'w.t|/aQ
>u}"@G@|lt@
?~,[K[nM&}-
Eoj7w'
wCpk]S
R,9YZ6v2
uOMOOgA9Vg
u{{^]i@
o\cgT1
g RKOr&w
z|f#oK
/e!-h=Gu
Ke@}LD[*
y"[yX(KoQd:
d&|GnP
~~,w*]]w
>wU&b;6
Lw^J,-+2
3 _fvtE=
20/[=*k
`(D2b%.
R7f>*3O
e&Wcw\` nx
B?'9}c|;bZ
9Xige@k
MC3nh,
=K\8<7i.
`MlcnY
X6clSV"0N!>e2Fdu_M
c!U1?b
OeCUu=`
,-wm<4;.
i8"XoA
_zu(|\
RgeH\0
Mvcmph-+MZj
gYUKfm(t!@
.b{6?O
Ll>wUKx
yt|S(W
F1|O~0;"
U"YF1^}
U&#4_Tr
~Tl#i+)TUuzU;eC
@A Rce
u&Z=0]o=NS
Y`LlyH@(
d'(E+7?xMOnpfaq%&EhGbPH~
~a;Iji
(w7js/hhnP
Y@~u9A\*
'IST0[
9zN)`wa
L>_mcbH
<o(&UrH CC
=^utp/7o
>;hX1jo@p S
[q2;OV
o"gvg0/n7
TzY*Y$p&5E)?LO
RHJBz9qxkZ$B
soPdLi
|HD*TEIE
/f/b.M4X
%+8EO>#M
|D2d[2
eo.A-#
f:qd)+
},U~y'c$,{xM1
PO"(T8
kx0lP2lvb9u?^
]w9xYxyw'vXO,CLK
iQFqnk
[h=|AwjB)L
+;cs:TMT
VA>=1,
1xihLwyx@V
DtRxIYRI
e[<=n(
-PLJe&p=Wa
:QM.]nL+'|.@e@ Z
;lgymuJC
`L%em5'y[~cS1
&HHln-t
avw5rb
jZhMSij##_
ex=zG
tvQXVD{r
z-"ygkh+I
/4kRiS}
8'|>ub
Zi>lHV
7x8J\zpWl`Y
@fHDq!Bx ()
bZz*@=1
:z\j&`uab=EDE\
.["E2R6sH\
^15i%
Xz+nXeiM
Ff=2).
)H:?eY
({hXcMc
)MX?qVLsl\w0`N
U<|"`?[:7Kc_
f+9?XL\%
2*6#&F8a
_o*/fO-
<-5"fEyx
s~:mV&:QBDbce(qxBvf
!`^$N}
W/`?9z=
O59!vI
gMOu@>~
:SXMXv'
dlDaxC`Pp<5rp%tRCP
NO`usn
PmB,r3
d9|cE*t
MZ$3#\
Iu =Eh
$_EHb_=.+
J(Hr}I
p/DH8U
Khv;N<M+
"079MU:r
W97mR
B469RA
u),-z>
d!/hmU[
Q;_p,Xe--z!
wiU^.8
>1%>,?H5S\q\f
0%[|Wfk9
wg](^!z5m"A
(W-]u9<
rZCn\[)N
W)&v$Lu#
H!LMxZ
VC^({gpHc bF
H'F2S#s
JI#w6d`3BG
K-,F\
u4$v{DvY
\t95LQ
04384
ih8AQKBk
H\@r?MY`
VJ!^!CB34
1_O20_y
Xqh2=;
_bM?C/lEU@
z3pzi\
>-MPd@
IK()mFD
~y~}Q0
:p05vRv
qcy;Q+ op]1
f^~AUI
"-nW_F5
`gU+^vQ?
k@?2'4
~S_9a%"a
J+|f?j9`a
"yJi]]-
ZT4@rh
Obr\",>
CGQ}\
QR$] V
^F2BvfoE
K')[#}r<$
EN}*:
b#zApn
Us#Z}{
!d"`Kk6&e,bM
U:M?br
_[abeyzR9#B
%J"}[q
e8bR_veP~I
^i+LvCLW
'OU\^?'X
(EEB1Yqr<H3_p!
mr=22/!
a{2@.tc}
q5@bQS4":2co$,f
qf(<.|smWe`wKM#3
{"Sjt!
