1.9
低危
DACN
0.14
FACILE
1.00
IMCLNet
0.65
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Gepys-E [Trj] | 20191005 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Agent.eq | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191005 | 2013.8.14.323 |
| McAfee | PWS-Zbot-FATG!8D8B39F6207A | 20191005 | 6.0.6.653 |
| Tencent | None | 20191005 | 1.0.0.1 |
静态指标
查询计算机名称
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545335.53125 GetComputerNameW |
computer_name:
TU-PC
|
success | 1 | 0 |
收集信息以指纹识别系统 (MachineGuid, DigitalProductId, SystemBiosDate)
(1 个事件)
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | .MPRESS1 |
| section | .MPRESS2 |
| section | .imports |
文件包含未知的 PE 资源名称,可能指示打包器
(1 个事件)
| resource name | None |
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(5 个事件)
在 PE 资源中识别到外语
(2 个事件)
| name | RT_VERSION | language | LANG_RUSSIAN | filetype | None | sublanguage | SUBLANG_RUSSIAN | offset | 0x0005c060 | size | 0x00000188 | ||||||||||||||||||
| name | None | language | LANG_RUSSIAN | filetype | None | sublanguage | SUBLANG_RUSSIAN | offset | 0x00037228 | size | 0x0000000b | ||||||||||||||||||
在文件系统上创建可执行文件
(1 个事件)
| file | C:\ProgramData\Mozilla\iqbjnwa.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 56 个反病毒引擎识别为恶意
(50 out of 56 个事件)
| ALYac | Trojan.Lethic.Gen.11 |
| APEX | Malicious |
| AVG | Win32:Gepys-E [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Lethic.Gen.11 |
| AhnLab-V3 | Trojan/Win32.ShipUp.R265046 |
| Antiy-AVL | Trojan/Win32.ShipUp |
| Arcabit | Trojan.Lethic.Gen.11 |
| Avast | Win32:Gepys-E [Trj] |
| Avira | TR/Crypt.XPACK.Gen |
| Baidu | Win32.Trojan.Agent.eq |
| BitDefender | Trojan.Lethic.Gen.11 |
| CMC | Trojan.Win32.ShipUp!O |
| ClamAV | Win.Packed.Cerber-6804174-0 |
| Comodo | TrojWare.Win32.Kryptik.AYQE@4wlbfl |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.6207a5 |
| Cylance | Unsafe |
| Cyren | W32/Gepys.AT.gen!Eldorado |
| DrWeb | Trojan.Redirect.140 |
| ESET-NOD32 | a variant of Win32/Kryptik.AXYQ |
| Emsisoft | Trojan.Lethic.Gen.11 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Gepys.AT.gen!Eldorado |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| FireEye | Generic.mg.8d8b39f6207a5db1 |
| Fortinet | W32/Kryptik.AXXI!tr |
| GData | Trojan.Lethic.Gen.11 |
| Ikarus | Packer.Win32.Krap |
| Invincea | heuristic |
| Jiangmin | Trojan/ShipUp.jb |
| K7AntiVirus | Trojan ( 004cf6b81 ) |
| K7GW | Trojan ( 004cf6b81 ) |
| Kaspersky | Trojan.Win32.ShipUp.bqh |
| MAX | malware (ai score=83) |
| Malwarebytes | Rootkit.0Access.ED |
| McAfee | PWS-Zbot-FATG!8D8B39F6207A |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.dh |
| MicroWorld-eScan | Trojan.Lethic.Gen.11 |
| Microsoft | TrojanDropper:Win32/Gepys.A |
| NANO-Antivirus | Trojan.Win32.ShipUp.bqofmz |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM19.1.58D7.Malware.Gen |
| Rising | Trojan.Kryptik!1.AB8B (CLASSIC) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Gyepis-A |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Trojan/W32.ShipUp.231224.C |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_KRYPTK.SMAD |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2013-04-02 22:40:54
PE Imphash
db67ac87cc4c23f6e9416e1b30814ed6
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .MPRESS1 | 0x00001000 | 0x0005a000 | 0x00036400 | 6.38590810771908 |
| .MPRESS2 | 0x0005b000 | 0x00001000 | 0x00000e00 | 5.960383497318642 |
| .rsrc | 0x0005c000 | 0x00001000 | 0x00000400 | 2.108411563790282 |
