1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.81
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Shifu-B [Trj] | 20200603 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Kingsoft | None | 20200603 | 2013.8.14.323 |
| McAfee | GenericRXGM-ZQ!48AD4BD30B64 | 20200603 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0ccfd | 20200603 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
动态指标
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.MPRESS1', 'virtual_address': '0x00001000', 'virtual_size': '0x0002b000', 'size_of_data': '0x00020a00', 'entropy': 7.802753077937044} | entropy | 7.802753077937044 | description | 发现高熵的节 | |||||||||
| entropy | 0.9595588235294118 | description | 此PE文件的整体熵值较高 | |||||||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Gen:Variant.Midie.36171 |
| APEX | Malicious |
| AVG | Win32:Shifu-B [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Midie.36171 |
| AhnLab-V3 | Trojan/Win32.Shifu.C2756321 |
| Antiy-AVL | Trojan/Win32.TSGeneric |
| Arcabit | Trojan.Midie.D8D4B |
| Avast | Win32:Shifu-B [Trj] |
| Avira | TR/AD.Shifu.hifkw |
| BitDefender | Gen:Variant.Midie.36171 |
| BitDefenderTheta | AI:Packer.24420F081D |
| Bkav | HW32.Packed. |
| CAT-QuickHeal | Trojan.ShifuPMF.S10291657 |
| ClamAV | Win.Trojan.Shifu-6330434-1 |
| Comodo | TrojWare.Win32.Spy.Shiz.NCA@8m98i8 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cybereason | malicious.30b647 |
| Cylance | Unsafe |
| Cyren | W32/S-7a16e605!Eldorado |
| DrWeb | Trojan.MulDrop7.20629 |
| ESET-NOD32 | Win32/Spy.Shiz.NCR |
| Emsisoft | Gen:Variant.Midie.36171 (B) |
| F-Prot | W32/S-7a16e605!Eldorado |
| F-Secure | Trojan.TR/AD.Shifu.hifkw |
| FireEye | Generic.mg.48ad4bd30b647e20 |
| Fortinet | W32/Generic.AC.42C3E4 |
| GData | Win32.Trojan-Spy.Shiz.D |
| Ikarus | Trojan-Banker.ShiFu |
| Invincea | heuristic |
| Jiangmin | Trojan.Yakes.akc |
| K7AntiVirus | Trojan ( 0052964f1 ) |
| K7GW | Spyware ( 005228cb1 ) |
| Kaspersky | Trojan-Banker.Win32.Shifu.eph |
| Lionic | Trojan.Win32.Shifu.tnsd |
| MAX | malware (ai score=81) |
| Malwarebytes | Trojan.Shifu |
| McAfee | GenericRXGM-ZQ!48AD4BD30B64 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.cc |
| MicroWorld-eScan | Gen:Variant.Midie.36171 |
| Microsoft | Backdoor:Win32/Simda!rfn |
| NANO-Antivirus | Trojan.Win32.Shiz.dvsrfy |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.A6D8.Malware.Gen |
| Rising | Ransom.Blocker!8.12A (TFE:dGZlOgLaeyYIjEMjGQ) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Shifu-F |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Banker/W32.Shifu.139776 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2015-08-21 18:28:13
PE Imphash
29c4c5f8766667965cf6248336ce2ba0
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x0002b000 | 0x00020a00 | 7.802753077937044 |
| .MPRESS2 | 0x0002c000 | 0x00001000 | 0x00000e00 | 5.847544440819902 |
| .imports | 0x0002d000 | 0x00001000 | 0x00000800 | 4.402717340306505 |
Imports
Library KERNEL32.dll:
• 0x404048 GetLastError
• 0x40404c CloseHandle
• 0x404050 GetModuleFileNameW
• 0x404054 DeleteFileA
• 0x404058 GetProcessHeap
• 0x40405c WaitForSingleObject
• 0x404060 HeapFree
• 0x404064 HeapAlloc
• 0x404068 GetCommandLineW
• 0x40406c LocalFree
• 0x404070 GetVersionExA
• 0x404074 LocalAlloc
• 0x404078 LoadLibraryA
• 0x40407c FreeLibrary
• 0x404080 GetModuleHandleA
• 0x404084 GetProcAddress
• 0x404088 GetTempPathA
• 0x40408c GetCurrentProcessId
• 0x404090 GetModuleFileNameA
• 0x404094 GetVersionExW
• 0x404098 Sleep
• 0x40409c GlobalFindAtomA
• 0x4040a0 ExpandEnvironmentStringsA
• 0x4040a4 GetCurrentProcess
• 0x4040a8 GlobalAddAtomA
• 0x4040ac SetErrorMode
• 0x4040b0 lstrcpynA
• 0x4040b4 ExitProcess
• 0x4040b8 GetTickCount
• 0x4040bc CreateFileA
• 0x4040c0 GetShortPathNameA
• 0x4040c4 GetHandleInformation
• 0x4040c8 SetPriorityClass
• 0x4040cc GetCurrentThread
• 0x4040d0 WriteFile
• 0x4040d4 ReadFile
• 0x4040d8 SetThreadPriority
• 0x4040dc GetFileSizeEx
• 0x4040e0 CopyFileA
• 0x4040e4 SetFileAttributesA
• 0x4040e8 GetTempFileNameA
Library USER32.dll:
• 0x404130 wsprintfW
• 0x404134 DestroyWindow
• 0x404138 keybd_event
• 0x40413c GetMessageA
• 0x404140 SetTimer
• 0x404144 RegisterClassExA
• 0x404148 PostQuitMessage
• 0x40414c KillTimer
• 0x404150 TranslateMessage
• 0x404154 CreateWindowExA
• 0x404158 DefWindowProcA
• 0x40415c FlashWindow
• 0x404160 DispatchMessageA
• 0x404164 UpdateWindow
• 0x404168 ShowWindow
Library SHELL32.dll:
• 0x4040f8 ShellExecuteExW
• 0x4040fc ShellExecuteExA
• 0x404100 SHGetFolderPathW
• 0x404104 SHGetFolderPathA