]#,}Hjr"
5Zg4R}OnO$Rt
oKBI82
|JQ^Yq
#{iF;GG
5rQtq}
'QP`+6
*<s5xUF
s#kn*^{
\(a;!eg
Kt9UgUmy&G
W+\P2l^
=v-4$cLzA}v
Vt=?FfVF5;
B3$_C>'f
+%KN7D*!I^
H*AhM\+0
yl@~<m
/}8O8puA&>qZ
1&w=N<sz
+VzU6Y
BsB`gQ
Nn.2-F,
|cicC<ci|c
Us9UeL
Ge*W`ZR$^#P
)0I1U+Z1^1,,X6@(Z3
EO90/cb,c04Mc#=Dc<c
d%cE<c*VcFGcK/cY%c` ccBc5,c`cNfec}o
doqdcd;dKdNd^wxdlzd~idwxd
cj%d2:d
nZD)O^Rj0
{Wx<7^
;Z(M,H1
%XPcL_cIRcbcn)cq(cdJcc
uc-cDjcs;c
d4cYUcD9cD1cL)c71c
c#r9crdd>\dkfdOd
spqReebp]RYb)?
Eq+?)ESq
pbM?aYpoQ
syRzRb;c
$bwZ.Y
xucxlxls
UMxLdxLs
rvhOs^h
hXspXsb
vw^Wu{y
anS^cEi
[]aeiNl*p7p4s
2r!rru
wvo{t|\89<B{cr
~drxdb}d_ydpdqdkdddqndomddpdw
jd[dbdUdKdydcsdb^da]d_c_c]c
kcUicLfcWscVqc<nocB|jc
LVXR{U}@xA<zGHzHY/>w;A
NLJcQd#d&d(d*d
dUdN dC!d;3mdV5jdP8sdE+`d<-
/Wd 0Jd
6Hm4ac
~.Hen_ca
4wJODB[
aiZeUpP59gBf
~E[d]$k
2kkISsLn
>S3|s*}EUy"co6S,S
B&n8 d
oD'+=Mow;
cag>UR
tptng_c
caf@sHs
d2yEsn|)
+`bxh1
zdAu"nN?jj
mQqIzqQmBDFs`m1Am
A,c9T6[FB8c
cAup{l
d;Ic;I
g!gW!v
M+Gck6
;/oks_+_klT
/e?kU?T8'
._juXju&j
Sa6wee!
Sq!7s>yUY
jkRoW&jW&
.u9jK2t9~
wkEuSzo
2lpk|T
q1\p`|S
4s0sqc
i^s~f0sv/
uwuwuw
rguwRuwBupT
wEu]]]p
t3]+Vt3B^g
]Gr^t]
q^c[[[c
Zo[uo[_
SSTT49i&#
cicc|c
|cDc8cNbci|c
YcYQcdc
Acz&9c
p-T5RFc
cD/Pd<Rcd4zd,c$c
c#c?ck
S2GW;l/"
2WzlbI1
2cZKdmrd
bd9FdEJd'A>dMd
idkudWqdc}dcccc
c9d-d!d
R!jPMM
|~xw~f
h|~xUx
{||uspg
'ny(>
c~[~%Z)t
*5ek~c~[~
{hqZ;Uf
0 O.>>
Au{fsk<cf
{AxK;C;;J3Dw+6#dR
S[pBp:l}+
m^^nn~
v]Z>6#
qz+5l{
{zzzzzHJHJ6os
s=<Fb9@Bz
||||||||
-age.=CA
h|~||P{1{
(A9jrE
93SbTRz}
FI{~xl~
k5/||+}
}||@JD'C;3
Lgu~*u{
syP-{=
syky'v
%IaLQ`|Ky
@FCE7$yvowt
0]~mzZ
:{\60C
Eky;S]g3c]g+#
c%@*n~
y9wHtY<
ltdtlztJ
yondRtlJtdBtHpkgc
%'IKbA
k=H/uE\
HBDcz8~p/~`/~+~}
~d}}}e}+
}%}k3}u},}=
}j_}5,
ayOryOr~2y
t[mp(n"'7[cc
#FI~|i
@BD,+/#
c%H,V5zVz
yyyyyyxypsylwy_
dy`ky]Nyp|ky
%Ijpp
(kbx`McJZLdt
cQ[vG\vspvZ
c%H,1v
]vyuquuuYuJu>uBu
Z/glu3
&Nccgc'c
*"Ho6|6|nH
W=NdpJ
<3{.PX}
||||||||v
rrvrrxr'r%
r&rJAr^r
thtru]rvLnwOZxUQ
dnI2lx
uRMNH5/
;{As@H^}|
}||||F@FHJL
ninon\nKnnnn#
nO)jsznnNn]nKrn.un{yn,
nNwxuv&k
#b6-c
I!- JD #?G
|QQ,Fu
(`#?H`
zzzzz'{
{zzzzzzz
{z|||||||||
|||||c
VK+!n{}rW
&<QcccqcX
4iU<;w
zzz[%
({NsMkUc][SS.K
izsz{zzz9M
50!#8OI!