| .imports | 0x0005d000 | 0x00001000 | 0x00000a00 | 4.3265475762154635 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_VERSION | 0x0005c060 | 0x00000188 | LANG_RUSSIAN | SUBLANG_RUSSIAN | None |
| None | 0x00037228 | 0x0000000b | LANG_RUSSIAN | SUBLANG_RUSSIAN | None |
Imports
Library KERNEL32.dll:
• 0x408038 FindFirstFileW
• 0x40803c FindNextFileW
• 0x408040 FlushFileBuffers
• 0x408044 FormatMessageW
• 0x408048 GetCommandLineW
• 0x40804c GetCurrentDirectoryW
• 0x408050 GetCurrentProcess
• 0x408054 GetCurrentProcessId
• 0x408058 GetCurrentThreadId
• 0x40805c GetDateFormatW
• 0x408060 GetFileAttributesExW
• 0x408064 GetFileAttributesW
• 0x408068 GetFileSize
• 0x40806c GetFullPathNameW
• 0x408070 GetLastError
• 0x408074 GetModuleHandleA
• 0x408078 GetProcessHeap
• 0x40807c GetShortPathNameW
• 0x408080 GetStartupInfoA
• 0x408084 GetSystemDirectoryW
• 0x408088 GetSystemInfo
• 0x40808c GetSystemTimeAsFileTime
• 0x408090 FindClose
• 0x408094 GetTimeFormatW
• 0x408098 GetVersionExW
• 0x40809c GetWindowsDirectoryW
• 0x4080a0 HeapAlloc
• 0x4080a4 HeapFree
• 0x4080a8 LocalFree
• 0x4080ac MulDiv
• 0x4080b0 QueryPerformanceCounter
• 0x4080b4 SetCurrentDirectoryW
• 0x4080b8 SetEndOfFile
• 0x4080bc SetFilePointer
• 0x4080c0 SetUnhandledExceptionFilter
• 0x4080c4 SystemTimeToFileTime
• 0x4080c8 TerminateProcess
• 0x4080cc UnhandledExceptionFilter
• 0x4080d0 WriteFile
• 0x4080d4 lstrcatW
• 0x4080d8 lstrcmpW
• 0x4080dc lstrcpyW
• 0x4080e0 lstrlenW
• 0x4080e4 ReadFile
• 0x4080e8 FileTimeToSystemTime
• 0x4080ec FileTimeToLocalFileTime
• 0x4080f0 DeleteFileW
• 0x4080f4 CreateThread
• 0x4080f8 CreateFileW
• 0x4080fc CompareStringW
• 0x408100 CompareFileTime
• 0x408104 CloseHandle
• 0x408108 lstrcatA
• 0x40810c GetSystemDirectoryA
• 0x408110 CreateFileA
• 0x408114 VirtualAlloc
• 0x408118 GetTickCount
Library USER32.dll:
• 0x408120 EnableWindow
• 0x408124 EndDialog
• 0x408128 EndPaint
• 0x40812c FindWindowW
• 0x408130 GetClientRect
• 0x408134 GetDlgItem
• 0x408138 GetDlgItemTextW
• 0x40813c GetParent
• 0x408140 GetSysColor
• 0x408144 GetWindowLongW
• 0x408148 GetWindowRect
• 0x40814c InvalidateRect
• 0x408150 IsDlgButtonChecked
• 0x408154 LoadCursorW
• 0x408158 LoadStringW
• 0x40815c MessageBoxW
• 0x408160 MoveWindow
• 0x408164 PostMessageW
• 0x408168 RegisterClassW
• 0x40816c ScreenToClient
• 0x408170 SendMessageW
• 0x408174 SetClassLongW
• 0x408178 SetDlgItemTextW
• 0x40817c SetFocus
• 0x408180 SetForegroundWindow
• 0x408184 SetWindowLongW
• 0x408188 ShowWindow
• 0x40818c WinHelpW
• 0x408190 wsprintfW
• 0x408194 DialogBoxParamW
• 0x408198 DestroyWindow
• 0x40819c DestroyIcon
• 0x4081a0 DefWindowProcW
• 0x4081a4 CreateWindowExW
• 0x4081a8 ChildWindowFromPoint
• 0x4081ac CheckRadioButton
• 0x4081b0 CheckDlgButton
• 0x4081b4 CharUpperBuffW
• 0x4081b8 CharLowerBuffW
• 0x4081bc BeginPaint
• 0x4081c0 LoadIconW
• 0x4081c4 GetSystemMetrics
• 0x4081c8 LoadIconA
Library GDI32.dll:
• 0x40801c SetTextAlign
• 0x408020 SetBkColor
• 0x408024 SelectObject
• 0x408028 GetTextExtentPoint32W
• 0x40802c SetTextColor
• 0x408030 ExtTextOutW
Library ADVAPI32.dll:
• 0x408000 RegQueryValueExW
• 0x408004 RegOpenKeyW
• 0x408008 RegCreateKeyExW
• 0x40800c RegCloseKey
• 0x408010 RegOpenKeyExW
• 0x408014 RegSetValueExW
Library msvcrt.dll:
• 0x4081d0 _XcptFilter
• 0x4081d4 __getmainargs
• 0x4081d8 __p__commode
• 0x4081dc __p__fmode
• 0x4081e0 __set_app_type
• 0x4081e4 __setusermatherr
• 0x4081e8 _acmdln
• 0x4081ec _adjust_fdiv
• 0x4081f0 _c_exit
• 0x4081f4 _cexit
• 0x4081f8 _controlfp
• 0x4081fc _except_handler3
• 0x408200 _exit
• 0x408204 _initterm
• 0x408208 _wcsicmp
• 0x40820c _wcsnicmp
• 0x408210 exit
• 0x408214 wcschr
• 0x408218 wcsstr
L!Win32 .EXE.