Library PSAPI.DLL:
• 0x4040f0 GetModuleBaseNameW
Library SHLWAPI.dll:
• 0x40410c PathAppendW
• 0x404110 PathAddBackslashA
• 0x404114 PathFindFileNameA
• 0x404118 PathFileExistsA
• 0x40411c PathAddExtensionA
• 0x404120 PathIsDirectoryA
• 0x404124 PathCombineA
• 0x404128 StrStrNIW
Library ntdll.dll:
• 0x404170 RtlImageNtHeader
• 0x404174 _stricmp
• 0x404178 ZwClose
• 0x40417c memset
• 0x404180 _alloca_probe
• 0x404184 strstr
• 0x404188 _snprintf
• 0x40418c RtlUnwind
Library ADVAPI32.dll:
• 0x404000 CryptGetHashParam
• 0x404004 CryptAcquireContextA
• 0x404008 CryptCreateHash
• 0x40400c CryptDestroyHash
• 0x404010 CryptHashData
• 0x404014 OpenProcessToken
• 0x404018 GetSidSubAuthority
• 0x40401c GetSidSubAuthorityCount
• 0x404020 GetTokenInformation
• 0x404024 RegSetValueExA
• 0x404028 RegQueryValueExA
• 0x40402c RegCreateKeyA
• 0x404030 RegOpenKeyExA
• 0x404034 RegDeleteValueA
• 0x404038 RegFlushKey
• 0x40403c RegCloseKey
• 0x404040 CryptReleaseContext
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
M+QPP3
@:u+;u
_^[UQSh
t}SWh~e
;u&t"t
@:uQ+Q
4muUZ95\B
E;0sQi
PYYt1hE@
W3WWWj
Wj[_^UV395(B
Ht;Ht/
^]%XA@
UXSVWj,3EVPE0
EPVEPj
VVPVVjdh
e_^[UE
SW33;t'
3;u'V5(A@
SVW3j<SV]}
PP E;u
3;tJSPPj%P
E_^[SV5@@
3_uuu}9u
ta9ut\EPVVu
tF9utOVu
t-VEPEPWu=
re^[UQe
Ee^UQe
;utj0Xh
@:u+@PPj
UQQEPj
SVW= @@
UQSVWj
VWj<3X}]
EPEPEPWVu
t&t"PEPVu
S3V3]9]
t\W3]}EPu
};t!SEPVWu
US3V9]
tD;t@Wh
;tJVPWWN
tkV5 A@
YYE_^E
WSSj#S
W3!}9}
EPPt.9}t)V
M3%9Hu
t*VHt F
`t$$L$(|$,tftb
AP32uS^
rK)rG9N
u/L$09N
a`t$$D$(|$,L$0PQ
rQL$<+L$
QL$<+L$
$rHV)^l$
QL$<+L$
+|$,|$
a`t$$L$(A@
+SVWEePEEE
Y_^[QVC20XC00U
]_^[]UL$
USVWUj
t ;t$$t
KERNEL32.dll
GetLastError
CloseHandle
GetModuleFileNameW
DeleteFileA
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
LocalFree
GetVersionExA
LocalAlloc
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
GetCurrentProcessId
GetModuleFileNameA
GetVersionExW
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetErrorMode
lstrcpynA
ExitProcess
GetTickCount
CreateFileA
GetShortPathNameA
GetHandleInformation
SetPriorityClass
GetCurrentThread
WriteFile
ReadFile
SetThreadPriority
GetFileSizeEx
CopyFileA
SetFileAttributesA
GetTempFileNameA
USER32.dll
wsprintfW
DestroyWindow
keybd_event
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
TranslateMessage
CreateWindowExA
DefWindowProcA
FlashWindow
DispatchMessageA
UpdateWindow
ShowWindow
SHELL32.dll
ShellExecuteExW
ShellExecuteExA
SHGetFolderPathW
SHGetFolderPathA
ole32.dll
CoInitializeEx
CoUninitialize
TPSAPI.DLL
GetModuleBaseNameW
SHLWAPI.dll
PathAppendW
PathAddBackslashA
PathFindFileNameA
PathFileExistsA
PathAddExtensionA
PathIsDirectoryA
PathCombineA
StrStrNIW
ntdll.dll
RtlImageNtHeader
_stricmp
ZwClose
memset
_alloca_probe
strstr
_snprintf
RtlUnwind
pADVAPI32.dll
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
CryptReleaseContext
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMQ:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkaEl
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
RH a6dKg
E.LOVDNS.
dO K+O
<A #3m;
4dtDc}
zYI33KhhzJ6
/3!ij-;'*l{w
proggamcGn Otbeu_i
4Fs|]yPp5
(.rdat
lBN$eD
PQ0x0(
el oc$
n$] HV
yN1XG/}
!?"PEy
C;).9t0n
"TD_V|
Hl4FNb@fTL}HX=
y0q2WbVNS
dyYu_6
(tpb6\Y
#t&EbW
f$?(;h_yk
""W\S~
-L4lC
kb!gx!
h&Vt9\QQ(
ei(P]sHK173XS[hYs(dc
i$Xu4!
[]Ls$A\
HHmPYR2
1I\Xx0
ucj0!${
,D~LXQ+
u@EF):
`"H[1EPHS
,~Z?\5
A=EBGt
'i"<@u
$DeP|6N@
Kaq'B7`t1j
dl=OV+=
StCD),+
G<t8kP{i
}J@$hzW6A
YFq8Q#k#
%tPma-y
3mPD^mJ$,Q
VcYaA?
MQjX\KPQ4'
W(@^P%
'W8;f'uOK
W18hU HlD
^}%L!:mg&jTA
TbasV5*
]Jm|/tz
WS7PSYA
X]'F*N)j
[d$O>QP
WS19At
t/=c.'
#HX9wec
dEbD!
F%n B0*L49
D~p|CN"
B1E5VIC !Y
CP{N/=cI
+7[(0h/
LVyB2Zh [6q%
~EqIR@
P+Vb$0
2PVPUd&
94tLjsM
x+IP/2C
h;pV^q`e^ZH:|
9=LB|HX]>Y
%aDjPB;7
0G@d #
Q|fH//
TeR*6fw:$
(VXC6@
}&|xL (
(9vU($dXS_l
Afita=Q:sP
j@SWjR
dB:UiPV
P8bD@$5d
LyHc)1uoK
r%%$9v}(4%#a
WhI*T!c
WSdm'NL
yBGTzKPtu(/
t72M)(`
\QlxxNf72
d2Nw"hCb|.
j`AX]~[(
D\(D.D8Sc
(BE*p
! zC}$
QtI21M*2
"vEG~P
|Yq9YJ
D$)0u4LXQ!UHn|
_\U N!
H5NZ~
R$V &YT%=G ]
SP&BJ2"txF"@&
tYh x|(D>-
NI!}dav
Ibar!H!
Vfa-g^A ^!W!6
?LwY2A
Mh5lz]
db0d.6
Ue22sv0;N,|sJ{
p]W4c)d0"
EB2h(B
oBi_-J-
IA]a3F?9
^`?%Iy
&X@U8HF
G2F^?Ip'
<iid^"|
@(Gytx2
Y4md%WmfLIZK
@jD.dHr]H
.!ZDDa
"/0K19D+)
`|2mzZ8B
+<!GZ$D
"-~u/<
*D8"@&f
qAIzU'(#c
D.*lDs
YPVYl=l
%;]\@^a
X&+C.h>M
^hDP}#
'A@:wM
Cd"%6I
:l4 (4@CS"DcS+jTd
Z)9&x0GRo
OU48E!9x&(r
WAP"-u@9E-tHc
DR[1DD
Tw"lr-Z%lN&P?9L
sR 13"z
J1,I!
yd&tsv-
K<]8:9
-7oH{ba
Gx2[Pf
bDw?p2n&Wp]l
G95D_u
B,mYL7
VZQFhkD7c4m5
5o*K)sBJ(pu
YVh@jB
iG5[:2
nCtW*SJ
QS=ld%zxt
wIDiQWk5
[g%/b,0
t"Y//K+zMC
mowNA3A]}f
FJDt=x:;Sa;Q[~s2(6
8"yWajE,DpY7M
uiq=~!
