1.6
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.73
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Kryptik-LVT [Trj] | 20191102 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Kryptik.mk | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191102 | 2013.8.14.323 |
| McAfee | Trojan-FCIF!79528BEF9FF1 | 20191102 | 6.0.6.653 |
| Tencent | None | 20191102 | 1.0.0.1 |
静态指标
查询计算机名称
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545283.859 GetComputerNameW |
computer_name:
TU-PC
|
success | 1 | 0 |
收集信息以指纹识别系统 (MachineGuid, DigitalProductId, SystemBiosDate)
(1 个事件)
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(2 个事件)
| section | AUTO |
| section | DGROUP |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(1 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\Mozilla\iqbjnwa.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | Gen:Variant.Symmi.33811 |
| APEX | Malicious |
| AVG | Win32:Kryptik-LVT [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Symmi.33811 |
| AhnLab-V3 | Trojan/Win32.Inject.R68636 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.Symmi.D8413 |
| Avast | Win32:Kryptik-LVT [Trj] |
| Avira | TR/Crypt.ZPACK.Gen7 |
| Baidu | Win32.Trojan.Kryptik.mk |
| BitDefender | Gen:Variant.Symmi.33811 |
| BitDefenderTheta | Gen:NN.ZexaO.31176.luX@aaJn@Ff |
| CAT-QuickHeal | TrojanDropper.Gepys.A |
| CMC | Trojan.Win32.ShipUp!O |
| ClamAV | Win.Trojan.Agent-1377988 |
| Comodo | TrojWare.Win32.Kryptik.BBZN@558cla |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.f9ff10 |
| Cylance | Unsafe |
| Cyren | W32/GenTroj.BW.gen!Eldorado |
| DrWeb | Trojan.Mods.1 |
| ESET-NOD32 | Win32/TrojanDropper.Gepys.AA |
| Emsisoft | Gen:Variant.Symmi.33811 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/GenTroj.BW.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.ZPACK.Gen7 |
| FireEye | Generic.mg.79528bef9ff10c14 |
| Fortinet | W32/Kryptik.BCX!tr |
| GData | Gen:Variant.Symmi.33811 |
| Ikarus | Trojan.Win32.Meredrop |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.nm |
| K7AntiVirus | Trojan ( 0040f4c81 ) |
| K7GW | Trojan ( 0040f4c81 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=86) |
| McAfee | Trojan-FCIF!79528BEF9FF1 |
| McAfee-GW-Edition | BehavesLike.Win32.IStartSurf.ch |
| MicroWorld-eScan | Gen:Variant.Symmi.33811 |
| Microsoft | TrojanDropper:Win32/Gepys.A |
| NANO-Antivirus | Trojan.Win32.Mods.bxpgvn |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM20.1.F657.Malware.Gen |
| Rising | Dropper.Gepys!8.15D (TFE:1:7vHFwXUDigM) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Dropper |
| SentinelOne | DFI - Suspicious PE |
| Symantec | ML.Attribute.HighConfidence |
| TotalDefense | Win32/Tnega.ASDJ |
| TrendMicro | TROJ_SPNR.14FD13 |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-05-26 19:21:18
PE Imphash
12a312350d5ee3621812eed370032ac9
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| AUTO | 0x00001000 | 0x0000cb5e | 0x0000cc00 | 6.252491183828161 |
| DGROUP | 0x0000e000 | 0x0001e689 | 0x0001e800 | 6.532657377303238 |