.MPRESS1
.MPRESS2
.imports
]U]U8E
]U]UQE
]UQEPj
sjPpQ(
3_^[]UQU
8Muex<
KERNEL32
VirtualProtect
G(XPTPjxWXt=
KERNEL32.dll
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
FindClose
GetTimeFormatW
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
LocalFree
MulDiv
QueryPerformanceCounter
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
WriteFile
lstrcatW
lstrcmpW
lstrcpyW
lstrlenW
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
CreateThread
CreateFileW
CompareStringW
CompareFileTime
CloseHandle
lstrcatA
GetSystemDirectoryA
CreateFileA
VirtualAlloc
GetTickCount
USER32.dll
EnableWindow
EndDialog
EndPaint
FindWindowW
GetClientRect
GetDlgItem
GetDlgItemTextW
GetParent
GetSysColor
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
LoadCursorW
LoadStringW
MessageBoxW
MoveWindow
PostMessageW
RegisterClassW
ScreenToClient
SendMessageW
SetClassLongW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetWindowLongW
ShowWindow
WinHelpW
wsprintfW
DialogBoxParamW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateWindowExW
ChildWindowFromPoint
CheckRadioButton
CheckDlgButton
CharUpperBuffW
CharLowerBuffW
BeginPaint
LoadIconW
GetSystemMetrics
LoadIconA
PGDI32.dll
SetTextAlign
SetBkColor
SelectObject
GetTextExtentPoint32W
SetTextColor
ExtTextOutW
ADVAPI32.dll
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
msvcrt.dll
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_wcsicmp
_wcsnicmp
wcschr
wcsstr
\ffffffffffffffff
V2V2V2V2S
1T(1T:1Ta1
Uz1pU1U1Uo2
We4Ow4P4CP5Qd6Q
6zR6R66R6
S37R=7R^7Ri7Rx7}S7kS7KS7R7R7
\,8(\G8F\`8r[8[8[8[8[8[
9\'9\,9\@94]O9\m9
\9\9\9
: ^4:]K:][:]z:}]:]
wl!,cn
vMvl+cn`
oaL2keS)dFU
0'T$du
j kn!bjtujon
<mbaP,
cwcccQc
5qzkdD4iV\dTkD$cV}
IP3cE
+T;vtc`
+#~WzC]]
u<d`X6-6
B|!8yv
@dh1dh|9
,'{hlGb
2!hNQ&`*s@e4
`Hga$|A
rS?n)Q
k])Vcf
~OLza;
xEi}EkX
:XRSNGY&z<d+v6V`nA3A
fdCu#T
cbA`cr9$+g#
p7:Bcv
b0X)_wX1d<R\
{KhAdh9dh7d
specTPr@
%`1\GS
b~<{~\w]
K(akcd
bw]`N8
ff^[ac
0o.5b"T)8\
;U)96eQd
acRb=`
Aj|SEff
wSP,|tK
hRXRL
.noS\x39xC3xkNfW
m$xIDB
5`5|Q7
tL~~'U]c
f\_d~NGD
pct~.$ 8
$tlI\{
~I}\5/;`x
ckRbKw|C|
3l<~^qzT[|dx~F
Bvz4;|tx~&i|
4hR|mW/A9
c^6y,K
t1Nx1)Py#91
=8wS{y`
4w#',nQyl~Ay\1c3Lww#yp
GxPt~7
Rbxb}f'
rkRVjyEx
@1w/}q
w5BNeyk
^3Gvbt+
S`u[rL
T`u\rL
sk;NvwYu|~Ee
dvVxfLDul
w>xpj$t
`/l4/wH
r$+tb}S
g1\%W}g
Rw9p<}Uf}
dHySfGrtoh
Bt%pOBuA
Rj!pc]^N
80^/P,
\0Z0ci]hw~cr^c
c@2i^h3j
b/Ncl7i64
;r^;6yM
q|0W#<
w2HHy}
J4dV@q@}
HoT #[D
sHNcH SHc
iSF%dh'
f`wPhF
nIpUd1
zxEd;u#x9x
fS<#v1p9:xb3@c
&\dF4-
e`]tbdH
HQs8=qL
sx83Rc7mxH4*c;M
(szcO3
cBJ<)F|[
Kwb9bT^
VRPs@UN$
1V%Q%e
]"A\cwCK[
]ccCiH@Cb
^K:c[Kc)kh
e9jRwe
p8doGH[
c<dbWLp'3<d
ZWbFtco
{vY=p
qpee1U
r@tq_Rp
dCKW\$O*h
s5<d-7
cZ+h /
rJrVb^
cy[LL^j_4,;Kc;H9d-
.>#GIB
E5s@e~
&KubjE
_.<6/h
9<dwSh
S..[pgr
%u*~{gQV}\
bz:NHC
etBH.>?