/cbbbbbb
~`n_f_PI{
9{MsMkMcM(
oczc3c
Jm=<>@-2.B.s
4I/k65%%
vueeUPh{
____3_>__
_q_t__ _L
_)x_Z^m8_
V_\_-^_jyy_*S{_
4_75[*
]\=`U?_V>bVfWXXrmXuNQ
{YlsFkAc1[1S!K
OCt;3cB\:\B\?_\.|Z\
[[[.|[
c=:yQ[&[
X[;T[@R[2K[
fPXQRQ}MV\HVnSWiFT?A SMMsMkM*~h~j5b5<Z54R5<j5
E>D97>
)A-A^^5jS
K[VCx;
W_NlUjEjEj
LFxvw{oslkcHjX
DX:KXI3XD(XK1X)Xp
XCWFjW"?WnWnWnW"W)BgW33WUWWTWTWDWZ+WAgWAW
OWWYoZZMEO~QxQcRjR
?Fp{3.hs$'gkc
[nSnKfC^;V3N+F#4
sx)j}j}j}j}j}
c[T\T\T,
UzkTzcTz[TzSTzkTzcTBD
c!F=2nSjS59eS
SSSS{SyS
wjQmOcVMaP[_RYUDWKU)QBSC
<U<U<U<Ux<U)HjVRVJVRV78T8T8T8T
"u{skc[S8K
cTPPPyPFP>
PmP"fPVUPIXP
,P!PoNPw
NPo.PW.Pmt4PH__P
P)*qOWOOO
\RTRnW9%<cJc
I]6@=TV.;!W
lL8VWPJXHMYP1Rx/RqBSi6TQT
))p)28mBCUb
.{+s~kc[^SK5pCf;3+
MLLzLrLLB5TM
|?LmoLm
OLmOLWVL
)LL1Ld.L
f/Qf;Pf7SVCRFUFj:A
18PMhM
`M0XM0PM M M0Mx62%bc
@o!_!_!
rwMEb,B;
LFxsc[SKd^SI
HHHHHfuH.
'6n TR\RTR6]8^9
<[B)/52A
KFpr[SKCx;W3a+d#[
uhdpEjE
c!F:|DYDQDD
giN!cc2c
j'g$mVlivktm{osqk2 fcL
s&xdAAA
AA>AjAl
AuA_A-<AlAfA
a^APXgA\t[AZriAGiVAEoTACmRA9sHA/q@v@t@J"ZA
\E66-C
"B+%#alF
9x0^eec
DFbPt&x
{swkca[iSj
KiCc;P3h+r#l
W^d`=Z=H `=
<Vi=/.=
B=43=1(=Nb]=t|{=
#%'!#u
IIM+
z@ma,z
JoL^a>\kx
8FxoC;t3t+c#+:76:&E:
9s9\t9=
9e9rzq9UoT9Sm9Ik9?i9g9ez9%8
c<:~/u4[2YoHDMBK
jugY~cm[zTxODYc
pn;3s+s#
&!#& +
kgcc}um6n}6-6N.