| .idata | 0x0002d000 | 0x0000056c | 0x00000600 | 4.428683645703595 |
| .reloc | 0x0002e000 | 0x000000ee | 0x00000200 | 3.382210282972176 |
| .rsrc | 0x0002f000 | 0x00000000 | 0x00001200 | 3.2280482371058157 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_STRING | 0x00022fd8 | 0x00000082 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library CRYPT32.DLL:
• 0x42d130 CryptBinaryToStringW
Library USER32.DLL:
• 0x42d138 LoadAcceleratorsA
• 0x42d13c LoadCursorA
• 0x42d140 LoadIconA
• 0x42d144 RegisterClassW
Library KERNEL32.DLL:
• 0x42d158 CloseHandle
• 0x42d15c CreateEventA
• 0x42d160 CreateThread
• 0x42d164 DeleteCriticalSection
• 0x42d168 EnterCriticalSection
• 0x42d16c GetCommandLineA
• 0x42d170 GetCurrentProcess
• 0x42d174 GetCurrentProcessId
• 0x42d178 GetCurrentThreadId
• 0x42d17c GetLastError
• 0x42d180 GetModuleFileNameA
• 0x42d184 GetModuleHandleA
• 0x42d188 GetProcAddress
• 0x42d18c GetStartupInfoA
• 0x42d190 GetSystemTimeAsFileTime
• 0x42d194 GetTickCount
• 0x42d198 GetVersionExA
• 0x42d19c InitializeCriticalSection
• 0x42d1a0 LeaveCriticalSection
• 0x42d1a4 LoadLibraryA
• 0x42d1a8 QueryPerformanceCounter
• 0x42d1ac RegisterWaitForSingleObject
• 0x42d1b0 SetEvent
• 0x42d1b4 SetUnhandledExceptionFilter
• 0x42d1b8 TerminateProcess
• 0x42d1bc UnhandledExceptionFilter
• 0x42d1c0 VirtualProtect
• 0x42d1c4 WaitForSingleObject
• 0x42d1c8 lstrcmpiA
• 0x42d1cc lstrlenA
• 0x42d1d0 LoadLibraryExA
L!This is a Windows 95 executable
`DGROUP
.idata
0@.reloc
B.rsrc
ZY[QVW0
EA;u~E
}_^YQVW
_^YQVW
E;E|11
;E|E;Eu
u)t1EEJEEM8M
^ZY[SQVWH
_^Y[SQRD
CZY[QRj
iESEVEESrr
anFFSr'
nnoeEanl
EsnEVd
EnecRA`EerEEl
3Avlslr
laoEnE
dP`budlr
dW2CFEaPPdPdn`zrd
Qt1yVFrEP.zzvz1
dGVvvoPnPiE1rESc\drEEPtFFvvnlrVldlrEEinSzRzndFdEenpsn
iaetSEaEFpVErurnSSe
~PVFEEEadPPprEahFeVtzlSrEneMv
FaEBrfnnEtedlEV
EEuUEEESoounlPXiEddVwmGEE1entdre
erFVOntIPt
oVQEc|;P
GnV+e4VE
+N1SduGE
>Ax4VenX_P
Ehjsd^P
<}Psjuj
EEt1hU
_EthPu
EUE]uu<
-t@xkRBVt8@
YxMx jEBt
[vQR]1~
s@CbEQ
@tHttx
J^SZ@S
8`_^[]
UQV39N
9` 8` 8`
!8`UQVj
8`8`8`8`8`!8`UQA
UQV3E;
E;urjH\Y;t
8`E_[^
8`F _^[]
EP3PPPu
8`E_^[
8`8`k8`D
U 3S39]
VW3VVEPVEPD
XM_^3[
SVW33]}~D9
h)8`v<
8`EI8`V@3;
9`PvDJ
8`CscNetApiGetInterface
j\'YY3f
8`;M_^3[
j1CPVP
M_^3[G
MMMw H
@@fu+=
EPEPEPuu`E
@@fu+D
9`PV.E
E4NEtNH
@@fu+E
8`)ZYUE
f8@@fu+E
RPV&E
4~EMU3f
EMf<H\t
@@fu+=
N[uu$5L
9`3QuQS
UE SVW
@@fu+\
f0@@fu+D
@@fuu$+u
3_^[](
3EuuuE
VEPSEPEPEPEPWu
uESPEPuuWu
@@f;u+=
8`39Ht
8`P9Lt
8`P^@4
R8`R8`U(
@@fu+p
VSbj\S
@@f;u+
M_^3[c
U0Wj,3EWPE
E(EE ;u"E
uEWEPj
t3<t.HH
S3A#VW3U
####uuuuuUEu9u
@@f;u+D
@@f;u+D
E9u(~%E
@@f;u+9E(
@@f;u+
SSuEVh
8`_^[(
VWtKf8\uEfx
jCXU](
@@f;u+=
"E7E_^[
QRPh8`ZYU0
@@fu+t^u
@;rK9]
uuuu v
8`ME_^3[i(
;t=f97t89Ht0PHPWP
$u(3VCS$u ,0WH(3;
M_^3[$
QRPh8`ZYU
VWE3Pj
u.EPuY
u}Y9}t
uoY9}t
9`W38EPEPWEPWu
8`Ezu{u}
QYYE;tG;tCMQMQPEPSu
uYE_^[
VE3PVu
9`gjWX
u#j(Y;
@@f;u+D6
FVS%j(+
Yt WVu
jPLYtWVu
N AN ;N
@@fu+E
@@fu+E
@@fu+E
9`3WrM
3^_=j5X
@IuuaojCX
@@f;u+D
@@fu+Pv
farfzw
Q8`EEPfU
vj:VYYt
f1r>f9w8
MU}jCXt
3SVPhLe8`VPE
@@fu+P
^@88`(C
Sdj@VYY
u SSh88`
VVSWPJ&
;|=uu u
@@fu+=
T$PVHs
*jC_PPH
HTP8P@Ph
LX(VWu P,d