3W%Lg'I2e
d!z31s:a+!}N*
UlbG|N0u
S #^:(F<]O
N$fAhI
G9}0|6t(uF F
;PVj/x"AmZV$#1
%}ZL0$
8 EJ++
@A;*O}U
0> 9GK
dsX.1|
LHK`u:;2q<`a8C
TIzD<#u
-^_+AW9NLK`Pt
;u9`K|[L$R%B-
.P51@"WoI
k^&.'1
a}tQP>,NV9*T%Z-($F\ }.
0,0pIW
bW4 Z}fj
AuMU5V3s&
"U ,@($
_IjPs
7@}}7ym
97gl$cQ
,ic"diW
<h\WS`p[\
<EGH#0Ze|Q
:*K^*k
jtaX|b
TF8P_RJ
=`:1t9v(y
6yB8'=IgGJ4!
Wh{n^S;J
mdVyC$^
K`B7,A
T$HVvH.
vR%A-@
L%B)thS
-8TD9H
u+@QhX[
F9)VAj
tDSH<BH+
I,u Y'y
}hvJ!{%+
B6W)&k5a!9
wZ"(KE0]LBi{
DO ?+S"*h~
"V@v -
h:'wm.
*Mh[I]
9$'0GJhl22
1w-l{wL$Q,/
^N%npE
Xo|'Pw
]F %Jf8^"_VK0Wi0
$"K+D}yAk7cr{9>
^{"@%x
HP."b0,P%zQ[
'TQrhX**
GHk m$
\Lh/hMX
$B ?q6
Yo"GBX
xDiew6G
uI";8LY)
Z]UH2++@k
#$B-x72;I
t8bC%8
AoEAS(
3Q.RfL
6cAX@_
$D~YlBFmyeTB
YHlBLF
!%6(,bC
?12 B.N
*#-2t
@~m=ak
X|_l_!
Dt. vCU<
-j,1 Pt
niW5F4
4UlC dD[
. t?IP
o_XVD!7;*>!l
|VvDiE
FPK4=>
RwhhYU
$&h3h" "D(kzU6}
^[H]hCK
r&4ES,
BBw<%Xj
\Q+p%q
5P# <:"
NB'Bc6
'g.t&lo
IemKE'
leL?#$ &E
]dz[e5
cLCVv8Hz
!:T]Xe
Nj>~[c
?/3Pc5
9=|h6hO
h`Q2q@
%iP3 t
Z@OKDa,
;KW9]$9
1U8;%j. 9
>'E1 }
*fXbIT :
ybA?@d
R-"5G(
["`ap>
1'0dKP*ipU
E<_mS!*
JtlWvq
qqqv(xq'
XKthv'\B"
?<4";h
&<8H\(B
x>W[s-
n>E3j@N
10o}J<B+.
M]^;-vHR
4W`mpA
Qx)thW8TQC
N+fDWl.
\eQtsX-^)1
&C"P}%
dg"pDa"V
+P2S,<
VG+Z(M /!
ujR\0qL{
j-#mA"k\|fBHF+_'`0
DFhdV~u
\Tqs'xtR[),D
5F4"7}
QS-9yxzV"X"$#
pr{rG3!
dn@";6B!
HFgJ|8[R
6P<oL.XT@
9rXMB^i?
F/^dMg;
~gOl/B
32$d~2(4
"Fl%WdV'
(yFk"/
]8H')&
=Ch''->
X'RZ[</eO
_w7 !D1M#I
ZB1qZg%]
/\E@,z(P@
;UvNdJW9o]Y
1Dd;F?;OE
Q'tt!PQ
\vQGOh
ntFk{J>S&-J."r2
/ sI>!
XWtoL"
~03t"#I
}/~%unDdS
3HzN>.<U
+a(5YS4F
GmGEm"Y+
L%G5x}
LO/|G6e8
.2!%F'a
|J7:E{cJQ<V.ic
8w(wyl/KNCHVEAU0"`j1BVN `/
yj>LK=
/\:9ZE
X'M$0w@
0VW950`Pt!
gARYC8
k? wPBQ
W%&-gg
%:B|4DJ)be
VU*0[}b
t!vQVJ$
@xI@N"-
%z`/8@L^e
!t->(x
zMhV!o
,R2]G-q
BwLz@yI<0}`
pa'v=sdj}
WPE\KO
)1W4%[
&xSP;Q|
x!9|a^87E<I9qV
twV8_4]r
a8jWMQ/"qeT
&(x6\'dSad~
W^+S}S
;ZN]]m
kT:EjoH[
Jit_}kx"?#
35z8]6
y8SQfWf0%6
|Dy4!
=8xJw"
n^4xC}CX!R
5v!xBy!
(q>8!w~#
Oi3`B'tR
)Cs\(5(
?0UR\FGQo4
C8!<@DdH2L
TCX!tlpdx2|
:TQ\*9x
d$R2t(I7|c
0Iuap:R UI2
t<d`$'>/u
6RgJ&2@U )W
Off:9^
GjD; s
HvH`UgT
5~<N!Q
u ^3g\HyO
W_&5#;
0)^X)/'a
>LHW<p
0IQ{)(
7$zKU
[W?V fR
$[i9=H'2l
Wph!tdx,d
XWLJ8P"QoO
O!HbDRK
ISJr+'v AH
v+$#%IeI0
@r{[:Psx
*2$i^ooy
FPb?ywc0LryQ'nQ&t\
J};vV27
J^[B,2B9
&:VNr<
N,%ud1
WwTShd(-
$,Lp1@;rS-Ok
VfKQ%t$xLW8
jBCb"(
mtd*A%
"wK,:AEG
"(C;<rvMDED
;wP*P
WCp/w4
%c3L<XS
vyPFv8N7#S
KI'@f*h
2lREI9
@B|YGYrJB
[PIKi:!,
ZCX3Bd
+@{IZv\p1X5
.'I6j=P
V!0!*X_
DSX*u2e@2
rK+[E8
NGyZ(L
pqW[q
,Cu5N6H9Y
Td4UP]=
-/[f7+
119t\#
J\F&fm
@G+PpH
t.&((P
A$I)`
w$vD-&
$V+Prkz
)$,@-J&N]
O =vhi@c*
$Q"[eB
;uJCZR
usv"sI=DB2
VLN/%5
`\+*ED~
2FD7(."& l
u@=:P'p
^P_r/"
uC3$- 1jE
YP<Q6-
-*&}/(u,*Fs" H
>C(Ks$J/<vj
=(4KVDC
qPoD:L
RP-VZv
8t#/?D}h
JC8D:ugN
`HSIhf5
u+H+[I<
Gj&RvM;I
k2Su$&$
y!N3Wiz!
!K4Q00<!
E"Uau/P-tJOKUVb
uS@M&R
K ZNB[_
E$B9!:
(BAX^'
!2S^V+&<UaS
ktqS^x
*0!]8E
F$H)x
Q)hdRHME
&-; dG\
8+<7vdhQ+Xm
tRK$:MSbBL3jY
+=HA"-'l
BD)'/LQH
_m(/>0
Ota:-|
;9t<6<2
.[<5BW.
ubA'.9l)t
^;A/UH~bDK {
|sL8+
[Z=d\uT2
$PJ(M86
JG9PK_
m]LP)}
]~>+^!