55551>
55y5r5ri5
z4xFVHMI@>F@LeBK^C
f..w%I!4
.h3^ x=
23e2o2of2+nf2!SY2QQ2
Vh2[c2X[2]R2c)2e'2#2r
2#929(20/2>-2
10131)
D]FKZCr=
=c>e>P?3@-@C1A>+AL&B=A
(=#&
")%%kx
UxX{\Z
sQTkWScR[YTS#]KVC\;3+%#
wc..d.
YD 8.R
.-_-u-]
P7T2z2y2d2e1o1<474e1s1xH2
2m7K7Q8F5756%b+mAcc]
9,;@{me
BAr]3h+^#
+**_*u*]*S*I*
********
*rn*_i*@P*EH*>S*J*,2*)5*
t2Ag~-
M'N,A8383
4d<5r>5Z6P/N/0l0
^MV^F<
8J#$c#
<Uv$uc
[SKgCd3'*'-%'E'TU'>&
b@8E)|&JrY&Tj&Dj&Dj&
l&_o&uO&]N&
P0N0f/c/l.Y-)c-&
c+B)PK|?o1
#':,EgR
^jK!]iJDhEGXEY]iJZ?hJjL
{fsFouEoAP
oCKLp<JCvJDmxDB8:
9*9F,8
v?"fp
cSdxC
y(Wb`Tx~1I0!"
c8dUbtdwdFd dbkd5Kkd
dI\d`ddd{dWdydaudIhdX`db4dcHd
ldj(dP0d
d$,d1;dWc
ie^#URTrk
xox|YL )%TJhs]Z-jPOI
JdNdcd0d* d
zd3HdChdK^dXYdmUd&Rd
dK&dofd_Ud
`d-!dvbdg^dvAd;f
9dV]6d
c9i*a8*c`9
tbQyCVA
INFIIY.QH
z~{>z~
|[|};}+
q'za}z^
::::::::c+
s'6t=8^<7
29/;=?
XjbViYn\v&
v9qkgiat\cVdTdEdEd7d1d]dYd%d d,d,d
d_cVcNcF
cAc9}cm|cl|ci|cs}cb}cb
crcu{xc
`7jBdC|B
xU}UOvP}[ZLGFFIReDdJ_I^G^RakV````j
dcd.dXP
dHW d>Yd8S(dU%d>c'Ac!:c)Gc!Fc)Fc8oc%<c
;c0Ac(>c;?c<Rc
ScIUcOFcM@cc:cb\ch^c
]7H Ykc
skjdmdlm1
=N>A&V
uR~RB
bAA]_&.Tl%c
+h0EiPj
L4_0wO
t]|u?}C
`+h+Q$
]``:oV
O[QdJVN
XXiQNXJBA*
v^Q+=&&eNA$
h>WrrY
t[tstk
gq[xWK
k-ogqgq
pdR4XTPm
SRTXlxlslxR
(eaoq!0m
dqSpqn{
dq3pqw
hd^oq^+oqVxzQ t
;t1t9t1t
GtsZtktl
ztxddTsTdD
EdDTTsDdR
,d00c(c Oc
TTTuThTGMU"T)PL|X
ITkTnTThTGU"TS)KC{;3+SSnSSDSp_STcPNd/Bd&dy*d
cQc:QcqQcPcPkcPecPec/mc
dycc-d7Q`cZQXcqQPcPHcP@cP8cP0c/Gcjcyqc
Mb{WX
}KjL||pVc
yyy||8Uk;Rj
cKxqxuW}
y}QpQx
;554u7
H;$QN5Nk-Ql
M)o["dQ,N
NP]N\c
dKMiFXa@V[c:Tm
X..[.t[2
34\:R7=
2P3io4bh4[a5Lz01c<=
n1Q1I2@2
o0:Q1Iw 
rQ6hC;sC
<<<<z{:k[<Kc ;h
c&_a[/
^ccic7c
S&]c~c>c
FIDU>F>FIDa}
~ENENEP
a9SaKaCa;
3#m+5s#
,RajaaxO
6YV.YF&YF
(v+f+f 2
B8=8=8=
*##T#^[
Jb<B"""D
X XR~8h
lLO\;F#3F#+6##6#
GqYccu
xawAX0
qccwca
]yb`uuuc1;Ji38$
JCC>."."#TM
%%J)L%
{4sltk`cb[VbS
Cw;e3Y+d_
c?+qLL
-"e&HIFMtQ[T
a8o\E-|$XV$Xf
,G<whw
%#KM91
]6SJI.w1r
!EImO+}OV,J'A+
vPKlC/
K@OB;K7{8s]k]r
cdoho`oXffN
c?+TDBZR"4')'
CFl]7m
'Kl|@aB>
v\%b}}}vF}}}
EIwE,Cxwus*.-
*>U?;{
[0SGKG
Cv;Y3Y+x#G
~C55h*="=4+JdMzSf8
_#C8D
KY!J!2!*!2u!*u!