;tok9Pt
D<t5Lf
YfEj:XfE3fE9E$
9<u(Wh
3M 94v9E
C;t?f9
t:9Ht2j
Yj:fEXfE3fESEP
$u ,0WH(
@@fu+T
@@fu+L
@@fuu +u
@@fuu(+u
0SPPjPW|
t2At-=]
8`ES{Y@;t
e3uu_E
e3uP95
e3uu|VEP
8`E3E3;t
9`^LWj
hXe8`W
9`8EPV
hd8`\jPP}s
@@fu+3fLFj
FHFDPEPWh
8`?8`n8`
8`C8`8`\
8`8`8`
8`F8`8`\
0~8`8`=8`
6666666
98`8`8`8`
8`8`|e8`}8`
@@fuVu
UQSVW3Wj
;t(WEPF PjF
WEPF PjF
UQQVVe
SWF 9F$s2V
@F$;F r
f8@@fu+~
f8@@fu+
8`F$3_[^
e8`~v
EjPF PjF
Vs W9s$s7{
Pf}C$K
@@fu+L
f0@@fu+
C$3_^M3[z
W9s s7{
PfzC K
@@fu+L
f0@@fu+
9`PWQG
C 3_^M3[
*3B8B<B@BDBHBL
@e8`Tyv<f8
Hyv@f<
<yvLf@
f:f;8u
C;rFL+
UQSPxe
CH;CDu
Wf8@@fu}
CH3_^[
U8`a8`k8`a
VszY^]
UQVWEP~
MQ^DSjF8PjdW6
F<PjdWQz;
j PitEYYuM
t<j PsYYt
j|EPEPW|#
3M_^3[q
PK~3fj\Pp
j\PpYYt
jWXM_3^
SVWEE33PCSj
uuu]uuu
EPj8EPj
tHEPVu
8`E;t9EPuu
u&EEEPEPEPuu
8`E_^[
h8`Xj3uu
3@V9uuOuEPu
9`EE39u|
o8`8`U}
PfP6n54
h(8`WPy
8`WPyy
M_^33[k
8`;t?SVh
ju4XP\Pu
fEXfEVEPEH8`
8`fEf9Evh
8`t=fEf+EfE
WEPV}t
j:fEXh
MMMQPEEPE}
PW6EG#
@@fuu+@+
@@fuu+@+
M_^3[c
U S3MQ@3PSh8`h
^EPEPEPShd8`uu
3;uEEPEPu
@@fuSV+W|
8`_^[]
S3Vt*U
@@Nu_u
|8SVW}
SEPEPEPu
@@f;u+VW=`
;tLuVPE3;t
@@f;u+
@@f;u+t
uVWH9]t
u9]t+EP
@@f;uM+
S3VW]]]]9]$u
EPu$u((
;ufSu4EPuh
;uBEPEPu
"u,u0uf(
SVu0M W}(
PQPPRQ3f
9t,Vu$Pu
9`gVWu$Pu
P;u/;t
@Iu9t6
u.8u3%
j\Pt[YYuL
@@f;u+
VWPhhLe8`WP
SPVdhu
t'jW8V|
t+;t'Pj
jCXM_^3[Z
EEPSSj
W]]]]]]]E
\MQuPj
8`ME_^3[_Y
U$S3Vu
@@f;u+WV}'Et2
EPWWW=|
8`3;t{u
VWE3Puu[;uWEPh
bu=E;t6u
PQMMMME
8`HEPuWu
U0MSEP3jdS]]Yu
hXe8`P
9`EPSSu
8`E;tnWMQuPu
uC]BEPu
PqdVW}
8`;t5E
h`8`M3ukt
Eu:;t6up p
PMRuoK
(8`58`Ul
};u5EPh
8`;|`EPj8EPj
8`;|EEPEP
8`;|3Wu
jC^9}t
8`VnM_^3[O
MQSMQVuPh
EPSEPVh=
XfDqNv&j
8`M3aN
j:fEXfE3fEEPuESj
SREY[M_3^.M
8`I33uuuUt
VEPEPEPu
];|A;t=uuuuu
eE3]9ut
M8`Z8`U
t0j:AfEXfE3PPPfEj
3M_3^kK
h`8`G3u3uu9u
3G9u$t
eE39ut
$8`18`UM
S3Vt*U
@@Nu_u
@ItUVW}
@@fu+D
EPjdVNt<
UQQVW3Vu
PVEPjdVuu
UQQW3WWWu
2t{:tvAtq|tl3kueIEPjeu
@@f;u+Vp
Vu}uj;t
UQQSVW}
8`YYFFVj@
j\S]FYYt
@@fu+\
0FSu7F
t!f8\u
VEEPEPh
UQQV395@
PVVV5@
fukPPj
8`M_^3[B
@@f;u+p
EH t f9
0@tNf9
Ucsm9E
B(;r3_^[]
hX8`<e
8`VbYt=E
+PVYYt+@$
18`E8`%L
@*dm$Z
feOoZZZ
rbMcZ".Z
j@E[jP
@QEM@
QQQljM
EWkQQ]jQ
04EVSm
QI}jEhD
44WG+]
ka+kkkO
+fO,kOq
yk3kq@
akfAU_k
k3^fPN9k
@u@pR@
tp@DMj@
Uj@8 ]U
$MMj0@3h@
U3tMh$h
uH@PSE@3
U +FWV
+pdKl`~
+@hWt++
+WdV+F
`Vd+`+WE@
0Q0|U;xRE0
UMq|PQED0
0APt00fRAR
Gt00;h0
^qQdUxqSE@
fj3qjWj3+
`RURRA
]Sp^<E
]V_]@$_
Sj3JKM^[D
hjD;9fuD
DPtDh;
j+,tWD
.@DfWDI$@\u0Dp
S<RPh:
@DX=8DphD
f0jfd=td
`h033hSh`
QIM@HHE
LL$vfu
3fuuDfLa
t9ft3Ufj+p
3;f5hMM
tYh="uh
UDs"Pu
m"Ep1"
pTDDje@YYD
D]=9DD
qt}59sq@Et7
E}ht]D
|tvS@(
Dh|||W
h@p@@ h*o
=huUAV@
fY3lu"
uP~DWDI
"q"YMlfE"P
f"P);N
Ufu3uf
sx3P]S5YDS
hPDPV]MP[PS^
Pu_?0;P
V@PPE]9
5uut^V
D^f`_5D3u
jYHY_@
H9` QD/
HD@!@@
43;t N
DrDE=t
@pj5^q
P_^@YtY
YYYYt@
W@tEWY
P~tP~p
p@^DlD
Ptpjj,W@
fMSE_^
W:ut:j
c3:tsM)N
}::tDMV
_T::hHO;
@HU3@H
EEx@3p3@;
p_d=?@
@`@t0|
s+;^V k;
h,hhEuY60h
@9#3h]
(>V}5u@
]h0D]`E
hUh4hDh
^U"t|hjP@
jPC,2C
},((D4H
uu9udt
]G]@DL
0]E]j]
t]DSSU3]
_@MffMfV
PtD3UDEp@3u
pDDUuD
DtUUuH
Djp@YHu
YD;D#r
uDP;up]uC
4@uq=V@
@E@u<tV
YH<E<Mr
(]U9rW
S<3;q(
9<h]dE@E
@[tV^-
}PPETSD
"=SVDEh
tPtt3L3E5tD@;Q
?D_9Et
')jM\Mu
tD ^MPM
]utYu3u
Utt3_^
+ufUu}
tyMMffuV