)VPTZD
J&W_`Rc
tSXO:j4
drAakh
H0P4jZ
7;,!DMH
j3Ht(4K#0
%%}N]j
XG@0b HYMwh>
a#\*;J
aLE)i@s
bXKFp WQ
AHTW(KUQ(:AF80wV%<W
SASKF5%to"
Vd%G]NDd|C
~HLF>C%
K<uPRIB
]e'rn KrQSk,u
j1(y>S^
(D9ocV>
>mpd>V
ux}JiD*
X*4H*C
M0UPI,l
%L}KQ)(%
}Q65S(5
@JtF-k
Q+Nn#t
QV-:D*MWO:"
W(37JAE.
muXd3NReM3
L8HIboE{9
JGS4gL2
Z`\=I;sbu8bd
r,^Qkd;
B2)fd!
WNOlF9U*
'~v+-6OEM?B
EH,]0b
U$H'6E
7L@s?a/
DukLe;
ZWs% 9
GJ0%Sd
'_(L# tLkLO~
J'])&xaB
_[0$B]$
-@)u(|O
Qp|0`g
kX'cVR
,%~i2~x
fDu\V~'x
+)*` n_
uWx[| &
0._PdtkJ`AWQ.
HgM&0F8+N
)~tF,A
8W/ypB
RH>b,x
$)Vp+ts
iv6x/2
>d&_TIS_
2} K3rL
@IAT|,
d3u'PF
g4fB>=p,s$N;W"1
sm"d"&`0e L
V@!-TBN<_
CYBeK2BJ
4V#PPLD8!^y/
|0NSZ2
z4L-Y0LB
XTqHnf{*
!N*=s?
sh /#Y`$
D};>s%
h"(dJ
2y!'QP:
)xvdMH
JVSsF8Q&
J"}G?!'b#;s-&
+O+*<b
}(*MK%
BgAMU,-;_#
Uw${>+
BAh!($^
m:6d:pBZAQ
_q @@f^"D
s]VNL(/$
6-d+6,$5w
@:8X@f
V 6G9@rr#A~$v^H
$)0:Hr
@i~>&Xr;@Y1
P,2:$tN
sg|K<HJ
9|Hbr>1F
w8;X,P*(
#f#|8h"K
P^Y/H(T!
8{K!vkY.
[H"jb!
A{6hCE
CE>y )H#EB.
`RpI<{8
i6 a@rI<t
?AJ${J
B;pN6 O#o Ku
{\^ 2=!@"
Yu&av
gE$U[ 8
NLti~ XwK
T1\FX(@O
|\;1F]
9V$rH!
BaBPtQEp
!"-IFRO
\CG-r=
H<D{uicIGA
QH;~uT^D
qZ$?$_
{x;vQ>F
Xirh8El
unf>ED?
@jYE/%
4zQY%iv';
kLAontBR`a2<~
Vu[\)DND
,vyI;j0
),OPS&)~C
<91:"w
EO'Jvr
@1GtWZ:J(.>q(
J'OiU="
Hj@n T
%Ip2h~
N9KSc]X&NVY6Lg
a.3h[N
g6d'L[~tj0
-+M/~']WYD]wlc<p
"T'$B]SbwqqV=$F%
`k&tqj+JQ(A9<*J
0J/W|Ku$P{z2
]:[$n_u
\0\F<u
Hi ,Eg&3FWjdU*
}y;<,K./^9$
8oqB~8K);
L254WW4~mj
.CdSF/Rj,v{
"]C>u^`
ZYd'E;$
DVV"({4i
f604pZ:1x
)0u8<WGMjtZo
qp0G2-P
t]r9vqJ
Oj_3Dy
/u+n1%%+1
jwj)A/8L
0G!t8dV
$2HXHP,6z
4g:Oc?W_s
e_]NbH9{
aB0F;*|
WiS@Who4;sJ0i3*
B_\Q3BtFfTAW
Vq$[_.P_
#H"}%D|wfK
uS5"MF
A%ZeBl>
\=u#=|
!T"n& 8
uN1;Bdj@|tWc
'"5D+,=t.|
B3AB}09
1OB$]`}
KYwu% 58{
v2Q68@U@y
Q4`S5OK+Ye3
o6ZWu,4aI;U/
O't&j"P3HQ
};`7).$'+
*-.{nS
SjPW_Vt/?mY
0`Y&0S
F,9Daf;NK1
/#2; BOIDI
@#vU'Y{
iWly-lD~xv
8D,\zlb-@IGV
'#KW]+k
?idl$|Dz
]kA6wdT
@j.U&4PLW
("g$D8
H|%8>9H<(
(tg0Lix:9Q;u
*ehVeX
)Z"Z-1s?5#.qZ
s_td&]
52NU r?=
' ( 7y
>3a~@\I&
H7+P';;
<ro5|S9
AU3QiWEh<9'Ry
%'Qv%^ YVSzcD/vd/
u>-BW\
x'ss+_,9*[
LP;r\%J
HL[VZ8
(i5<\:
:NWNvV
T7%8i+ag-{D`1#|dI
]J`}?F
0 WMj/R
7:PQ=RdS
lGnQ*]T"F'
,l$d,4
3(>*,+O/<%
, FB#5bc
EH`S#=+\IQH
\Jf|`B
Ph#Cpgu
/[n0tg=
SQe^d2!u=@
uWFE_nF^Hc5
GlhV!HXd9K^k
QL$~}Cj
J8|@nr
bDe,(;F0
S$gi3UH
ntj^t2
`fv15/t
1xvouH
(##<$0
k+-bWL
T+ !a4Ds;
{NGDfw;
O<!Xu)#8x
'nZEF:
S9|kj I%
qGo!+|
c9#lj^
KMz10Bb0
J!%IXC%V5BUFW;|^
.HZf]'}W
+~D/$Pr e.<zZB_(2HK:P=T
1J B3Ac9ua?O
kfZ/(Ecs
u.@>694
d/ e*?
@V0tF3
dV,O1
I136e:l
~bNbcnou
u>j9LhO
o6$J07E?C
6X`*}M
J?&,BaHRD u
9EB2+F
R%Qj#o D!
ZZ*AqX;
[C! D2@
I|e$UZ"
r_H0R
P,-aS*^&I.x
uiokh@EF`
?v;#,&Op
jRY_Vb/
M|q=EV
&~1@\ &
0OvlaR(
I"=p(1
]JWo"S
22\zL~m
^/%D8v
%eKW((
/#9%{Ss|
/FZO oWh
$!!42WR^( ,Q{#!3
^_[3E<{'fx^8
u^4>WI!