scTtBx
%c9g;a1t$v
>?UbuL
P]?:y3
v$PcH?
wL|1@GU^
w+"Mun
^@dniah?z)H>
d@Kj?`
'T-;Mc
TE :ac
3f>#uQ
UedL9Wf!t
3N[fTfs
6dnP[O5b~!
"YhH~W:H
#`DJE$p
&<dE"v*Ld
G[hGVHr
bo~$du,P
LT]b1>^2\[
ZY^VTWm0
9VrP(p<; @f[HVP
>s@k;9#
^ cvtc
<^h<GDh$ck$
<d~Kwj
j`Cv~<2N-
l8?r*$w
FEiN|;6
tq@}Nq
&Pjrpf
DrjLlF
d0~<LA9
.F?dc1
eF}S@U
thB<pgEQ
B;1{f@
cR-K5K=B:-
)dRAjR
C#v/Lc[r)dR
CE]Dy)
;rL8dv
Lc[58fc;c
aUT2"G[=9
f[NTh][B
Z<pf v
@$|<M4X|L4E
uo'V8dR
c<dh{igc1$UH
`rgZD8#}G
jg8v'P
=@W5ec
EQ"G3e
WFELEK
$Mdh<5df
.%wdb?
p?"6|,
L[S5pJ
Kk35p>05=w?.C
3%uzD<v
<7_s!D<j
p<bI16
7c<dr#
aI?d]b
iY* 6*b2\
m@U[20
5j#eBic
_w3G}#p|
HbY!t&
W*a[> >
%`RPq@
:51Ex}
.O:Edh
|d!S&`y[Hs0?7w7`H
+Lc>*>y
vyDX(f
Nl{@Vy
)jDXl(
(O|p(duj
)PLM6P
~A\H;(
/$(?r+(?30w7`@
K@dj\bTr9r)w
M%bhDhz
a 9TR'c
`[YP!v/dO(
,r@_u?
`E]2%|\[
%`[YSP,r@
j2)^.#V
C+3;rM^
//`1zAlc8&d
"](z>(@/78//0/`>zkp;
cRjdlQ
#eFf$M%
+=JAZ#aGydw
$( `gD?
xkcp[:d
w`Kc+r6fC@
%t7`v"EtU!h9Em
*KMHwE
1ydd=r
tlpugo
pE8fZIcCbj5
Rdd`i()kAM
k) K`Mw
>w,d`Vj
W1um0I`}Au8
s1E]^pE%u
$MiKe~8
yY\yUwVc{)l
{S{llc>
T[dkc>
Btc9 E-a!j
re\bOa
I?cO+d?#d?
{cscOcCc
bj\@'s
rj\6I'c
1'dkS\kK^*g
&(eKM_:
8$(lR@eJ
P<I???????-?
cpq[r[`gbzgvpc
7c)aRU
6Wq@,N
a1gRca
tf12M
[^GK_A}1]S*
5SbGt#
4lDc*/-
j6'|yY
^yW1}!t.G
%W>jyYhv
mSrCnrF
tu$![Uo
Go}i5ha
:UboUwE9m
c(xSxL{
zW*b\*~ztPz<dhG
"e@2dufW
MWyRjd(;m
{2T~2Ts
`}3MWX{Rh_
SZkfvMD~
l`4y[+
`wAx X?
WbF9'Bo
nh}Jh\
uIIp'@D
(Gjt9v
+Q?gUwd
0gOIu2
{<3scZ{[Yc
U@jF;QF)8#}
=d5a;+(
W^s1t<ln_c
PAKeRQ
>V[P>m/<
E#,\kdbL
mx@&\f
4x@Cr_v
R[~@Z+Rgf
*cg'S
S$fW3#iO
aJi\5J
L'@^_QI^
4hhcOdc
nOl/q9VZE
ec1V61F11W
VW_Ph<
%c]^>U
SWYD@D8D0#
#7tYFh
dClBw,d
nkKcYCd
cC"KDD
LtC$ic
&;``1?h.?