f"EfjJ_E
+3@Yu@]
^vuD0'
'@@U@Vv]
@P@;@VV
E^pU`
;, @]9v
rF@NN@N$@
Du<G@D
@DE@1D_
F@DDO@
{ {P{C{
P^@t{W
uPPXY+;u
u9;t+u@
9WVVVYW
(_Vt;
V8tc=E
3juutF
A3utuulu
FuuuEu
ttlY~uuQju0Y"
YPH;YY
]D8u@tduu
@pFu@V@
[S@Evu
@vsvruDC
@}t@u@
pQY3uL
P[t34iU
r@@=jT
Wuwuu@
Yj3p0u[@33Dt&
E]tujt
0PPoWo
f@Ifu@
vv(@vDv$
vvT,:a4vY@6
Jv<v2vv
vX`vHvv
vRPiv\
Bdd|,7
P;YYFt
YF@@V@P >
tPuF;FY
;VYYvYUY@Y;Y
^@PY@@
t<F+t@;W
E;@85tY]YU
F@Y@P;
E@YIYt;~PD
S"3$=u
EpSu$@
uuM]S@
uQE uu9QuW
3p]uS^e
EE$uu_uSppu?S
<Spp uu
3]M]ua}UthV
$PLSW$
Wh,9Qh_S
7@]t@L
drrSerte
aicat o
ikfo iro
heaTnlt
itRnnath
3rmnsi -i
zn oareb
ean2aoi
t 24ve
-ie09 u
0aixag1/ei
leef-fo
r-rrne
peeeceoWiR
LenL3P
tlosUls
coFiGL
oaeell
lGiGss
nsDfeGM
d2dD/o
ssemUs
gAcrreJls
aaarru
vWMcsM
:sMoom
ss/emMu
,deemMss
aMTeurruaaMD
aMcybsTdO
aoySadh
aTdyndtuiurSs
AlFaanu
pnf_?rjrrmor98qy@o',s/
v\qdwpylar
r42urk|
sn=t>:{)}^`6+fh
;%v(b1rercrd0[tzreugz
lw5rr.argbc~*r7xj&
_VIX_AZ PA5WIJ-|{V]_P YWFS_9L>2FJ
__*L0_^=
;3RS+O_%"TK)[
}?KEHG
_MQ_&_/~U
B8YDG_
Uk4ezh
B|# 5\+
IT s[UY0A+n~vl7
iioGoGn
srLTppcO
OsOTsOy
sgx.RSoSd
d\iapFo
dWFuRt\eFs
Gxtroen\
eCFFaerF
GWiGlFH
FemlGRF
FezAli
etoFada
meSIleFaeS
asthtsl
mWaetG`Mie
eaWspHryepl
edTetCenrarFoyGptDdr
etrGdy
uoPaeer
HonchaiCtaeeaIectsP
uaaWrvPTlreiDlTeaaTr
trtaesa
eGesetCeVmA
teWtiico
aixJEeo
reedteGWan
asGscttsrKgudnPaerdlranrnl
lotnWt
nWgdhchoaWnn
esasAehmgIn]TLo
sRsSn3aTs
ieranreeEM2aa
EWloAaeen
apa.Nt
mlenmciotenc
DttnLoMge
aGWWLrsntEdDitge
oeefdds
xisnsisirs
srQrraWssWde
nrPnWwDa
isnCtpTWigsexe
tldorDEg
tuBiooos
iePena
wsUmolWB
Eytagasd7Wo
LSExtlEtasyGE
etx3aeletR
guecDtud
eeRVtE2oplPtx
tReUxtegDrlI
tW!Woee
lyHl3WeaWennSoE
ule2eeAltR
SKaNEnCr0ECE
g.tl.n
Ssadte.clxCVzlVWil
eeQtitrliata
m~tIoauo2
.WGioIeiAola
2TrUiff
CtrmOar
tctaIilUenSz
ocxitl
runserShiea
lrUiSnae
Catted.ztiitnm
rletod
Socpho
H3eUeos
neroLleleddmpeelIrsPloHvPxtrgt
Wlrxlnee
ciuorercrearillcoetStinGirrlFltdEe
netrrPAdtn
etosMl
bdolSeraeeEHElo
sDeorPnlWgdleantlDdnsiensrmstiGgFtEerr
slecdd
uSlrlnCSteeGuioeEpi
lTatsn
Peeticeen
eiiezerrndectntio
GTdcCF
eeteSktcoo
ccnlnAeIat
rCelSiHelyDrr
eelissitnnllnIsgC
teeaatnAtalleIn
uleeslcaVieeeirdeToun
lHhiecaeneenerCmecao
oSolGeCtckrtrLmtnt
cCaGdcbrmscnterr
fcDnornt?
eeetrnrEty
LatorrLtar
iLsteotvettteaitet
titen9itCratttEte
eoLiradll
iSFtdstrt
aCtsLBRHCOn
PFWegiCMi
CszCdn
eiAnpPaFeFFsaUFeecPFFgo
PhMFHeVeSppMeFrutui
lrlaetr
FyhSyWta
peowno
rWIFet7t
yegFnl
Ilirla
Z7Y1)F5
~sIF{03FfBF8MFXHn
s55a#:
,7` 5q5q55z'55#k
H65k5i:
H &~j|l]HP
Dv;dlcfC
-d"MOR/^/s(0f
9/7)wl3g
as#gHP@U;
;fg!LZ
d0>iK1
qy+^j:3w.
a HL5/
"c3C0aA
z&&4.v%
6AV[R RZ
}Ak{1%f% `{
BzBo }
2\y0Y$y$RdRRR|8
NgR~lXg=H
16bfFPd
T;/C,#W3Om
AU^j7CO!qI
%"?0CiY#]/Xw
H@a3dn
~cBR-,''_m,
dY<w:
Ko9$\:lzd)
P&\hk%
(CkkkH^kk
H=wk@S
Gjn?`.
k2RH+H
EHkH_V#PkiHk
b!Nok%
tHk-\=((,
(%<0g((V[Jg2
(&vL\N
&4(('-[(
#_FP2b%
@((i(P;
g'd}\k4m!
,ciZa&DJKO>u
6[C"[$$7ie1ph7
L#VNKh!be[P72Uc
r>+7]Of
#_w7d77|
HD\@<t0TTT
,Dttt-
s<l.TTT@
Q6lyO0n<
rT'D.5`
D1NbJ+(!')
,Hzm{u?jj
[=W)'vj
/5_#?jX|A
Ai^pPj
'j%7ja:
Fl{]jH
04h0u0/0R%v
:0s+$sz@
Zd000.&\i0a
Fl<$DE.
'$366wMnQa`)
$Y)-o.oo}^r
EOCyBsb
*%8x&n"
IvlcS"G-(
\VW$le
QzU09!