3@b$=Lh! Nj5'eC
G$Bt3wI GTEH6FNs
+NLB'BBu
JWjaW+&^EK
oIJ]DND'l]~n^
b[PuUG
*Ej($6"w
"0k&VJWHO3
n(8h$ (
_N :qS~+6F
e*"9DBiN
,`B(i627
F79('B
+3'!I`
+y"<'v
)+M0hnF&;
8wC0MmH
G9\^3;2
(O(N/.SF1"p
)@b!]'X
h!RLa\ec
eM}?.~
etWf=-jDZJC@D^/S3
3*h?,y
;|'}O\P
=g"HW+
NMO+|P
4;2jT4X
G/S`QHa
$|FMU]s
f {GAJTi
N0Q^J4Y
SQ`j<c*1G0U
SsL$O?
gxij4
vI4 ZGC
lgs Y:IP,
v4jL
*tQZ:4
Mj6j$6
Y#ILOa
2 9Ba
s6a+(;K
7hGO,M
B@I7;Au
&BI&'K-
190t]$@
wv(?W$
)94//8)
_D: VVh
<,i89D
N@K'4Vu
$^Y@!j
K-K2eFv
3dF#XWr
vH*|%.l
VV'APj
4b^@.K
*$~yw/C
8JK%G%
o`1=/G
'D'J*dAz*KN_
Jp>M$C e
DK5<A1
iQPBe^,h,xN0I
+N&#yc
90t'+z2DoI
/R9 Sbl
_X]~jA\
B<~%+wJ@?Ev.]
v%X]OEubj
R+ZQ(?*
!!WF>o@@4H#;RP9.}
v~(u{V~a1
SW3C-j
mC#98j!
_w-$|)
tD Et6
J)@_F0H
O4!B~_->
G0VwjK,6G
^H"tBTH
J\UD'!7m
/!^"hu
X@)"S4u
1N}3>2
|&m!` M@
DZ2XB`
AOu^_9M>
L3"a[ *
1g)S:Cu
^XR,%ZB"6G
`Ekd"[>
a+^14$P
~ D=& t
".r'@dW1S
kQI5F1%X6_$^9$
tx}*6B
gD;pj1
XL1oHbJI
aPc?k>~F^%_
9,%im~
oCt^-H
O7>S(4
bZwi]'v,
`=C` H<
s+4<ro
M0gj <Y
::P)JSI;
}&\K R
Mx#<+Zg VU
BWvLPN
`~^9fb:]
N,?],@.#1QD
Yt-(w(I
=jXk&@
epG_@#C-UX
{sC?$WKE
E9_z\g
;5T#@7
^_9<eN
n-T(k}`
7X~bsN
L,|B[NK
c1dIP
;'Sg;8u
i-O&<E
KYjwV5
B</CeLAo
+z[c"|'
K/g`a9v^)
.'tnzu
e%/ 8}y
T#'JB"
}p;:uN{,aH"
%N^(9N4x
@5V*_{
3D<Q_0
-~$NVPW
D@j\/xK*
pt)ch?P8D<Ul
R-uZ+
0C4!8<O3
SWo'3\3
,GQd&=pTH
/n7/PA1HR
SMj,@Q D
AdRmLa
_>O,h PO
B@'<'4'0H
}54=5%
Lw;e:
-50br.6u
Q(zFlM
Anwe&*D
52-%Y@6
FA;YP"+
f{mz[t
qWE aro)B
Gb;h~G
SVx'U:2};L
;19=&0KW&&\
C>#;bbC\
iV"=ORA
)#(6|cBjK
]SA74r
Pq'6F*-)
Psx^xX
XY)$N6
DB,$JZxxC
8Ku{t91
)2,%jL8
3:!d82c
t3 K-_Gu
xdDM4bf.%
lf'+J~kf0[,
A6*=ix=n
MeB7@@C
$W+p[Q"
X1-A86C
:bw<3"
b+T$KxN#_-V
dg`mV;
8V"Yd#Ke@A
y"C0#?
YL&},c
+_j'W4%,
9~7HL*
>VC<7 WC!
$4$)L$TA1
SAH @FY
xnv9`p
EtFyEo<I709=
z{e D~
AezN9`A
i{L(QLF+/
jfU,ej
Po-YEBG
F$K')4!73
wX%SKIJ
qFHgd3p
%1f,3R_R1z
LS,L5#S#1!VE
_te;D&sWNG
AiuZTv_e:nE`
+gHPJV
T\uM8e+
AS<&h|dO
"oMV%"
P]w*[tR
Cu!,c2-
^-%^l@_
_[%O%B
^T=' +
u 6F$!DD1$u
y|RQE@]^t6-
=PYA <<jJc
}:U$ _QH
T6oPI(
H4Mv%P.FoF#=MZQbN?
dwMy$
Xcgdv
-8^$Jpi
Wsdv@`Xp%TP
q;Tm+2
uYv[}.1L
4V&]LY
Ur%NdI=9*
*%*\wU\_
pt*h&rA~`pg
Xd\2l(
}*C*p^f)Y
L[7H]p;
&\&&K]
@8\ui/n@
^}X?zL
[Q%}%"Ht5(^s`3C9d<f
Whh%PXW
fhBSFk
u H&~R
<UW'ofs8YT
4F64!4
$L,tqL
R+&Ee>ss
PDt57E
YV,M(E
gHA#(/E
/\U,ny
crJhDY
;xvYtqC
vA#fN(D_xjAu?9/
u?_p:
+8$&S~dB@
_,["D";
VOp]8[
1<pA9hNM$[O&$ ;-/}C
-.jgHe
]RWR/Vnvf
w*L.to_m$u
"DsAt$
`@tQ"1"_j%SzNi2
[%}%JVf&(RU_f+"BiQK:H9?R
6}]VQ%
o8Sx8BH`>P
uQIZ8|
LC^S!85uX.%2T#I
)94b^|
?CO K%bX"
3uIPL M
'Z947, 8Mul)
*4DOB3
U0Dw`3A.XY&
Un]^BrmE.
x6",d4cl+
lg|8R:@
9Pj[Ha
S!)Z!D
K!4fAB
JY,`xK
W\TF$j i,'w9C
F`cN Q@
Jj jlWh
grf7?09G
-h(d7 8
<) 5P>V
,a$! W
{5)dRc>
Q42'-Swd(
"-J{6(
\5xAK,Td5(It-Z"MO
xNdJt"
Cd8Mh:
`TJH'u
h'*o')J5
TWSn15
dwp`Lv
bt ChD@8Q"|
L)}QBnJ-6jgN0B
>}/KTJ
0Ixb}a
*I/~P
$[pu[(
)Wz[fs
u<K>fd
i$6~YP3
_VyQ;~sy
brh&4q
wY%UPH
3PQRXZ`
b_4d^[
e2zSU`5YA7
\`)+&98H v.f)
I+%w*aY
E54DMNuJxT
^A[_*='uAt-
K9)]FU2
+B\ZB/
**;}OR3O>
`L)~wKsN'3f
4P1Le}#VARK(;
>U$G@,]
eP6YW>,
8xK}n~
GS!\?K
O;iL`u%N6J
+Vxa`[0
.Yuku)8
!H<`!$>*K&
F +wSB3i
)KNs6Q
Zsx_]%O$$
?<I;<*imx-4V\('%*uSF
O_sD[;rY-3V
(OR*X*
aLKu"Ug&
<:~P)Jy
,IsQ[ 6
<_SLRWK
N7H56u
\Lzh)h
pBDJ6uR.K
$,Q|,F
"x}RthE
qaH&$Oz:Z
3BI'%U
pUS=tY
z9 #GEW RI2
V#<#'
':sJ8\WP
"Ak)?QP
GnttE-"
'Y!QVC
SuwZs]*
Q%Av|^
w>U(kcT
3L$v)A
"0!`\X
MHCX6V[
Ahnx6dDT[
dR5S X`pH
*H0|T.u<
@$<H84"DD|h9
%$2PH,L
P(,f)d
DxtLPFR
0$,H($" D
$|Hx(`
LH"DD@<8
4$0H,(
EHlL"eD
$H"D($#H>:
X"TDPLH
D$@H<8"4D0,(
h$dH3"
"tDplh
d"`D\XT
@"<D84
$H"E"\3
$H|x"tDplh
"y`D\XT
P$LHHD"@D<84
$H"D}yu
~$zHvr"nDjfb
^$ZHVR"NDJFB
>$:H62".D*&"
$~Hzv"rDnjf
b$^HZV"RDNJF
B$>H:6"2D.*&
~$zHvr"nDjfb
^$ZHVR"NDJFB
>$:H62".D*&"
c$_H[W"SD$I
3$/Ln)j
fb"^DZVR
:"6D2.*
~$zHvr"nDjfb
^$ZHVR3
2$.H*&""D
$H"D~z
v$rHnj"fDb^Z
V$RHNJ"FDB>:
6$2H.*"&D"
$H"D~zv
r$nHjf"bD^ZV
R$NHJF"BD>:6
2$.H*&""D
^u/E#"
++/^?ZY
H.7un|)Q!(#
{x 8?n
J$D"ch#*RW}+,
HT<*jlR
-"DfL[{o
cK$z!L2C8
:TB"#f
2DpBCd
tRI,o=F*
p|xDr*
{2=)/e
RGh8)L6|#t
!adj"Y9
F#Q0 O#
&t{Q)L.
