1.9
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.65
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Gepys-E [Trj] | 20200108 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Agent.eq | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200108 | 2013.8.14.323 |
| McAfee | PWS-Zbot-FATG!609FC805D664 | 20200108 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0cbe7 | 20200108 | 1.0.0.1 |
静态指标
查询计算机名称
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545299.62525 GetComputerNameW |
computer_name:
TU-PC
|
success | 1 | 0 |
收集信息以指纹识别系统 (MachineGuid, DigitalProductId, SystemBiosDate)
(1 个事件)
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
文件包含未知的 PE 资源名称,可能指示打包器
(1 个事件)
| resource name | None |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(5 个事件)
在 PE 资源中识别到外语
(2 个事件)
| name | RT_VERSION | language | LANG_RUSSIAN | filetype | None | sublanguage | SUBLANG_RUSSIAN | offset | 0x0005c060 | size | 0x00000188 | ||||||||||||||||||
| name | None | language | LANG_RUSSIAN | filetype | None | sublanguage | SUBLANG_RUSSIAN | offset | 0x00038228 | size | 0x0000000b | ||||||||||||||||||
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\Mozilla\iqbjnwa.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意
(50 out of 58 个事件)
| ALYac | Trojan.Lethic.Gen.11 |
| APEX | Malicious |
| AVG | Win32:Gepys-E [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Lethic.Gen.11 |
| AhnLab-V3 | Trojan/Win32.ShipUp.R265046 |
| Antiy-AVL | Trojan/Win32.SGeneric |
| Arcabit | Trojan.Lethic.Gen.11 |
| Avast | Win32:Gepys-E [Trj] |
| Avira | TR/Crypt.XPACK.Gen |
| Baidu | Win32.Trojan.Agent.eq |
| BitDefender | Trojan.Lethic.Gen.11 |
| BitDefenderTheta | Gen:NN.ZexaF.33558.oq1@ae0mhubc |
| Bkav | W32.AIDetectVM.malware |
| ClamAV | Win.Packed.Cerber-6804174-0 |
| Comodo | TrojWare.Win32.Kryptik.AYQE@4wlbfl |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.5d6646 |
| Cylance | Unsafe |
| Cyren | W32/Gepys.AT.gen!Eldorado |
| DrWeb | Trojan.Redirect.140 |
| ESET-NOD32 | a variant of Win32/Kryptik.AXYQ |
| Emsisoft | Trojan.Lethic.Gen.11 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Gepys.AT.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| FireEye | Generic.mg.609fc805d66466e0 |
| Fortinet | W32/Kryptik.AYCK!tr |
| GData | Trojan.Lethic.Gen.11 |
| Ikarus | Packer.Win32.Krap |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.jb |
| K7AntiVirus | Trojan ( 0045a0a01 ) |
| K7GW | Trojan ( 0045a0a01 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=83) |
| Malwarebytes | Trojan.Dropper |
| McAfee | PWS-Zbot-FATG!609FC805D664 |
| McAfee-GW-Edition | BehavesLike.Win32.PWSZbot.dh |
| MicroWorld-eScan | Trojan.Lethic.Gen.11 |
| Microsoft | TrojanDropper:Win32/Gepys.A |
| NANO-Antivirus | Trojan.Win32.ShipUp.bqoajw |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.6C53.Malware.Gen |
| Rising | Trojan.Kryptik!1.AB8B (CLASSIC) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Gyepis-A |
| Symantec | Packed.Generic.459 |
| Tencent | Malware.Win32.Gencirc.10b0cbe7 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-04-03 22:10:04
PE Imphash
1212bb394230917bba02f5504de6d2f5
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x0005a000 | 0x00037400 | 6.321700157279087 |
| .MPRESS2 | 0x0005b000 | 0x00001000 | 0x00000e00 | 5.683536876260025 |
| .rsrc | 0x0005c000 | 0x00001000 | 0x00000400 | 2.1119366033160993 |
| .imports | 0x0005d000 | 0x00001000 | 0x00000a00 | 4.327379988244442 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_VERSION | 0x0005c060 | 0x00000188 | LANG_RUSSIAN | SUBLANG_RUSSIAN | None |
| None | 0x00038228 | 0x0000000b | LANG_RUSSIAN | SUBLANG_RUSSIAN | None |
Imports
Library KERNEL32.dll:
• 0x408038 FindFirstFileW
• 0x40803c FindNextFileW
• 0x408040 FlushFileBuffers
• 0x408044 FormatMessageW
• 0x408048 GetCommandLineW
• 0x40804c GetCurrentDirectoryW
• 0x408050 GetCurrentProcess
• 0x408054 GetCurrentProcessId
• 0x408058 GetCurrentThreadId
• 0x40805c GetDateFormatW
• 0x408060 GetFileAttributesExW
• 0x408064 GetFileAttributesW
• 0x408068 GetFileSize
• 0x40806c GetFullPathNameW
• 0x408070 GetLastError
• 0x408074 GetModuleHandleA
• 0x408078 GetProcessHeap
• 0x40807c GetShortPathNameW
• 0x408080 GetStartupInfoA
• 0x408084 GetSystemDirectoryW
• 0x408088 GetSystemInfo
• 0x40808c GetSystemTimeAsFileTime
• 0x408090 FindClose
• 0x408094 GetTimeFormatW
• 0x408098 GetVersionExW
• 0x40809c GetWindowsDirectoryW
• 0x4080a0 HeapAlloc
• 0x4080a4 HeapFree
• 0x4080a8 LocalFree
• 0x4080ac MulDiv
• 0x4080b0 QueryPerformanceCounter
• 0x4080b4 SetCurrentDirectoryW
• 0x4080b8 SetEndOfFile
• 0x4080bc SetFilePointer
• 0x4080c0 SetUnhandledExceptionFilter
• 0x4080c4 SystemTimeToFileTime
• 0x4080c8 TerminateProcess
• 0x4080cc UnhandledExceptionFilter
• 0x4080d0 WriteFile
• 0x4080d4 lstrcatW
• 0x4080d8 lstrcmpW
• 0x4080dc lstrcpyW
• 0x4080e0 lstrlenW
• 0x4080e4 ReadFile
• 0x4080e8 FileTimeToSystemTime
• 0x4080ec FileTimeToLocalFileTime
• 0x4080f0 DeleteFileW
• 0x4080f4 CreateThread
• 0x4080f8 CreateFileW
• 0x4080fc CompareStringW
• 0x408100 CompareFileTime
• 0x408104 CloseHandle
• 0x408108 lstrcatA
• 0x40810c GetSystemDirectoryA
• 0x408110 CreateFileA
• 0x408114 VirtualAlloc
• 0x408118 GetTickCount
Library USER32.dll:
• 0x408120 EnableWindow
• 0x408124 EndDialog
• 0x408128 EndPaint
• 0x40812c FindWindowW
• 0x408130 GetClientRect