Ss~#e~UI
(Xfs*(&k.
f98XP=
*7}0!9J
d4vxer#G7
r*bYPI
N?Vf+wWj!:&_
]?dN[P
E>9FVgKe
Y 1ZN~
?2kcY#
gk6d'O=5
38q3(7
`1&66iTy
(O0Bz/f
<DxM05
`r Te(wl
{4! 8>
M+!pE) b
{|x)}g
v@L"v3Evvc
47vJeKI"g
i\ qs+I_B
;R8v.D`
yjyvZ}
\<x}Ovt
vAvvkvk0
S "(!vG{n)l
DC/N%M~try iB6j
(CEQ04c`
IMlMv2T%$U
TW[Uk99
99<h5sP%j
~}e8m9
>+;s;,9
>W=mlB !a6V
9}*99~K9;:z[(z?[.z
o{etwA
znzxrz8RR*t
9N}-9fH@b
7QGw#ziz"s
O}Sb-M4
92+[Z$
`cw2UE
)\22xI
b2]7Mk~
~222m]2
PymJp,"
]+-TD+1j@:+
=>wH+P~+S
+gu$+y+
f +FB&
+V[:{JC
!8npdK]{pl
G}>0lGvKK
r$t=i>KJPA|>)o2@
YaE~:KKk&KMK
$G7I.+"Z5-
<;{==2
Dr`M 6
5cCc$GN
(xF0U7z/5z
0"[H-uP
v=`xFz-~T@~f
ivTv [0?
k3jJy1
BY(w2L
BP'Xc((
DLr>7"bd
+t8a2A
;.J>?N
z?E,Sqg!
1+{P?}u
znD$}0
tlQ$w+
g<(HAQ>
/F!&lA}ctx
v2#?Utbx
Iy\|q3Y7f
>}fgD'
v?|IBK
(y]<r|V
]K/e>p
?A^.'<
';kp 7+mJ+a2v
21$AM%boiX.w
>1CyTgSF1
R^A^qq
C<%^]AM1B-L
L1D11"p
dM6NAU"a#
kUQDUhZ:
NH5Y.:O
xuWmoUG@qDs
6mcdqtd|LsJ
97^=6>[:66
VJ"kjro,2
^x-l6buz>6J%_v6|xU-=6y~;
6p:6_C6;u
?6._6O
GW.v*b
E/8F5V #we%5zkWku?<WDrZVc&
#uV#Je
Y|Ko@0
Ud#N+t
#1g,ay/CD
==?N|/j"25
nfpFrW
P(]\&}
L`kL}i3}
}4}}}}h9
}>|Wd+
V,E*~DMr
f5!1D)DD)p;
+DD V{m
Acy\XDn
5BULt
tMtQzW:q
ktQ/nTO
[\ot@u
ttJt6--
n-3-KB 4fH0
-/-tX_-
xGlL-JuQH
),s}pL&BxZ_0H
WmgB_(s^~R}^
T>5f~6A:
xoMqj+
+mVyv?
M4FTq1e-F
sFQ Fd
SF&&<UO
Fk)FFN
d1,ts7\X
A~V[~~
`2Fs`rssss
n`ZR4sj0Abs
CB,3{<8s
~QF8DcYNn*
;NN0RN
/~`"B)
NF)0zNM5j%NO
MNNN1N
7SPBRC
NRH^RL
:x>HRAPm@.0Qj
Umhw93Uz=
/HVhH]
HjQEHN
QPtK%vs
JmY<M8
$+8JKwO
Qp8bCL.=Aj<6<
*<<+T%`
<CU<HkXJ
M<v<I<}
Maw5?\)
MMMbekM
5~M3M!`d
K^}8s&Y
\PS_2$]vg
I~pEoMP
p]pG|ak0{^iTkOZhR
)A};dM'
NH49RiS-"GE
\J';*%5
waip'&
uZ{1kh
Yo,v4V&S
Y,U>ED:]
hQcYW>f#3
GU!d\-
4s@IS/'%
?PYo$Mp
HW9AN>
'3.lE ]|q
Wq&<&SP3
:!CP}(`<
OJQ/XK
7:GK-rH}>kx
][Vh\6<E
xo{"(}
*S!<lrL5,YG.D[H#[
B:#p_9ca
71ri0CwvA
_.9^Ay'
AyL:~FrO#dE
GGta7GGk
LA)RA9lh$
yIS13_Gz#
6P]PQP
M_Nq}Pd
(X^.PP
Pjs3CPP=Q~
iPY<U,!01U\U,B
UQxTl:>OUl^>qExv
UE;KUWnDp
&Exf9 Ut06
Pq6,@U
Kjn~ad;
@~(9U +m@
F8lIhQTYWa2N
|?[?VE1?
g??`j94
%?(Bj^
oBMg?sB,?~y
WQcB?BB
BBYzLh
bB(LBY
_EV*|z' "
Is_G_D_
=Fs]}U_diM
_O'BK@.\_#
_'_E|5OLr
T_'_1~>
Q<_Ma@|_j#0
\Bwsg( BUSy/BO
B/BBY`BD]
mVP+.[
$Bp+T)J
Bw&IB'L0
ZaB%gu6Sr
,Oi7 r
;(6^W5
Kj_mS
((%.P@W
..A`?~.X
(.Z(\.
jl@(/s
]F}XptTiswl5
w]wMb/
tQJ_nR
Z+u39*
E$PS:tn(~D~
}6F=vvo
gb,BdI~
\:6*6:
Ht]zki+:
:5LQ<{iy|#6C:O
6H:mQG
68:6S6} 1t!:@*
6KJ:c{:
66T:Fa:A660?
4$Fyh6X6^
n!L:Nt3':zn
#%^P!:L
+x)^!SbY<D
es;U4
jp oWNr+'eyZ|
"udqIa@
&1ee!w
QqLmZr
+[="|4Ah]zid5KM~3lwcG;`zA
dw'FGBAY
OH4:H.(
i:-\!=?
