SmartHawk

3.9

中危

61 个模型检测该样本为恶意！

重新分析

下载样本

089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03

089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03.exe

分析耗时

135s

最近分析

382天前

文件大小

276.0KB

静态报毒动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN RANSOM GANDCRAB

DACN 0.14

FACILE 1.00

IMCLNet 0.81

MFGraph 0.00

引擎	描述	特征	威胁分数	可能家族	检测耗时
DACN	基于动态分析和胶囊网络的可视化恶意软件检测	API调用、DLL以及注册表的修改情况	0.14	Unknown	0.09s
FACILE	利用改进的层次胶囊网络对二进制恶意软件图像进行识别分类	二进制图像映射为的灰度图像	1.00	Unknown	0.04s
IMCLNet	轻量化深度卷积网络模型实现恶意软件家族检测	原始二进制映射而成的可视化图像	0.81	Unknown	0.23s
MFGraph	利用静态特征构建图网络以检测恶意软件	原始二进制PE文件的静态特征节点	0.00	Unknown	0.00s

查杀引擎	查杀结果	查杀时间	查杀版本
Alibaba	None	20190527	0.3.0.5
Avast	Win32:Kryptik-PSU [Trj]	20200214	18.4.3895.0
Baidu	None	20190318	1.0.0.2
CrowdStrike	None	20190702	1.0
Kingsoft	None	20200214	2013.8.14.323
McAfee	GenericRXFA-NC!648F70DCC008	20200214	6.0.6.653
Tencent	Malware.Win32.Gencirc.10b088e6	20200214	1.0.0.1

查询计算机名称 (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1727545327.7975 GetComputerNameW	computer_name: TU-PC	success	1	0

检查进程是否被调试器调试 (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1727545324.8915 IsDebuggerPresent		failed	0	0

使用Windows API生成加密密钥 (3 个事件)

Time & API	Arguments	Status	Return
1727545327.7815 CryptGenKey	provider_handle: 0x00c08728 algorithm_identifier: 0x0000a400 (CALG_RSA_KEYX) flags: 134217729 crypto_handle: 0x00b4b478	success	1
1727545327.7815 CryptExportKey	crypto_handle: 0x00b4b478 crypto_export_handle: 0x00000000 blob_type: 6 flags: 0 buffer: ¤RSA1£p\}`§(R¡ zÆGÀú[¿$¦ Ë¥õ%m#÷±'XòrÜÖ,TküVDC "kNFú3NìáFû¨Ë;7°Nµ ÁiLcûpiÌ@QÊ&±£ì¯éh V,ÇDÉt\Ä¡d×?Ãª)*£a`ñMK%®k,m>à_\|9ø 6ve¸?(ßà]pé»çà«"¯¡<6¬i¸ßmÍ¢J PLægr5â +/n·ÞTûkzTÉÜÕ{ákþ\|H"ÐCÀcêÞÐÇâ¹mHv}âBc>îHä¿	success	1
1727545327.7815 CryptExportKey	crypto_handle: 0x00b4b478 crypto_export_handle: 0x00000000 blob_type: 7 flags: 0 buffer: ¤RSA2£p\}`§(R¡ zÆGÀú[¿$¦ Ë¥õ%m#÷±'XòrÜÖ,TküVDC "kNFú3NìáFû¨Ë;7°Nµ ÁiLcûpiÌ@QÊ&±£ì¯éh V,ÇDÉt\Ä¡d×?Ãª)£a`ñMK%®k,m>à_\|9ø 6ve¸?(ßà]pé»çà«"¯¡<6¬i¸ßmÍ¢J PLægr5â +/n·ÞTûkzTÉÜÕ{ákþ\|H"ÐCÀcêÞÐÇâ¹mHv}âBc>îHä¿[hNmÝ³ºàÆðÄQmBr#« Î.w_Ú1»yüÇy¨¬ds²6"½3¶7"ÚÑW;¸Ø¹-ÝHÐû`Rþb:æíî'ìw àÀ]ëi°0k".£¥Se)üÂ£¦ Lùg)hL½ëaØÓlÞYË0&noù`á0Ñó y·¯ü¢S Çí0gQÐ7¶§ÐËÿË¸-ÍÈÿÝ!ô°hðz¦¨¼=¿=Ðû7Û§sÙul4R{ä¼Hù#¬ãÐ±ÂÓ¼q¥³£ffÏXÖÅt]2)ÑÙ@:~OgFÝ+VÌmhÖÈF8¼O@5üê<íQ áª¹)þ~ð6¬túÎªkÕ?BÔ¢TóÛdsõÒaI±æ ï¶Â¾%²pÅê§;ÂM6¿KÕ©,äYÛI/x"ßÍ2òR¾X÷Þ< =e²ºi%óùQÔ·\Ýàqì7ñ¦Ë_{íþú;ºÂ¹gójêUBv¸ºXÍ1ð ©>õÀBüÙy]C\|÷¥§¥ú?þ¯oXé:¡: R%¥í/$bvÆøZ¤)=1Ø\¦9ë-ûJ>cô!ÝÁÓÒ·Z`²0Õ½¥ Æ´JËY,J'2@S¶Æó6Å&PY£8Î!öUÃÐ5.¿^æuaP¸ô"SÅEvä,æHÃ¸¦¹ê ÷Þ5â?¥·WäÎæN)ç½¯ÄjRAùÐãöu7>³dÕpk?:3âÖ÷`(1ÞEõEÚ¬Ï>kô¿I³`0D0peó âQÌ9Ba£RÀ«ß§µ¹ÖÍ¢ßÂZZíÏIzG}è8BÌZR¬Ì'º~ÿ¡ºP¹ áÒCwQ²·FkÌ=w4@gQ»´íÀf¾f;SGvª c[°+tqäJÊ7,eÙ» £2iÑ¥Î»ãê!'RoèwTÞã½Çöä´-µÅËÄØ ö0±mî/4¨ohóVyÓmdØC7}j\|H¯E$×>`óGªtÎïÆj ³:4	success	1

检查系统中的内存量，这可以用于检测可用内存较少的虚拟机 (50 out of 83 个事件)

Time & API	Status	Return
1727545328.390875 GlobalMemoryStatusEx	success	1
1727545330.06175 GlobalMemoryStatusEx	success	1
1727545331.75025 GlobalMemoryStatusEx	success	1
1727545333.06175 GlobalMemoryStatusEx	success	1
1727545334.374625 GlobalMemoryStatusEx	success	1
1727545335.672125 GlobalMemoryStatusEx	success	1
1727545336.969 GlobalMemoryStatusEx	success	1
1727545338.265875 GlobalMemoryStatusEx	success	1
1727545339.56175 GlobalMemoryStatusEx	success	1
1727545340.87525 GlobalMemoryStatusEx	success	1
1727545342.140875 GlobalMemoryStatusEx	success	1
1727545343.43675 GlobalMemoryStatusEx	success	1
1727545344.75025 GlobalMemoryStatusEx	success	1
1727545346.062125 GlobalMemoryStatusEx	success	1
1727545347.344 GlobalMemoryStatusEx	success	1
1727545348.655875 GlobalMemoryStatusEx	success	1
1727545349.953375 GlobalMemoryStatusEx	success	1
1727545351.233625 GlobalMemoryStatusEx	success	1
1727545352.5315 GlobalMemoryStatusEx	success	1
1727545353.828375 GlobalMemoryStatusEx	success	1
1727545355.1565 GlobalMemoryStatusEx	success	1
1727545356.453375 GlobalMemoryStatusEx	success	1
1727545357.76625 GlobalMemoryStatusEx	success	1
1727545359.047125 GlobalMemoryStatusEx	success	1
1727545360.358625 GlobalMemoryStatusEx	success	1
1727545361.6565 GlobalMemoryStatusEx	success	1
1727545362.953375 GlobalMemoryStatusEx	success	1
1727545364.25025 GlobalMemoryStatusEx	success	1
1727545365.56175 GlobalMemoryStatusEx	success	1
1727545366.858625 GlobalMemoryStatusEx	success	1
1727545368.172125 GlobalMemoryStatusEx	success	1
1727545369.469 GlobalMemoryStatusEx	success	1
1727545370.7815 GlobalMemoryStatusEx	success	1
1727545372.109 GlobalMemoryStatusEx	success	1
1727545373.390875 GlobalMemoryStatusEx	success	1
1727545374.68675 GlobalMemoryStatusEx	success	1
1727545375.999625 GlobalMemoryStatusEx	success	1
1727545377.2815 GlobalMemoryStatusEx	success	1
1727545378.578375 GlobalMemoryStatusEx	success	1
1727545379.87525 GlobalMemoryStatusEx	success	1
1727545381.187125 GlobalMemoryStatusEx	success	1
1727545382.469 GlobalMemoryStatusEx	success	1
1727545383.75025 GlobalMemoryStatusEx	success	1
1727545385.0315 GlobalMemoryStatusEx	success	1
1727545386.344375 GlobalMemoryStatusEx	success	1
1727545387.687125 GlobalMemoryStatusEx	success	1
1727545388.984 GlobalMemoryStatusEx	success	1
1727545390.265875 GlobalMemoryStatusEx	success	1
1727545391.547125 GlobalMemoryStatusEx	success	1
1727545392.844 GlobalMemoryStatusEx	success	1

文件包含未知的 PE 资源名称，可能指示打包器 (1 个事件)

resource name

PQDPDSFKC

解析可疑的顶级域名（TLD） (2 个事件)

domain	ns1.corp-servers.ru				description	俄罗斯联邦域名 TLD
domain	ns2.corp-servers.ru				description	俄罗斯联邦域名 TLD

分配可读-可写-可执行内存（通常用于自解压） (20 个事件)

Time & API	Arguments	Status
1727545325.1565 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00b4e000 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545325.1725 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00400000 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545325.1875 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00412000 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545325.1875 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x003c0000 region_size: 94208 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545325.2035 NtProtectVirtualMemory	process_handle: 0xffffffff base_address: 0x00412000 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.2035 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x000b0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.2035 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x000f0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.4065 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00140000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.4065 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00180000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.5785 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00180000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.5785 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00180000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.5945 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00110000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545326.5945 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x00120000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545327.8595 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x02500000 region_size: 12288 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545327.8755 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x026a0000 region_size: 12288 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545328.0475 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03950000 region_size: 98304 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545328.0475 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x024a0000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545328.0475 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x02500000 region_size: 4096 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545328.0475 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x02500000 region_size: 36864 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success
1727545328.0625 NtAllocateVirtualMemory	process_handle: 0xffffffff base_address: 0x03900000 region_size: 8192 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) protection: 64 (PAGE_EXECUTE_READWRITE) process_identifier: 3028	success

查询磁盘大小，可用于检测具有小固定大小或动态分配的虚拟机 (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1727545327.8125 GetDiskFreeSpaceW	root_path: C:\ sectors_per_cluster: 8 bytes_per_sector: 512 number_of_free_clusters: 1782299 total_number_of_clusters: 8362495	success	1	0

在文件系统上创建可执行文件 (1 个事件)

file	C:\Users\Administrator\AppData\Roaming\Microsoft\ozxuuh.exe

将可执行文件投放到用户的 AppData 文件夹 (1 个事件)

file	C:\Users\Administrator\AppData\Roaming\Microsoft\ozxuuh.exe

检查适配器地址以检测虚拟网络接口 (50 out of 83 个事件)

Time & API	Arguments	Status
1727545328.858875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545330.54675 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545331.82825 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545333.12475 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545334.436625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545335.734125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545337.031 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545338.327875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545339.64075 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545340.95325 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545342.202875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545343.49975 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545344.82825 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545346.125125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545347.406 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545348.718875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545350.016375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545351.296625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545352.6095 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545353.891375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545355.2345 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545356.531375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545357.82825 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545359.109125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545360.436625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545361.7195 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545363.016375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545364.31225 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545365.62475 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545366.936625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545368.250125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545369.547 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545370.8595 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545372.172 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545373.452875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545374.74975 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545376.061625 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545377.3445 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545378.656375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545379.95325 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545381.234125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545382.531 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545383.81225 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545385.1095 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545386.437375 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545387.750125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545389.031 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545390.327875 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545391.609125 GetAdaptersAddresses	family: 0 flags: 1158	success
1727545392.906 GetAdaptersAddresses	family: 0 flags: 1158	success

该二进制文件可能包含加密或压缩数据，表明使用了打包工具 (2 个事件)

section

{'name': '.rsrc', 'virtual_address': '0x005cc000', 'virtual_size': '0x00024df6', 'size_of_data': '0x00024e00', 'entropy': 7.568927203734149}

entropy

7.568927203734149

description

发现高熵的节

entropy

0.5363636363636364

description

此PE文件的整体熵值较高

使用 Windows 工具进行基本 Windows 功能 (4 个事件)

cmdline	nslookup zonealarm.bit ns2.corp-servers.ru
cmdline	nslookup ransomware.bit ns1.corp-servers.ru
cmdline	nslookup zonealarm.bit ns1.corp-servers.ru
cmdline	nslookup ransomware.bit ns2.corp-servers.ru

与未执行 DNS 查询的主机进行通信 (1 个事件)

host

114.114.114.114

Attempts to identify installed AV products by installation directory (1 个事件)

file	C:\MalwarebytesLABs

检查 Windows 空闲时间以确定运行时间 (50 out of 156986 个事件)

Time & API	Arguments	Status
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success
1727545316.5315 NtQuerySystemInformation	information_class: 8 (SystemProcessorPerformanceInformation)	success

在 Windows 启动时自我安装以实现自动运行 (1 个事件)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\wjjqhshsiet

reg_value

"C:\Users\Administrator\AppData\Roaming\Microsoft\ozxuuh.exe"

文件已被 VirusTotal 上 61 个反病毒引擎识别为恶意 (50 out of 61 个事件)

ALYac	Trojan.Ransom.GandCrab.Gen.2
APEX	Malicious
AVG	Win32:Kryptik-PSU [Trj]
Acronis	suspicious
Ad-Aware	Trojan.Ransom.GandCrab.Gen.2
AhnLab-V3	Win-Trojan/Gandcrab.Exp
Arcabit	Trojan.Ransom.GandCrab.Gen.2
Avast	Win32:Kryptik-PSU [Trj]
Avira	TR/Crypt.XPACK.gqcwq
BitDefender	Trojan.Ransom.GandCrab.Gen.2
BitDefenderTheta	Gen:NN.ZexaF.34090.ruX@a0slEzg
CAT-QuickHeal	Trojan.Mauvaise.SL1
ClamAV	Win.Packed.Gandcrab-6552923-4
Comodo	TrojWare.Win32.Chapak.GI@7q43kg
Cybereason	malicious.cc0086
Cylance	Unsafe
Cyren	W32/S-8d75423b!Eldorado
DrWeb	Trojan.DownLoader26.39735
ESET-NOD32	Win32/Filecoder.GandCrab.B
Emsisoft	Trojan.Ransom.GandCrab.Gen.2 (B)
Endgame	malicious (high confidence)
F-Prot	W32/S-8d75423b!Eldorado
F-Secure	Trojan.TR/Crypt.XPACK.gqcwq
FireEye	Generic.mg.648f70dcc0086b10
Fortinet	W32/Agent.BFJ!tr
GData	Win32.Trojan-Ransom.GandCrab.U
Ikarus	Trojan-Ransom.GandCrab
Invincea	heuristic
Jiangmin	Trojan.GandCrypt.bp
K7AntiVirus	Trojan ( 003e58dd1 )
K7GW	Trojan ( 003e58dd1 )
Kaspersky	Trojan-Ransom.Win32.GandCrypt.pf
MAX	malware (ai score=88)
Malwarebytes	Trojan.MalPack
MaxSecure	Ransomeware.GandCrypt.Gen
McAfee	GenericRXFA-NC!648F70DCC008
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
MicroWorld-eScan	Trojan.Ransom.GandCrab.Gen.2
Microsoft	Ransom:Win32/GandCrab!rfn
NANO-Antivirus	Trojan.Win32.Quant.faoimp
Panda	Trj/Genetic.gen
Qihoo-360	HEUR/QVM10.1.3C87.Malware.Gen
Rising	Ransom.GandCrab!1.B3C4 (RDMK:cmRtazpADvJNVE6BmZCU1nJsK4cF)
SUPERAntiSpyware	Trojan.Agent/Gen-Kryptik
Sangfor	Malware
SentinelOne	DFI - Malicious PE
Sophos	Mal/Agent-AUL
Symantec	Packed.Generic.525
TACHYON	Ransom/W32.GandCrab
Tencent	Malware.Win32.Gencirc.10b088e6