b]2&:3
^Kh(zG
t>x:x|6|g2.
H-Nu)w;'!X~#d
c(;Ki>
W {2)d%h
j|bl'SJb&
0V!2%!IGR
L$2DH3
D8R4@3$
"tDbRF
$H"Dt^
$Hz"dDRF8
X$FD\6
R$fHr"D
"6"HD`p
|= q3e
~$H"f0QaD"
H*>"RDh|
Ht\+L.
b$XH@,"f
)hY8QU
G"H'i<
Tm %@x1NoYS[
-!)= ]%2bQT0.tmp
onfig.xm
"I9J\/
^!x<hX
\cQkba
U;?(Z+
GiIwn>J
Tg#.zf
"dSA;rx98
W#+t4r
$GF`#D
G##r2r
SA3vr6@'
FG{G^#
qr19 #a!
|yG9#ir)9
5Ge%r9
9 #}=m
sG3#cr#9
G{;r>Gk#+
rK9 #W
wG7#gr'9
G#G_9
?|oG/#
G?# G?
U"AB])@@
"TD!\@ R
V&DifLT
" D#+3
;$CHSc"sD
1$AHa"q
@25-P^I?
BdA BVGDE
JZIYKLMNOPRSTUFHCu
IvaxURAB)HDJEYG7
`iln'aenj<O7
*+?()[\*#
compatble9 vrs
fPs%cet: m,ynV"=smJ0mV
7nO^ztav&
/lnghCdv
M;.emy7
ymbolXR
ymD,+sW;PA&
whh0ukq
FF@Ls
nH8zXrR
Hh1&d:
G2-E1T
A0?R9SD
s"F;E (
Z&:\wg
.x86OA
(K(3)!QtF,
X@>Dd9P))
x)Q`x)/l;H
Y7BRZz
G)<YLB
$&>e2X"PUY:q\
LO7 =V
8(HQEp
55[PZ&
ERNL32.dlH
Ax8$!l
GDIeTm
6)_Tl:7R
ADVPJ[XrH>H.SHb E!
WS2_X8EJ
a4REDS(
4@/T W`}R3
ntD9 zR$
}$&>e4
0CRY&PTI
N;TU-f
BudKJ*bH
iUE\I6A
<XQ(I&(
2[ E)YO
!oi(Di2D
S1KnV9
hY_hp"go
p"KjIG
|*e)JE
)$^ -m@%
wNh_*j SrRZS
#4LOsP1e+A
V}fZ5E
kGE0^%r
v,<!GLHdB
s4}$U9
zckCpOmb,I
olNeeTD,6
'Y*TXg
diplus
WinSCarde9BY
IP9HLNcD08
X1cc~F
xSd`|W9
0FmVE.6
RUS$HY
6pq-}E+
AfhP3T(>Bh44W"0R
Ab"kZj
Tv1 ,6J
`msvc)rtP
Mb-7`\B
=GI'Os
Y0eg8kOO
9wDKQ[
]"aDgou
$#c_3"
Q$WHY_"eDikw
)$+H57";D=GU
Y$[H_m"qDsw
*A(&|<R
IgBxD1HQ@u
t0pdwGNgb
q?T|$x
w!,@3)
-1` yx
0i_9T!L4
_b\l 0S
D SL)<`
e20H2
G&2k T
;<h >i
=0(I@A8
A iH$A"LH{Hd@sv$8
HHxHJ9y
&Qa,dv
2kH|(n
X97A_v
7F04p|7`
GenuiItlAh
h4BM^V7z(bq
UFD4_0K4
404_!04W#040
K4a>,i
_}4a,zXb
;4Fa,|
X4a,/;,GA
C30t0i
dqech40
y"pKi(
$xLWEHE
J\(i_:e$
)D\PLL
4|9L`lS
'g>S$)
0hQ>9@;r
pZl>b$NO$@y\Tl8n$
:0T90L
@~Lr1TKD&y3,)
Rx<)hJ) 0
7P<|{v.
:2iHNzT
AEL[ZMt{o
g14</0 +{0$v
;6B291@
x>+;3'n<r,/_o;}
Ye@s\2
)p ik1
;q5`O"
|@(9-C
L5?/a50"?}~
<H$ o ^}|
P6 x$=d W zvu3Ve
M4*hp5Tu-|
w@%Pgo
003{\dv
:b;P{8
:%Y95?&
}fFBo,
NK%OIQtD
"@LM$Z
dY/B`9
*lXH|o
HF*Hir
aqam$>
t;r$^I!
\#;%Is1
t>x\V; v~($.To
L;8Ftv.!
/ON.>\|m
%cN~@648n(P7
0tq"u=
>~?uk8B_
=R{9N](
?eh ]L>&
<'$ddpaWh
0oSTP#$
xB)}0',#1
W"0X(3>B6
H_8 {
Md&!zb<
! /!!Ll![h
}Va%S4
(a`DbPh
UuCa`&f
VP{>i;
/@Ih9~
0*CYUG
W=Z@E8H
& 21\jo
^nfmv
)1A'|Gg#2'aGgJ3Pl
v,xAze|~~~~~~,
$6y'Gg
v.x4zK|`~g~t~~
9; :3;@<J=S>_?q??\??
&.>Tf/<
?+Fk 8a\0h
92&:N;u<=>???
/ASlsy
99H:v;<=.????
1('mGg/2
95 :,;A<g=>
69rytvxz
eN`l0r
tBvxz1r%t-vMxoz~|~
5Iz_670
~=IK?b?r"~~M?????