• 0x408134 GetDlgItem
• 0x408138 GetDlgItemTextW
• 0x40813c GetParent
• 0x408140 GetSysColor
• 0x408144 GetWindowLongW
• 0x408148 GetWindowRect
• 0x40814c InvalidateRect
• 0x408150 IsDlgButtonChecked
• 0x408154 LoadCursorW
• 0x408158 LoadStringW
• 0x40815c MessageBoxW
• 0x408160 MoveWindow
• 0x408164 PostMessageW
• 0x408168 RegisterClassW
• 0x40816c ScreenToClient
• 0x408170 SendMessageW
• 0x408174 SetClassLongW
• 0x408178 SetDlgItemTextW
• 0x40817c SetFocus
• 0x408180 SetForegroundWindow
• 0x408184 SetWindowLongW
• 0x408188 ShowWindow
• 0x40818c WinHelpW
• 0x408190 wsprintfW
• 0x408194 DialogBoxParamW
• 0x408198 DestroyWindow
• 0x40819c DestroyIcon
• 0x4081a0 DefWindowProcW
• 0x4081a4 CreateWindowExW
• 0x4081a8 ChildWindowFromPoint
• 0x4081ac CheckRadioButton
• 0x4081b0 CheckDlgButton
• 0x4081b4 CharUpperBuffW
• 0x4081b8 CharLowerBuffW
• 0x4081bc BeginPaint
• 0x4081c0 GetSystemMetrics
• 0x4081c4 LoadIconA
• 0x4081c8 LoadIconW
Library GDI32.dll:
• 0x40801c SetTextAlign
• 0x408020 SetBkColor
• 0x408024 SelectObject
• 0x408028 GetTextExtentPoint32W
• 0x40802c SetTextColor
• 0x408030 ExtTextOutW
Library ADVAPI32.dll:
• 0x408000 RegQueryValueExW
• 0x408004 RegOpenKeyW
• 0x408008 RegCreateKeyExW
• 0x40800c RegCloseKey
• 0x408010 RegOpenKeyExA
• 0x408014 RegSetValueExW
Library msvcrt.dll:
• 0x4081d0 _XcptFilter
• 0x4081d4 __getmainargs
• 0x4081d8 __p__commode
• 0x4081dc __p__fmode
• 0x4081e0 __set_app_type
• 0x4081e4 __setusermatherr
• 0x4081e8 _acmdln
• 0x4081ec _adjust_fdiv
• 0x4081f0 _c_exit
• 0x4081f4 _cexit
• 0x4081f8 _controlfp
• 0x4081fc _except_handler3
• 0x408200 _exit
• 0x408204 _initterm
• 0x408208 _wcsicmp
• 0x40820c _wcsnicmp
• 0x408210 exit
• 0x408214 wcschr
• 0x408218 wcsstr
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
]U]U8E
]U]UQE
]UQEPj
skQpR%
3_^[]UQU
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
KERNEL32.dll
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
FindClose
GetTimeFormatW
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
LocalFree
MulDiv
QueryPerformanceCounter
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
WriteFile
lstrcatW
lstrcmpW
lstrcpyW
lstrlenW
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
CreateThread
CreateFileW
CompareStringW
CompareFileTime
CloseHandle
lstrcatA
GetSystemDirectoryA
CreateFileA
VirtualAlloc
GetTickCount
USER32.dll
EnableWindow
EndDialog
EndPaint
FindWindowW
GetClientRect
GetDlgItem
GetDlgItemTextW
GetParent
GetSysColor
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
LoadCursorW
LoadStringW
MessageBoxW
MoveWindow
PostMessageW
RegisterClassW
ScreenToClient
SendMessageW
SetClassLongW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetWindowLongW
ShowWindow
WinHelpW
wsprintfW
DialogBoxParamW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateWindowExW
ChildWindowFromPoint
CheckRadioButton
CheckDlgButton
CharUpperBuffW
CharLowerBuffW
BeginPaint
GetSystemMetrics
LoadIconA
LoadIconW
PGDI32.dll
SetTextAlign
SetBkColor
SelectObject
GetTextExtentPoint32W
SetTextColor
ExtTextOutW
ADVAPI32.dll
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExA
RegSetValueExW
msvcrt.dll
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_wcsicmp
_wcsnicmp
wcschr
wcsstr
222TWARE\11asses
clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{129d7e40-c10d-11d0-afb9-00aa00b67a42}
\ffffffffffffffff
V2V2V2V2S
1T(1T:1Ta1
Uz1pU1U1Uo2
We4Ow4P4CP5Qd6Q
6zR6R66R6
S37R=7R^7Ri7Rx7}S7kS7KS7R7R7
\,8(\G8F\`8r[8[8[8[8[8[
9\'9\,9\@94]O9\m9
\9\9\9
: ^4:]K:][:]z:}]:]
wl!,cn
vMvl+cn`
oaL2keS)dFU
0'T$du
j kn!bjtujon
<mbaP,
cwcccQc
5qzkdD4iV\dTkD$cV}
IP3cE
+T;vtc`
+#~WzC]]
u<d`X6-6
B|!8yv
@dh1dh|9
,'{hlGb
2!hNQ&`*s@e4
`Hga$|A
rS?n)Q
k])Vcf
~OLza;
xEi}EkX
:XRSNGY&z<d+v6V`nA3A
fdCu#T
cbA`cr9$+g#
p7:Bcv
b0X)_wX1d<R\
{KhAdh9dh7d
specTPr@
%`1\GS
b~<{~\w]
K(akcd
bw]`N8
ff^[ac
0o.5b"T)8\
;U)96eQd
acRb=`
Aj|SEff
wSP,|tK
hRXRL
.noS\x39xC3xkNfW
m$xIDB
5`5|Q7
tL~~'U]c
f\_d~NGD
pct~.$ 8
$tlI\{
~I}\5/;`x
ckRbKw|C|
3l<~^qzT[|dx~F
Bvz4;|tx~&i|
4hR|mW/A9
c^6y,K
t1Nx1)Py#91
=8wS{y`
4w#',nQyl~Ay\1c3Lww#yp
GxPt~7
Rbxb}f'
rkRVjyEx
@1w/}q
w5BNeyk
^3Gvbt+
S`u[rL
T`u\rL
sk;NvwYu|~Ee
dvVxfLDul
w>xpj$t
`/l4/wH
r$+tb}S
g1\%W}g
Rw9p<}Uf}
dHySfGrtoh
Bt%pOBuA
Rj!pc]^N
80^/P,
\0Z0ci]hw~cr^c
c@2i^h3j
b/Ncl7i64
;r^;6yM
q|0W#<
w2HHy}
J4dV@q@}
HoT #[D
sHNcH SHc
iSF%dh'
f`wPhF
nIpUd1
zxEd;u#x9x
fS<#v1p9:xb3@c
&\dF4-
e`]tbdH
HQs8=qL
sx83Rc7mxH4*c;M
(szcO3
cBJ<)F|[
Kwb9bT^
VRPs@UN$
1V%Q%e
]"A\cwCK[
]ccCiH@Cb
^K:c[Kc)kh
e9jRwe
p8doGH[
c<dbWLp'3<d
ZWbFtco
{vY=p
qpee1U
r@tq_Rp
dCKW\$O*h
s5<d-7
cZ+h /
rJrVb^
cy[LL^j_4,;Kc;H9d-
.>#GIB
E5s@e~
&KubjE
_.<6/h
9<dwSh
S..[pgr
%u*~{gQV}\
bz:NHC
etBH.>?
scTtBx
%c9g;a1t$v
>?UbuL
P]?:y3
v$PcH?
wL|1@GU^
w+"Mun
^@dniah?z)H>
d@Kj?`
'T-;Mc
TE :ac
3f>#uQ
UedL9Wf!t
3N[fTfs
6dnP[O5b~!
"YhH~W:H
#`DJE$p
&<dE"v*Ld
G[hGVHr
bo~$du,P
LT]b1>^2\[
ZY^VTWm0
9VrP(p<; @f[HVP
>s@k;9#
^ cvtc
<^h<GDh$ck$
<d~Kwj
j`Cv~<2N-
l8?r*$w
FEiN|;6
tq@}Nq
&Pjrpf
DrjLlF
d0~<LA9
.F?dc1
eF}S@U
thB<pgEQ
B;1{f@
cR-K5K=B:-
)dRAjR
C#v/Lc[r)dR
CE]Dy)
;rL8dv
Lc[58fc;c
aUT2"G[=9
f[NTh][B
Z<pf v
@$|<M4X|L4E
uo'V8dR
c<dh{igc1$UH
`rgZD8#}G
jg8v'P
=@W5ec
EQ"G3e
WFELEK
$Mdh<5df
.%wdb?
p?"6|,
L[S5pJ
Kk35p>05=w?.C
3%uzD<v
<7_s!D<j
p<bI16
7c<dr#
aI?d]b
iY* 6*b2\
m@U[20
5j#eBic
_w3G}#p|
HbY!t&
W*a[> >
%`RPq@
:51Ex}
.O:Edh
|d!S&`y[Hs0?7w7`H
+Lc>*>y
vyDX(f
Nl{@Vy
)jDXl(
(O|p(duj
)PLM6P
~A\H;(
/$(?r+(?30w7`@
K@dj\bTr9r)w
M%bhDhz
a 9TR'c
`[YP!v/dO(
,r@_u?