288x288

224x224

192x192

160x160

128x128

96x96

64x64

32x32

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2018-04-23 02:26:27

PE Imphash

022e75c8089eb1300c6b4ca118f5ca63

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0001446c	0x00014600	6.609223616681068
.rdata	0x00016000	0x000045e8	0x00004600	5.343275147271966
.data	0x0001b000	0x005b0a68	0x00001c00	2.498293467623795
.rsrc	0x005cc000	0x00024df6	0x00024e00	7.568927203734149
.reloc	0x005f1000	0x0000550e	0x00005600	2.014999663034088

Resources

Name	Offset	Size	Language	Sub-language	File type
PQDPDSFKC	0x005cca74	0x00018b0e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_BITMAP	0x005e5584	0x00006160	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x005ebb4c	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ICON	0x005ebb4c	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_STRING	0x005f0d3c	0x0000007e	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_ACCELERATOR	0x005f0dbc	0x00000018	LANG_NEUTRAL	SUBLANG_NEUTRAL	None
RT_GROUP_ICON	0x005f0dd4	0x00000022	LANG_NEUTRAL	SUBLANG_NEUTRAL	None

Imports

Library KERNEL32.dll:

• 0x416008 GetProcAddress

• 0x41600c FindFirstVolumeMountPointA

• 0x416010 LoadLibraryW

• 0x416014 DnsHostnameToComputerNameA

• 0x416018 SetCriticalSectionSpinCount

• 0x41601c WriteFileEx

• 0x416020 FindAtomA

• 0x416024 SetConsoleMode

• 0x416028 LocalAlloc

• 0x41602c WriteConsoleInputA

• 0x416030 WaitForSingleObjectEx

• 0x416034 GetSystemTimes

• 0x416038 GetThreadPriority

• 0x41603c SetFileAttributesW

• 0x416040 GetNamedPipeInfo

• 0x416044 lstrlenA

• 0x416048 lstrlenW

• 0x41604c WriteConsoleW

• 0x416050 GetConsoleOutputCP

• 0x416054 WriteConsoleA

• 0x416058 GetProcessHeap

• 0x41605c SetEndOfFile

• 0x416060 FlushFileBuffers

• 0x416064 GetLocaleInfoW

• 0x416068 LoadLibraryA

• 0x41606c SetTapePosition

• 0x416070 AddConsoleAliasW

• 0x416074 GetConsoleMode

• 0x416078 GetConsoleCP

• 0x41607c CreateFileA

• 0x416080 CloseHandle

• 0x416084 SetStdHandle

• 0x416088 InterlockedIncrement

• 0x41608c InterlockedDecrement

• 0x416090 Sleep

• 0x416094 InitializeCriticalSection

• 0x416098 DeleteCriticalSection

• 0x41609c EnterCriticalSection

• 0x4160a0 LeaveCriticalSection

• 0x4160a4 RaiseException

• 0x4160a8 GetLastError

• 0x4160ac HeapFree

• 0x4160b0 TerminateProcess

• 0x4160b4 GetCurrentProcess

• 0x4160b8 UnhandledExceptionFilter

• 0x4160bc SetUnhandledExceptionFilter

• 0x4160c0 IsDebuggerPresent

• 0x4160c4 RtlUnwind

• 0x4160c8 GetCommandLineA

• 0x4160cc GetStartupInfoA

• 0x4160d0 LCMapStringA

• 0x4160d4 WideCharToMultiByte

• 0x4160d8 MultiByteToWideChar

• 0x4160dc LCMapStringW

• 0x4160e0 GetCPInfo

• 0x4160e4 HeapAlloc

• 0x4160e8 HeapCreate

• 0x4160ec VirtualFree

• 0x4160f0 VirtualAlloc

• 0x4160f4 HeapReAlloc

• 0x4160f8 GetModuleHandleW

• 0x4160fc TlsGetValue

• 0x416100 TlsAlloc

• 0x416104 TlsSetValue

• 0x416108 TlsFree

• 0x41610c SetLastError

• 0x416110 GetCurrentThreadId

• 0x416114 SetHandleCount

• 0x416118 GetStdHandle

• 0x41611c GetFileType

• 0x416120 ReadFile

• 0x416124 ExitProcess

• 0x416128 WriteFile

• 0x41612c GetModuleFileNameA

• 0x416130 FreeEnvironmentStringsA

• 0x416134 GetEnvironmentStrings

• 0x416138 FreeEnvironmentStringsW

• 0x41613c GetEnvironmentStringsW

• 0x416140 QueryPerformanceCounter

• 0x416144 GetTickCount

• 0x416148 GetCurrentProcessId

• 0x41614c GetSystemTimeAsFileTime

• 0x416150 GetACP

• 0x416154 GetOEMCP

• 0x416158 IsValidCodePage

• 0x41615c GetLocaleInfoA

• 0x416160 GetStringTypeA

• 0x416164 GetStringTypeW

• 0x416168 HeapSize

• 0x41616c GetUserDefaultLCID

• 0x416170 EnumSystemLocalesA

• 0x416174 IsValidLocale

• 0x416178 InitializeCriticalSectionAndSpinCount

• 0x41617c SetFilePointer

Library USER32.dll:

• 0x416184 PostMessageA

• 0x416188 GetWindow

• 0x41618c GetLastInputInfo

• 0x416190 IsChild

• 0x416194 GetWindowTextLengthW

• 0x416198 LoadCursorFromFileW

• 0x41619c RemoveMenu

• 0x4161a0 GetMenuInfo

• 0x4161a4 DrawEdge

• 0x4161a8 DrawCaption

Library ADVAPI32.dll:

• 0x416000 ReportEventA

Library ole32.dll:

• 0x4161b0 CreateStreamOnHGlobal

• 0x4161b4 CoReleaseMarshalData

• 0x4161b8 CoLoadLibrary

• 0x4161bc OleLoadFromStream

• 0x4161c0 GetHGlobalFromStream

L!This 8Ptm cannot be run in DOS mode.
s 7s7s7s)ks%s)}sCs
<s>s7sMs)zs
s)js6s)os6sRich7s
`.rdata
@.data
@.reloc
^]UQVWj
UQW9t=j
;u_^[]
;u_^[]
V1W+W}
V1W+W}
WPF(R_^]
VSPQa)
^SWy0
_[^_[^USVq$
t-?t'|#A
s8^[]3
s8^[]UQV39u
Wu~nS]
VQRSm"
UQV39u
Wu~mS]
_D2,eA
~<9V$:N4U
:N 9V0
V0: N$
SVWe}E
@PM/EE
^UVWywT.V
F8^4^$FT^P^@FpE
P^lV^\
~p^l^\~T
~T^P^@~8
~8^4^$~
SVWtF~
Q+RV_^[]
@u+PV_^]
]tm9uiVj
@u+PRM_^]
_^[]UE
t'hDfA
MEPMhA
Mt$h,fA
YURMhA
5MQMhA
UQS3VWSS^$^
~$_^[]_^$^[]U
A$SVW8j
PU_^UVu
QSVWeE
_^[]E+@
UQS3VW]9]
F09^(u
SVWe3}E
2H0M@(URzuAM
PR ;t$E
1P0U@(MQ
SVW3h@
@u+=hu
VVVVVV
VVVVVVVVV
UREPMQ
3PMQPPPE
EP Qh@dA
UREPMQURj
!uuXj49
POX=_^]
EPM9hpA
Wt1t'P 
^0WWWWWI
VW3;tG9}
^0WWWWW
YVM[hA
,ffffffE
Y]3PPPPP
$UQQSVWd5
SVWE3PPPuu
 E_^[E]
UQSVW}
VW3M]9}
W6uuh)~
E+)E(VQe
3PPPPPEN
VVVVVf
]8u 5
U S39]
YY]jXhA
ESV3W9
u8SS3GWh@gA
39]$SSu
;~Ej3X
3;tAuVWuu
t"SS9]
EV1Yu(EYY
3;tuSW.
PWu uo
e_^[M3g
Mu(Mu$u u
E~-8]t(E
G;~@@8Xu
WPEW@Ph
~S8]tNMM
9M~MAAM8Yuh
uYmuuuu3
3M_^3[
DDDDDDDDDDDDDD
YYu,9E
UQSVW5
;r@PuYYt1
tAt2t$
ffffffu
3PuEEd
3PeuEEd
Y__^[]Q
3W;to=A
7YY~PE
uVY_^[]
USV5`A
t7t3V0;t(W8Yt
V3Y^3j
Fpt"~l
3;~,Vu
Ou^_[]
SSSSS3
@sw_trPE
3PPPPP
SSSSS:
CH0EhhpA
3PPPPPo
0CH0EEhhpA
vP[YFTt
vTDYEfT
FP~HNu&FP=`A
vTYFh^T^L^P^H_[
H(TH,X 
YP;s,Vh
3VVVVV
VVVVVd
3M_^3[T
PtYYptCHM
3PPPPP0
Yt1\pCH(XYl
1CHM_3[R
~ChdpA
hu3vSSSh
;tZ~Ht37xP
DM_^3[7j
SSSSS'
^l|WYFp
WNWpYYE
t3@_^]
=csmu+$
8csmu8x
t*9csmu"A
Uj,h A
EPZYYE!
>csmuB~
YYtaSVT
LYYPV3
YYt)SV
HtHu4j
t+>MOCt#u$u u
EPEPVu WoE
;Es[S;7|G;w
@u"u$u
;Er[_^
YuO39~
QYYhpA
EPEPuu WG
(u$]u E
)u$u uSu
tR99u2y
u$Vu u
Q 3@_^[]
S3VW;t
^0SSSSS
3_^[]j
Y0^]UWVu
DDDDDDDDDDDDDD
F$|3@_^
MOI;|9M
SI VW}
HD9#U#
MLD3#u
]#\D\D
1E3PeuEEEEd
Y__^[]Q
:E_^[]E
9csmu)=ppA
t hppA
eYV5$A
FlvlYE
YYt:V5 A
PtYF4t
PfYF<t
PXYF@t
PJYFDt
P<YFHt
P.YF\=xwA
~lt#WY;=A
ntehU@
YYt4V5 A
eEG|@|t
VW_^]M
Ej@j ^VYY;
[j@j ^YYtVM
x;u VVVVV
@SuzPyYA
Yt0tVVtYPkYYG
(48m3u
\dtWitRotMxtHXu
Aj9ht(lt
 \ntJct
g~Eit!n
ldt^xL
xklltfxTX
0P|PCST$
0P|PCST$
xklltfTxX
0P|PCST${
e0P|PCST$
dtDx-u,T
-0P|PCS
x+u/llu
xklltfTxX
0P|PCST$
YudtxUX
dtWx@YYL
\ctN\su
]FE f/^F<-uBt>
]t7F:s
HDx+u'lu
dtCxj0^9x
x<xtX<XtT\x
dtPYYx
FD@tWPjYY9@
x+u'lu
\xte\pt\
\ou"x8
xPYtr48x
lt5dtx
dtxYY`
\xt;\pt2
lt5dtxXdtxYY`
f>HcGH`<%u
GxH;ul
GH;uGtxu
?%uDHx
VSVPVSy
Yxu*<u
`p<[M_3^
uOVYt.VYt"V
jXEU;u
Y]\3_[^j
<at9<rt,<wt
L9]u<eE
F> t>=upF> tj
Y]3u;5@
4V0YY 
YSVWT$
URPQQh<@
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
QPvYYu
3PPPPP5
@u^VPYA
ItUhtDlt
HHtXHHt
4itqnt(o
iYYYgu
DYYY;-u
t-RPSWv
0@>If90t
@@;u+(;u
u(9t M
`pM_^3[$
8csmu*x
YYuBh]@
VW33};
VVVVVs
u&h@wA
3PPPPPs
V@Y<v8V;
3VVVVV\s
VVVVV8s
;t$tj
6<YP6S
Yu=@A
EYF`[_^
t.t$<"u
C>=Yt1j
tNVSP[
3PPPPP7p
3Y[_^5
FA>\t>"u&
uUEPSS}
=?sJMsB
Y;t)UEP
SV5<aA
W33;u.
SSS+S@PWSSE
E;t/PYE;t!SSuPuWSS
u7lY]]W
u+@PE|Y;u
E3E3;u
WPWPWv
M_3[ej
whu;5A
8]tEMap<u
Zf1Af0A@@JuL
@;vFF~
XM_^3[`j
0M}_hu
P'eY^hS=`A
u4YF;~[
-WWuuj
WWWWVuWu
#~YYE;t+WWVPVuWu
oYEe_^[M3
EPQEPEj
SV3W;u:EP3FVh@gA
39] SSu
ESlEYu39]
e_^[M3
M`lu$Mu u
p;t_3FVPPzYY;tMSpxWu
;u!9xt
W-^YM_^3[}
NQWVPi
SSSSS^
W]Y39]
Iuu}]U
+EPRQL
3SEEESX5
PZ+tQ3
3;v.jX3;E
WWWWW\
]5VWYE;t'CH;r
PSuqSVESP|
9}uH;u
E;t CH;r
PSumqSu/
t4V0YtvV YR
S3;v(j3X;E
WWWWWDY
Y+t"+t
+td+uD:}
3PPPPPW
u@OdMGd
uwdSUY
Pj1Q3CESPF
Pj2uESP
Pj3uESPt
Pj4uESP_P
Pj5uESPG
Pj6uESP2Vj7u
F Pj*uESP
F$Pj+uESP
F(Pj,uESP
F,Pj-uESP
F0Pj.uESPP
F4Pj/uESP
Pj0uESP
F8PjDuESPr
F<PjEuESP]P
F@PjFuESPE
FDPjGuESP0
FHPjHuESP
FLPjIuESP
FPPjJuESP
FTPjKuESP
FXPjLuESP
F\PjMuESPP
F`PjNuESP
FdPjOuESP
FhPj8uESPm
FlPj9uESPXP
FpPj:uESP@
FtPj;uESP+
FxPj<uESP
F|Pj=uESP
Pj>uESP
Pj?uESP
Pj@uSEP
PjAuESPP
PjBuESP
PjCuESPk
Pj(uESPS
Pj)uESP;P
PjuESP 
Pj uESP
O6Ov Ov$Ov(zOv,rOv0jOv4bOv
ZOv8ROv<JO@v@?OvD7OvH/OvL'OvPOvT
Ov`NvdNvhNvlNvpNvtNvxNv|N@
V+VMYY
73_^[]
V3W]u9s
h3YE;u
PWKYF ;
PEKYv$;5A
V3KY^]
W3}u}9~
ffYE;u
SJY89~
CfYE;u
C PjPVEj
C$PjQVEj
C*PjTVEj
C+PjUVEj
C,PjVVEj
C-PjWVEj
C.PjRVEj
C/PjSVEj
t$SSTIuLIuDI
S3VW;t
^0SSSSSI
3_^[]UV3PPPPPPPPU
3_^[];t
^0SSSSS)I
U3S3@9]
|FVWt>E
t/uV2H
YM3^ej
r3@]3]
V3#,aB<
EVjxEPE
6WVbY;_t3@M3^
t,PEP6I
Y3Yu/N
t;6`Y;F
t/EP6G
M_^3[Db
@[EP6FG
t*EP6 G
PW$YYt
USVWh]
Vj@h0~A
tm=\aA
t"3PPPPP*@
t,j@C@Ph
vP;Qt}
XP;Qt}
9P;Qt}
xP;Qt}
ZP;Qt~
lP;Qt}
NP;Qt~
/fPf;Q
iP;Qt}
KP;Qt}
,P;Qt}
_3_^]X
ru{vnM
tR:QuMPt<:Qu7Pt&:Qu!Pt
@AE9]r3_[
+UV3PPPPPPPPU
B(;r3_^[]
1E3PEd
Y_^[]USVWUj
H3bDUh
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
W>+~,WPV
Y/V|Yt
gY}3u;5@
tVPVC|YY3BU 
4VL|YYE
@WuyV~YA
a3WWWWW
M~-E9X
eMapY_
E`p:39]
 EU_^j
WWWWW[
u&p]8V]
S3;VW|[;
t58t0=@A
]V3;|";
u$[0p[VVVVV
_Y3C]~
u}uyG+j@j X5YYEta
SSSSSN
tGHt.Ht&wX
^SSSSS0
Y+t7+t*+t
;t0;t,;t=
uEPuuu
SuEuPuuu
$ MeHM
;tSS6!
tSSS6#
E+PD=P6
[b3u3}
_8VVVVVt
9ut(9ut
u.PSSSSS
;u.KPSSSSS
MfMf;u!f;t
E`p3^_[
H8]tMapUj
u+GNSSSSS
NSSSSS
E`p3^_[
H8]tMap
V34809u
;u'L0LVVVVV
u&L30fLVVVVV
ca@l39H
P4UM`8
P9Yt:4+
<PVEP(
r3VVhU
QH++PPVh
,P+P5P(
\D+48;E
aF0?@eFY1(
8+0_[M3^%j
WWWWWf
3]V3;|
DVVVVV
^SSSSS0
f;v6;t
Map_^[;t2;w,Cj"^SSSSS0
_WSVuB
0;u,KBWWWWW
u+9uv&@E
E`p3[_^
tGPIR5(
<RYYt,t(
;t0PQYt%
s>VVVVV
VW33G;u,VVWV
3;tuWu
t VV9u
e_^[M3
;t_+^]
u.;SSSSS
;u+b;SSSSS
:YY4VE
;t+^8]t
UV395`
u:VVVVV
S3VW9]
u.f:SSSSS
v(':SSSSS
E`p`E9X
8]tDMap;E
;t+3_^[
UV395`
u9VVVVV
UQSV3;u
^SSSSS0
^SSSSS0
G;r3_^[
!8WWWWW
WWWWWb
ENHVUQY}V*YEE
WVYtP 
L1$!_^[u
1VVVVV
EV395A
tVURPEPQ
RQMQVp
Map^[UWVSM
^]3PPj
B:t6t:t't
B^_[%`A
bad allocation
susabohenihideyadi
berifezidawazu geniyokuluye sepuhe zimosafodidusepejacudagemuvafa lomiseyicuwatitakoneyepi josudotakupovete mulavifiposo xohilujusucufu %f
zeruleviyahudejitafe.txt
pijiwagekuwizumedelocifucavoxi lituva bujupexo go yixu hapikosihemukuxabikugikijabeso gutuyo %s %d %f
zukonipihowusoceguto
xarukulurazapunekucedolapedubo jirehebe tajedara
guluyo dawohuracuremaxojo sewumajame pozoteramexi zosimakeluxepu
De vemira zelerinekabatigisojerojezoto lupasisulimurimejozuzuyuwako capavayifirebiguheyihemesujuke
bad cast
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
bad allocation
string too long
invalid string position
Unknown exception
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
bad exception
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
UTF-16LE
UNICODE
(null)
`h````
xpxxxx
CorExitProcess
runtime error 
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program: 
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
britain
america
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
AddConsoleAliasW
GetNamedPipeInfo
GetProcAddress
FindFirstVolumeMountPointA
LoadLibraryW
DnsHostnameToComputerNameA
SetCriticalSectionSpinCount
WriteFileEx
FindAtomA
SetConsoleMode
LocalAlloc
WriteConsoleInputA
WaitForSingleObjectEx
GetSystemTimes
GetThreadPriority
SetFileAttributesW
SetTapePosition
lstrlenA
lstrlenW
KERNEL32.dll
PostMessageA
GetWindow
GetLastInputInfo
IsChild
GetWindowTextLengthW
DrawCaption
DrawEdge
GetMenuInfo
RemoveMenu
LoadCursorFromFileW
USER32.dll
ReportEventA
ADVAPI32.dll
GetHGlobalFromStream
CreateStreamOnHGlobal
CoReleaseMarshalData
CoLoadLibrary
OleLoadFromStream
ole32.dll
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
ReadFile
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
CloseHandle
CreateFileA
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW
FlushFileBuffers
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
0KBjOv
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVfacet@locale@std@@
.?AUctype_base@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$ctype@D@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVbad_cast@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
i#pE*^
nwq082z
4R}qz\!}
8yQ!r$'n6{
tELj,Tv3!Qa8
Hufa\qW
abKLHC
w`n8Hh~
3zap0&8
prbHJn
i^Ls`,
_B,O_<5h
xO(X-kF0\1U
=+8bzn;
V)_-$
NI)0!;
#f&k$Y
2{Cv#S
UA$kCn !#
F3CPuzw
;?{k/}zz8
odK"Ia
}Id*W P&
6VI!VwK
m*i_Yy!
{ZT%}@T?
XMq+Me
,{Ya~=
s\Dd}U
J^mx0m_k
*nD`$G@M
%8C>$qc
zWf_/4s
w"F0lj@49(6:y
<})a5[t:
]}:K&CFiSl9
}R[I^3L0
nD6)gJzA*(L
Vv`O0n''<
WjzFFi|[;
Bp</d$?$
/ouC:0
9[m2xK
E6l^^X
EgtdPz\mwt8
_6'2,YmWKLB+
pe?<|}5
 8Xgz08RRPr4rcdl
Dwp#7J
|%"qV>|| 
/N=CG?7;
"T.(yHT
ST_3.-
:F819Ls7+2O
M/EGW"
sXW~x8v
BWRHX5s3
brQ'=D2w
BRI"#;
DFu8YkJ}
v?;F4FuAy
9Q5V;9Em.j/uz
;l.@[w!
z!Hx*-P$,@l+
'G%B{f@m1/naG{
E=^wPR
A /\0~t6k 
jrq'1<FbT
0`.IG!1TO!jU
f;+qiP
s"Vuo"
,#OJD<
|gdHN[5,
**$ bEH2{Rd{016*
W\o&J7T^
&*s}z\\N.R
gCgulNfg_6!
@Jr?. 
7rsycB
*v^mOU
My-qy^
8wfMlf~
Z2,,j/3oI
I3z'k-mQ
'a_=cD6
2)*9^-?cHp,_^(
Y}$M$\%pX
Kv.yX:mE[T~
G%HyQ7
3T<>^
(SAI<k2&r
.]S!mA!<N+o
|%>CxY
.n9paX
x4ium!
roMD^],/
9}}"hEg
.Xk<7f
OSaz%"
+)|2LWiv
!Lz(#h
R:d4T|n?vS8
EMcOjlnpiF
8elJh;d<u{/mu|Y8qp
o^dQq=0:
"XhH$z(&t-i
`vrz@tg
1W-s#xt
n[H~o!~W2(W
0$j!o{Qz T
C]=o>
y_...
2K`i/H4*5
KUL5{O@?LM9iMvCV
gbU8@Nd
BxMQ4,
tgm.#!
Q:\k?%
~B/BQp@+DX:
%')n.d{IO(/
juj#}g
sl;'L~Y
6MH$b`
"JI`2 
O(48@A[
u[^G[J
S:ZG+ahzL3kN
XAU2C5
#vTfQ#SV!]z
Zbc)kmQS5
NK(9}8
D5\eJ+\lA
mI.vXDc}/.e
i@GI2'.
hx"@+brMd
Uflmbd
@/}mw
d0EWj%
m/,@XoU
PaVufy
%8+4,J
.j:_[r
#9)T(j$)VTEO
askzgTG
/0l<Z6-
%tL[K+er
]6y8D^Vj4X
 zlmJb
f}!&lDm]w>f
)}<zE=cQjvA
=7dfM}(^
VT+]M*cz
f*:J>$
bt+n6Dz
dlgn4Ye
zJb(X(=Q(3~&
#'_'"wV8sOA5*2V>
u?HCeTJ
JDoE|[
-;wN.s`7
?p4F=(
caRTO\
EV)xip
pkv9x~
*_ZclJFy3
w&B8o8
Vm.4dm
m_pA@E
SqNjLdVC-
W"5dc%8
Z_zWdQ
\HH%];HQX
-_/$030
/Q^`VE.(}:;
|y{oqX~G\
Q'er!(D1X
'|9*HD)
@jNlL*0n2d
t)f0n3
G={3e9/
SVs$?!R
kf@,Qm
n:o;omJy
jAe)`(W37
3s\[<'n
WT:|pcA4LWH
UP^"6`<
FYL;qjU
Li";Kq|
:"B0hSLP1cV
CmH{:sNS
r<Py[&mD571-p3p>s
1y#S#z:
_d&u5UA
MPo|W\`
U4d~~D
BW5G)#kddaOt
CIPF/l/d@!
Rb3`CqA
xFQAPi
L${p">Et\pau,w
 B"OMIA
I!(,/Ag
s|]Iqf
0hH1]9U`,gP
~-n>B8z
3Gj)ev5&OZ
5fh]?(b
qpL(Un
=L2uq`
/."1nO2n(Q(Q}T
`yM:Vf5
1[lx1$b?{
7XNr3l
@&aGXy
*L{5X\\jj2^yc+Y
#vV:dp
pR]EQP#
pD`ndfT
$KZ!#14q
3z9y4NmU
:>f6z`
a53qwF
2u5JF05
m3fRL;
&Xj#%{re0`Yr
R2]'L5Z
3J4.JXz
@hKqTd
IQd{p^l 
{fUtY@I
s5ymbV/W
C@aH;<NWX
K/^MNfEfHizA=
Pcl3't
[3`0D-
PVa7*~5
h!D:V4|[kA
n}D.-:plr
S>M7I*kp|
DD9l?!
;\`l%qk
;Q$O(8
,?B~i56
:DXm"[
p(Hx1B
e={mzI0}$
)A`sjI
gH;=l@Eu8#
Bx49\:Nl`G
PZ/)hr`$80
93X\.'@h
Q]0Qof"
:mwoB~*
"V"XoE73
o$nOE*
8Had#D{\Z
WcAhph
.2U(/liv
H4MLZ,ld
Le}NV<[
,K["#I~7
F&7T6K
u$(8]"*
a`5BBP!t4,""h5
!/R?rTi
`aw)Z;
=8^T\baYyt@c 
_-De-7} 
b@-<vK'pL55@ a
;$0>0i
m[w\,<Q-tUum{m#
pc0.XA
yyE>MhI
k@5r]27m=]
Kl?uypa^NQ;CKfda
JeZN9v1}
(7&tr5fy}[G
5}NEET6_4.x1!
A|[Xah\JU
7Cd98}
-S^@J,
B*`hGwSs
>-:~1z
!qn;Krx
jlpVU`t }
O|1Kvmi 6vl
*gv<ZxJw
9yR~ 9Rh?r
P#j|Fm4]rzQ:dv@NB]:MV
H{m3%t
YnEPc+
c5Dn;@3aS
Hs1!"9!
|nXhZ{,3K<
D[8k9,.'8S
H|wxV\a&n_I
&KA6_z
5`5Nie
@}+G~f
SomL^4
2M6adyu4&
LJ.>K0
r'}=G#D%
gJWl77z
=?i7fd
v$4/uMt&^P
/2)\C%
&|/pQ&j
iI+!0>31
0Y4MbaFJM
(7ldWr?
oj_pJg
707r32
h@,_2`3C6Y~Q>C
(mr.*vj
RbOrVSK-C
{/)z7=C
wP8e\B=S,$t8
2G[pm#UGd
rP(9%Zy
<2j@LR
Cx1Dn1v="
`,pvD6
zje)!{Unt26
^Njv@(<&=Q4<84
JMLH2[W
tM,k0mx
]\l/K7qIq
5HZ>6U
ev_(40
9(-HFAD`b
D~KUq9
HyPW;
c}XSQk
j=Dh^@
YWnsKc
$Z>0LsN
L7!*~g
Ka@zwF
{'VD@57?e7F
B}lTI#OmSC<yI
T4H\v+
*8W^A6d1
+]BB6'
75QECl_
B" d~ct
&|N)@*Y
ngzo~E\E3VG
C\vIbL
m9Sf5<<rR!$O
WRM+e(SMR
DA-gVb
xlSxYY
dF*,5z?-DD=
]&(Ummf=`
CT^{xbv\yBb|\
AFXjF!"
7.1!(H
~V}?u.Z.Bq_f?3
hoENPv
tCKv[pL4y
j*D!;,4{Z
*>q'['F*9(qNX
Aa>5;'
v~_kS0
2lkXP_4>p")
c$%_."
M\DDSk