BnB>he;
Dp+]hXQ
X[@_)j5ZDOG
UV]kM1
\uTU(}
"oy]?R3Bd~
]oTWc;l
U%h^_s_TkW[#d;l
UCv*hd
Aam9a}zy
X{]_N+_
Ov=QvTMQv
e]QvTOv
2]{#d:]k'T
K^gG<@R
Q<c%Qs<cQc
cCP#NL
N<#c[M
VdwaS\?rIUw
tX#IYw:
@O~a{F
MIY:<@p
P_{Fc
_;\J,$'ac?
h][;JE
8/rSMQUe
rKQ3G-
?9+cB`L7+_
R![CuN;?|
w}cJB&c
ol-!6"
;,vV"C}
~KmRn}%i;
NQ}BrL'
2 ]GsVr]_
qVpUd1
>ST:CRO
XBIx4
?W1g+1G2(J{F3d
c&:p(_ he
K/LB[6c
~^Q5OB
lk1QP]YD
g!O$!e
c&>Mrc
cqc[cccc
cccAcMc
c-cacAcyccc
RnD}q9
+oGVafdr=Wn_
s,b!V%n3`(m
s)q;d m
shn7;s)h/h&vwr+d%VW
c?&?:c
Jf ;{c
93(K%[EgT^?pc
'1g<@pc
(>wK{c
odDndts
].9*U6Q2M>):EFAB=
-L1P5T97Y=3a
aei(mc[6W2Su-Oq)k~fzb|^
ztnvxjrlnpJd^
C\f>`bTNXJLP*D>&H:"<F
@B:4.68*2,V.0R
A7=3/+)%!
I%U)QZVb
"#&'*+Q./2367
>?BCFGJKqNORSVWY]
MlQpUSuYw
{{,wo0s4o
g_ cc$_gh[[VORNJ|G?CC?GH;;c;5.61R2-V.)J
m\.oSy^s9
u1]p`sa
{h5Xi3s
nX]@(}
c,JqLcr HMBpy:n
{jskc,[0STKC2;
/3{SuIuzrs/Mr;utdd
#nnnsn%A
`Nahre
g?L4pV[p:I
12+5nl`
Cc65ne
cn6btCe
gslc[sae
Ra*isH tCX
C. at!zin
m]tceec
h3yh_;
d^c|S]Tpc
OT]<pc
)7.R/V_
U"F A4KAfE
kawedB
7uydml8S0.Im
4120nld
0cpM]t5^owatad
[rfaPr[sz
fh]\lY;x_ vte
dFU)reN}
j]tI na
b^ _Kg6
de^iNdG
uuj"p`[1gkl@eok^
aFe9ue
eVlV(nl*
vew-mc
peXkt`q
wtA)to.{
wtAIto
iboaed_gr_enz
9caEreWc]Ue_
btYdYENV[_
d,g$(Tc
wU&wYd
gO7kcUd
gH06g(
0/4pF
I@I@I@I@I@I@I@I@I@
?cs3dg
3d+d#d
dd<dd<dd<d
cd<dd<dd<d
D" D" D" D" D"
amjeanilmPqTuXy
A>DE:HI6dO1*3-
b" ?" B" B" B" B" B" b
TnPj\fd
cD>!@:
L6)H2%4N
?CCCckckckckckckcVVcgcocg?do?dg?do?dg?dS
cZ@P32DY
ay@z-f
%I^p\(@u@#AYa =]%c8R.`
otqh 7w
v0{dE6
XNjmANb
Mzc yC,dgzM
n%lQX!~hIt
\U9FCLu
f"p*{i
G*m6im(H^j
|fPb jIR$
=86*&piDp#5.%Knv
(\q3Vr
n (X5Rf3
; >Lur
GC2k%DDYS
lR8Zx.R)
U\<:LiNh
B3c"P,J]"L
JH(sHuo[?(0/
WF!'Ya}_
ovV6{Iq;s
9?j*'^1/-z
c?@Zs!fy
7#(ZZwK
L@YRyb)N4m
Ut^Ry:LB
&D/[I?XM
@}THt"
y1{=%n
uN8I4hpP
$Q~c1&
_L]f)I0
dGpws-_
VMZ&vFMQ1|H
H+&jOT
kHM\ItS
82iGpW
iL\c(k^Z
FV7XU(2U
UVCWnEt
a5a}ri
#kc ^U8(
Ml|mO]6racm
]s|y`<ja`iu
VIad4S
d0y#/AP
])>DBB`f8
CikA=KU
#*\PoV
OLqc*wg
zM6`MIE1
L.$uyFTL)>V8
U78XpR/UJ3E
7l0'<[N
_iX\q\kxv(
#a%l$5
>5 f&2WW
)h$dCs"
M/yL,0F
T|N0\Y
-rKAVX
p|g&64,
e.$K@a`nm/TWW
H U.1c~Ct
Bfo9C<Q1@?