c?+zXcQsQ
UsreS"P|^&!!yzqo
3:C:42
L{'YsYk
[TSqGKtFCA;E3d+
6LE=S[C[J:=UDlno+C{_wZrW
;TZ:>A9
p$lpGuO
KFx<+.
CE0q;~
8Z,n!g{
GkAcpb['iS'aK_Cj;_3m+m#
NFKczrz]q
eF~fnSkk[`\`|i
Kc_c(c
3zg~l}{4
BJusNN:*txOQcUYzz~~r
jjnnj~l5+QA#]
S:K6Cc6/N:3B
G6"K:&?>*CRyRQ
a%9A%``+pg+j5Vi<R`/^[YR
}{inoq
#<c 6[
';432+6#/
Zr8;LE@{cw2nx-qB9h\5S>!J,E(D
cA/GC*@XZA:A1>
h5b}-~
%;o?3s.
GdOIu`L
_ePD9`
BuDtGuvDGvO~B~4}R
cccpc]cEc)c#c
Py]C/Q%K
T|7iccucHc c
b[7L Q
cs=5-O
'a\WfWfWVWVW&W&
'F`hcvc6c
44n4n4
K>md#:
\NGh{aXsfZkQcQ[dWfi83
DK317H__2SK3"4"$*~
?)mMLLLPj:`
wiD3E:B=KDM
P"Q%/F{usekec[STegK
3bvx+>#
hkUrU]DTOG/i.c.Z)e
'!?V2C*C"3
c!F2U)>!Q@'
'}. e({ {
W{?sGkocW^g[z
clefpP@
r}UK=k|KlKlKLKLK
71mUTGE64*
yk*c[SKCV;cL
s]{QPVH:p3x/e.{S:z"yN
At\T\jpM
\TM|NtNn%
8/D|D|$
[3SKC;03Xux+`ux#Xux
7BpM{sca[YSiNR
E/.1{)c
`7XFzG
'!NjjjxT
d\ll\\LL4
[SKC;&3&+
!#EOi%R`
c!F>?Xph
671+-<vSu"
49$I^c
+N@{=W^`
1@G9;E?Ac=YVOHUJ
!:ANOr.rGr(u"W
570R<OU
DDBx@(P
{?s.kMc`[
deJ}cD}YN}O|
5|k||cl|/||R|G|
01V=WZQ8R1
b|UrWpi^cTMZOX
7Bp*[8Sdclxj}yUySySyEy/y)y;y-yxx?x/x0x/xxxqxoxexp
oxvQxzMxUbxLcxGxEx_x
Tq\qH!h
ON*C A
*V[sdmiRgg
upu?uet
c!J>tstctc
l%CFYZ
irwWgYN[DJ
ccHc$c
IObsn}}~6D/
hk^ad_{]xs}k
qWqHqEq/q)q:q7qpUp}qzpmbq
=Twc#c
"oToTo!6
lzxwB.-
kDc4[]SgKYC\;3+#
-m,mWm
x0s.ys
Bq{b0m>l5k
I.% F.<$+9)?Djrx0c1c
QuCf;a3c!j^
yjMDjC
i1i/i5i(i
i{iYiWinioiQdiNiiNbi+7ispi&
*=)}Gq
xdobAoZnutnznyn
bmCj;m3g+n#!}
kcNofOTfTUf-Ef2Jffo`f
1Je{\e
b>pZor~rOq=q:lC"k)$k&
;m/h'sNWnTqpRp[kPjjms
6O)08Ze
?FeLbK=C
skc[SKC;3+
bkb^hbdpb\ibNbxNbIOb7Ob<4bE5b+%b *b
^oaRaaHaIaVaGaa=a
Y+Qb+QZ+@b+TqLFPdWbWZVU~UOT=T
?CUHZG:@4|
itgo@[DX?Sn<P{&
7F4alcZs[[sS}KoCq;
c'@8,F
?$J1z1
LLLsL@
9.~tsl
gg^q+,
eaEQTa
oO3^Pw)a(o
2iO(o
k:-d020&
+J3)R#b\/^"W
Rk$_q_