`E]2%|\[
%`[YSP,r@
j2)^.#V
C+3;rM^
//`1zAlc8&d
"](z>(@/78//0/`>zkp;
cRjdlQ
#eFf$M%
+=JAZ#aGydw
$( `gD?
xkcp[:d
w`Kc+r6fC@
%t7`v"EtU!h9Em
*KMHwE
1ydd=r
tlpugo
pE8fZIcCbj5
Rdd`i()kAM
k) K`Mw
>w,d`Vj
W1um0I`}Au8
s1E]^pE%u
$MiKe~8
yY\yUwVc{)l
{S{llc>
T[dkc>
Btc9 E-a!j
re\bOa
I?cO+d?#d?
{cscOcCc
bj\@'s
rj\6I'c
1'dkS\kK^*g
&(eKM_:
8$(lR@eJ
P<I???????-?
cpq[r[`gbzgvpc
7c)aRU
6Wq@,N
a1gRca
tf12M
[^GK_A}1]S*
5SbGt#
4lDc*/-
j6'|yY
^yW1}!t.G
%W>jyYhv
mSrCnrF
tu$![Uo
Go}i5ha
:UboUwE9m
c(xSxL{
zW*b\*~ztPz<dhG
"e@2dufW
MWyRjd(;m
{2T~2Ts
`}3MWX{Rh_
SZkfvMD~
l`4y[+
`wAx X?
WbF9'Bo
nh}Jh\
uIIp'@D
(Gjt9v
+Q?gUwd
0gOIu2
{<3scZ{[Yc
U@jF;QF)8#}
=d5a;+(
W^s1t<ln_c
PAKeRQ
>V[P>m/<
E#,\kdbL
mx@&\f
4x@Cr_v
R[~@Z+Rgf
*cg'S
S$fW3#iO
aJi\5J
L'@^_QI^
4hhcOdc
nOl/q9VZE
ec1V61F11W
VW_Ph<
%c]^>U
SWYD@D8D0#
#7tYFh
dClBw,d
nkKcYCd
cC"KDD
LtC$ic
&;``1?h.?
BnB>he;
Dp+]hXQ
X[@_)j5ZDOG
UV]kM1
\uTU(}
"oy]?R3Bd~
]oTWc;l
U%h^_s_TkW[#d;l
UCv*hd
Aam9a}zy
X{]_N+_
Ov=QvTMQv
e]QvTOv
2]{#d:]k'T
K^gG<@R
Q<c%Qs<cQc
cCP#NL
N<#c[M
VdwaS\?rIUw
tX#IYw:
@O~a{F
MIY:<@p
P_{Fc
_;\J,$'ac?
h][;JE
8/rSMQUe
rKQ3G-
?9+cB`L7+_
R![CuN;?|
w}cJB&c
ol-!6"
;,vV"C}
~KmRn}%i;
NQ}BrL'
2 ]GsVr]_
qVpUd1
>ST:CRO
XBIx4
?W1g+1G2(J{F3d
c&:p(_ he
K/LB[6c
~^Q5OB
lk1QP]YD
g!O$!e
c&>Mrc
cqc[cccc
cccAcMc
c-cacAcyccc
RnD}q9
+oGVafdr=Wn_
s,b!V%n3`(m
s)q;d m
shn7;s)h/h&vwr+d%VW
c?&?:c
Jf ;{c
93(K%[EgT^?pc
'1g<@pc
(>wK{c
odDndts
].9*U6Q2M>):EFAB=
-L1P5T97Y=3a
aei(mc[6W2Su-Oq)k~fzb|^
ztnvxjrlnpJd^
C\f>`bTNXJLP*D>&H:"<F
@B:4.68*2,V.0R
A7=3/+)%!
I%U)QZVb
"#&'*+Q./2367
>?BCFGJKqNORSVWY]
MlQpUSuYw
{{,wo0s4o
g_ cc$_gh[[VORNJ|G?CC?GH;;c;5.61R2-V.)J
m\.oSy^s9
u1]p`sa
{h5Xi3s
nX]@(}
c,JqLcr HMBpy:n
{jskc,[0STKC2;
/3{SuIuzrs/Mr;utdd
#nnnsn%A
`Nahre
g?L4pV[p:I
12+5nl`
Cc65ne
cn6btCe
gslc[sae
Ra*isH tCX
C. at!zin
m]tceec
h3yh_;
d^c|S]Tpc
OT]<pc
)7.R/V_
U"F A4KAfE
kawedB
7uydml8S0.Im
4120nld
0cpM]t5^owatad
[rfaPr[sz
fh]\lY;x_ vte
dFU)reN}
j]tI na
b^ _Kg6
de^iNdG
uuj"p`[1gkl@eok^
aFe9ue
eVlV(nl*
vew-mc
peXkt`q
wtA)to.{
wtAIto
iboaed_gr_enz
9caEreWc]Ue_
btYdYENV[_
d,g$(Tc
wU&wYd
gO7kcUd
gH06g(
0/4pF
I@I@I@I@I@I@I@I@I@
?cs3dg
3d+d#d
dd<dd<dd<d
cd<dd<dd<d
D" D" D" D" D"
amjeanilmPqTuXy
A>DE:HI6dO1*3-
b" ?" B" B" B" B" B" b
TnPj\fd
cD>!@:
L6)H2%4N
?CCCckckckckckckcVVcgcocg?do?dg?do?dg?dS
'BFMY.I
?2Iyf`
+Y(r~D
CsK6fh
S=%gHg`
eFWgHEG
!~fMyb
Uz|:.x
pvP4%wdN*O1
M=G[A|N8r
g_}'fe6;
ESU|Ztm=&
{5_ *J{pC
hm+,p0A
[ledp>
|/cj9?p
m*b!~qbMWK)8W}B/`
.Bp5h)@
P6x%\A-IdQg(M
\&tud+#2@l
EIw6HQ8
^ysuzx
0DydjyT
dFJ"5gt
N,V89RM
d2W(ej:
L)w YFvcI^
nvZL]M W
r/xD+?NAe
XL(faf
*YXer77:
tElL3htw
[?.$02U
1S&!T{}L
r*TT.h
h"c;4A
Knm-F$hO^3po
`Y63O,}k
,lF@#'
f"oQ4s4
}hE*4`&
U|}JV$#P
Xg7g-H,~O
-_AsNcN(3n
n6^!Z)`
(rMQ|x
v{6.h:
LILK9 K4gAO
kfP&2(*,y
) +l< )
0('4DX?Uc|i
UE-|`I%
Jwaz4/D
PE6=Pqja]
Kq-srlw&x
?(t:G4&u(
PdcvHr
8uY+N6C
u2CO[K+Y?
Fm.#ffnW,c
H0ra'M=+H#
U59ko@
"z{wW
{M[ttJVnMr%p+D
"0?/zP
{$9K)$v"v
#}Sc7Hj
s^^1*:6'
<[Y%Jl
g-aIOT
7$dy!-R=]oP
k3e/^\
lp'Ef9c
PwExp[&
Xk^*r{\
E>bqP-MdrX
k7B=MirH'9L
&dXzsQ
pYIS~`G !
@`h}Pd+?tv(
j6\<MqT=AA1m8vz
.6;eK .s>N0E
qzc_Z1%
lo_m`F%$H
SFU7h'uPFAH!]
bW#{KYF?2g
e.a<+Ezjb0
r0:dbPW{
TTYO>R\l
d13kbjUu
rR*YGG#Bd
27!|E Jb
N?Pb/M
^L MtV:k$
E=;0S=o:6JL\&b
,?qwuR7
ls#(wQ_
=](_ \RJC
`JXM}%
8#aDoy
tiAgLyesj
[D4%.u
kjn~X*2*
z}1uVW
_/NURU
{>6&b;]w>
qAgb_D
89zjG'b
"@yy2n
yZc(}j
-(:}!6
(pwaBF+
13U.@$tj|]V&
i".{!<m
2;b_QD(r!
|rAiq/""
QdCE %
9j>FjT
0Tp((CF"
|=O$MO
q`$UY0
P: 2Qs
~?S-sC*P
'!(6)M
a?PLJArJ-kJ
OwWS.K
7_}c F
S%uY!=
,0rwYNM15?y
N2y$SI}i^
8li\a~a?a*k
~^~H^1"
q7ddN+Oc
Q!Mw31I=g
{GE"l7#,As
MB\<xlNclo
E6!Enh
c99Bm?