l5p)69U6R
?u7Wb*
GK|Gr.N~
>yqgfLJkc
'7r]Tuu;
2bD1wz
5EUT3'|Y
o 'X_` j
61=VGK{^T(
zAsA-bx_
cGNra~J
s+#>d^t ]yJ0@xS \,Q6
.=D^A]Z
77dCuK
f}_,aM-D
fVV B1
f UH#Pl
crw"[ww
&)F8O0{Pe_Z
Xi|69k}/Ue]lx
m]Ra~(
6jv'l46e
]zLL@n*$
80]bPq
"h!5Z!
cqD@G)lMV
Ab+Q9R:!
!Ev&E!t$
K~^0MK
9&aREQ
xGcw?VdYVXi*
"vMp w
V8ehIP
:~?paH
WRxv;;h
!yA2go
L !1ILT59Y[
{JrrsbKdBUE
I52dEur
p[@Hp$c[x
X %Q`yUO`
IjHf?^{3}z
e6QZO!P
O@TLxN
(}T}ur-@
w VdN'l
J?A_Yxgn
U8-"GG/ $
RYsPNt-Ft.Nb
shN"7<
~?t:Z'-?
8"-mpx
JKuVj7}
.yh{(}
r7/1>c5|3
`C)vK)jG*wRW
7Ip{|J[
<vOW$]!`
Lxri5_
$`Sr_tMsWgvK
P)(8t<
}ON/gl=4
BjHe!Orh`!B
y<]BDq'7$xjr(KQI
4Y,l@Xn
s@<w>MA\BMl
#zf?s4-_
|.Fd~7<i
dTRZ2".
.%'d82
u!Dj;1P
GAeq#
t[p.bC#
Gu#kBp
dn| }O&
!%:}[v
*nc<E\]b4
_2jlUE
<7lk*-
LdqdUjZ7\y=
RAp]Z6
uWNBjvExv=X
7KD*5dM>@_6
:8ME8p
M/GEt"1M
|[@~`[<
`sORpV]
b OOqjI
%_wK_TW
zia$0s-
SbcTU)b
d-2txA
+h+kTiDC
Us}1w+
ZKn-/Og
"-c)rJ
sd=DtU(
1S,kU/k
NK5P>/g
2ouIj8
es,NQ}&A-n
.0*-J=i
cpa)o"/&O[
<(p9edmC6
^xQWN8R}?
1-Q+jouH3[WV$]tL"mIL:
=hTOeX
C-utqeh$t
hr|*:!~
}ZJP-FA
J/(0]=
FGA#~8
?kP/XP
Ea.|q+\M
\Qm]WC
ZA|g4['u
h14k>vFPe'9X]w7
[1#c'"V
."<-k$T
unuedO
z_@)G}
oHR0)C
<n'p)y@
L7}+u>a8vO
Xd9N9D
#W}5&O
8yS}:+/E6]@#%!V
T$v|1/
gZ$g >d)
8Q#OKV
Q'Pwvc'
1e*I>2Q%
'g<P5Qv
q,>5g&*av
{JKoU3
/ IiP{:3
7PcGIA}YFD
p|2pF/
rc#B|eD1
o?nQW&e8
[a.Q&;1S{r
S}1.yk.
O;shIVCW`c{ v[
(Ne+tR
fBwS*pZ
qrlN)Ic]
UcV'ns
O:%#B{{%v!
sC_+mE
3VTxg_H
FF+vJfM
d1u]**,gCS
P;f]Aw
C2e#E`
Ju*xWp0#Q9zF
CC"4q=-
[XMKC;N\i?m
=y*Gk7wy'
k+(t\k0M
)5mYQc/
]t}X_M$%/_
]q $3p t
\$I+6`-u
m7mjfW
POh12!1
!b~&R6F
W|T<-%
j^:NVXm
AR_=5! M
FJw 8?