^T3a&pXL{
<h B]Nh
N4t%&BP
Fm_CA/&3
I>Y8I^8h=
jd/A7&W=7
hDac})
i04>PNFsc9lv
?PYs#X
=Fgqu9
[1D4.Sthki
TIl Rm
zn<^+lAiF
x6snSh-7s4Azg}
mh0Zuz
L58vo:uWKguATq
aBcy0Z
'}!.hi-:<
s3d@(/}]A2n
p#~ex@
xbv5#H*dq
Wo{J)r
Pd*)xhs%Ym
{4*w i
%p[K'8h
UbKfcvcP*]t\YE We?{_77
j%WgMd3]O
0"}UF!
?4GkZ2iA
PkwI.`
vNXqZ{B
dq4YD`
y>k2:0:
\BJ`=y
gUh`km
`!LpJ.b1(
LX}}O^G|XjMHm6Z&]mDxz
 CGH`T
.FF}KU1_-`.m
=u2e;=
(#jQ;
s1cn9vJ
Umtx84@mc9
d"}G D
|V>,#oTuV
IBG$:TX#
l~TJ,p)z'BE
1x|Y>4dtz
,r}Hg\N
|ZRW[C9
nB\=WN
e)[*-_k+6#
@o0:>n&
nh@# [M]L0
TXQ]d^VU
38bd_np8li8Fe!Q*
=[UIye(
}\WCoJ?@>0
7hn!>:VTGMkEdS
i{~d \
8<Z6NaM!MOm
-RC`'}}A<
x|5?H@b[
N$?Y4L5c%I
C;sr /ELCV-
6l[']CSB5
C$>Q,WM
(Ql}/OU){n
dEf`n|-
%V="n_-MH
ne1kJws
z3BDc&=V6n
L.z3=^D
&%tP2tJ
tu!bQ'C
#{>f"hq&d
;9]G}Bg@
v!]K??N6"wT
#{9d'G^y`ww
whAU~W
dcv}rE
$T-Zn#A
!(\t#
[4SX"E6
|U*^o3fbD
PeQ-F8WX~aH
T2/RC4[
h kkuTppr`OLfG
o9^`)$
ylb-0O/9 L
E}zS~Zxt"@Bf
yV\D1C)
?]0;^DEq;5]v}P
+mQ2Wx6
D]V>`gM3|
dzR lty>
>De,0cw(QERQS>oDiyC;[t/+3
$+c1J:
9fo%_t7?HqL2
wQM 9
G1L4Z
`2Ydm9H
95!u.J:q:LM#"BI
GA+ JlC
[H.m'c73gG,\>:
i7u4v6
U,!>O#
Xc[~yyZ
b&zGIi
]6'?t.!Jx)Z 
=xRh']
I(["ar
|A6nI1h
xju6<P}Q:R
@><LS"W
MztcH',{W/?AiZ
QavfT^Dix!qzO
[[&mh(bek
KX(\vqtD~n7O
LO[V3H7.EVQ
=0<N(s:1<gc
:Ha\j&c%.D1Q
oZf&[>8
utt\<7w
/1Fe'9
|T-D#z
:r!@:)@
U:Oyvuy?3~)
W]Bsg
g~6^PU
F4LN%V"wN
1N*h|E=|
rl3])M
4H3.y(
l3#v6>
([[@&3sd"uDZb/,l
mL1+)rZ>~g
s?#PnD
w2869T52UZ\w$#FEV;~
|d_\ta
vq(-x'l
T;Bm./
EW`>73
O"kq G,:
60Q#Ju;,]c$
|~i $\|LfDZ/3eBlrF9lIJt
}`[d$
Mw x=-
gOUEsi3M
& 'MG'o<
F~gB}o'
$yFx0I
H2LK[p
['$R+Zq{M
yTgtnP
AX;1Lp
]6)t^n|}
z_/Wg'[%$Cv
Cio/R{
X7hBW_
BLI|A
S7FP|O`
[R,5%vG7
RNnO5c<k5FmMA8F[
avLZ5`I)
f;.4GU=w
5kSB%KlQ
'N!k$6AOG
&P,y]t\q
nHY./Czn
h`\ESErOwq
I@N eq
il8Tx4
U6R00-.
AoJq+}$L+4D)
j)wG)X+J
fRUs2M
W3tK#B=gg#
W+1M*EEY
fJusxNHe#o0
f'@N/{q
7+Qq*1
j> M!d
x0!/ees
e5pE{&u`
=M>jC.
`bq4B~<
 M7f>b
%V[)}i
n+XzF]6
c2+axn
7>~_2D
)W+2+1a5DL
+v9+oR
R"u?IA\I9y
UD@wZY1,o
_I`.GC8?
NeI%no&
0f2-e9rnN:=6+;
JX0gfV;
D_1<bMplh
d{u,U$1^Y
{.GyO$
$Z:+M_
`\^3h1x1mBD,j
@14gk*
t`Rk;dV":
32@aZB}Z9Dw
}H>J=uiH\j
BO"L)&|b,B
CBOO]wf
le_6JdiS
0AJmq8;B1"PS)
P;/To"
`BUZ )Xh
to#9doB2
pp}>WiQ%Bz}
,p{[A^B
!zic&{K(
8CV(Q*#oG^
2y?4g4Fx
MyJ|79[
{?"06In~QCwlTO<[GR&{r
eKZo;kp
&5B;[6
$p iR|Z;
X-(bem4dKp
?fC0X1-f8\
kVpcL@<0
"vy9X`
090g<f
God$Q&ng>Ur
=4Js@Tk`
zka9/XER0KIV9-V
3Z\XKR"@Q
)m:kWKQ$
l%!3sk
e^KO*[y[
IH(C}H
#Q1gF3.5,f
7G"G%f
JJ!FS)6@
"EMr&!nMc;
#w!I$n
iw\ If
&9/u+1h,Y`m34&;
'xS]Ln
r,x_u,
STdy!Q
B$%-&3&'
dwOeC'TM
KH#4#Op{}
Y mn0]
~HK73XeCM
&dfW;hH/ls
 >^+><rR4
BT\8?5~W
ZM3ViJ
]rsuca5u/I{
&gU/BWi
_%-np*SkU9
Pajo15
-xkTWg
@~><h%B6
aiYoS_
SB~=r@
7SIOA\~jHkk
<Y*Q4%
$"/`G=
sHt97u
Lhdz_:,X\BU
P 5>L(b
kFxM<sy
$D<)9fa
KC-`r,@"+<"
k0?"!'
<2)%20t
Uac>VJuW2X
qbb}(xnOg:?v%76Xj
h1(dj-0
%@Mdin
M8lX27B
6gI@4:%
LhH_=BRZ
Pk=p,q)Ab6
EH1!3Vj
@:yKG8O4F~
M8f1jlE<I
%+P9F*8+
cq.`|4
_*@ qP@
I}iq/|
ZEw7,h
pB#|ODh
}(VrNwq%
>(WP~e}?J;T
&cYE,_~W
O-[$]fR^!
?z75~b
h&Bh[l5:
g Iu@N6N7A
v`;}=~h
y.,Gn`nD
_q"Xf.qwI*
F8~F3g7
<?!/sg]
X:%H,h
#)Pcf?
dE1b{I?[2
F<~Ya-D9</
Kr?~u
\-GBnuy1F}J
"$1*aG<B U
govqJ?m#
JmMZZk
]f{7P>3
UA5J4]
T`>X`'Jgc
-g5yi%;w
5=`mC(:=
rzpK'm
gzTI:XH,2
dQc[G(p*
r)BX5]
X$"fwVOJ$!
(|sW8y'yTl*
b&2$|}"Ap#!oU
}>e2I*g
@(S1J?
"tJ_0Gm
):'x=WR=lo
S-]?LsVLZ8FArs5;gm
H`d5UH}}O
x9^&f&b"
pSRUk?*>
7j7i1)`i
q {&g>
zO',LioMhZS)\@\L
ylya`2
;vb A}A
]AB.I[
yq=)V(&
wB#(!4\
VH*OR[mY`
9=KGC}m@
`{$gNM
?NwIW-E82M:BK]
]L6`XEDn
++iv-a
zb'p|98,q6
m<_\lov!
so+![ll`Au
s"'e^L
uhY&X-l<
8^;^L
d"$=1;L{q?v0
c5Zc^hg
Q:b!cv5G0
?rsmu};w
[-[h=C
yMl:wOA$ZJIs(l`y
~$9<nz
0I$p$*
t=uKE[s41v
V0S\Hm1gv:A
k&j|-Bv
r5?{gT
,Eg5)o:
5c"1yMN
L%UMuQF
8KS5;h6
E:@B(E
b<s&,0Aa?O)NF
3De_h>
'0_kn<j\
$UR=:.f
I:H<jZ
&..@-!<sj
Ww\wl@Jl9
^w,i]\Zl#
7;Q\<7H
KTH;s Q?=i<
[?{.+eC')|cg{xD
"Ip/;H0s
wQQa=#Gcf0{$EbUs
rOh%Z`m3R9kW([~t
a[e]6B{Cv
8ao l4g`
rdXklF~
JIR%h{
Hs<|t/
J9f,ln!-
aL,FmgY
+,#i!]
wH]?Gg9
,P>"Og
x_}]0*
6,ot[=!
QC|/ooR
*f+Or-8oaH3+@V1+j
Xrj[On96
F3*)/jS
4z=4]dpo
`xd@}Ro'|Zt,!Q4ju~dbp
KFYXEKDv|'slx9
zN:xw<3eERr
a$ItvlQE
I&Fy2<
ebsi F vr%C
wu/~-J[
F|hYU)-ZK518O
F^1p=%
0\wC5"tz[}Skin$
@cJG5n5
xoWZ[>6[6I
FP?uhu
x(T4Bh}|
{$C1b.[(3
J+(i!zxk
>?^%%8Yku&
-}9\NR
nLcIX8~
FPmo)P
_9K%z17a
FX{5hv
;~y)Ej1HSPW
K74{`~%O=3&
v#pKm"
Rebg3,D[
C$;GhzeVC#xn
CFlqI0s
b5x5Du
C>{p=,z.
U>w(1R>u$y
ZE$[VsX^
n(vZOQaS>f0v
BhT6e1
&t(U=,b`
=&Gn`@ 
BnuEEk@Q;9
a*1#uJm
Gll^U{
H3bnDT8K&<
4mHOz/m~Mk\o<B
IXOS!n
~IxM`N
aiM?:9J /
y+@S'4/r>
{t+G/5P1
U}rzQuq:[9
ch2Y`3rnZ[{,6D
<o~/|02ciQb+W
MyX3y'-C
E%LzrE
A] ,>/,
;ElT'J3!
7SXti*Y:3x\'Tsdy1
JRBVTA
azYa\c0@sM
8]e//z
 5DY$"z]KMP
W0Gx4wtu_
Fd>u+P<@GO8 Wf|
`7BR3] B
]d<%b:Ib
O/SIx5aH
jwzjY/6a
D61ZJ$LLkJe
"w!v7785?qOR)
lWpdsw
gU GY@sv"!
)5_6xR
IT.|V&
[3(0"t`
o4sGfK
jCaa}*5mYj46p"A
Rsm3Tx?0>~*
0}5k \6
LR7]JO
%zOE$f
/onDWfYU
>e+#H4
Z#rHs;8
wlXc@$
%j}0y!U
s/CJX"
aLM;LDU`m
a8B23rL
C=!}7J
=x3Hn~x)W4L
Nhjvj0\$
|I3Y1XbKOB{M
dtJjKs_
6Qe(Pm
krv?,_}nIh&"K
Sa"4]G
,j&cnn
D)}LtV\
C$t\C*-^.Lol'=:t6T
Yn K}6FKR#=e-i13
##f(-BEm
KcJ,iT6
Pfy+"
13:WKN4
j:m{:-
JRxFB(
T'BqJjy8
JzmJC.q-v
*b1x(`
 _FUlYv!502
^SC=c6
q-'Ay4G
w%g<{;:4
{z_=s%
`t?Q/HC5
HZtv[C
_Aa+d
'CTy(L1
9Si;?7mio+
\+8/&N|
=QFFt9u9}u
V(zzUy}TX^q;c
O|4Ppv>UeWeg@
j:[8^O
[M[i]IW#
ka9-#%0e[
0QrD:U
E?iG]{`[$Y
/,ZIjro/H
a18 P(Hw[O
.D@l80<S~"R
Ing3yrm
,J-d]FQaf&@
FGY"xa
[=D4Bs
8Stz_5B:vf
*:'\PD$L&q}>fc&
+OVQ9 o;;
pky)>G`$^
=pTV/>
5@Ssnoi
s8u((GSrzw
YJ{J)`@
(9jPh;C
8y:0nV]C|].
EJ!'~n
+i\r6i4;':&*
\@iW&:Ro%@_
aG".M*
0>@PHQ5g8A*
UoA+#7
~QNcr'
OMN_at
9[8SdC{MFsJ
v9&[`&?
*-u\),:NFo&;
q"V9corolfBlgdM
[gxfZ 
hsMVtP
!jB2~9Q
Zn:\3:<$
|3v[JKga%q%
fp{WB]
4z/2Dg^_hg
Mb E,ZA
6xNk!$^!ChG LV
0y,U"B'I[
n.gVB c`"
GR&HJ1
brz82(
Asn(am1GtQ|
 pucd!|r=Q
MG}H6 Q
v"Ok\@mT_i$sX
\xhg;<<
0Acy+d
Z)O}w6
JD#Gt>`#;=
.B5)Sn{N8f
tM/A'e
t!KD+D
4'P>}pl|
sqc}6&rgrH*s6^
o,KnCQ$
"07zu#U
t;nw6B=C
wR\Ny7"r
#9Zm|f
mRaO!'
cQZX| 9ZX$
^@l}]Yz<2
Zb{,yN
Ca4JrH
p\a0%D
[!Q%>,`u
^53M`#nT
 4]<f]#B
5dY,pmzw%
SHULbw9S
H-:uz-
\#L;S;
h<SD's
urT:^T/%tZ
?0']T_
DRG#+#
63:1f>
wR#NU2X8
e:[WS%@
p||gY<
qKU3`=P\
%Bh9&C'
XV9#/%i
^dVc/o])(
b)B@Sv)
4!N^-J9-Px
}a-EN59Jx
~l9v|~@Q</
9!cBV9:I(2OC
@K\5j!N
" /:^1
".()3F~;
)^6WCLzY
~%=Q.^f
$"{J]|)[q~{*&f
[S8Y';n`
X4;Jl{J]6
:f,%8dv{O
GL|Ng5y(s 
[_Z5pw3bg%Cmf
H<8T+BjEu
[t)w:A.
5l_q:9]B
!f ;(>Z
.,>bm$6
:e55wo
*Ax9`3#
Q=3];x
ay]i@6A`UuT
>,::4oF
l/+X|C|J25*
CLnDD/{
F~FBW%4~
E'\+GP
}7x|T6
hDZ!O-
fr`DdD`
.C#IC1{
1#bwoWo9
v=trqv&~W
9L`5G|6%*
]$=FK)Y
O4+,qC'
2,MH{^
 PtQ.]S\dmq
U-n_{]Rt
Jne@D+
>d"U&t+3_/
jGf?yro
dv"H>svP
*X<[O\d
cLejQ4a8(DI;
J1+wKk
J+bK&0UH8G_l
yKrbVby
GJi%1V}wx
v*-YMeAjVr
yCi:?K(
VC\q!U
voJM ]h
g9BpEn)
(>4KE`
$YPx!iJ$wbG^w
Uuz~gjP.
<8ib%S
>($h\h&H
|aM,q)
fjmw7$Z"<\]$
F/K6\Xr@
)dq4YLw
?q7LZZ|
H?<8Jj
Ovkk52d>}
ldH`(2
Bh_z-}b~1
5^*Ky,rN)FKe
Ww7Doka
coMf%GDh
vJc GK
x~=S5x
f0R&[(
!=SH~y+ce
Z\t?7+oBM
X1Fa]Z>2
{H'f-RQ~)G=
c_x@>Q}6
G4s,ICO6
N9BZE=
|}c<LEg4~
:w7fa|
{)BOK@\8jB+
1RI@+TkyO3
cjAY^9
/j!!xS
1E>|&e
o2i^_4c
+@Z?pHmSW\
!_uK_r
?iiD+Dk
36`&&:&,YNKY2-Z]E<*:!S;k zt
x5_@TZ
@J0t :V:
2.5R=Es#
xj,V4(M
[[TNH#x=
y%tKA|#>
arA#BkiS(
AtoXbI1
jr\-@H/)
\})"CU
o#z"HT
qV$[}`L
AI;.eKwX
V%pSSg
~{?$D&
oV*wZ}f
m8]}VG
ldPMd:
O4nC;|
K(@#%B
\{6>Hh1
3pg}m}#D)z{/6ud0l8
?Z)Ov32a
I97X"3~N]ARd*nY
0A"CXZCioO;gIg
FW,IJ+
j.#w6|Hf
A8g1[_S
n}TDsE
)7Hg)E
$phIz
qG5CZ}
e|$lw`+Q:,V
(dXGxhFm3x
p `ISAqv
v,Zj51B-
$B5aHE~6
jHw1Za
!w%,$9lB+
5?SW7<I
.?:U/z.9
@?Pmg^6_
4p8,PM#
VsV5s~s
 cf`pV
$`6hgfGv
7R0yGTV
^{ksr<S
>?_-unI
:0}vVLmM-(LEsc]
AJAv&A
_G\+T.L
kv-cq{>P5B
?%3oy)<!!l
ZcZa(W}/z~RiRs:2
p'n8h-sW7N2
OhRP`oC
Rl^RW]
h~nF\6
H-P@+j
o)rK&Nq^w
z3mHL2FE
8h]skw
E}dSQD
:$nNIC
%W;;SVG^
>gD6Ly$`1M^FI}l
=F0{tH?
AOe:w9
b7u:P}
6zCy>C-fb
IBw>O.,
xLV?)'5
tIh2$lDn
ys; /AhZ(u
.Zqsw
 C(2B4 }>!!
x5{,[]S
eB(9@i0@
+\=!OM5s`Oh
<urrdm
bB.GKx
>'?<^M)
.c0?V$0
PDZ7BJ=
qB3E?WjeKV
*pLGjCy
f%uE_"LAv
+ZK?yE+
;f!_ofH\
8|H(97
N_"}Mb${xLp)x=%
TuylG~\g
N%D\sn
fj3)sD
I7MK]wrA
x\L/qZa
MP2.S7
Ao4!8$:
B.mHlhfI
g>?^zTz
U>0p^W
#=Rb`Zx)
$N4`g`97"}RWx
%v3=8`
zVciKQ_
?7IC?N
h`VX k
AK;Cjh>LK
,BkBIwUAAwS
D2L,uiQ:YNmTiX
^[X=gG
jk:aNqbN
)bxbmLr"
Y_]9<'
ih6cAP( ?'
b@o:Kfc_
ANyS192yh=
6/G7!<AFRz
N~>Up9H
b#s~#"^P
BkwtOdp0 e
2Wad,f
=LPP!!
snT`A]sTl
9:-KRWLmSNZ1~@B
QBs*`}?l-z
xKRFBJN#M[9l
DVlw'-.Mtf
PtG2Uc#
{.Y(<?r
~{+1g/mI
e9wnbw8
]s"AyN
h8]XdB{<7
9oQXM(
Ni=-%P
=yx.v^Y6\E=
,fX^hu5"k
~W^GL;`h:`
|yt&:;1;J&Btst7SY
l`rm8xK
1h\!n~
8fT}.R
.R$w+=
!Qiu^?bfiNb-{
O5"7UdRIIS1:*?0g
KN$$t?
wA)f|[$
qDt>a
a+vP~ 
wW$^eG,
4cQy`g
#>9+5Zu
#H?74-O=
rD|D*+m
c|$*@Y
/=f=# Wl
y0q]N
ZW1Z'x2!;(wEW3
 {3LTrm3
'I%{2T
Y~Hydo
WihW>%cR>Y
&/-rZ:Lv)m<
o:,C2Fvx7+
hY5\<-yHUw
t|Zr2)\T-
5cSP87'
,4]z2t
;yjo-Tqvh
*7>4@a
~e`R%(
OVs+/i
OJ?^Z$
6G:'vGiBn
X"k*Ww~)
i4?{%Lpfl*FI
naJ6]G
62JUBu
KpdC`8.
/ -&{V3
6MeY]\U
'65gnR8Q
?F9>[}
3PT)>s
]Kg"E.Y
&LunH{
~zP{^G;mry
&C*\m+
:rMKbA,Fs7 /
E$3y&$^e5
pzu)*]=[K
"=[J:m%
]t<TlQP#cD6f
8Yyf2q$
eE/<+s
DPIW4c
Ln'=vK#|7
Y}qUZ"Y
i`/A0Q8Ds
#{+o-#
{ AIzNF
YqK1M+
gCkRaSG
Ue<Wu`
s&C\mDlF
z1m\WS%
Rlsc^&Yag+cni=
b#5ouWLGUSshF4}4n
sy8BX_1!]qn# 
^F)1}N?
1[!uqdN<8vp
G@f<c<gw,
6np2_N
P<"Ln`:_[R
uGzxI>=z7lNM
#Hz&-D
6N*M:~
(wP7N'P
K!,%--K}:n
cmd/V'
Apb~m<r 8Ow
,^*Gv(I>F
eNlt(@s8mWez'F
Y6*`rw,W
,=#S%c
!;T9m6}+CY
+aKPH7
#*R7rW3vRLAz2/+
t/YZz/e3%
x$88c;
.[(2j$Y|&
\c/*&[
Ij<Cu2[
=;Bk)2B
)nOcM\e+J
.>it4j~D\[
pqwoK, y
s;j1z_
K VW5G
N};4Xj
2bo8YDXM
)DI{g-#J>ccGJ
(7tr[.WE6
U\tmRvdN
?_!-lB
HWQ<cJU
SY-vj4K[MQ
a48:A
2AED0K}
f<[}$G(p(
]7y9H]
?1TnN!
*7^)i4
Q sL"{L
vrr=sH
HGR<eUmX:DJa,|U
V% QTK(Gr
jJkez
s:M!DT
q>f^p'
.&$(:ndh8b,ww7
6TRZx_
'91[Qj
1xXCgo*
|hW{'\
t_gb\/
Xk>|{*f>4Hn|
pf).{oGUW
x7*{W?hs
aXrtH`
FMGiC'
!p'(vFJ
=,YS 1
CqsWh#
mZY6,!i
)hx7* -{`?8u
hZy4Mb{C,D
0Hv:%OTXxGn[
O!U!/x
Xq7D4Lh/Y,X1+t
Q4-AT1
u|G0~=p edVp*:
_?lj9h)
?\!MyS
?uZTOzOiP1=
`unnzTh.[:h
XBP5|]$-
oXEIB1
'Bb?j=
W^YyoAg
LIe>-UH6@
pkF%V8
s/ZNA<J0
p/1?5)z|H
8m,CCS'
b`xPAcmrB
`A^ H.G.Whv&e
$x+a;G
I3!N\wj,
6T#m0+Y>vfD\
I{9Y5#
~-,h@b
ZCP<FhosPSj~v
0]1UpP
7W6K'Sq
78W@|J
!5PYF/
3+TWy_
dPO .l5c
|z&n=w
$d<9-^4k
{TD/S=T@?
,F&buKZZ+BM
2[1s62o
HSKzl7
_SY6EniP[I
]deZ n?
[TF,y'<c"z-
B? NgK
P/u0cg
a;"r ibTg
}<yv$Q;Iy"o
c/w^Zc
;/|m9_r 
 V:~Rv
oz]+!^
PImX14D
kD(^50x
skr%:0M#}@]
:0"zqv
B{8`}c^i
;vXzTx<*6
AX?_U,-
iAf"b=g;
P%3oyOIh7
8_?zY_U{JR'h)`X
S#4VXLv
Fq:Mn8[
JC,Y<
Z74 ]5%N)(
\w"s!-J
UFWgTx-
&%UE_eH3
q^P`iKvhX
M^Dj:6v'x
WmT5&(!
gGa1v@
pq1:uV&!
2~Lw9-t2Z
-t^,ry
PlR!N2t9t[c
_7^ 8>
=o]WVNE.5!w
*1ImP<,`S
<0'5k}RK
4!V}EF
*hL)1+q*[
guhX<>pa
Oq{LSQ
@!cZiAd
3YZ?R#?"
C`C>ywd^U]%<
pP'mHX
v=`Y:d_.h="
6g:,xv
tKg^]@
A(Sz{Zz|;w
Bji]?vqE
"~{)sYt
5]/]WyAm[pa?
x4$w@~"yA
)V'D6=LM1"})
Xc\!Q~Dw
5av,Pw~?S
1 6Q'Gx>
Bke;Z`SeO
]3GzjO,O;K
wLD.=iN,
h]9O0wG5XZ`E#D
 4.g|l&=]
b<' '|UqT
WFG:C'#
;Y3$_.vpe31Np|kTYA
jI2\7:-mWI
7be("8i
M,d,?:
#yt>y!d
>xhK"&1X
&,T2Dhw
{,WW.lGG
'E{,_,&
|iW'|5
[:X:kR"
>!LHu@
;Zv{&F
O'YXUer'
lD%8sDqb"
3K(Ks2^
&I|V.35
H[z]s*W
4yb!KQVQ_b.(_
.wbDC;U&
k>.g\7z&h0pHGtqc+K'
VT>*&5BI3WHf?__Zy
.a7Rww%v}
Qg,oj_&9y
5_jSYS
TQBGQ`
z6[R>n
iIS$vZg9L
y_o4VP%
"(OP\Xw}
@ki0L.f
z\&*<_|\EO
pRNs+v|
Gl@xxg(lJUZO<r0D'
\;^m9" Eep
R8-ihbx
-xiVFFi
dN5TfD
Wt\&Q-
l3l3@5
ZT\7F!6dwb
zTAXxidT4
\NSBm[^Kc
$DkpQzGte`NQ,?6
ZmiJ&Y)L
'?U91uB+o
'I[2w$N5(
laaI_$8+
M*!7`3G[mo
i1}|nS pvTQ
@I9KCtE
lW|~5z
b|t?`
ZlTf:1)^S\
5$z*\*3
p}{(rwQ
"xAe3PY^
,n"(W'
$^c5Ut`Q+|B]
E`lf"(j{
|MM}tyPGclXb`b]"
OF! @
91r@*[
M!sk;XR
BRX5'=.M}
f5~C_p;c
NPnGr6x;0L5:
?awf+?HxZnQ
9Au>6\q;M
B[{cLL
XhHTdd0O
7@nq[vo8
HI.ktyL)
l(pL\=
+W'q;byHv