A"_/`~
d%y5rkk5
rWQq8R*
i9q{Vz
ip:('(*
0!N)z9F3(u#
KZVBD7
>k;/P0Up
Y 1>8d
6TJ%pf1
T$c&AjMD(
gl*e+G3
GJi%O]I/
Z!<zDr
y'8L0Z7
a.{J12
zH4H|.v!(C?i(
S&NV_{O@
av#`/[!!_tc#BL<2bd0QmQ
:l+Y0rg
^K,@Oe}o
Xm C?fAl]i.F
L;g{rW
.yixR.+ k=
C8d#A72O
X]`[Bb
$_J}& 8
cplV0emb#""
<,<I^5
#'=4O7
=N!Nb1qm
Gg;TM@
fAo\"y
Hk(To/Z|BT
?W'k679@1
tm o=m
&C4h{Qw
~G)?Z2p
guky6G
>WP?WHN
?<My{O
t+{hEx
PStU: 3{5
+gx* 3?
1!1UK<
pp'&ez
qKp3$G{ 6y
-e/c>/
6mcBq9R+
c=-BEw
vL]?vBT]2
( pWuO'%0I
I78j53
!:sR`)6t
?Gs.=>
NTR*@wIgg
}0ku6w)
]@I9:m
61l%&Ip;I
' FG0IgDB
:c&7C6!
PXNi8C;
dT3nW0ZYH`&
Qi{y&O
#G&ho0w@{6olEFT8
NU u`"{
^;cwb(0ycNP$7k Y
rQa!`I
@aD_tW<u
?E|t!%
/K{*0]0x9-
t#Uz.b
7mW$8_
m6='ln
)Hr*}Lc
`V^9`dSB
#@0K'HR'
xe]#QGPaLM
#`A>sp0
,N%`jDzX<~`
HP?hm5_G
f>mm\fa3TJ)
rNA"v!
)-`+eV?HYKp
tK c}!`[BCKAN'k
Xh0g[h
7aKv7+2e8t
yu}SU%3Hk`")
,jH_#p
O+_S\j RYJ
;#jD@n
enpmq3>t$
4UCZTfhH
aJSD3_):)
pFhx=`H:
p=?@zIk
n#/6oOCw
V)TE3tI
#yJ2t=X
)0hA5l
o no$7G
WvURZyj]
X:9ffi
J\EF8k:
"$u&}l)S<Xj%25
nf6<MM,J./b
@+9m}q~
%#=HOwN~
djP:Y5d
o)|j38wo&
AdxLdl
DVRVW9
-NDoc{
7 4q-g
w;o?KuHrO
*5^&`!mr
(;0pV$N$
3yS~%U(`]mQ
]xG'1-
f`y66^
5 |O"O1B4;d]Ll
_qv|;}"Zr
{*o"tT
nSH!iWH-
4 YHN"'
]Z#aW6R7
}r'ThK
-*&O@<
{q3ozP E7Mho
6Br!B;e
7c>(`5
5zx3/`@M
oo13=>K`c
IGSh(
4~$z>+~>Clm
mf%CxiZW)
iQ@c >\I0[UnPi+O
Fbf+x{b6:
*I`Lh.1
O>^:Tz
BgM}rjI:$#Tor-`c
\TxYkcD
VAsb8-D
^B#4|jG
M"\U ,^J
^3!ud>
PsS7[Ujcc
WqR7-!|
CYaT6N3
p'BM<f
QY9.%D
Y.jX3
~0gF/Z5<
:Uo<5#Qty*/s`B
d@zm9AUp
fX.f8~&~
Y$]tuFe
301492
4>H`Xb>
[%V4L@uQ
`qxNHp*:H
t>XYsa
T+u22~
e2:"Sj
S;-&d^
L:GxL5%
@4 TQ,!]o
cS"$cvV
|kjmLD
&:v1iN*!
2gGd,j7Q
w%PMuT2
BQ5]gu1 "G6f
O91ms<FlY
P.`y[1%2y
CNB.UjU(@]mKn|
B1Zs"0
lq20Azst
z#K;`n
:c*oy~hf>pZ
0P#{zk
s^Os;Z9
2#sYRSnvw
{1I|G&
6^Tx$_;J6C,9!:f}s
`b,J'w
`xye'g
^+x'\z
J2c4=M5
~9/mh8
x-4'I@DzN
_/MdB3
v=-Xs;&
#Z>PB]_
EH/c:{D
]Y@R]sJ
7f)| AG
9i03 Ki6x
*Pv_jn
JxkL[s@N
WM&vOf"/G)V
x:HV}Y)
N%6T/glf
k~.D1L
zt|H;G'
![mj*p]
"IjtUQ
_*:.AB
>t&MCR2}I3
G(K2yU{[OhY
qT8XEIM
SYx1=3IF
\<xDb%z
mZPz(b
* beU01D
RmM3h5{Rn=E
MZdT 0
h<4u1Z
+Y0eYR
*g0U_WLt
1-$4BMy*
?l92 0>'@>
h6Kub9x
a;X>BY>
QEX?.H4>n92
;O&qfS
sU}4YmpyL
cfA`*{
0@cNPCc
C7ScS(q
72H/%n
e:@9\V?m
Lc@X6U
pJ+bT&pw\[
XeQeV[
{CJ;Xb4_[
#d`sn>
Ge!9T[E"
T_suOgb
+t''(s+]
+IWE?P
}KE8Mv
ZiuhH;
B6fc=tV,n~i
0l0>JL7HQE
,@RrH'
a[H,/>
[ v& a
8'ynn $
4,s*IE
f4lHS^
:onjECrK|
Vya0:t
)y1La&
9tN l(
4kt:nqW][_n6
qvEC&s/F
c-o@1#{\
^_qNyC||
8UGV1-,zEci
"`uwp2
cr:1 ;*>
H&m.O{/)
f:p m*&
0vHq^)?2
;CJA>/
)+ggMCM
iyhy 4>
PwY*1YL-
"HzglsQ
sEW~0&^#5
^-0!*"<!a
>4#d~q+cv_
r.XANWMqM?
g^9TlkA4;UMw,K!uQ
%.q%1C1<="
Ah5({?A7:
k&:d5/
b\<|GW
^;cH{b<dfjP
^`sDKz
:(#$f@+Rv'4f#O~Vn[oF~
x/HU}m
9U7Gbv?
>bS'B6 qL4pN
~!f?KE:!{@"(
V[*aI5
e$_b|z~AK+
aSjOe$a
q&X/c+K
YBu4e7U
lRV* o
=~i8/YX
5Ed<V`~"Ofy"
3gqUd]
c"$mQ?
BI4hc<
5uHCQQw
sVOJ@)
h{lF{|qEtJQ:K
(#(*VnL
e"\1G#
lYc[i?9<*<mL"?Eg
;'+)4,O
K.R$mbrzJ
jU#/&7@
&}dXA|
?Y8j1,%
`OvzXs-~
4i/-93F7(f^
kdRbt1Z
7"&|* Zw
+Z0_!(
3O'!)up)jl3
> j;+ I=
MG0^J{;
0bNN]VI$
kP`1Qlpovc
G S 'tF
?.bDFWj\
=FK<9b9
`u@ee2H
RK+pk?sl!M
P?Gi)![
|xNn7D|o,m
!v0)G8_!
KdKds[
Q=K AQz
%/p9f*
BN1]f!AR
gW"(7,r
9?S6emMs$R
Z\;+FZz!O\
u5e!C_
DmR?L^
q[Eu7 Mwe.5So/N;
B (^gQE
x0uW}Au9~(q!-
UF4h0}?{=0&
?HbkD'
AAn;/M$C=Hs!.]=^1o*
'c\:%I
'r(6.7_
v$Hq^yp
$ zu;
i35\J_eZxZ
{V.BWv
A09m4o
@[WI>0,8
BRdg_X
<g r[O?