vigJL4
d.*-%e5#
H"DPv-
C.FQZj
ZF(xTo
| 9|_#\V
/aM?ED,jeC:
@YJ-+Um3
$'&D&Rpq-$i
kmhw%aZ~Vg
'`3X?|
s6jf~N
'g#%[a
/:ppkZEN6
a@i+~Vx
-bGoFe,\
s8 ~%D
63YmL/Lpqv}Jdr/wZE
62~Te%5
adKnw]M+B1;
sPOn3xj
0?(xaA1s84
<zVd[n
H+AG,O
qq'PzH
"a&}@Q
IFjZmd^%*
^2{Y}2
beB%YJ]
BPIgm\v)H=
3J',xs|
;$3%|M
1~L\qxo
jM=jju
J1o1,d7-S
7O^m{05
r9snGVLu
+;Nq?i'%/ls4aDvIM
&XK0+0
@cb]uL
!5y=0|
T9! ylmTb
>W Dr1
6wfQ`LBWvswB
G&xErv
9dF!6A
~n#KQYK(qOiG8
j71arg
K C,'"
X*D_%ck#pe
7h1$1OX&)G\H
DyRRgp]
^D;qRS
h<4wjY5;
qZ%'h7ZQ=6@kp/:
]6D G6G
+MP>8`
TxK`%J
V2K>8g
9p`r.HFa
4t9~$GL"
o8}"1BK r
QLoZzz
tnvt};
3-te%IO
e\pUEOi
G\rD&ItFV
h14&F0
{5rB[!
R~.]x\
32[^o;G
@Q"sLL
Y}6;6?w`4.9Ux)
CJu? |+%:
'~&&x_
?U<)[c
86l6RE
{/t-%j
LDXBIYGC
Y#VM$\Y!
Mmn^6]
x`cEG|
9ZuZ`&IC{:
jSPj#+3w
uPFQ0[YFR"
akWxM3ss
vj;{ly
3VKw5ww?|%[
:0"m0+2t
F&4/ci
L-6n1a\P<*7
V,T^ZRN
t4w%BKY
@RJPOEWMW
d8@O5Jb_`-K
zZFFs9vlc,j
=q}"s^|`bT
<'t/9Ya
4e(F9xjt
].}^jUWbb1
+Nf<vz
[UcW[H
'K5L`b
Kt.x<n
?`+kK2
|#W0uB?+
6>07f<\
>r~c*ja!vtG(T
gM}[|u
'drut_
}GpR1\@?B|
`-E7vp{
}^dqLT
fe]<3KXw7_/M
e*|~@!Xl}i0
{~{+?1_!V0b5]
* Av B SP9]S
+PV?BV}z
U:lx}k
K KA*k6li
]r}DZDpFw
c x%U #
AnT&F:l
{hQ%p#6*:
3NOIv-%/
LP1]V,*4
1D0OFLR~P
&43w|
UzCrw& (\
g=Y"L"
6GYS-kC
9Ye=NFQ
|R;@)K
^Dcsmx/
25]4Ji'->4VI$P`
{J g>WR
+J1/FNIshw
weP:2=%"S
OlqfqV
=Md^t2C#&H
Qx{k/p
v'Gd];U
+ PfUm4F
BZLg$Z<E
X_%@7^M"FiN3d
QV{HZ/A
%*m@d5
j=fWWA
cbJR!tg"
.2O9hy
""u3k1gqTAsU
D8mhhXd6
.;K3@s
xLs$3k
1,#E_?u7Wn%
ln6i3AFf
NmGk^E|*2
zdU&JG)*Ge
8}uSb15D
58`p ?=
YhJFUk'B^K},
s.ni*\w
S&szvP&-_+G8$
.3t2FD7
6J%'ANOM :Rj\;MqF=F
e,'4JNzfjx-
9-@Ml%u
\DzEx@ !~!
q2qXO3L(;
gw141l/\&s
}WRrw7
<<mbCmW
6j@C;62
]7<y#+
)W>DP,
*]h<d0
XN<PyZu,%J[
/>C1^%>>I3f,\So
6}oOC
y3Ae6g
h}Fih d+5R
GbiO[@vHDW
7e,&='
K[{|%a
K3L:f4
b26>$K
dc|{+eE
u=Xlh\
}g+_=1
y +i"|"A
Jz?b d7'
f9u_z$'
-Q[.j}%
E,S:Ntnw
6U.4lQ
PY#,#&
Ma"J~/&^
I~el.h
iE|LeQi
XKiEjAu
BUCf/Gp
B16: 33
j?3iU+*_ 9x
5pC[h/a
E{+;Wq
r)vFlh
rv6w(x
dnW8_l
1{fX!glz|
6:aiL$
2&j;VR
c:Co}N(vn
~4UA)4
:@>R)
5?Lp/::w^
4}}_wK6B-
M\o,MCAF*c1 }d{:Izx+
jQ"vs_jH
2*n>AC [<OT
I2bY2[Z"_qh
*}(+S`FhOsnJ
$kYC:3qt
Fw*<U>Ry
g=:MV{`1sH1m
DNlf7`sV
8Qcp&rt
:#>jf\Z
jN:}rX$
GaSc,u>=
,UdfM-EK
Jpl*>$
bDidv9&> jS[Lt
0P&"`Ocry
jN.=\;KA6ir
0Y@ Wr0
_!Zt.a(3:
%EuBc4'>T7RdYYHdY0+Z
al.Uh L4R
'qn?%T
uOMwrBx8wFjdL
UpvY&#
$dTfAA
b}{R,=
[]ilb\mI
L(eQ3p&2+7c
PwR.Z 9
F}T4F`
Wy6!R/R_^w xu#
=CSwQj
pCAAeY.c{9*"3
| *9ToH6
9:|z3H2 B
"n#g1_<+
koAP|
$RUOwr
TN*?2Q|
=bl-fcX:
f=pDx(h
1$Ty"VF9' HtFT
Zc{p4Dkv8
Kjg_.F~2
S0@_X,
M@]0]ft
)`~{^s
6Tjs 'SX
0>|lg{ek
'E~L|X
J}E/lfq>9
F|k!o+
)9]$l7 Y6
+{K72zE./N)y,
0^+XZuW}g ?3Ku
t5VaQG
=v'< W
OaDl?F%?