?WW:[Y
`}T?[(
;w|Q?Q>:<
[ltcQDy+
LN6 -G
<<3`~^K3
~y?H)uqp
Mr?WF[ 8
c+f"kGU
8U~!\( 
O|]>@i
fhQ}^;
0%lB.@
j.[$2!
>9G1e|O
{c||Qsy:pCG9<7tM-
Tmnd=EMz
)sB(!6G
+DxV1mI
ok$CDxZ$
g<3#*;O
"Fvqv
I/{=;EL
>iRTn:
0&JcKDi@.
Edt];d
P2rSgG9{6
K+_x,a|_
Ay%dSK
Ej~*&(dOM@
mp70]F]
Ey+gL+
Ltpi?:@k&8#4
)L`,~At
t-) qx+
JQk0d*z
jl(d'G
dVzHJ7:
_yFU7[
N3yH,m
<_: tO
:km,?b
sWr+bEq[*
ln*`S1O3j
S)/+|7
adzO`x]LZ
Q?nsi:"
F}@pCz_(
4)p`r+oY'X
PK'"k|G
UnqHhNt
o#=0Ru)qry
dX|C/@(
o#Wj(ol
/F|VO1O,zBA%
 G7(CSh
2v+DA Ske
\DQ!(
tI;W\_B
v9]ptR}j1[
6HC]_cYo0>vPhD^
j1$Cg(/m
a5ny\6
xokv"E{/"{VPl/&d
op7eG0X
U<kO)?
[nf(Kt
.y2drZE
%kW6'f\=
@I=nZG
AZ+1n&_J
6NYnBD
j]z,sz
R1h#sw
SBQjDj
|r+c:w
{"D$'vD{@jP89z\V
8#F M??
S;&rt@:
6s[MU6
Zz0;6j$&}H4
&!h#4"9
B_cX#6#
@:J$Go
s8b[EU
i1k:C/6io]-
J.=Qx7}NoqCx
K>%<AOdXa
D."!c]i9o! mHez
~jn,)mE
#=*,_hjhN
nU/X~r
:[:vC@
URvz{#1Hbj$
|40SQF
Qk 8Ew7UO
sDJYn%
1+8Elr
j@*!bryAP
%QbmeF-61
:x`'+[w
7 (1Oqe^A
JSz,u{0I
?\hz~)"
jEibe{@s
9uH/Gsk
.T;KjU{
:92jk0-zX
xRRCN ;%
}@u1Rk
%TNmDQi}h%
YS,{e`
~&REn{tk
S4/"Lf
S9"w3T
&5_aii
zokp<5Wgt
t}k:!#Xk
,n$7Pc
ss*5s?s v7zUxD0
qkAR>>2
R6fBL9
:TxY4?
\)oYF7>V0d
*]fR_xi
R21-Od,6OUQ
pmII8K_
P!lS_nZS2%m8
*e0H#Rj
8JiL) d
O/?}4HvY
lamE>9
%l)A*{F
eeM#WN}y
66}Ol|"HcX>~0z*6q
'1[jp(
Vs9,X^2pG=HZ
hy[;9+I/T
O2?n]?(
`zbMF
!b#8ST
\_DO1(
q>m.ws
@{5'K%
`lF_m^
gU0xE}
,Rn'}f{2I;
}10/Ng@mx
flj._>S
Ec)B3r>INs
d)lgA@*
HN}ADVMW(
jVJr=8.2a+p`St
TsNs"BC
>j=#8xE(
G~N%ZA
+UN*,J
I'2?B#M4
eVV~>T46JfnLA|}n)/S.'c_[cw
xe?k!s
47U?zJ
H<B6{9|iDw]v=
P5Suk<K)=v
k~g2;"1wa)
S?ZoC#
CX e(#J<5
RmTVq1k+?#hQa7PB
AfdCI3WQ
4Q@-RnIIU
t*@.\N99n)
$Q+3Spl`9@toifw/ie
p]@nH0*VIX
XpsX[UW[
.]|$J,
!KuztoW
_5u#a*2
@EAzV5:%5e+-
~3bv^8 7h(1<4_
}@"4kz]
2)QH[>
ud2o]_K
|%g:&"O
.a2lovTJ94K
VJf0l}(d`
a~&vQg1r<A
c1KL[?
u|Gnf5`nZ
M3H(&Frk6
8"XqT30LX"6
,qJUT_J
?}tCPhOx9
k45aNT&
g]6;{M
:{ueSfo5
KY/&I!
,53++Ume
na"h5RDq
+eof;_gZp7u
O90$\-3T:X]
 gGb2=w#>!
"0l$Y,|/nK
,|f(TD]Qe
DE97FGG
s*Agc,
A8}`,B
0L?=]h
=FK0um
fs%LH2
a/E De8Z
Ix{D|G#-\V
_FG&KZ1
Kk6XZ-
tjyd!<
@hg^<@3o*Wtq#O+v
cXen^G
3Eu.!bB
/aoC| 7`(lDb+
2eNcoc`=l
\|Qe2H
s,V|),
a^+dWi
bp]2%!
5w2'QdY8/%X]
`QdHu)
F=?(ov@n
q64hn}
9($L0(`
G&3L/?
2$HL!|Z
V8fN @
I({/CCuTo
NP{SVh/5
D}LTI61ut0
&})n1T|v~!E
07p&:f+
NR#D5M,U^^_Sf
k$Oq5H
_b"&M5
=5;=`#en<Hw
*Y."8sr
RFVw>sS.zKUVC
Nh3YZW
1=VAsM
9^Dd$x&a2
;&ZDE8+<
Taeb+S5
(A$_SO87[{xZ
e{0knJ!Q~KcL{ikAE
a8J03P
e*CgO(c`Wc
==>5|"
^`4e3z0d*zRF-h3*??|
8gLtA:MZ`G"3o
6}%e0y
]>E/`/ooe
.edzvAD+f
?Vr@7!Y4-r
&1R"x=z
}{CMQY)n7qY
uDc''P~+28
xE65x_qSPd
:>O[mA#L
XPo9&,h-"
s@{ZiCS
(i?zxv+k~v8
o*{Dv^0
aGrfCk
yO\x]M]zQ(4
=*61;QohoO<MYMb;%T@X]Q
b3TE=s#ex
#v6@*muz,
<J"g$xP6G>f
xWx6YP
':05zC,B<#
c&=c2Ea9rk
&2q[N|?u(\
44;?Y7x
j|(>3&~nn1Xw
CcpmU@c
B|*ktQO
2O~+1B)
\TCZ>
a^l6Oyn
[0F~2.yEt
_byWl'
<+wbu|DA
UT kDp^r"v-{
z+no6D1i
'\}$a}/2z
\)5|<\
vNme]0
|D3f<3
?RLlNd8.-
<;->gA^"?h-
7,:,&
U>*5>h
nX}^VAPc0X!Vi4Q;\Yc8JEn
OsgL jz
XrU0S&H,
UttXp6uM5G[
Se^NI~
31t0Dz
0c\/*yV) wpm
G)sb)[tg
mA'yP~xr,V o>
O0wV`H6():2
OS)QE
81DP4U_
I9{6s8I4
"*nNyPLi
g%E:$B
sQ*QC9M7#
>Bz^wo
m3R%da=y[
cNdfZt
z:"K*c)EjjIh[%'RvXYCT
rC*CB=
%S;J_G8e
@"s>ah3z:
J,uC,})NW</zV_
EF!=O[(
o(L@EU
R~::`hs
OaY"F$
</<V:F
%nG|&B
3##;(KHRH
<'zB"&s
fV\bp/Vx
/zy$d|4
5ZC&IC"
O"`Yi=t0
8rMYJBE
gYk}Cjyml$k
p\J?FK4bQQ'+<'SgQ\/
DTo|fD{b
qM]Z 4S
>@msD,GI\S
m4w!a-;
^n<m?
ezZOGG
z,Jy&L
{8jXb<
G,'UH
%lOd+}6
HSn4x<V=77&}j 
_nbc:`
]-U'7<A
0b/LcJjV
BB-<*WkR
{\'3B/
fGuOiM0
UG[s0sV]e,
x/aaE9c
;4Qo[W
_WTF!Tx
_9J_5%y,#u+
:`VY((
P2:6%De
c[%1{*eq*$x
8o%TPr9}7Q
H%nOx"OP2XTz:CK
Mn\-:{Exp
X^XEB7JE;
ik~'k,'Akqi_
C` V=sTKDM-fcR0:
xPm8 HGN
Z} ozb
f#m`nudW
#.qPpP
1@&6$u
0|)MGv
;csosd
iApwp)P]
)la@9EpH
;}oA%`
m}E-rn
q"Xe,(<Vw
Y7U)y\5WtW
<A\E0G
|F zCR
9meZ1B
z?Okw8e5
SeO^y|
s*O_ Iz
?=U<eu"
7777777777;\;\;\;\;\7777777777/
XPXPXPXPXPXPXPXP/
zgzgzg/
777777777777777
777777777;\;\;\;\;\;\;\7777777777777777777777777/
XPXPXPXPXPXPXPXPXP/
zgzgzg/
77777777;\;\;\;\;\;\;\;\;\777777777777777777777777777777777777777/
XPXPXPXPXPXPXPXP/
zgzgzg/
7777777;\;\;\;\;\;\;\;\;\;\;\777777777777777777777777777777777777777777777XPXPXPXPXPXPXPXP/
zgzgzg/
7777777;\;\;\;\;\;\;\;\;\;\;\;\77777777777777777777777777777777777777777777XPXPXPXPXPXPXPXP777777777777777/
zgzgzg/
77777777;\;\;\;\;\;\;\;\;\;\;\;\7777777777777777777777777777777777777777777XPXPXPXPXPXPXPXP77777777777777777777777777pppp/
zgzgzgzg/
777777777;\;\;\;\;\;\;\;\;\;\;\;\777777777777777777777777777777777777777777XPXPXPXPXPXPXP777777777777777777777777pppppppp77777777ppppp7
zgzgzg/
7777777777;\;\;\;\;\;\;\;\;\;\;\;\77777777777777777777777777777777777777777XPXPXPXPXPXPXP7777777777777777777777pppppppppp7777
77p7777
7777zgzgzgzg7/
77777777777;\;\;\;\;\;\;\;\;\;\;\;\7777777777777777777777777777777777aaaaaa7ZVZVZVXPXPXPXPXP777777777777777777777pppppppppppp7
7777777
7777zgzgzg7777777777777777/
777777777777;\;\;\;\;\;\;\;\;\;\;\;\777777777777777777777777777777777aaaaaaZVZVZVZVZVZVZVZVZVZV77777777777777777ppppppppppppp
77777777
777777zgzgzg7777777777777777777777777777777
77777777777777;\;\;\;\;\;\;\;\;\;\;\77777777777777777777777777777777777ZVZVZVZVZVZVZVZVZVZVZVZVZV777777777777pppppppppppp
7777777
7777777777zgzgzg777777777777777777777777777777
777777777777777;\;\;\;\;\;\;\;\;\;\;\7777777777777777777777777777777777ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV77777777pppppppppp
7777777777777777777zgzgzg777777777777777777777777777777
7777777777777777;\;\;\;\;\;\;\;\;\;\;\77777777777777777777777777777777|ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV77pppppppppp
77777777777777777777zgzgzg77777777777777777777777777777
77777777777777777;\;\;\;\;\;\;\;\;\;\;\77777777777777777777777777777|
|ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVppppppp
77777777777777777777zgzgzg77777777777777777777777777777
777777777777777777;\;\;\;\;\;\;\;\;\;\;\7777777777777777777777777|
|ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVpppp
777777777777777777777777zgzgzg7777777777777777777777777777
7777777777777777777;\;\;\;\;\;\;\;\;\;\;\7777777777777777777777|
|ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV
777777777777777777777777777zgzgzg7777777777777777773g3g3g3g3g77777
77777777777777777777;\;\;\;\;\;\;\;\;\;\7777777777777777777|
|777ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV
777777777777777777777777777777zgzgzgzg777777777777773g3g3g3g3g3g3g3g3g7777
777777777777777777777;\;\;\;\;\;\;\;\;\7777777777777777777|
|aaaa777777ZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV
7777777777777777777777777777777777zgzgzg777777777773g3g3g3g3g3g3g3g3g3g3g3g7777
7777777777777777777777;\;\;\;\;\;\;\;\7777777777777777777|
|77777777pppppZVZVZVZVZVZVZVZVZVZVZVZV
7777777777777777777777777777777777777zgzgzgzg7777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777
77777777777777777777777;\;\;\;\;\;\;\777777777777|
|777777|
|777777777pppppppp77ZVZVZVZVZVZVZVZVZV77
777ZVZV777777777777777777777777777777777777zgzgzg7773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777
777777777777777777777777;\;\;\;\;\7777777777|
|77777|
|77777777pppppppppppp777ZVZVZVZVZVZV77777777ZVZVZVZVZVZV777777777777777777777777777777777zgzgzg3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777
7777777777777777777777777777777777777|
|77777777777777ppppaappppppppp777ZVZVZVZVZVZV777777777ZVZVZVZVZVZVZVZV7777777777777777777777777777773g3gzgzgzg3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777
7777777777777777777777777777777777|
|77777777777pppaaaaaaaapppppp77777777ZVZVZV777777777ZVZVZVZVZVZVZVZV7777777777777777777777777773g3g3g3g3gzgzgzg3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777
77777777777777777777777777777777|
|777777777ppppppaaaaaaaappppppp7777777777777777777ZVZVZVZVZVZVZVZVZV777777777777777777777773g3g3g3g3g3g3g3g3g3gzgzgzg3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777777
Fy77777777777777777777777777777|
|777777777ppppppppaaaapppppp777777777777777777777ZVZVZVZVZVZVZVZV777777777ZV777777777773g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzg3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g77777777
FyFy77777777777777777777777777777|
|7777777777pppppppppaaaaaappppp7777777777777777777777ZVZVZVZVZVZVZVZVZV777777777ZVZVZV7777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzgzg3g3g3g3g3g3g3g3g3g3g3g777777777777
FyFyFy7777777777777777777777|77777|
|7777777777pppppppppaaaaaaaappp7777777777777777777777777ZVZVZVZVZVZVZVZV77777777ZVZVZVZVZVZVZV3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzg3g3g3g3g3g3g3g3g777777777777777
FyFyFyFy777777777777777777|
|77777|
|777777777777pppppppppppaaaaaaaa7777777777777777777777777777777ZVZVZVZV777777777ZVZVZVZVZVZVZVZVZVZV3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzgzg3g3g3g7777777777777777777
FyFyFyFy7777777777777777|
|777777|77777777777777ppppppppppaaaaaaaa777777777777777777777777777777777ZVZV77777777ZVZVZVZVZVZVZVZVZVZVZVZVZVZV3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzg7777777777777777777777
FyFyFy77777777777777|
|77777777777777777pppppppppppppaaaaaaaaaa7777777777777777777777777777777777777773g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV3g3g3g3g3g3g3g3g3g3g3g3g3gzgzgzg7777777777777777777777
FyFyFy777777777777|
|77777777777777777ppppppppppp7777aaaaaaaa7777777777777777777777777777777777773g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV3g3g3g3g3g3g77777zgzgzg777777777777777777777
FyFy777777777777|
|77777777777777777ppppppppp777777aaaaaaaa7777777777777777777777777777777773g3g3g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV77777777zgzgzg777777777777777777777
Fy7777777777777|
|7777777777777777777777pppppp77777777aaaaaaaa777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV7777777zgzgzg77777777777777777777
77777777777777|
|7777777777777777777777777777777777777aaaaaaaa777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV7777777zgzgzg77777777777777777777
77777777777Fy777|
|777777777777777777777777777777777777777777aaaaaa777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZVZV77777777zgzgzg7777777777777777777
7777777777FyFyFy777777777777777777777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3gZVZVZVZVZVZVZVZVZVZVZVZVZVZV777777777zgzgzg7777777777777777777
777777777FyFyFyFyFy777777777777777777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777777ZVZVZVZVZVZVZVZVZVZVZV777777777zgzgzgzg777777777777777777
77777777FyFyFyFyFyFyFy7777777777777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777777777777ZVZVZVZVZVZVZVZV77777777ZVZVzgzgzgZVZV7777777777777777
77777777FyFyFyFyFy777777777777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777777777777777777ZVZVZVZV777777777ZVZVzgzgzgzgZVZV777777777777777
7777777FyFyFyFyFyFy77777777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777777777777777777777777ZVZV77777777ZVZVZVZVzgzgzgZVZV777777777777777
777777FyFyFyFyFyFyFyFyFyFyFy777777777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g7777777777777777777777777777777777ZVZVZVZVzgzgzgZVZV777777777777777
777777FyFyFyFyFyFyFyFyFyFyFyFyFyFy7777777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777777777777777777777777777777777ZVZVZVZVZVzgzgzg777777777ZVZV77777