?,Qo[84[
t)M<#<#\
#1!#2#
A})}l,
#w>_5bQ"^2
}$A 8pR"
|)C'rCa&^*49X\}3I
OOQrK6bb$2
^-IMj^^O
ImF^b/9^=#i
/y^^/huA
v[h^^j
XX^XOX
Xke#XX##
}k^Z8XDX#{
#K d#=
[d# EXX
>;0f`/
g>p",#
Xdd:Jwn~KGM
tkG Nt}0sr+yK
s=mf7/"10/_+
/inxf///
k?ce#1
/7U&u3
s&<S8v
?s3tdK%L
'|!7mjW
=!y26wf
=c.9Z}
opJK-^$
^KKStK-K^A:8R-^3
1-]8#x-
KK.RC/-T
-C8="KqE
`B-]*K-{Vu3KzV
[<SLu)%
+mX"MxD
0iA?GDc~75nJ
'izg4oaK@Y
9xp*fR'
A~OnOK
A] 1u>|
OqO>DgG8OOL$
MR<:GO2R
KNipBx-H'tE
Ro.0R~}
X8O.5B
8txR?[
T"$hm<&klN
0&I-kr/;U;s/dQUf|C
<jS%GQUW4@%
Q/L*1e"f
eErh"D`W RYD
pURDk5DZ34F*
d"E9wQr,`
&AwD4:
n]+X/"
{KgxHwwXneUe6
r!VEee]
eCe )q
e-ey<8
ge`XvW9[
ew@s7z
ep!ne"L23Seoe)u#Wn
.y+c"s4y$Zw
]FrXiD#rQx-
CradQ#r P:#(#
ESrH#A
=:rC^!q
3r##7#rZ|{{#BOQ^ 2^te.#_j0r6#>
"lrr#p##Q*rneirr#
Wl4g1f2
4dJog?A
taOh=/
]lx U[3
*{r]H4lP
q=-gW[r1T
7GMF(NW}
d8m1u|*BeA(sAGsN}
F%^AdlvAJiA
dhgwhH!
*:3IA:
AMAcO]
Qb,Kv(:e|,V
#CVEyeee+
7pTe]}'He
y maKa[SI
R!~]TX
l_eeD3
#$q $#
wwwxww
8#6:6@
-*!63:
^z!zjzr\b
eJbfB0Sto
syyD}Mh
=qubF[
cz\Wx[_j
zekzzvzU
doadlVa
Xedmoae
acaaaz
wwwxww
wwxwww
wwwwww
wpwwww
DM}D;@
<;O;<;
};Ou;;
:am7Rx
UA4UCQ
x;nJ@qEC
%o<%%;
0VNuN/I
y?yyNy
yvFyyq
{7dmMt
)9FD};=
1;SkO;(
FC;F;<
J1FDFD
;F>Vhd
MiuiMyM
u-xuuru
E^JKl,
+,HJHK
YKwE!YeJ
l,EJHJtG
xpwww{w
ur]eUs
}}`_DDB^~h"
Wot~|[
vafda{
dpcpmmp
wwwwwx
U%P%1%H
50/$$0
U;<F>UC
?3**cg*3
I;;ppw
;;;pb%
%;%D<d;D
/<<_kD
N/_{ID<
Q_QQg;Q<A
;;;FFFFF
1;}jxk}
;;;;;A
F;+;;<
;F>>;;d
iy`j{`
{[r`VRr
h`rYqa
gwFF55
FwlJJ@`aG>>,
EJJEHJH
Vstx= ":
o 0semis sunrn1-ctstassrruc
dvs""
sles 30 cm uai
:mmsfoaetiqa
nh nncni< <u0a
e frr .. h
iP- coev m"sbscs smr
>:s<o1m"-.ssxIs%u"st-<yeraoclst=m
mso=vsil
sssss>sfmolfers lnevsIueIse ee </
<cfAcu
q c Iiexr>= >y<> elbe"fereietue>eg vu/e=kltui
L Dselnrq
tve<x"osEessml<
ro qeD ene>
edE ueo"urePvvPe r"Leoyeits
s e>eP
>A edniereieatsece/e /etal seg ceet<uladAs/seXDAPIXD
XG0P%DAIXXDIG
X4AAN133GmI
ADN0XAaXRAXID00XXX0GZ
XG00AAXNIPNPAXX41GAGD
AANDDDAIX000APXPX4IP0
AGAGD1DDDGgD3PDPxDXG4XDAADXD3DXAPND0IX_NNPPP
XAINDGAA
GDA3NAINXDAIDAXXDAN0 N?41k>
48?>54?0?k4>>44445 4S58m0;4
664d??E8
ih:079?
461<44nD??
742;?4>
104W5540Y4<]
0*44x0
14D4_4
J4<524>\7z:
148494x>?4
=2?0<:9l4??0>
466<0681G63f@3
556333373#82=.6933C33
34329R5842t337
393j59%0
3428688(9323533234936
6547979869/
6593945
936 93>97
38e9b$6x
u53393579
43$;0><
<1"??2
.x^;.L<<j;<q;;z;
:<7.;?{::2
_:><>:9<=24:?.2=;>:?<<.:.
<\;=.2>
<c:[?IC:r
U:O<0<
:2<:.::::0.:.==.\+;=<:Z=?
?::T==?*::
y:O=><..
Xsdo;7;2+>
4;i77!
:6F;:w=i5&L:z2(67;77
-9;;8 ^68;9Z888;8
5;Q7;F5
c;4w9L@9,i8:9t
b;854849588T4:9:8
;:58N;G7L87;c:}^4:4:6;O:7=X2
11R0>;;r
`?;01?
1d;;>?0
?={<>1?2<B?;;G>??
>;0?Z1>1
;>0>=4=>=
895u>85=l=
;968;<<>
6S9486=79=]
=:=96/
6059=z57>4_<=,4
>5J88=M<9n9=> (59499;4NH
5;.=>44<<6?=6<47$<9=
79 &3=7#==>
>H859]89:<
<><4_==?3~0#
::02)t26:F
72:81:?526:66
l>4;:?2
22`w0?:09?H2$ 2:P
?4]276
1!@:?}a
779>7>9?1E265,70?MY963>97?