;&(g:P]c
*AV[gA-A\
,$<=?&Fu
<''=GJgQj
",8@GQ]elv
>8Wbjq
(67'ZG`g
8+CHOTl|(QI&pd
<r*thvrxI
0=:NDNi
#7D^ex,?[D
0#@Fch:2rtt,!>[P
C2#4?]q
I&flw*
?r&t8v]xwz|~
F\,!N@
C71YzP(J
$.2X:xYd??%D%O
1Wx&~~K
8%(;gT~
,8;>?9d :o
"'TGdo
,P]kpS
#B<p,~L~_~eN
2+K7`fty
#93/:E;<=>?????
B.Elfb,8rRtnvuxz|~~
$:ORFKh
:<'LGRgvLI
0>m'Gg
g*'/G8eF
t v>xZz|~N
r't{vxz|Y
% HpGwgJ
=7eN8N
1rNtUv\xcziOw
4+'dGng
5V'yGgc6sD$[:.00V?`\`3:M;.
<_'vA=
q8:gqnD3c'uG}g
Ox|t~~~~~
'GGMgf
6&,dJht$
eXz40vx]
+<F'ZGkg
V}DY???
30NKw'X
4!956:_&}
:?;Q<=*
9D:Vkl?&
<BpvxT!"=sv
S0Ziz|~~
:5;C<I.h4
95":W;s
4E8=i>.H,K`~;P>P0J
3HdPTX\`dlp4~x|T
|z7GQa
2:|;<=%
|>$~*4]95k:{$
+2N4)5
96/qA^9bfjnr<?z.~.=3$n
-?d0_91q&
E5Q<L:;<%&
9a ;rp8<uO
?;>Td8
BXL(0J
2v<2Yxp$|z
.6VT,L
Uh8P4!9?1
t v%x+Qn4$~~Nr
78Zuf}
f#:N&^
($wp94v%|`5T
zVnS.8q%aND+
PLOPTX\
t8:;<=>p
<PpxCI"
|*@xxz|~I:1<
<;0<@$PBp~~~~N
8HKM8Z8
proggamcGn Otbeu_i
[(Rch<T PE
P.t9ex
+(.rdartO|
"A4W(.p)
CRT,T H
2T$(+8BW
DG?DA`
@U@l$S
LDB0jNgL
WATR<0&e
EJ[(|UkY
Aw6O\^
(]BiZ(a)
VPFbUy
RMh$X<(`Ge(
P4]"Vi(&2
G"jp1L
EXPLD=]
>AHIP%
5f@;C*
&rl@{=L
A^N]\_e[A@?v~
"(.HPY
,$ib+CB}
BRS pCIw
cC!l)D
!}">rU]I
%{6tv(7D::teP
8&Q1L"(D2ddYc4Gi0
)\VtN ==
0D0r3H
G&dB2IF
$Fg*P0
#I7D@h12,E{H
!"h| cz)
H!)(e8
m7ZFG5
Bb<S2h8fJ!AL3,YJdExJhF!
/daf97
HX zJyX}
J2PVBW@Gqa
6BtlN?F
mDEdo!)6L
v_|:D9
)$Uy8C2-
s@5@[x
B=fPCg
E*yOj_\b
b:0uw6
^:dar=p 5G
c|<<tU!Z
}9I 4,M
y(>OdZ0S
9=&te=
CD'"B2-<g"u%
"47g%R0
cDR@}RUK}
,uG@}P
m[IfRL)"'<
lA4'Q VW=
QA;Vg2t
r)H8t`
Ve&%`c0
fE9htz
~if9\uB
@A*:w;
PAZE 3|
M9K0sP\H"
[0KR)U
DHC~ Cu Bl
Ns29+BV
x$T09&
+@)oA1
<[$(LtUM
!dPsG>
x`JxHL"`<hLcH<`8I
tJXI`w6J*%uU,B)j5
l2 KO, bj-*J
[;,1RA
A=DD%qK[%'S
G++M8]OI7dT$
pqIdZE`
8$+X `
f0=6.SMHb (0;!Ab^xv&t
Pw|A2,
4yS'hGfH
zkH%)%&:u
P@@[)5<
K0TR-du-x}%
1P+rH!(1|MI@W3)=6D
Mj_0:^d0[<@+cu
;QQ^&
v/hcXM-)Liyf7![T;zCB
?|n#(Q
qMBcn$
'K2<nV}
I$&rdRS81
OZ\E9*b#V
@68J$=1!8
O2//n@?P
qjb[K|g
E!V)TKQ
? oRM+
LtO%7gLxjz
a]:U;(
0up5k>SP"uSR$
%RSCQ]m
Lp\>sil-Q@p=:
YdF,z-
i/E=)wVo
%dk0,QP
~F/U+H$
B).dt!
vZ%kY3
C &@$DsrYK
L d41$mr~!
%*(b2u!0|)BlBud
jl*=LW
?DI'Y:P
QbM>C(#D
FLipD 1[
{%Pd<!z
b+[^nWDr
i%kYrC/,
'+q(D`fvCJ
Bgq+ |.'F_
I-V?pt5@A'Yd
e XIQ|^tue
;S<ZiT
?\-|S#b
"!m<D0
(+ D9h
hu8Y>
SAhe`=
E`"b~0$/
uTI1JE
S2U/K7i1
y@9+_GLOzDW
~0+ DI;/t
0QQ@WO
F\(Cc!
A:k[ }
}tfKP:}
?P.('DaG,?
^D2;+,
fZ!+&!
I<I@U;:=
41BN@)
0&PuT*
;u"ODf
=btD.n>S^
IOtE'XC[r/A
w`@_eH(o-uAH}PIcd
a;vRM(%$3
>~ E4$8b
D!A:BE/
>2h+7\5
Y[j'd6
Cr) 48
'! ,y@
(f<hWff`
b(jfTS^PZ
e8P/C0w
(-0f C[
~wN}j$K?QM503
OIiDiB
S[/!r%q3"%
P\%pp7~A53}
[i$vD*q_24
MW//0P6.
[0!Q1
/QlF'mV!F
2YKm#7
!Odc8^k~NPH
v )ldK
5_O|jdDr
?m.x(B
cKFW/JQ_!
bmB>3_>
Cm")IM jA/
K@AhEo3|
9uH3`?6KX#*#]
Z&;Q'|
D&MeV!J
#f[/Yd-&i_D!*w8mBtx
k,pX*NhB
9{8B1M%
{,B#B$~Q
)@LKFI(8Cuw>ld{
Wd!1{B
Mu|Fn$
uiHq$<c0K
)=$Nq-o05$M'O8s9bV"m9
')9o.d^#
6#4n&N
F0p(9kL
o-?!7*
Vt+'z3
UxF/8loKl
\'S8XM%?b`E9b
n^l(;gAppAq
Kxmv]=
<mvK-P
qS-vK&@Au
xTtIyr*&%+S`G`
jNJeM!#/"L
^ `&rcc
sLIhj!^]
NN-PAi`
`TI2P2:ef
<,Y+Xi3F
W1dIFf*"P
+fT5=>/x
^8Yo+P2^DUm
au?3gB!