7777777FyFyFyFyFyFyFyFyFyFyFyFyFyFy777777777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g77777777777777777777777777777777777ZVZVZVZVZVZVzgzgzg77777777ZVZVZVZVZVZV77
77777777FyFyFyFyFyFyFyFyFyFyFyFyFyFy77777777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777777777777777777777777777777777777777ZVZVZVZVZVzgzgzg7777777ZVZVZVZVZVZVZVZV
7777777777FyFyFyFyFyFyFyFyFyFyFyFyFy777777777777777777777777777777773g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g77777777777777777777777777777777777777777777ZVZVzgzgzg7777777ZVZVZVZVZVZVZVZV
77777777777FyFyFyFyFyFyFyFyFyFyFyFyFy77777777777777777777777777xxxxxx3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777777777777777777777777777777777777777777777777777zgzgzgzg77777ZVZVZVZVZVZVZVZVZV
777777777777FyFyFyFyFyFyFyFyFyFyFyFyFy777777777777777777777777xxxxxxxxxx3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g3g777777777777777777777777777777777777777777777777777777zgzgzg77777ZVZVZVZVZVZVZVZVZV
7777777777777FyFyFyFyFyFyFyFyFyFyFyFyFy77777777777777777773g3g3gxxxxxxxxxxx3g3g3g3g3g3g3gxxxxx3g3g3g3g3g3g77777777777777777777777777777777777777777777777777777777777zg777777ZVZVZVZVZVZVZVZVZV
77777777777FyFyFyFyFyFyFyFyFyFyFyFyFy7777777777777773g3g3g3g3g3gxxxxxxxxxxx3g3g3g3g3g3g3gxxxxxxx7777777777777777777777777777777777777777777777777777777777777777777777ZVZVZVZVZVZVZVZVZV
777FyFyFyFyFyFyFyFyFyFyFyFyFyFy77777777773g3g3g3g3g3g3g3g3gxxxxxxxxxx3g3g3g3g3g3g3g3gxxxxxxx7777777xxxxxx777777777777777777777777777777777777777777777777777777777777ZVZVZVZVZVZV
FyFyFyFyFyFyFyFyFyFyFyFyFyFy777773g3g3g3g3g3g3g3g3g3g3g3g3g3gxxxxxxxxx3g3g3g3g3g3g3gxxxxxxx77777777xxxxxxx7777777777777777777777777777777777777777777777777777777777777ZVZVZVZV
hQzIje(SV
~DR2QP
jITRD
~nEQ[n.RR
Xn]lUy@
~[ls~Bj4
F!_+X+Y8!7K.HxIwF\
[R;Kvey
_gi:RV
F bf"iiv-
luviRYy
^`ghfkm-
zHwKuLzIVU
~CBCB\kZn]i
C~~zIzM{FzHzHyKyKQV
~?A?DA@YnYmZh
zHzKyI{HxIzHRW
BDCB@^mWlYm
yGzHwIwGyHzF|GyKVU
VC~?B~CBCA@ZmYmYk[i
yI|G{JyHwH{IwHxI{JyGxKSX
CBASDAB@D\jZjZj[k\k[m
zJ|IzGxIvGyJyHxI*
~CCBBREAAZmZmZiZlZk[p^o\m
xG{LxJxHyJxI{H*
A@DCB?U
]n\jZl\i\m\h[n~
yIxEzF{LwH{I-
FAC@C@AA~S
~]n^nYk^oXlZl\l
xJxG{HyH)
[m[n[jYj]mZk[p
DDCFB~AB?D
V\l[m[lZkYk\i[m[k
EABCAC
QXk^j[j[j\nZm~
V\mXiYoZl]m[i
YkYlV]kYlZm
GzIyK{I
Yk]lS[k
D{JyFzKyHxI
EzFzEyFzHvJ|HyI
[kZo\j
EyFxJyKyIyKzJyGzJyJ
[mZlYj
HxHxIyL{J{J{JyHyI{JzGxI
Zm[nZm]m
D _]\RV
g{HzIyJyJ}KyHwI{HxJ|KwJvG
\n]l]m[o
kkzIxKyIwK{IwH{H-
~]m[lZm[j
D\^_VX
ilhzLyHzI+
]m[j]n
C ]__]SY
D_]\SX
jgiii-
iihgfh,
gkjhghh-
~kghghgiilm-
iijgjkimkgjhg'
kjhiijiiiijijikii
kijjiilehhkjigjhgh
E!]]]~
hlijffjififkjhiil
hgjkihiglgikigilk&'*)**-
hkjhjjijhjljkhheki~
hjkjjjghhkhjhljhj~,
gihikigjihiileif,
khijihighiigjk+
jjihgijkihighi+
hjlghiijkhjkhk)
jkjkjjgihhlgijh-
ijmjgkihjjglh
~miiihhekghk
lllikgkilg
ijklkkijk
jkikijgi
hjh3403//.0
1M1U1e1y1
111111Y233
787u88C99
:S:Z::::#;1;?;F;y;;-<===
7!757777777
8f8s8888
9$929H9y999;
<5<<<C<O<<<<
>>>>>>>>>
?!?+?0?B?L?m?w?~????????
0u000000000000
1)181=1s1{1111111111
2&2,222222
3$3)3G3X344444
595V555
6)626666666-7T7]7v77777778D8N8S888M9V9::
;;;;;;
<&<0<M<^<<<<<<<
=-=4=?=E=P=U=k=
===C>[>s>>>>>
*070g0m0u000000
1_1e1v111v222222F33
4666X7_7777
::I;G<l<<<<<<<<
=$=s=;>C>X>c>>>>>>>>
67888888
99999999
:!:(:,:0:4:8:<:@:D::::::
;,;3;8;<;@;a;;;;;;;;;;;*<0<4<8<<<<<<<<
=9=B=N======F>_>>>>???
00000F1
4S4z44444444q5
6j6666
7_7x777+889\:?<o<<<
>>>F>p?
0(0X0b0n0w000
4S45n7:::<
>&>v>|>>>>-?M?R?
1j111111111#2A2H2L2P2T2X2\2`2d222222&313L3S3X3\3`33333333333
4J4P4T4X4\44444
5$5N5\5b5555555556666
989=9L9U9b9m9
9999999999999
:$:*:8:?:D:M:Z:`:z::::
Z1e1m1111222
3[3n3|3333333333
4)404D4K4c4o4u4444444444444
5*5M5b555555
626X666677?7777777777777777
8#8(8.838B8X8c8h8s8x8888888888
9`9k9999
:,:9:E:U:\:k:w:::::::
;@;O;X;|;;;;;;!<x<<<<<
=L=|====
)0_0122^3m33344q555
66|8888Q9t99999
:;:K:]:b:::;
>>>>[?n??
23N5}55799999999999
:5:P:V:_:f::::
;";,;3;>;G;];h;;;;;;;
<2<7<B<G<e<
=#=@=w=======
>D>i>>>>>>)?????
v00000
1 1p1{1111T3e3m3s3x3~333
4(444A4H4
5,5;5@5a5f55555555
6{666B8S88888888
9'919D9h9999W:t::(;G;;;;;
</<H<d<m<s<|<<<<<<
="=N===s>>??
00'040;0k0
1y11B2
3U3h34555
6Q6W6c666#77777
828f8l8x88N999999
:E:S::::::::
<$<*<1<8<?<F<M<T<[<c<k<s<
<<<<<<<<<<<<<<
2"3@3R3d334444P5b5t5555557B8S8v::::::
;;;;%<I<<<k>>c?l???
0E00000
1@1O16
7777777777777777777
88#8'8+8/838A:J:_::H;M;_;};;;
<q<}<<
=:=[=g=====>>>>)????
0c11;2222
3C3r3+4>4O4t44444P5a555
6L6Z6c666
7$7L7~7779
:v::::::
>@>x>>>>>
</<B<M<x==
151;1J1P1_1e1s1|111111
2"2a2h2n2l3333333344
6W7,99993:=::
<\<<<<<
?!?/?7?D?b?l?u???????
1111112222
3'3U3333333
4%414;4E4O4Z4^4c4
111111111
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555555555555555555555
666666666666666
7?????????????????
p0t0x0|0770>8>@>H>P>X>`>h>p>x>>>>>>>>>>>>>>>>>
? ?(?0?8?@?H?P?X?`?h?p?x?????????????????
0 0(00080@0H0P0X0`0h0p0x000000000000000666666666666666666
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|777777777777777777777777777777777
8 8$8(8,8084899999999999999
:$:(:<:@:P:T:\:t::::::::::::::
;$;(;0;H;X;\;l;p;t;x;|;;;;;;;;;;;;
<,<<<@<P<T<X<\<`<h<<<<<<<<<<<<<<<<<
=(=,=<=@=D=H=P=h=x=|============
> >$>(>,>0>4>8><>@>D>H>P>h>x>|>>>>>>>>>>>>>
?(?,?0?8?P?`?d?t?x?|????????????
0$0<0L0P0`0d0t0x0|00000000000
101111111111
2,242X2l2t2|22222222222222
303<3D3d33333333
4 4@4H4T4t4|444444444444
5,545@5x555555
6 6@6`6l6x66666666
787@7D7\7`7|7777777777
888D8`8l88888888
9(9H9h999999
:$:(:D:H:h:::::::
;8;X;x;;
484T4t4444
5@5|555
6`6666
7<7D7H7h7777
848D8H8T8X8\8|80;8;>>>
?$?,?4?<?D?L?T?\?d?l?t?|????????
3P5`5p5555555555555555555
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|66666666666666666666
MTU7MTU=
jjjjjj
@I@@@@@
bilonoziwovaze
fabofavisefunotudovozawesojimeta sujinefegecipanoluyifozo
kernel32.dll
         (((((                  H
         h((((                  H
                                 H
KERNEL32.DLL
E(null)
mscoree.dll
AAAAAAAAA
AAAAAAAAAAAAA
AAAAAA
PQDPDSFKC
3Ho hicefogavoha zobuguku wuti kefeva sukena hewe ho
Rebegivi nena sabugakuku ceha
Wuyelepenada
Vibibozuve
)Pigudi sirabuzogasoji sorizose xaboneramu
Tubatarikiya havixu
/Xacojofodagolu hitokiho nizezigesojevi lohamocu6Lisozaze lo puguyewotune dobeduhixotiwi rozacoyemibati
BVemariwi kujinuce wuzazaludavako fafahofecuzalo cito tebo sinimuse
'Navajigo yuporidukafera hodoma femiroci
FZojikilova xarujufurode huha movetoke tumo difejigefasoza moluyugihepi
WCivehopowegigo reri vekekarisarugi nilevusubo naxiwiyovizice sehizu jizayoni zinukisihi
Yocicenehozogo lehejosazo
EFefopiwo zemogi gaxujazajiyani voxazowiwayepa xo liwuropiye nazi zofo
SBazu kilajatovi tacofugora koja tobu yu koxuhirurena gepuxa kenihifezace silotamomo
*Yonice mibehaha se pawudehuku sidadagarate
sKelizedoxi rivixavizoze safacanemafi cavere nixadatebicofu tiwefogucu bohexu viyicayane moyicehijetu dexicawomutega
!Negijugudane pikoti godimuwu socu
SXafixobamoye vetizababa gewoxodocesa pajayeyazede xisudoyomuhosa degu mo fipasicajo
GDu remefulebiti nekatixeba lewufe vujoka gomihacice yeye vaxudizerafasu[Koxosize vekececu dixetixake hereseye taso horabenu sereva takeneva gumegedagupe galeheruwa
ZDupadocatuzu muruyajehu zikafupodecigo sasetidiyojeyu xami lodedo nekuti guyiloyojimi deta
DBofexeme dapiposije pafina radolonumuwi witoweporeje zalefewuxa muxe
ZYupiha loxudeli hebomiwa rotijaxosuhevo yecamibezi vehu duninexawuvofa pexawixusuka zerera
APucaje tutolorube womape boka zu migesa kukixoyefepuwa hujecugetu
Jelefuwa hokenonohu
Go rozotahujami jurukukiyi
1Rajuhojo ji nupucayiruredo pofoxo bani jodirivufeCRogatidifevice zakowukewofeja vehe bajigivihazi fuya cizo gizanu gi
UZaletexirubo doxuyebudamo zigohaxa fazenevidiza ho kaledeticego dacegu dohakomojeweho
Wucetumagike
QWumi putedimabozo deseyilemeje vuxoti pufi teyiya peli tayazuke sijavobo hisabiyo
:Yokezaniboruki kekimuxurupo vo jurotavugo yiyiyugo se kado
'Bupuyobumete lawefibu diwuzahibeliga ca
0Nitufa totovohewi mipuzigovu joziluwiba duyoxiti
)Rifizaki xuhikati pucaxegeca vapubaxaxihi
^Sawewecarixa gevire huhusezoyifuwu pivizimaja kacana luhibuzo lufaforafodu jugi foyunicekinobe
DBujojuka lolijo gagu lucu rukeyu royupohevelivu dubiyuyina xode yado
Yijomo
oRidimarijoyane yevetuwipufebe dopiyocomu jiyezejosusu timevuma vizasehapezo fogijuxonucose gogi libo bixayogaci
-Wimiduvitanami rogi funohabuzono vitekicolese
Conale seyimuca yedupoxi
Darejaxulada
#Tajovowotaxayu lawuzejuvine hisi vi
Neku cedo lape
uDubojirehe betajedara guluyodawo huracuremaxojo sewumajamepozo terame xizosimakeluxe puvemira zelerinekabati gisojero
?Bifuzi da gososepu dahemeli buze vahilipezipaxu rotoco mupekofe
Rozuhi furajodacirari civupo1Jezoto lupasisuli murime jozuzuyuwa kocapava yifi
4Wicewecotuwi jaharo rajucozibuba jocejedamacavi yeyo
FKuyile tozoyi hebezobuwuciwu doca duferojude woceko dikici supi zipika
3Payacucipi wetewa va salogejuxo sidijoharuxayo gora
Talasuyidofe
JHajedumiyabeda seyeru xiyeho xidecekaje gexozayagopegi yutusu wofobolikuhu
Cu gagahufise
Xihulo nexeso damerurela
!Vileraluwafu jojoxaru kulura zapu
WRebiguhe yihemesuju keyupocunucipo jafiyayama pinoneba zahinojago hoxoga mekixitunodole
3No gifakekuhoniva sowo mazaji tezapu vayitolohureje
Pezesokaxovova hote
0Riso vuhihiculi coya miyobewijaye rosororerojufe
/Gidipo kafusucojaxi fo gu jeyitabe mojeyuzebazo
9Gobukire de xuvu wajeyowujovu tuzudiposuxe zoyirudipufopi
JTiyiwifuvuda mo nixuxaho toguboxisitofi jivahimadaxuco hecavulila doxunapi
&Mayuzutedoraju xejilizuyowi jufebodoyi
QCo wenodipe cecidu juciye xawekozarixe cufa zuko fatepaxudoca gigi yovekesodoxofe
:Hanudiwutogo gidifego ribiwixelozo povuzevokubo munavepoxa
.Dapobu wonayaru tape rarupi xoyo wahu lepokiku
XZacacu dicu zodanecololaru malivuzawuju kigisunudoxefe sepe xuje rivugelavome jucalowoxu
Tonipi ho wusocegutosixu
MDiwuzemikevaso hirova copisagi bepisatoxiwuca tojo sutuyado le zosiwayuhumuniEBuyubepi jepapu hasovocoxuva zegesucidulasa bahoho megevu laheloye ho
KNa toduhokejeka yilakadoli powelilebaxupe wu rixazonanotale febuha fucayepe
-Vugo sugugozebe jegi kivejo xegafu vemidaxazi
Ci du la dipibawe sacava
'Kula tebuto hutejijobodugo rekosorecuso
CMitoku waciti xahalu xulugezeloka xefamolaliye vexefaki wobeko yete
)Matevakuvokogu miwubotahutu co zamevijiha
 Vu tusi bebici xidu sawericeciza
$Sula rulega fe fojixejalugivo cifawi
eMaxusunutave cehenube puhu guwuje jixafupacelu nuyifuno gaceboracoyenu saluwahozepu mojuho gorunufiguNCosugo balixiwezo pizusumo kotucawozibi yuhureno suxipamenupona garozu ka foto
7Zavu yubokejuniku dihubekopuka folozepiyi waya yehacube
5Bu suyiyofakita wevi leretixahawera luzujice howodizo
"Ribewivojohiki noniwohela gobajira
Nimu pezu moti bopinecesaxi
2Hoxucojanuka zahaviwexepeni wanegiki cu dosoyihuru
0Samizeza homasowaku zukakupi kikumujagubo lagijo
Jigudesu
OLubulico ki bageguzo vewanaveto gisada yarojohefa jagomate ca wijatazepu redunegRabemebo pobozeharupu yucitefuvuku yidedi yejuyi wadu toxazepayuwe nesihuhosicefu lecuzidatobojo seyatu
Caxubo fose
WYa deyafipiha ja bo norexokeneveki vubakivekesa xulu civavuhufiraze pibomigifuzihu hike
/Kujakaco zazususezebo nulise tu sidafohixeka ho