Ub=zh_d<
f.Z8nS{}[6)
`wZlVnf
<.emgt
kp!U,N]
Go af&
H-z-q)G(
2O(dtVFT
bE8<6"
{2"Szu)W#>A'GGn
%U`eb~
.}cL;F.ZL
}bLS:Q;'x
>m7 XL!=:D
1G1B?]-Zu
Aozjf\=
|ZpA^/
K-pQR)
"sdpKvX
'J]mC}ciIF
aVt2nw82Z
10Q|K+
(n*Xp'L
b]_;Iis
#I>IDHd'T
IyOu]D
>c(T<C
Rmbpa$I
>cvsf9
rU?pkl
x3-}~=
l8FT()icRNwZ|Qa
-E8Ibp]
d$ul;oX
@t* 3?
yZ+bmGv
iFBS3l0w]/
FEnB6)R oU
-``VI%pOq,``gEZ,=
Da0tm5
~p9$O3+2
cBLJBHZ]q
><kpw5"Ibz
JgsK3PsYu
#?xTC!
o4tOK-
50"D4+
sHxVV@0l:Em^
X,#SK9+$2-
zncEz!
V2w+jTd(cl?
ncS9e]er
+-R2lh]<W1GC6hI
=V)PNF(Q
z7yPiX]
;ggC'}xAdw`C
DeON9Mzu3]^`
L2a)<KZ;PEU?7/~g`ae
%.SyK4IkRU;ct
a_IzDQQ
2JjQ0G
quN2%>aS
@nc8S<(@
R+DtM!$T%[c
f\bP._b)UT
Wl~-b$
~b?Tz,
ZT+bMAZ.
/28IRHn`7
]UKVS4;H
F<6j,D
0:.6@HW5
s0*(x5
[AVc'?r.
zlI'4G&
q!a`ERBd
eRnkgD!!M
jqZqPPr4b'"c
3}DE`9a\NwAa]
O),|};<eT
iGHzc2
iic*X.GGc{
NUGq:Qn
j70!^rytxD#
6B^"%mT
K~Y66RFmzP}$
Sg&79 H9
NX\3IDs; P2
|UG-;1
/l^)5
Iq"d?R ^
oJrE/#
H.MS2|
854ty'Z
ee^,TC:CO
(IT{AY
$RCd!d-35
OCX91v
bN)FE<i@y 2I
'+8<Kvf
iQo"i\
B6d]bO
ShT##|
vH:6,^x}:
cz{"/d~+{
ZmAc}3jS.G8
~ ^=_{
8^Z>X2
Ip# e7yi
J~[u>0
=~^4N"v
S~uyKMH
+m/)l?GP_|WA
NS!'^@a
c2kH!b
n\Xs5p-u\
q\N!(R
5fYEPV
SNn);,GLa
UV@!B87$
/rnn%?S
~2[Qd*
?tjGV. T
V*I!m9
DQD;1A`
tIEPB9x>
Rrd9}3<
).hdl"4
;RNiv1s
pa9rLi
xM1[nY%
7,;@7*q5
?,*P,%K
3&6EhWq)y
NU0~rj
(wCe<fmO
S.i(a7gsq[
7RufK3,9cw
O 3,Ia
>S z$<cF} ?
k<^UR2
3M y>9;z%
\D>* EsE
[)o+'M
[bAb((N^W4K
0^<9KHQ(9jP
-SZ,8r
^6ju&KR}
pVbN8{*D3
2g ." l
.kBE`z\4P
i "YMV!
}~qoHX
.7k) ;&
4L h vv
yfMc=T1=
7fg<JcxI^0i
S%v1S3
siz@t8
tXNX@pJ`c,b9
1#]IMZ
.q^u&j3
""Az;\
cy%7)Y36d%>
.xH~p[*/wV&`;"
I9n#4*e
}PWXrO
|VH;lO
).13a*2Z
oIz)r_%
j[}%zf
pI:T}P
h()|e]*<mI+\b
mOvY;{
5c$WidUE38g[^ph`B
nAaIV|m:
ExF=^U+
PF{d3,&
Mr**(~
Z?U{|$U+\Lw
Q0V<cgt
=D) B
(>$l2gOO%%rl}M
iOU2Y5
\w d2IZpJ
]Y#SAH
Vd>AQ%m6|J"
=z"U%.cq
N;b',!D
&?IyJo( O5
aL3co~75:
C?0|W6M-
G#q<5_ag
Tqg5F?%a+
C7bcW8
=q0>}5
1z1"Je7
A{9!g".J
$-Tdd6C1
2"kfn_Ic
BGoetv
=gz-f!
hjCA9w
dE?>pK)]4
Z&P_[`Yoh0
VjAB+?)$D
y{|#tC_=0GWZK+
Ak.mQj<a{v
e>H`R+y
X?K7]Kj1
vj2Z-9
7v0G;;63*zM+
#WnN3h
@?yEm
rcs_J<}8X9,
J-:9#,Jvr
W/i9?,gB
?aVY!7b/vln7
qWLP"z
\2"DGB@) )M
~CAv9k
! `>E#y
%X@zYU1
3#rTCVU,;v"
I~4t^olBP)90qOUbk
i6@}1~49CWj
#X 4%}4f;
;GZ,*q)
_d0!K^
.r[g|:`
xiiK7f
VuAX@4;\
!`[#\2vS
b%x`>~lqFPt j
Unb/k'
k{t(d`,
Xu1kB8
;uYAztE
`J\xcv6Dx
h0udITicAu!@
=;/l|\K~
$ask8X"Z
U7/f5Z0)X}4f
7'dXw.
s20h9y
[&m-B{\(y"
]aC=(f$r
yza1f]"!Q/\K>
K:rnJ1 g;Wc
cPG5T"I{\}!4
`-SF*;2
YCKLQP>/(R9VpVeGlMx}.
tSU0;!/
DOaF0j
#mnYWr
;SbN1[3t}zV.e
s1 <GH
s_C ^
<l;ZZ,-VJ
B2~L.-
5DqJ&R
b^(#}o
C:p:GDGE^DI-gV8
F^&'yy\
oX2IsMx<
R8Trt
OcjO\7T
]9a{,YCTTQI,vr>/
AHiwTq8T
ox8@~o
lB/nFr
qZ^\BO[n6nGzv+\ @wA
DmyPoUV7y
H mLa0(
(lyzuEjXqVfR`
D=|]:}6}'wbc>Qn
~Q- r*4.
I-*p4AC-G
w(O@H'oq#}(
itB_9J|A
m`jTo,*
#1(3^B^
dfPau*
.=ZVHy.u
\:XcFRq)
T6O__}j
?'<Kz|
o-y>Z?ye
$k4ykFgH
DK;>_@j_\
'#,Ga>|
J=|h=eK
d+'o/w4
_S2iw4jtZ
LA_OFs%'
%+i,|8et4v
<4y{=Q
c(!OBoQVxcx
YC~_QS`lY
4@Se&6ts
||.p=+"\
WhoALx
(3v#*6iW
R(eJ3q|I|O
2Z$JY5+
hN/(nc
v&7#=JRcG!
$Il=nE)
f~xK'Jz
Ei&T]e
82wI!h]
gFC+0zG7k
lD/J6E
2&;[-Pw
I84qge-Yb7
m``+~~TJ'
>$WVzt^
VB=k(>
9$DD&<
OH7'"p@[.
\vrXQa[f&^ng^N,E@9P
+eMctO
/wi4.-2}Zj4_V@h!