roeL-7
nehi~feJi>`[" G=/FYu~nySb
c-titl
<BisxXl|OIAu>D\EXmCD)LG5>D
EX-CD)LG>D
EXCDLG>DHCDNA@
MJ;kED@HC$sNAKJ
UAKJCD
GCTAKJ
w,,,,L3
BUHLYZ
_O1{|A
99#8X"9K9N
PL3Ie414)4d1
OW3nW3fW3hW
5>55K>i5,=5<5<
6Q96Q6Q6
R)7TF7T7R7R
8+I8O8O8
9@I_9QI9
7U#'rs'1
Y91dd_u
151@1N1a:p:
~::':@:
y;Ipp<$f<e;9U4<=US<@EM<F^=6k=
7=&=&=
yMj;rMu;fN;BN;K;K;K;K;K;
Lr<3L<AQ=QQ=Qa>
R>9R>9R>|R>Q>
O7?PH?Pe?P?N?N?N?
znwN-C#
9<6yvD
-8i.7q.7
/tm0ex0e0U/U
79IC7Iv7I7Im8:8d7Y979
:7*:7A:t7v:S6:
P6:|6:6:8B;S~<uTr=4=R5=Y5Z>Qj>RR>lR
QN0N3B
cvvvvv
vvv+?w3Gw;/w3'w
n5io4qO4yO4qO4O
5y/4q/4)/'51
S5:5B5j.r.Z.b.
y:q4q:y4:4}:4M;
5<M5;]55;e5M;9L:L:L:L:L:L:L:
L:L:Ne
FwIWIQ25Xr0w
>"8k(g?
W:>dEd%?c
QR+W:cM
/IApRAlS
H/@/8/hkl
YH(@(8(
7<BH(@(8(
I8Fw;)0uF3
8@kE L
Nw<`E`KC
Fe6S]?(
Nr>w2.>
gM4Nuc
`5`#!!H(
@(8(k=E
@(8((E
aS<u9D
UXJ48gE0c
9/uYwtX
-pD2Mw-pUcBEF
r3@`MT(nN;C3
`:>dSQ
0cUEI4M3O_'<B>
(<BQ1`U
cMN](<B|D4_4<B
QW:cT?R
<B50_&
Rw'<BdJ(
<Bfr8c
\=BU(;
)SR=jD
wQ:>d5jD
3]] )Qw
u`:>dY.iD
<B>69<M
(3M,2-@h
A4MN's
6>,F-<,
E@F^:cM
_5'~%(nD
?<Bcn
<B=$;*
.'5w@Wc
VG{t8(
%$Z"X%
(Hna7|'qX
Y?{'+J>
;[i3g
I%>!9xu[
wZC)n4jYu
N",*bX{Atd^!
>&]#\xx
XkpQ$b6w(xUf
p|ApHs
Ti/fg&
Bz&Eqm;(kHU
N@uy^("B1
vhGABVBL8
;S1$6+qX=FA8aTQKE4h+
4BMtXl
{Nal}Q
@ggggggggggggggggg
ae u
plcto.
og pc
odpIi_Ls
JOY_hk
-,++2/q
VS_VERSION_INFO
StringFileInfo
041904B0
CompanyName
FileDescription
VarFileInfo
Translation

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255
A 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 61714 8.8.8.8 53
192.168.56.101 56933 8.8.8.8 53
192.168.56.101 138 192.168.56.255 138
192.168.56.101 58485 114.114.114.114 53
192.168.56.101 57665 114.114.114.114 53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.