Process Tree

089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03.exe (3028) "C:\Users\Administrator\AppData\Local\Temp\089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03.exe"
- nslookup.exe (360) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2960) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2676) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2760) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2708) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (972) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2236) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2736) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (3468) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3276) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (904) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (3212) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1420) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (3596) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2536) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1308) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (488) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1916) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1192) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2156) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (892) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1064) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (328) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2404) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3340) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1776) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2916) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2500) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2896) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (3148) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1984) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (256) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2664) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2352) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (856) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1844) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1760) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1436) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2020) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2292) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2440) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2868) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2044) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2728) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (3532) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2164) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (888) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1156) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (3404) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2476) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2004) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2772) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3004) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (3016) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1092) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (908) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1612) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3012) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (1928) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1160) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (3084) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2552) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2192) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (2720) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2624) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1692) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2488) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2872) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (1128) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2704) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2276) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2892) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1996) nslookup ransomware.bit ns1.corp-servers.ru
- nslookup.exe (2568) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1176) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (1140) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2900) nslookup ransomware.bit ns2.corp-servers.ru
- nslookup.exe (1972) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (3008) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (332) nslookup zonealarm.bit ns1.corp-servers.ru
- nslookup.exe (2380) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (936) nslookup zonealarm.bit ns2.corp-servers.ru
- nslookup.exe (2388) nslookup zonealarm.bit ns2.corp-servers.ru

089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03.exe, PID: 3028, Parent PID: 2600

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3008, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2004, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2704, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1996, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1176, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1928, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2388, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2728, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2020, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2916, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2380, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2720, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2892, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2192, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1128, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3012, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2708, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1192, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1140, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2500, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 332, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1776, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1844, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1420, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2276, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 360, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2872, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2236, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2404, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2552, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1984, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2488, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1308, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1916, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1160, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2536, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1612, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2440, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 856, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2164, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2772, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3004, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 936, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1760, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2568, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2896, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 488, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1436, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 972, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2044, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2156, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 908, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2476, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2760, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 328, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2352, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2664, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2900, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 892, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2960, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2868, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1156, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3016, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1064, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1972, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2624, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2736, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 904, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2676, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 256, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 2292, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1692, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 1092, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 888, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3084, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3148, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3212, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3276, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3340, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3404, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3468, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3532, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

nslookup.exe, PID: 3596, Parent PID: 3028

default registry file network process services synchronisation iexplore office pdf

Hosts

IP
114.114.114.114

DNS

Name	Response	Post-Analysis Lookup
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
ipv4bot.whatismyipaddress.com
ns1.corp-servers.ru
114.114.114.114.in-addr.arpa	PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com PTR public1.114dns.com
zonealarm.bit
zonealarm.bit
ns2.corp-servers.ru
ransomware.bit
ransomware.bit