7X}u=UHyb
Ct3|G_GW
Wd,x:m
@@Q[=-zg
xtHu!D
0`Vw_dv*
FPBMk@
@$""]1c\`8
hJB+bq
e4t_Eu
d?LIz&F
t6;mq':/gX
\<>< n_?;`oBz
f p4'x
G0[~5C7S5^Vi
7"aD+l3C7/y
VvUm_G~~ <f%S,`@y4$\
6gmT=-W`^%
r}5RoL7(&m|
jt3|":F
O#y$%LrdrHt
)k8>,Q< -Yq
+MNj}llTb
1"uDV`P
lX+7z~p
1?myd
O;P*;N.LT
="?sPTM
T+r c]V
k{tXZW
?2^4:886|}36/Q
d;>7pz/
v^%(G#
6)^`O
42OcqH
hQu/Fz
Ly]lG`?:3
?u;+'BXbv6
I~Z+#;c
yNW-%ca6]
^?vNQmh5 *K
CP|"G"
|>:|-v+6
D<`[R6
DVa;A,Gk
-Ja]=u(2T<
C&M {K
* GOOImPbgavh
DZUtnCA-<
Ie)GV<
J)a;v#&f
Wzf@]u
xn:w@cO
{UR5/D,
YOWZVT>h
>#G]l` Un
L Eqw>
a>3z^-V
?1EgIEyd
coM"TR+3,T+~NV
ip^K5Mq
$wyM$s)d!
sa,?-8Hx=
9H<7J]
mSAB=}_
r/[ft]
hFDf$ n}n
le&cyo5W.2qTV
~Y-D[U4~AS_&
rtCMci
WfcyCRE
\cBc"N/
d'q6&X>r
YDk%`<X
U=5"-Xb
K(%u!E2
.q(J@9WF
b=,{vT
]CNenK
SVZ?h`P7
o,8J`:
ksK&C0T_h
pzVR4Uc|evll
t$WL(p#9%"s
*EcKYA[
]NfUGs
aF8"W+lQ]
>rJ@[;n
6J#]ns
f.3w i#RQU
oPEx =iut=g_\
|cicC<ci|c
Us9UeL
Ge*W`ZR$^#P
)0I1U+Z1^1,,X6@(Z3
EO90/cb,c04Mc#=Dc<c
d%c E<c *VcFGcK/cY%c` ccBc5,c`cNfec}o
doqdcd;dKdNd^wxdlzd~idwxd
cj%d2:d
nZD)O^Rj0
{Wx<7^
;Z(M,H1
%XPcL_cIRcbcn)cq(cdJcc
uc-cDjcs;c
d4cYUcD9cD1cL)c71c
c#r9crdd>\dkfdOd
spqReebp]RYb)?
Eq+?)ESq
pbM?aYpoQ
syRzRb;c
$bwZ.Y
xucxlxls
UMxLdxLs
rvhOs^h
hXspXsb
vw^Wu{y
anS^cEi
[]aeiNl*p7p4s
2r!rru
wvo{t|\89<B{cr
~drxdb}d_ydpdqdkdddqndomddpdw
jd[dbdUdKdydcsdb^da]d_c_c]c
kcUicLfcWscVqc<nocB|jc
LVXR{U}@xA<zGHzHY/>w;A
NLJcQd#d&d(d*d
dU dN dC!d;3mdV5jdP8sdE+`d<-
/Wd 0Jd
6Hm4ac
~.Hen_ca
4wJODB[
aiZeUpP59gBf
~E[d]$k
2kkISsLn
>S3|s*}EUy"c o6S,S
B&n8 d
oD'+=Mow;
cag>UR
tptng_c
caf@sHs
d2yEsn|)
+`bxh1
zdAu"nN?jj
mQqIzqQmBDFs`m1Am
A,c9T6[FB8c
cAup{l
d;Ic;I
g!gW!v
M+Gck6
;/oks_+_klT
/e?kU?T8'
._juXju&j
Sa6wee!
Sq!7s>yUY
jkRoW&jW&
.u9jK2t9~
wkEuSzo
2lpk|T
q1\p`|S
4s0sqc
i^s~f0sv/
uwuwuw
rguwRuwBupT
wEu]]]p
t3]+Vt3B^g
]Gr^t]
q^c[[[c
Zo[uo[_
SSTT49i &#
cicc|c
|cDc8cNbci|c
YcY Qcdc
Acz&9c
p-T5RFc
cD/Pd<Rcd4zd,c$c
c#c?ck
S2GW;l/"
2WzlbI1
2cZKdmrd
bd9FdEJd'A>dMd
idkudWqdc}dcccc
c9d-d!d
R!jPMM
|~xw~f
h|~xUx
{||usp g
'ny(>
c~[~%Z)t
*5ek~c~[~
{hqZ;Uf
0 O.>>
Au{fsk<cf
{AxK;C;;J3Dw+6#dR
S[pBp:l}+
m^^nn~
v]Z>6#
qz+5l{
{zzzzzHJHJ6os
s=<Fb9@Bz
||||||||
-age.=CA
h|~||P{1{
(A9jrE
93SbTRz}
FI{~xl~
k5/||+}
}||@JD'C;3
Lgu~*u{
syP-{=
syky'v
% IaLQ`|Ky
@ FCE7$yvowt
0]~mzZ
:{\60C
Eky;S]g3c]g+#
c%@*n~
y9wHtY<
ltdtlztJ
yondRtlJtdBtHpkgc
%'IKbA
k=H/uE\
HBDcz8~p/~`/~+~}
~d}}}e}+
}%}k3}u},}=
}j_}5,
ayOryOr~2y
t[mp(n"'7[cc
#FI~|i
@BD,+/#
c%H,V5zVz
yyyyyyxypsylwy_
dy`ky]Nyp|ky
% Ijpp
(kbx`McJZLdt
cQ[vG\vspvZ
c%H,1v
]vyuquuuYuJu>uBu
Z/glu3
&Nccgc'c
*"Ho6|6|nH
W=NdpJ
<3{.PX}
||||||||v
rrvrrxr'r%
r&rJAr^r
thtru]rvLnwOZxUQ
dnI2lx
uRMNH5/
;{As@H^}|
}||||F@FHJL
ninon\nKnnnn#
nO)jsznnNn]nKrn.un{yn,
nNwxuv&k
#b6-c
I!- JD #?G
|QQ,Fu
(`#?H`
zzzzz'{
{zzzzzzz
{z|||||||||
|||||c
VK+!n{}rW
&<QcccqcX
4iU<;w
zzz[%
({NsMkUc][SS.K
izsz{zzz9M
50!#8OI!
/cbbbbbb
~`n_f_PI{
9{MsMkMcM(
oczc3c
Jm=<>@-2.B.s
4I/k65%%
vueeUPh{
____3_>__
_q_t__ _L
_)x_Z^m8_
V_\_-^_jyy_*S{_
4_75[*
]\=`U?_V>bVfWXXrmXuNQ
{YlsFkAc1[1S!K
OCt;3cB\:\B\?_\.|Z\
[[[.|[
c=:yQ[&[
X[;T[@R[2K[
fPXQRQ}MV\HVnSWiFT?A SMMsMkM*~h~j5b5<Z54R5<j5
E>D97>
)A-A^^5jS
K[VCx;
W_NlUjEjEj
LFxvw{oslkcHjX
DX:KXI3XD(XK1X)Xp
XCWFjW"?WnWnWnW"W)BgW33WUWWTWTWDWZ+WAgWAW
OWWYoZZMEO~QxQcRjR
?Fp{3.hs$'gkc
[nSnKfC^;V3N+F#4
sx)j}j}j}j}j}
c[T\T\T,
UzkTzcTz[TzSTzkTzcTBD
c!F=2nSjS59eS
SSSS{SyS
wjQmOcVMaP[_RYUDWKU)QBSC
<U<U<U<Ux<U)HjVRVJVRV78T8T8T8T
"u{skc[S8K
cTPPPyPFP>
PmP"fPVUPIXP
,P!PoNPw
NPo.PW.Pmt4PH__P
P)*qOWOOO
\RTRnW9%<cJc
I]6@=TV.;!W
lL8VWPJXHMYP1Rx/RqBSi6TQT
))p)28mBC Ub
.{+s~kc[^SK5pCf;3+
MLLzLrLLB5TM
|?LmoLm
OLmOLWVL
)LL1Ld.L
f/Qf;Pf7SVCRFUFj:A
18PMhM
`M0XM0PM M M0Mx62%bc
@o!_!_!
rwMEb,B;
LFxsc[SKd^SI
HHHHHfuH.