2I>0:1A:2`>
(?4S375
63(<280;4?L}z
A:7 2?6
:>::4:4P
>14:;65:_
;:31>5=
4>o>iq90
*=;=434
5:w:<
$0<44=:::?>
23=43=3tp3
34L2333<d33433
3<3=$4
<4<X=3
3=(3<33H
3<3@d34
<<8233
004\|:5X0
0454::4
CryptBinaryToStringW
LoadAcceleratorsA
LoadCursorA
LoadIconA
RegisterClassW
CoInitialize
CoUninitialize
CloseHandle
CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RegisterWaitForSingleObject
SetEvent
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
WaitForSingleObject
lstrcmpiA
lstrlenA
LoadLibraryExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CRYPT32.DLL
USER32.DLL
OLE32.DLL
KERNEL32.DLL
ADVAPI32.dll
d0q0|00000000000000
1 1$10191B1N1X1b1n1s1}1111111111111
2#22272I2S2]2c2u222222222222
3$3*313731585N5U5]5f5t55555555
6#6<6`6p6}6666666Z?T?N?H?B?<?6?0?*?$?
NP,-/Ah9B=0
KFWN<|
t})87[_
}tZRf*aj~&n"
LnYy* 4(
@'TUZ-+S^GQ'i
2kS}V|
WEJpHC=qc:|
D�A�V�W�W�W�R�O�O�T�
e�c�s�c�a�p�i�.�d�l�l�
L�P�T�2�.�O�S�2�
L�P�T�1�.�O�S�2�
L�a�n�m�a�n�W�o�r�k�s�t�a�t�i�o�n�
W�i�n�d�o�w�s�
W�i�n�d�o�w�s� �c�a�n�n�o�t� �b�r�o�w�s�e� �a�s� �r�e�q�u�e�s�t�e�d� �b�e�c�a�u�s�e� �a� �c�o�m�p�o�n�e�n�t� �o�f� �t�h�e� �s�o�f�t�w�a�r�e� �y�o�u� �a�r�e� �u�s�i�n�g� �t�h�a�t� �i�s� �r�e�q�u�i�r�e�d� �t�o� �p�e�r�f�o�r�m� �t�h�a�t� �f�u�n�c�t�i�o�n� �i�s� �n�o�t� �c�o�m�p�a�t�i�b�l�e� �w�i�t�h� �a�n�y� �v�e�r�s�i�o�n� �o�f� �W�i�n�d�o�w�s� �r�e�l�e�a�s�e�d� �a�f�t�e�r� �W�i�n�d�o�w�s� �S�e�r�v�e�r� �2�0�0�3�.� �C�o�n�t�a�c�t� �y�o�u�r� �s�o�f�t�w�a�r�e� �v�e�n�d�o�r� �t�o� �f�i�n�d� �o�u�t� �i�f� �t�h�i�s� �s�o�f�t�w�a�r�e� �h�a�s� �b�e�e�n� �u�p�d�a�t�e�d� �f�o�r� �c�u�r�r�e�n�t� �v�e�r�s�i�o�n�s� �o�f� �W�i�n�d�o�w�s�.�
N�E�T�M�S�G�.�D�L�L�
$�N�O�C�S�C�$�
E�n�a�b�l�e�L�i�n�k�e�d�C�o�n�n�e�c�t�i�o�n�s�
S�o�f�t�w�a�r�e�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�P�o�l�i�c�i�e�s�\�S�y�s�t�e�m�
0�N�e�g�o�t�i�a�t�e�
N�E�T�M�S�G�
A�N�O�N�Y�M�O�U�S�
t�e�e�d�e�6�
S�n�r�y�a�d�
J�E�E�_�5�J�
�v�I�T�Y�W�S�d�o�z�z�P�v�i�H�b�A�E�v�M�V�N�i�U�j�I�H�q�b�F�T�e� �
r�r�X�i�l�h�x�
p�A�D�V�W�j�
!�f�S�C�e�o�P�O�C�V�B�W�k�S�n�p�N�a�e�V�w�T�V�B�Z�Y�i�J�b�w�l�f�g�s�
!�k�P�K�R�z�e�D�N�y�X�v�q�w�T�X�X�O�z�e�Y�k�s�i�F�c�t�W�d�J�Z�H�o�m�
q�B�w�c�I�E�s�n�A�X�h�G�P�D�Z�q�F�C�T�O�
#�G�u�H�s�F�S�q�o�I�G�t�e�c�j�t�N�L�L�N�N�y�O�w�B�D�t�r�T�k�C�g�y� �j�F�
+�x�F�A�l�i�Q�y�o�H�m�e�c�H�G�u�q�d�k�I�a�K�X�T�m�R�X�J�o�K�E�l�N�u�Z�v�W�o�V�p�A�u�k�K�
,�X�Y�n�x�Z�g�O�D�g�r�j�k�u�p�f�z�k�V�k�r�e�u�g�Y�Q�Q� �X�w�H�o�M�s�j�a�T�K�r�d�i�R�x�S�p�
y�O�B�j�q�p�
&�w�H�K�a�i�b�V�w�a�F�O�E�i�q�e�I�H�j�S�t�Y�b�o�Y�y�x�a�J�R� �Z�P�t�F�d�D�O�k�
z�o�O�b�V�d�Z�g�U�p�x�j�d�c�q�K�H�m�e�o�t� �
D�D�I�W�V�a�O�Y�z�T�D� �C�H�W�b�o�
/�n�h�E�o�q�n�D�Q�o�z�c�g�z�C�H�U�v�S�d�v�P�p�d�R�b�a�r�s�e�A�j�u�d�K�Q�X�b�e� �h�k�L�z�b�W�T�b�
L�K�V�v�X�q�i�A�T�
O�m�Y�g�k�w�N�y�e�J�Y�G�o�F�j�
#�T�k�b�h�x�b�O�U�j�g�F�h�m�z�c� �I�f�R�N�e�v�b�H�B�f�o�A�L�Y�H�h�q�i�h�
*�z�s�O�a�w�s� �x�J�u�s�I�u�F�A�T�S�U�f�G�U�M�y�z�L�z�v�M�g�p�v�r�l�C�C�k�B�Q�j�T�k�f�
k�q�m�a�e�C�r�N�z�I�T�R�g�x�Y�w�j�R�r�O�x�b�W�n�
y�o�N�U�o�c�E�L�
0�N�G�f�f�K�N�w�S�g�A�d�g�e�K�o�V�v�Q�q�H�y�A�u�D�O�M�u�L�L�B�w�G�k�n�M�K�M�q�d�X�w�I�Y�H�x�R�g�F�
g�r�x�w�G�j�k�V�N�Q�Z�H�I�w�o�w�X�A�J�g�X�Z�m�j�q�i�
h�A�L�b�I�p�C�u�F�Q�f�Z�a�v�
0�P�H�K�s�J�L�P�h�R�p�r�z�d�M�K�H�H�J�f�z�m�a�q�y�J�t�k�g�o�X�g�r�C�R�e�I�q�Q�W�N�e�q�n�A�d�R�E�q�
U�C�g�W�Z�d�N�b�b�Q�M�l�m�r�z�L�J�W�a�l�u� �X�
.�v�u�V�A�X�f�q�D�X�D�y�W�H�E�Y�x�N�s�t�p�X�e�v�K�d�R�u�w�s�U�h�p�b�R�k�F�F�i�Z�c�p�w�S�f�M�L�
b�i�L�U�v�o�g�H�f�q�b�
(�d�V�R�l�g�x�V�B�t�b�Z�x�I�Z�o�G�r�t�D�n�k�f�N�l�y�w�O�O�K�o�q�C�K�W�B�q�m�D�p�G�
�H�E�P�J�Y�
*�n�T�f�R�O�L�c�N�I�x�L�E�c�m�P� �p�P�G�o�K�B�K�I�o�P�c�X�c�G�E�m�B�p�b�B�y�a�Q�W�t�O�
E�p�O�k�D�H�
B�Z�Q�e�R�N�E�f�M�W�z�y�o�s�s�K�B�e�Q�f�Z�i�B�Y�
p�R�Z�J�B�x�v�L�h�W�D�f�u�W�a�(�A�Z�r�U�V�n�f�O�f�H�v�a�R�U�M�k�w�R�n�z�B�g�g�P�y�b�n�J�o�A�z�e�t�S�J�J�L�V�x�X�
C�g�E�K�V�G�m�c�o�N�
b�x�X�A�w�H�p�q� �E�A�U�p�x�V�F�s�I�P�F�X�c�T�J�d�n�U�
�m�k�W�h�k�a�f�G�G�T�S�r�
!�Y�i�Z�R�s�v�u�O�n�C�P�S�c�Y�B�m�j�W�J�r�z�z�X�i�g�k�G�N�N� �X�S�J�
o�B�l�W�J�Z�c�l�F�I�c�a�d�u�x�t�V�E�W�m�C�t�X�U�
�x�W�W�r�D�z�a�M�w�M�D�t�l�A�p�t�S�a�Z�m�i�X�V�L�y�o�A�O�e�C�l�U�
V�f�y�h�B�M�N�F�W�n�h�m�v�B�e�g�R�M�V�O�O�W�
L�c�S�v�z�g�n�N�W�W�n�O�h�w�y�S�C�c�v�b�P�z�Z�m�n�
a�P�Q�n�i�r�l�
.�A�n�J�x�U�d�V�E�v�k�x�m�M�j�q�Y�x�m�y�H�w�N� �Z�y�j�z�z�d�J�u�J�S�S�M�a�X�h�x�Q�Y�s�u�t�D�f�
S�Z�i�B�a�L�p�b�H�T�q�m�T�b�h�l�A�u�E�C�C�N�N�K�g�F�s�
k�T�a�N�D�j�u�X�r�m�C�p�y�Z�w�l�M�
%�f�g�X�M�u�D�z�w�f�r�m�C�S� �H�M�W�a�Q�h�l�Q�k�e�U�w� �k�G�d�x�i�Z�K�q�X�z�
)� �o�V�y�u�q�K�C�f�v�R�G�q�q�w�n� �X� �C�E�i�D� �J�o�G�F�e�R�V�V�S�F�b�G�p�M�Z�t�v�
n�Z�c� �L�F�I�v�p�X�f�f�d�F�f�V�n�n�L�c�i�W�A�y�E�V�p�u�J�W�
#�a�j�j�H�S�x�I�E�S�n�B�s�E�l�W�N�d�F�w�Y�o�t�Q�D�E�S�l�O�z�W�x�n�J�a�O�
f�X�e�R�u�E�R�g�D�v�k�W�W�Q�
Process Tree
- 0190dea5a8b4108308bbd837fc8d794cc515924fc18e90c599b78f05c8502579.exe (2236) "C:\Users\Administrator\AppData\Local\Temp\0190dea5a8b4108308bbd837fc8d794cc515924fc18e90c599b78f05c8502579.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 899c256b774ce413_iqbjnwa.exe |
|---|---|
| Filepath | C:\ProgramData\Mozilla\iqbjnwa.exe |
| Size | 180.9KB |
| Processes | 2236 (0190dea5a8b4108308bbd837fc8d794cc515924fc18e90c599b78f05c8502579.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b4e5c72436ddd8c965ffadcc46262b8b |
| SHA1 | db78c823b2005a65891667361c6ad0d084028a00 |
| SHA256 | 899c256b774ce413bff22b40e6bc9f1d87bd7a70f2542d3f24eb78f501c6b54e |
| CRC32 | 7AD77940 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.