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	53179	224.0.0.252	5355
192.168.56.101	49642	224.0.0.252	5355
192.168.56.101	137	192.168.56.255	137
192.168.56.101	61714	114.114.114.114	53
192.168.56.101	56933	114.114.114.114	53
192.168.56.101	138	192.168.56.255	138
192.168.56.101	58485	114.114.114.114	53
192.168.56.101	57665	114.114.114.114	53
192.168.56.101	57666	114.114.114.114	53
192.168.56.101	57667	114.114.114.114	53
192.168.56.101	57668	114.114.114.114	53
192.168.56.101	57669	114.114.114.114	53
192.168.56.101	57670	114.114.114.114	53
192.168.56.101	51758	114.114.114.114	53
192.168.56.101	51759	114.114.114.114	53
192.168.56.101	51760	114.114.114.114	53
192.168.56.101	51761	114.114.114.114	53
192.168.56.101	51762	114.114.114.114	53
192.168.56.101	51763	114.114.114.114	53
192.168.56.101	51764	114.114.114.114	53
192.168.56.101	51765	114.114.114.114	53
192.168.56.101	51766	114.114.114.114	53
192.168.56.101	51767	114.114.114.114	53
192.168.56.101	51768	114.114.114.114	53
192.168.56.101	51769	114.114.114.114	53
192.168.56.101	51770	114.114.114.114	53
192.168.56.101	51771	114.114.114.114	53
192.168.56.101	51772	114.114.114.114	53
192.168.56.101	51773	114.114.114.114	53
192.168.56.101	51774	114.114.114.114	53
192.168.56.101	51775	114.114.114.114	53
192.168.56.101	51776	114.114.114.114	53
192.168.56.101	51777	114.114.114.114	53
192.168.56.101	51778	114.114.114.114	53
192.168.56.101	51779	114.114.114.114	53
192.168.56.101	51780	114.114.114.114	53
192.168.56.101	51781	114.114.114.114	53
192.168.56.101	51782	114.114.114.114	53
192.168.56.101	51783	114.114.114.114	53
192.168.56.101	51784	114.114.114.114	53
192.168.56.101	51785	114.114.114.114	53
192.168.56.101	51786	114.114.114.114	53
192.168.56.101	51787	114.114.114.114	53
192.168.56.101	51788	114.114.114.114	53
192.168.56.101	51789	114.114.114.114	53
192.168.56.101	51790	114.114.114.114	53
192.168.56.101	51791	114.114.114.114	53
192.168.56.101	51792	114.114.114.114	53
192.168.56.101	51793	114.114.114.114	53
192.168.56.101	51794	114.114.114.114	53
192.168.56.101	51795	114.114.114.114	53
192.168.56.101	51796	114.114.114.114	53
192.168.56.101	51797	114.114.114.114	53
192.168.56.101	51798	114.114.114.114	53
192.168.56.101	51799	114.114.114.114	53
192.168.56.101	51800	114.114.114.114	53
192.168.56.101	51801	114.114.114.114	53
192.168.56.101	51802	114.114.114.114	53
192.168.56.101	51803	114.114.114.114	53
192.168.56.101	51804	114.114.114.114	53
192.168.56.101	51805	114.114.114.114	53
192.168.56.101	51806	114.114.114.114	53
192.168.56.101	51807	114.114.114.114	53
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51809	114.114.114.114	53
192.168.56.101	51810	114.114.114.114	53
192.168.56.101	51811	114.114.114.114	53
192.168.56.101	51812	114.114.114.114	53
192.168.56.101	51813	114.114.114.114	53
192.168.56.101	51814	114.114.114.114	53
192.168.56.101	51815	114.114.114.114	53
192.168.56.101	51816	114.114.114.114	53
192.168.56.101	51817	114.114.114.114	53
192.168.56.101	51818	114.114.114.114	53
192.168.56.101	51819	114.114.114.114	53
192.168.56.101	51820	114.114.114.114	53
192.168.56.101	51821	114.114.114.114	53
192.168.56.101	51822	114.114.114.114	53
192.168.56.101	51823	114.114.114.114	53
192.168.56.101	51824	114.114.114.114	53
192.168.56.101	51825	114.114.114.114	53
192.168.56.101	51826	114.114.114.114	53
192.168.56.101	51827	114.114.114.114	53
192.168.56.101	51828	114.114.114.114	53
192.168.56.101	51829	114.114.114.114	53
192.168.56.101	51830	114.114.114.114	53
192.168.56.101	51831	114.114.114.114	53
192.168.56.101	51832	114.114.114.114	53
192.168.56.101	51833	114.114.114.114	53
192.168.56.101	51834	114.114.114.114	53
192.168.56.101	51835	114.114.114.114	53
192.168.56.101	51836	114.114.114.114	53
192.168.56.101	51837	114.114.114.114	53
192.168.56.101	51838	114.114.114.114	53
192.168.56.101	51839	114.114.114.114	53
192.168.56.101	51840	114.114.114.114	53
192.168.56.101	51841	114.114.114.114	53
192.168.56.101	51842	114.114.114.114	53
192.168.56.101	51843	114.114.114.114	53
192.168.56.101	51844	114.114.114.114	53
192.168.56.101	51845	114.114.114.114	53
192.168.56.101	51846	114.114.114.114	53
192.168.56.101	51847	114.114.114.114	53
192.168.56.101	51848	114.114.114.114	53
192.168.56.101	51849	114.114.114.114	53
192.168.56.101	51850	114.114.114.114	53
192.168.56.101	51851	114.114.114.114	53
192.168.56.101	51852	114.114.114.114	53
192.168.56.101	51853	114.114.114.114	53
192.168.56.101	51854	114.114.114.114	53
192.168.56.101	51855	114.114.114.114	53
192.168.56.101	51856	114.114.114.114	53
192.168.56.101	51857	114.114.114.114	53
192.168.56.101	51858	114.114.114.114	53
192.168.56.101	51859	114.114.114.114	53
192.168.56.101	51860	114.114.114.114	53
192.168.56.101	51861	114.114.114.114	53
192.168.56.101	51862	114.114.114.114	53
192.168.56.101	51863	114.114.114.114	53
192.168.56.101	51864	114.114.114.114	53
192.168.56.101	51865	114.114.114.114	53
192.168.56.101	51866	114.114.114.114	53
192.168.56.101	51867	114.114.114.114	53
192.168.56.101	51868	114.114.114.114	53
192.168.56.101	51869	114.114.114.114	53
192.168.56.101	51870	114.114.114.114	53
192.168.56.101	51871	114.114.114.114	53
192.168.56.101	51872	114.114.114.114	53
192.168.56.101	51873	114.114.114.114	53
192.168.56.101	51874	114.114.114.114	53
192.168.56.101	51875	114.114.114.114	53
192.168.56.101	51876	114.114.114.114	53
192.168.56.101	51877	114.114.114.114	53
192.168.56.101	51878	114.114.114.114	53
192.168.56.101	51879	114.114.114.114	53
192.168.56.101	51880	114.114.114.114	53
192.168.56.101	51881	114.114.114.114	53
192.168.56.101	51882	114.114.114.114	53
192.168.56.101	51883	114.114.114.114	53
192.168.56.101	51884	114.114.114.114	53
192.168.56.101	51885	114.114.114.114	53
192.168.56.101	51886	114.114.114.114	53
192.168.56.101	51887	114.114.114.114	53
192.168.56.101	51888	114.114.114.114	53
192.168.56.101	51889	114.114.114.114	53
192.168.56.101	51890	114.114.114.114	53
192.168.56.101	51891	114.114.114.114	53
192.168.56.101	51892	114.114.114.114	53
192.168.56.101	51893	114.114.114.114	53
192.168.56.101	51894	114.114.114.114	53
192.168.56.101	51895	114.114.114.114	53
192.168.56.101	51896	114.114.114.114	53
192.168.56.101	51897	114.114.114.114	53
192.168.56.101	51898	114.114.114.114	53
192.168.56.101	51899	114.114.114.114	53
192.168.56.101	51900	114.114.114.114	53
192.168.56.101	51901	114.114.114.114	53
192.168.56.101	51902	114.114.114.114	53
192.168.56.101	51903	114.114.114.114	53
192.168.56.101	51904	114.114.114.114	53
192.168.56.101	51905	114.114.114.114	53
192.168.56.101	51906	114.114.114.114	53
192.168.56.101	51907	114.114.114.114	53
192.168.56.101	51908	114.114.114.114	53
192.168.56.101	51909	114.114.114.114	53
192.168.56.101	51910	114.114.114.114	53
192.168.56.101	51911	114.114.114.114	53
192.168.56.101	51912	114.114.114.114	53
192.168.56.101	51913	114.114.114.114	53
192.168.56.101	51914	114.114.114.114	53
192.168.56.101	51915	114.114.114.114	53
192.168.56.101	51916	114.114.114.114	53
192.168.56.101	51917	114.114.114.114	53
192.168.56.101	51918	114.114.114.114	53
192.168.56.101	51919	114.114.114.114	53
192.168.56.101	51920	114.114.114.114	53
192.168.56.101	51921	114.114.114.114	53
192.168.56.101	51922	114.114.114.114	53
192.168.56.101	51923	114.114.114.114	53
192.168.56.101	51924	114.114.114.114	53
192.168.56.101	51925	114.114.114.114	53
192.168.56.101	51926	114.114.114.114	53
192.168.56.101	51927	114.114.114.114	53
192.168.56.101	51928	114.114.114.114	53
192.168.56.101	51929	114.114.114.114	53
192.168.56.101	51930	114.114.114.114	53
192.168.56.101	51931	114.114.114.114	53
192.168.56.101	51932	114.114.114.114	53
192.168.56.101	51933	114.114.114.114	53
192.168.56.101	51934	114.114.114.114	53
192.168.56.101	51935	114.114.114.114	53
192.168.56.101	51936	114.114.114.114	53
192.168.56.101	51937	114.114.114.114	53
192.168.56.101	51938	114.114.114.114	53
192.168.56.101	51939	114.114.114.114	53
192.168.56.101	51940	114.114.114.114	53
192.168.56.101	51941	114.114.114.114	53
192.168.56.101	51942	114.114.114.114	53
192.168.56.101	51943	114.114.114.114	53
192.168.56.101	51944	114.114.114.114	53
192.168.56.101	51945	114.114.114.114	53
192.168.56.101	51946	114.114.114.114	53
192.168.56.101	51947	114.114.114.114	53
192.168.56.101	51948	114.114.114.114	53
192.168.56.101	51949	114.114.114.114	53
192.168.56.101	51950	114.114.114.114	53
192.168.56.101	51951	114.114.114.114	53
192.168.56.101	51952	114.114.114.114	53
192.168.56.101	51953	114.114.114.114	53
192.168.56.101	51954	114.114.114.114	53
192.168.56.101	51955	114.114.114.114	53
192.168.56.101	51956	114.114.114.114	53
192.168.56.101	51957	114.114.114.114	53
192.168.56.101	51958	114.114.114.114	53
192.168.56.101	51959	114.114.114.114	53
192.168.56.101	51960	114.114.114.114	53
192.168.56.101	51961	114.114.114.114	53
192.168.56.101	51962	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	51964	114.114.114.114	53
192.168.56.101	51965	114.114.114.114	53
192.168.56.101	51966	114.114.114.114	53
192.168.56.101	51967	114.114.114.114	53
192.168.56.101	51968	114.114.114.114	53
192.168.56.101	51969	114.114.114.114	53
192.168.56.101	51970	114.114.114.114	53
192.168.56.101	51971	114.114.114.114	53
192.168.56.101	51972	114.114.114.114	53
192.168.56.101	51973	114.114.114.114	53
192.168.56.101	51974	114.114.114.114	53
192.168.56.101	51975	114.114.114.114	53
192.168.56.101	51976	114.114.114.114	53
192.168.56.101	51977	114.114.114.114	53
192.168.56.101	51978	114.114.114.114	53
192.168.56.101	51979	114.114.114.114	53
192.168.56.101	51980	114.114.114.114	53
192.168.56.101	51981	114.114.114.114	53
192.168.56.101	51982	114.114.114.114	53
192.168.56.101	51983	114.114.114.114	53
192.168.56.101	51984	114.114.114.114	53
192.168.56.101	51985	114.114.114.114	53
192.168.56.101	51986	114.114.114.114	53
192.168.56.101	51987	114.114.114.114	53
192.168.56.101	51988	114.114.114.114	53
192.168.56.101	51989	114.114.114.114	53
192.168.56.101	51990	114.114.114.114	53
192.168.56.101	51991	114.114.114.114	53
192.168.56.101	51992	114.114.114.114	53
192.168.56.101	51993	114.114.114.114	53
192.168.56.101	51994	114.114.114.114	53
192.168.56.101	51995	114.114.114.114	53
192.168.56.101	51996	114.114.114.114	53
192.168.56.101	51997	114.114.114.114	53
192.168.56.101	51998	114.114.114.114	53
192.168.56.101	51999	114.114.114.114	53
192.168.56.101	52000	114.114.114.114	53
192.168.56.101	52001	114.114.114.114	53
192.168.56.101	52002	114.114.114.114	53
192.168.56.101	52003	114.114.114.114	53
192.168.56.101	52004	114.114.114.114	53
192.168.56.101	52005	114.114.114.114	53
192.168.56.101	52006	114.114.114.114	53
192.168.56.101	52007	114.114.114.114	53
192.168.56.101	52008	114.114.114.114	53
192.168.56.101	52009	114.114.114.114	53
192.168.56.101	52010	114.114.114.114	53
192.168.56.101	52011	114.114.114.114	53
192.168.56.101	52012	114.114.114.114	53
192.168.56.101	52013	114.114.114.114	53
192.168.56.101	52014	114.114.114.114	53
192.168.56.101	52015	114.114.114.114	53
192.168.56.101	52016	114.114.114.114	53
192.168.56.101	52017	114.114.114.114	53
192.168.56.101	52018	114.114.114.114	53
192.168.56.101	52019	114.114.114.114	53
192.168.56.101	52020	114.114.114.114	53
192.168.56.101	52021	114.114.114.114	53
192.168.56.101	52022	114.114.114.114	53
192.168.56.101	52023	114.114.114.114	53
192.168.56.101	52024	114.114.114.114	53
192.168.56.101	52025	114.114.114.114	53
192.168.56.101	52026	114.114.114.114	53
192.168.56.101	52027	114.114.114.114	53
192.168.56.101	52028	114.114.114.114	53
192.168.56.101	52029	114.114.114.114	53
192.168.56.101	52030	114.114.114.114	53
192.168.56.101	52031	114.114.114.114	53
192.168.56.101	52032	114.114.114.114	53
192.168.56.101	52033	114.114.114.114	53
192.168.56.101	52034	114.114.114.114	53
192.168.56.101	52035	114.114.114.114	53
192.168.56.101	52036	114.114.114.114	53
192.168.56.101	52037	114.114.114.114	53
192.168.56.101	52038	114.114.114.114	53
192.168.56.101	52039	114.114.114.114	53
192.168.56.101	52040	114.114.114.114	53
192.168.56.101	52041	114.114.114.114	53
192.168.56.101	52042	114.114.114.114	53
192.168.56.101	52043	114.114.114.114	53
192.168.56.101	52044	114.114.114.114	53
192.168.56.101	52045	114.114.114.114	53
192.168.56.101	52046	114.114.114.114	53
192.168.56.101	52047	114.114.114.114	53
192.168.56.101	52048	114.114.114.114	53
192.168.56.101	52049	114.114.114.114	53
192.168.56.101	52050	114.114.114.114	53
192.168.56.101	52051	114.114.114.114	53
192.168.56.101	52052	114.114.114.114	53
192.168.56.101	52053	114.114.114.114	53
192.168.56.101	52054	114.114.114.114	53
192.168.56.101	52055	114.114.114.114	53
192.168.56.101	52056	114.114.114.114	53
192.168.56.101	52057	114.114.114.114	53
192.168.56.101	52058	114.114.114.114	53
192.168.56.101	52059	114.114.114.114	53
192.168.56.101	52060	114.114.114.114	53
192.168.56.101	52061	114.114.114.114	53
192.168.56.101	52062	114.114.114.114	53
192.168.56.101	52063	114.114.114.114	53
192.168.56.101	52064	114.114.114.114	53
192.168.56.101	52065	114.114.114.114	53
192.168.56.101	52066	114.114.114.114	53
192.168.56.101	52067	114.114.114.114	53
192.168.56.101	52068	114.114.114.114	53
192.168.56.101	52069	114.114.114.114	53
192.168.56.101	52070	114.114.114.114	53
192.168.56.101	52071	114.114.114.114	53
192.168.56.101	52072	114.114.114.114	53
192.168.56.101	52073	114.114.114.114	53
192.168.56.101	52074	114.114.114.114	53
192.168.56.101	52075	114.114.114.114	53
192.168.56.101	52076	114.114.114.114	53
192.168.56.101	52077	114.114.114.114	53
192.168.56.101	52078	114.114.114.114	53
192.168.56.101	52079	114.114.114.114	53
192.168.56.101	52080	114.114.114.114	53
192.168.56.101	52081	114.114.114.114	53
192.168.56.101	52082	114.114.114.114	53
192.168.56.101	52083	114.114.114.114	53
192.168.56.101	52084	114.114.114.114	53
192.168.56.101	52085	114.114.114.114	53
192.168.56.101	52086	114.114.114.114	53
192.168.56.101	52087	114.114.114.114	53
192.168.56.101	52088	114.114.114.114	53
192.168.56.101	52089	114.114.114.114	53
192.168.56.101	52090	114.114.114.114	53
192.168.56.101	52091	114.114.114.114	53
192.168.56.101	52092	114.114.114.114	53
192.168.56.101	52093	114.114.114.114	53
192.168.56.101	52094	114.114.114.114	53
192.168.56.101	52095	114.114.114.114	53
192.168.56.101	52096	114.114.114.114	53
192.168.56.101	52097	114.114.114.114	53
192.168.56.101	52098	114.114.114.114	53
192.168.56.101	52099	114.114.114.114	53
192.168.56.101	52100	114.114.114.114	53
192.168.56.101	52101	114.114.114.114	53
192.168.56.101	52102	114.114.114.114	53
192.168.56.101	52103	114.114.114.114	53
192.168.56.101	52104	114.114.114.114	53
192.168.56.101	52105	114.114.114.114	53
192.168.56.101	52106	114.114.114.114	53
192.168.56.101	52107	114.114.114.114	53
192.168.56.101	52108	114.114.114.114	53
192.168.56.101	52109	114.114.114.114	53
192.168.56.101	52110	114.114.114.114	53
192.168.56.101	52111	114.114.114.114	53
192.168.56.101	52112	114.114.114.114	53
192.168.56.101	52113	114.114.114.114	53
192.168.56.101	52114	114.114.114.114	53
192.168.56.101	52115	114.114.114.114	53
192.168.56.101	52116	114.114.114.114	53
192.168.56.101	52117	114.114.114.114	53
192.168.56.101	52118	114.114.114.114	53
192.168.56.101	52119	114.114.114.114	53
192.168.56.101	52120	114.114.114.114	53
192.168.56.101	52121	114.114.114.114	53
192.168.56.101	52122	114.114.114.114	53
192.168.56.101	52123	114.114.114.114	53
192.168.56.101	52124	114.114.114.114	53
192.168.56.101	52125	114.114.114.114	53
192.168.56.101	52126	114.114.114.114	53
192.168.56.101	52127	114.114.114.114	53
192.168.56.101	52128	114.114.114.114	53
192.168.56.101	52129	114.114.114.114	53
192.168.56.101	52130	114.114.114.114	53
192.168.56.101	52131	114.114.114.114	53
192.168.56.101	52132	114.114.114.114	53
192.168.56.101	52133	114.114.114.114	53
192.168.56.101	52134	114.114.114.114	53
192.168.56.101	52135	114.114.114.114	53
192.168.56.101	52136	114.114.114.114	53
192.168.56.101	52137	114.114.114.114	53
192.168.56.101	52138	114.114.114.114	53
192.168.56.101	52139	114.114.114.114	53
192.168.56.101	52140	114.114.114.114	53
192.168.56.101	52141	114.114.114.114	53
192.168.56.101	52142	114.114.114.114	53
192.168.56.101	52143	114.114.114.114	53
192.168.56.101	52144	114.114.114.114	53
192.168.56.101	52145	114.114.114.114	53
192.168.56.101	52146	114.114.114.114	53
192.168.56.101	52147	114.114.114.114	53
192.168.56.101	52148	114.114.114.114	53
192.168.56.101	52149	114.114.114.114	53
192.168.56.101	52150	114.114.114.114	53
192.168.56.101	52151	114.114.114.114	53
192.168.56.101	52152	114.114.114.114	53
192.168.56.101	52153	114.114.114.114	53
192.168.56.101	52154	114.114.114.114	53
192.168.56.101	52155	114.114.114.114	53
192.168.56.101	52156	114.114.114.114	53
192.168.56.101	52157	114.114.114.114	53

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name	2a5a8b4584a04785_ozxuuh.exe
Filepath	C:\Users\Administrator\AppData\Roaming\Microsoft\ozxuuh.exe
Size	276.0KB
Processes	3028 (089a7cfe881dad24b4c52709da6ebe9dfcc64b16b897effff1e569d07f99ca03.exe)
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`9b0bd44d6def58d460258dd1425b0cd6`
SHA1	`31b69c79364d83f3779c49c85d95523be3a6cf99`
SHA256	`2a5a8b4584a04785191d17cfe9f311e63df02f889bb1337cf680c8ec09f9892c`
CRC32	`22C41AD3`
ssdeep	`None`
Yara	None matched
VirusTotal	Search for analysis

Sorry! No dropped buffers.