'6n TR\RTR6]8^9
<[B)/52A
KFpr[SKCx;W3a+d#[
uhdpEjE
c!F:|DYDQDD
giN!cc2c
j'g$mVlivktm{osqk2 fcL
s&xdAAA
AA>AjAl
AuA_A-<AlAfA
a^APXgA\t[AZriAGiVAEoTACmRA9sHA/q@v@t@J"ZA
\E66 -C
"B+%#alF
9x0^eec
DFbPt&x
{swkca[iSj
KiCc;P3h+r#l
W^d`=Z=H `=
<Vi=/.=
B=43=1(=Nb]=t|{=
#%'!#u
I I M+
z@ma,z
JoL^a>\kx
8FxoC;t3t+c#+:76:&E:
9s9\t9=
9e9rzq9UoT9Sm9Ik9?i9g9ez9%8
c<:~/u4[2YoHDMBK
jugY~cm[zTxODYc
pn;3s+s#
&!#& +
kgcc}um6n}6-6N.
55551>
55y5r5ri5
z4xFVHMI@>F@LeBK^C
f..w%I!4
.h3^ x=
23e2o2of2+nf2!SY2 QQ2
Vh2[c2X[2]R2c)2e'2#2r
2#929(20/2>-2
10131)
D]FKZCr=
=c>e>P?3@-@C1A>+AL&B=A
(=# &
")%%kx
UxX{\Z
sQTkWScR[YTS#]KVC \;3+%#
wc..d.
YD 8.R
.-_-u-]
P7T2z2y2d2e1o1<474e1s1xH2
2m7K7Q8F5756%b+mAcc]
9,;@{me
BAr]3h+^#
+**_*u*]*S*I*
********
*rn*_i*@P*EH*>S*J*,2*)5*
t2Ag~-
M'N,A8383
4d<5r>5Z6P/N/0l0
^MV^F<
8J#$c#
<Uv$uc
[SKgCd3'*'-%'E'TU'>&
b @8E)|&JrY&Tj&Dj&Dj&
l&_o&uO&]N&
P0N0f/c/l.Y-)c-&
c+B)PK|?o1
#':,EgR
^jK!]iJDhEGXEY]iJZ?hJjL
{fsFouEoA P
oCKLp<JCvJDmxDB8:
9*9F,8
v? "fp
cS dxC
y(Wb`Tx~1I0!"
c8dUbtdwdFd dbkd5Kkd
dI\d`ddd{dWdydaudIhdX`db4dcHd
ldj(dP0d
d$,d1;dWc
ie^#URTrk
xox|YL )%TJhs]Z-jPOI
JdNdcd0 d* d
zd3HdChdK^dXYdmUd&Rd
dK&dofd_Ud
`d-!dvbdg^dvAd;f
9dV]6d
c9i*a8*c`9
tbQyCVA
INFIIY.QH
z~{>z~
|[|};}+
q'za}z^
::::::::c+
s'6t=8^<7
29/;=?
XjbViYn\v&
v9qkgiat\cVdTdEdEd7d1d]dYd%d d,d,d
d_cVcNcF
cAc9}cm|cl|ci|cs}cb}cb
crcu{xc
`7jBdC|B
xU}UOvP}[ZLGFFIReDdJ_I^G^RakV````j
dcd.dXP
dHW d>Y d8S(dU%d>c'Ac!:c)Gc!Fc)Fc8oc%<c
;c0Ac(>c;?c<Rc
ScIUcOFcM@cc:cb\ch^c
]7H Ykc
skjdmdlm1
=N>A&V
uR ~RB
bAA]_&.Tl%c
+h0EiPj
L4_0wO
t]|u?}C
`+h+Q$
]``:oV
O[QdJVN
XXiQNXJBA*
v^Q+=&&eNA$
h>WrrY
t[tstk
gq[xWK
k-ogqgq
pdR4XTPm
SRTXlxlslxR
(eaoq!0m
dqSpqn{
dq3pqw
hd^oq^+oqVxzQ t
;t1t9t1t
GtsZtktl
ztxddTsTdD
EdDTTsDdR
,d00c(c Oc
TTTuThTGMU"T)PL|X
ITkTnTThTG U"TS)KC{;3+SSnSSDSp_STcPNd/Bd&dy*d
cQc:QcqQcPcPkcPecPec/mc
dycc-d7Q`cZQXcqQPcPHcP@cP8cP0c/Gcjcyqc
Mb{WX
}KjL||pVc
yyy||8Uk;Rj
cKxqxuW}
y}QpQx
;554u7
H;$QN5Nk-Ql
M )o["dQ,N
NP]N\c
dKMiFXa@V[c:Tm
X..[.t[2
34\:R7=
2P3io4bh4[a5Lz01c<=
n1Q1I2@2
o0:Q1Iw
rQ6hC;sC
<<<<z{:k[<Kc ;h
c&_a[/
^ccic7c
S&]c~c>c
FIDU>F>FIDa}
~ENENEP
a9SaKaCa;
3#m+5s#
,RajaaxO
6YV.YF&YF
(v+f+f 2
B8=8=8=
*##T#^[
Jb<B"""D
X XR~8h
lLO\;F#3F#+6##6#
GqYccu
xawAX0
qccwca
]yb`uuuc1;Ji38$
JCC>."."#TM
%%J)L%
{4sltk`cb[VbS
Cw;e3Y+d_
c ?+qLL
-"e&HIFMtQ[T
a8o\E-|$XV$Xf
,G<whw
%#KM91
]6SJI.w1r
!EImO+}OV,J'A+
vPKlC/
K@OB;K7{8s]k]r
cdoho`oXffN
c ?+TDBZR"4')'
CFl]7m
'Kl|@aB>
v\%b}}}vF}}}
EIwE,Cxwus*.-
*>U?;{
[0SGKG
Cv;Y3Y+x#G
~C55h*="=4+JdMzSf8
_#C8D
KY!J!2!*!2u!*u!
c ?+zXcQsQ
UsreS"P|^&!!yzqo
3:C:42
L{'Ys Yk
[TSqGKtFCA;E3d+
6LE=S[C[J:=UDlno+C{_wZrW
;TZ:>A9
p$lpGuO
KFx<+.
CE0q;~
8Z,n!g{
GkAcpb['iS'aK_Cj;_3m+m#
NFKczrz]q
eF~fnSkk[`\`|i
Kc_c(c
3zg~l}{4
BJusNN:*txOQcUYzz~~r
jjnnj~l5+QA#]
S:K6Cc6/N:3B
G6"K:&?>*CRyRQ
a%9A%``+pg+j5Vi<R`/^[YR
}{inoq
#<c 6[
';432+6#/
Zr8;LE@{cw2nx-qB9h\5S>!J,E(D
cA/GC*@XZA:A1>
h5b}-~
%;o?3s.