~)j0gk<-GT/S
WsiaH8b7$y
;:t\E0
KBW`{9%E"%>$"UW;5
*uT""$Er?!>
\.A\~DWI`k1u
2wm]%:
E0B&Z~
rB"n"I
@Lr@P0
/Q*;B
$b:\Z<FB
<tvru'
" A" (J$J0@
<-%E}}=|<
u{Bf|hSn+
!%"n5/u+
5N1DA*@ D0&
D*2YPZDl
F/%tDXb
(R-9',18D'VBN
$pQ"A)^
Y/t\Eh'
|/$LyHOr
E$R0RHn)%?bjL
E+p^rBE
;eKFt.
Dg&#z,P
.:YK@.f
;@8:tM D{x
:|@ E8t0
n(B!ob
HN!.*r
DY|/Se^q0o
H|KD41!:)
8PpYP]P
C{K6LnpL
'5Z\G
aL b-O-
8$!HO
|+dn)Q
"v)-,gI4b
7V1Dd/,tD9,%]
OHGKXfy
DhyE!b@3
[J;-ubF
aoHXB~D
]d;0[U
W(u@ ZmP*
t"f? F
9@d73C H;ZF^r#H
`L@~Kf%t=%T`
<GeW"/P
ut-s-)
N5E-A4
r(R& pQA
(5a.<R
V{FO%0_x DT
dl!iDI
?D95,S#
68,dp6)$5JHL=d
.,e35%)
L3t`"Qu<
hpDx5@
%.)0+K($
E>%V'+m'jo9*
+B LUh
d1f8u,
iE0v?+
XCIh8[N
hLC)0'=RO(-Y
I`]tA^ je
37'(Cc#H,i
!^c[HC\K
{<)T1,`
8Z=XG3;)3BtvqHj
MF.Xxl)]`Eh:
Z"-t`)0"f
hkL.|)!
pB_TH 7
`} )Ys2*
/dJ@kP^O
oWb*Q Q
%(H?A;
dkT,uq
b5 ~m7p%
x^^~)~|X> @:(LB
Us2?2ANC,>J
Yf|D)3
1dG(4Kr8
\TKqz@#
OCJ[sp;[%
lBO)7d
-$r\nrI^
|K\"te0
~uj'Pt9;@kD9J8U
CB!c{UI;
LJ>XiB}Ots<wQ(H
!GJIf`.u@
S!>NRj
PpDE]@'
/R{s<DT
8_)f mp
$QI]LS(D 6hlLPgE
&X.P'Sx
I{@zft`
h;rp *e3
)AG$wD
BO5X$+
:x^'7pZV^BE
u!7xU$M
E"=f]'
Pb(6xE
poh@*iV
*_HEC=@*
TH39"ND?Z
<Jv>HkB
F* %T%(i_,SMQ
"<t%}P
j*pQX6
z!VPxOq
UV")C'
6(b!U*k%`
vt0-=Zfy
S^ DO#,
{<R1GTr
i9 4!)v
*pLK^g_
:A#r**
O$"UAH;
7%H`|?m r
q-I)8+t
L;OrAI;
-F^HN#M
HjpL)'xBI% '
DD2' ~`(t
B ;Wh*AD
'#b3x[#_8#
NH/FV +u
LDcXk6I
?_6(>E%R
+eYXuha|
:!c2k!
PW/Dd4r8
5;}iS02UE
=#,LZ5t@q
maFTL`
&h!D$YJ8KP
"bLW"QLj
FKe*$_@
@VveW%V1l
Sb'IXy
ILj}h#K^9
W+P%t)A'
w\Q^*[
"O9LE6.P
~Ef~J%>A]zE ;|
DM$#KN:
kP (&Lx
`DIK@lP8#
}7M="O[
<VhxIM
-' 4(6A+P3p=
iuTW:%/2IY}21Hp,DBJ$;/
"C3vxoL#
b,6RofTE
2EYBxP
(Icx<zGP
w89/,s
+"{Tbua
=A/ :y
h2HoD9**({w|
P/ngL+vg
~Do:/u;MT
{ XQO@
*sh2GLo@;t
{G_mlo.N<
AP(c3*yC5~Q
1RSB6K=Cj-jp_t!`u
d+z!fZ
Ly39t!5n
{*([Sx!"
f`c)5AaH
M6$!vxk
,*cFMEUeY FiGV4xu
][LSGl
8@ q;b
p|K&C@2NE
tPhpiV6>)
Fc"-Fl
}YHM\Z kjPU
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
SetTimer
SHELL32.dll
ShellExecuteExW
ole32.dll
CoInitializeEx
PSAPI.DLL
GetModuleBaseNameW
SHLWAPI.dll
StrStrNIW
ntdll.dll
memset
ADVAPI32.dll
RegFlushKey
lQ+QQQf
UWVS|$
t$dD$\
T$L3;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
;s#D$H
t".)D$H+r
)D$H+r
L$H+t$`+
T$8L$PL$xf
D$\l$TD$X3|$`
D$`L$D
;s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\
l$8f++
D$T&++f
T$TD$PT$PL$XL$Tl$\D$\l$X3|$`
;s/D$H
;s;D$H
)D$H+f
t$(Nt$(uL$0
T$,|$`
)D$H+f
l$$Ml$$uP
)D$H+f
$L$ d$
p4$Ft$\tZL$
9l$\w`$
BD$tIt
|[^_]ajB
KERNEL32.dll
GetLastError
CloseHandle
GetModuleFileNameW
DeleteFileA
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
LocalFree
GetVersionExA
LocalAlloc
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
GetCurrentProcessId
GetModuleFileNameA
GetVersionExW
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetErrorMode
lstrcpynA
ExitProcess
GetTickCount
CreateFileA
GetShortPathNameA
GetHandleInformation
SetPriorityClass
GetCurrentThread
WriteFile
ReadFile
SetThreadPriority
GetFileSizeEx
CopyFileA
SetFileAttributesA
GetTempFileNameA
USER32.dll
wsprintfW
DestroyWindow
keybd_event
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
TranslateMessage
CreateWindowExA
DefWindowProcA
FlashWindow
DispatchMessageA
UpdateWindow
ShowWindow
SHELL32.dll
ShellExecuteExW
ShellExecuteExA
SHGetFolderPathW
SHGetFolderPathA
ole32.dll
CoInitializeEx
CoUninitialize
PSAPI.DLL
GetModuleBaseNameW
SHLWAPI.dll
PathAppendW
PathAddBackslashA
PathFindFileNameA
PathFileExistsA
PathAddExtensionA
PathIsDirectoryA
PathCombineA
StrStrNIW
ntdll.dll
RtlImageNtHeader
_stricmp
ZwClose
memset
_alloca_probe
strstr
_snprintf
RtlUnwind
ADVAPI32.dll
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegSetValueExA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegFlushKey
RegCloseKey
CryptReleaseContext
�/�c� �s�t�a�r�t� �"�"� �"�%�s�"� �%�s�
c�m�d�.�e�x�e�
2�.�1�.�0�.�3�
S�n�d�V�o�l�.�e�x�e�
M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�
R�e�d�i�r�e�c�t�E�X�E�
c�m�d�.�e�x�e�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.