GdOIu`L
_ePD9`
BuDtGuvDGvO~B~4}R
cccpc]cEc)c#c
Py]C/Q%K
T|7iccucHc c
b[7L Q
cs=5-O
'a\WfWfWVWVW&W&
'F`hcvc6c
44n4n4
K>md#:
\NGh{aXsfZkQcQ[dWfi83
DK317H__2SK3"4"$*~
?)mMLLLPj:`
wiD3E:B=KDM
P"Q%/F{usekec[STegK
3bvx+>#
hkUrU]DTOG/i.c.Z)e
'!?V2C*C"3
c!F2U)>!Q@'
'}. e({ {
W{?sGkocW^g[z
clefpP@
r}UK=k|KlKlKLKLK
71mUTGE64*
yk*c[SKCV;cL
s]{QPVH:p3x/e.{S:z"yN
At\T\jpM
\TM|NtNn%
8/D|D|$
[3SKC;03Xux+`ux#Xux
7BpM{sca[YSiNR
E/.1{)c
`7XFzG
'!NjjjxT
d\ll\\LL4
[SKC;&3&+
!#EOi%R`
c!F>?Xph
671+-<vSu"
49$I^c
+N@{=W^`
1@G9;E?Ac=YVOHUJ
!:ANOr.rGr(u"W
570R<OU
DDBx@(P
{?s.kMc`[
deJ}cD}YN}O|
5|k||cl|/| |R|G|
01V=WZQ8R1
b|UrWpi^cTMZOX
7Bp*[8Sdclxj}yUySySyEy/y)y;y-yxx?x/x0x/xxxqxoxexp
oxvQxzMxUbxLcxGxEx_x
Tq\qH!h
ON*C A
*V[sdmiRgg
upu?uet
c!J>tstctc
l%CFYZ
irwWgYN[DJ
ccHc$c
IObsn}}~6D/
hk^ad_{]xs}k
qWqHqEq/q)q:q7qpUp}qzpmbq
=Twc#c
"oToTo!6
lzxwB.-
kDc4[]SgKYC\;3+#
-m,mWm
x0s.ys
Bq{b0m>l5k
I.% F.<$+9)?Djrx0c1c
QuCf;a3c!j^
yjMDjC
i1i/i5i(i
i{iYiWinioiQdiNiiNbi+7ispi&
*=)}Gq
xdobAoZnutnznyn
bmCj;m3g+n#!}
kcNofOTfTUf-Ef2Jffo`f
1Je{\e
b>pZor~rOq=q:lC"k)$k&
;m/h'sNWnTqpRp[kPjjms
6O)08Ze
?FeLbK=C
skc[SKC;3+
bkb^hbdpb\ibNbxNbIOb7Ob<4bE5b+%b *b
^oaRaaHaIaVaGaa=a
Y+Qb+QZ+@b+TqLFPdWbWZVU~UOT=T
?CUHZG:@4|
itgo@[DX?Sn<P{&
7F4alcZs[[sS}KoCq;
c'@8,F
?$J1z1
LLLsL@
9.~tsl
gg^q+,
eaEQTa
oO3^Pw)a(o
2i O(o
k:- d020&
+J3)R#b\/^"W
Rk$_q_
roeL-7
nehi~feJi>`[" G=/FYu~nySb
c-titl
<BisxXl|OIAu>D\EXmCD)LG5>D
EX-CD)LG>D
EXCDLG>DHCDNA@
MJ;kED@HC$sNAKJ
UAKJCD
GCTAKJ
w,,,,L3
BUHLYZ
_O1{|A
99#8X"9K9N
PL3Ie414)4d1
OW3nW3fW3hW
5>55K>i5,=5<5<
6Q96Q6Q6
R)7TF7T7R7R
8+I8O8O8
9@I_9QI9
7U#'rs'1
Y91dd_u
151@1N1a:p:
~::':@:
y;Ipp<$f<e;9U4<=US<@EM<F^=6k=
7=&=&=
yMj;rMu;fN;BN;K;K;K;K;K;
Lr<3L<AQ=QQ=Qa>
R>9R>9R>|R>Q>
O7?PH?Pe?P?N?N?N?
znwN-C#
9<6yvD
-8i.7q.7
/tm0ex0e0U/U
79IC7Iv7I7Im8:8d7Y979
:7*:7A:t7v:S6:
P6:|6:6:8B;S~<uTr=4=R5=Y5Z>Qj>RR>lR
QN0N3B
cvvvvv
vvv+?w3Gw;/w3'w
n5io4qO4yO4qO4O
5y/4q/4)/'51
S5:5B5j.r.Z.b.
y:q4q:y4:4}:4M;
5<M5;]55;e5M;9L:L:L:L:L:L:L:
L:L:Ne
FwIWIQ25Xr0w
>"8k(g?
W:>dEd%?c
QR+W:cM
/IApRAlS
H/@/8/hkl
YH(@(8(
7<BH(@(8(
I8Fw;)0uF3
8@kE L
Nw<`E`KC
Fe6S]?(
Nr>w2.>
gM4Nuc
`5`#!!H(
@(8(k=E
@(8((E
aS<u9D
UXJ48gE0c
9/uYwtX
-pD2Mw-pUcBEF
r3@`MT(nN;C3
`:>dSQ
0cUEI4M3O_'<B>
(<BQ1`U
cMN](<B|D4_4<B
QW:cT?R
<B50_&
Rw'<BdJ(
<Bfr8c
\=BU(;
)SR=jD
wQ:>d5jD
3]] )Qw
u`:>dY.iD
<B>69<M
(3M,2-@h
A4MN's
6>,F-<,
E@F^:cM
_5'~%(nD
?<Bcn
<B=$;*
.'5w@Wc
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndPaint
GDI32.dll
SetBkColor
ADVAPI32.dll
RegOpenKeyW
msvcrt.dll
lQ+QQQf
UWVS|$
t$dD$\
T$L3;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
;s#D$H
t".)D$H+r
)D$H+r
L$H+t$`+
T$8L$PL$xf
D$\l$TD$X3|$`
D$`L$D
;s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\
l$8f++
D$T&++f
T$TD$PT$PL$XL$Tl$\D$\l$X3|$`
;s/D$H
;s;D$H
)D$H+f
t$(Nt$(uL$0
T$,|$`
)D$H+f
l$$Ml$$uP
)D$H+f
$L$ d$
p4$Ft$\tZL$
9l$\w`$
BD$tIt
|[^_]^eS
KERNEL32.dll
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
FindClose
GetTimeFormatW
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
LocalFree
MulDiv
QueryPerformanceCounter
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
WriteFile
lstrcatW
lstrcmpW
lstrcpyW
lstrlenW
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
CreateThread
CreateFileW
CompareStringW
CompareFileTime
CloseHandle
lstrcatA
GetSystemDirectoryA
CreateFileA
VirtualAlloc
GetTickCount
USER32.dll
EnableWindow
EndDialog
EndPaint
FindWindowW
GetClientRect
GetDlgItem
GetDlgItemTextW
GetParent
GetSysColor
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
LoadCursorW
LoadStringW
MessageBoxW
MoveWindow
PostMessageW
RegisterClassW
ScreenToClient
SendMessageW
SetClassLongW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetWindowLongW
ShowWindow
WinHelpW
wsprintfW
DialogBoxParamW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateWindowExW
ChildWindowFromPoint
CheckRadioButton
CheckDlgButton
CharUpperBuffW
CharLowerBuffW
BeginPaint
GetSystemMetrics
LoadIconA
LoadIconW
GDI32.dll
SetTextAlign
SetBkColor
SelectObject
GetTextExtentPoint32W
SetTextColor
ExtTextOutW
ADVAPI32.dll
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExA
RegSetValueExW
msvcrt.dll
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_wcsicmp
_wcsnicmp
wcschr
wcsstr
[*kNf:
Z?jKXI
uT*&dp3&
"E\]',
h-tg(*q
q}x$Bb/~
.\2G"v
Y g<t*B?
=VNpI1pp&.
o<+d~}
r XGTp}41
P&MK(=56
BHn1*R^
HhZu>T3d
5_:M-\
q[wMd+
fA(N'd
P)AEO<
w'CzWV
/8hyIt
"PfPPS<t
?=9 | ypO
@�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�
a�e� � �u� �
�p�l�c�t�o�.�
o�g� �p�c� �
o�d�p�I�i�_�L�s�
J�O�Y�_�h�k�
-�,�+�+�2�/�q�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�1�9�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Process Tree
- 046ec8356b508853eb855428f52b762d34d1cb9097233d8e9758747c360a5b30.exe (1064) "C:\Users\Administrator\AppData\Local\Temp\046ec8356b508853eb855428f52b762d34d1cb9097233d8e9758747c360a5b30.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 6f86d553cc595b60_iqbjnwa.exe |
|---|---|
| Filepath | C:\ProgramData\Mozilla\iqbjnwa.exe |
| Size | 229.6KB |
| Processes | 1064 (046ec8356b508853eb855428f52b762d34d1cb9097233d8e9758747c360a5b30.exe) |
| Type | MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS |
| MD5 | 0cc61ac7ce2c22db5df5903806c1c75d |
| SHA1 | 78d1ff35a2763d1032345884f06e85b684f21d41 |
| SHA256 | 6f86d553cc595b601992a339560fb22726e1c7d4d5fa554950a007b8e7a43cfe |
| CRC32 | 4692954B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.