Pf_G[~Kj
jyF z2!]
#'h`EJ'
`)R JDjc
OM,y>t
tY{xkI
Xt#_^>g
}LDiqDY
A>+ iL
Pw}W?!j7
n?B M,6
7%{y4HX
\^hg%e
dQEpyN~C
Wn+=CfUsL
*0e3)$K
sN~y5aU)
GMF>D]
Z{z}ylCs
9-<'d>
3m ^L6
@U|IH>Y=>
][.P .:"1
R'tnW|j#
qR G25
BmJIR["L
=A W( z
xR]4SaH
b<@>L*O;
Vh[G;4O
hccZ%U1
$1.C./K?9a>@C
PAw.]D
H!r$i/uF
r0)0!0p
i0kzZ}
v'-U=^{l|c
Ix>5\k/7
)ceN+(
Pvt&Hz
.{TAR}oQ
UbfeNn
#0*h$tC3
V{-1@P6neGP8
@an"9kI
E%<1sWN}-;]=pT
7`}1a@
5nw+R1@
!{-ei:
p{`~}Kb
0fr0Sd
WgkcC5
E7F||c":
7;JhOTu
5ZY_=|'
dH)"o)f
2% N Ym_y
C<:NkB
wim-$*
9aWAV!M%!Co-
7`#\R*lP
f&-l%>v
#Lyid5m
UhcBI[,
&F-$)I
W<LYZfeQ0o{Y
"XQS|I'~nf
wE/pULr
&{IWHT0n
R){l/J("'g
lhW.-<J
2H5 8[G<QSks;e
un1~CB@o(BYT
/S2IMw'J%(
IaNnLvhZo
_Jw%WE~
Sl^I)tq
V{-vkH
+KJzJq5
~-mlbt7h$ D
fjwA6\v![] `\
!mr3g6h
?nU6=8V
V,S=lSj!_
]9?KjrJ
{RdK8d_
Vu$L-%s)
Ojl:Z_
[h<U"3sI{2
yX%P2D
+^B<&#
AZ!om>
[^xU`m9
W_$<$TL
'_<bf
BTx [RrCq
:HI;+Z5
&{$D<2CB
3"@eNu
'ErG;17
+_gM5;
z~N&j@6?5x7
qG?;Mq
l2e KT
!I)IVy$;%]d`3,v w:Y
C'H?}{Qd~
CFhRCTKP#r
}*V@ecen%Jq
!No#|X0-=Z-
FjtR|~+&) *
jDYFxm h
"w#'sN:t
`mI[ZpU'L*I3
SK8F%0
bYp;-V+WcuE
f(FkTD$
xQ!:l"
e:,''t
%xc8{]
qDlpFj`
tOK)&oa[
BZU,wW
A/6Q3 qyaD]C
Sl4c>{2\ .nt0C
ylp15?^
5D2: [~
ipZ4\%WE
>F{,yR
c:v~V+}
c,e,'+2
\X[> \th|.
U0CS>
F;{!nK
2|<SKp3>
`r>Tog4
37(IJ'
*9Zewv\)
w+!246
mEK8HW,(D1FkZE
p#*/:JKS
y,.[I/kf"
spEAl<
JVRugv,
%1 ECXJ{a~&s]
j)ACLR.|b?
d!L\<a *
%BX:=*
,#@SUYbxiJ<sU
M`m$TfZ
(]X=ND
E-$MqN
H;st"d3
hH+GyA.;
Bn`KUF
/`ISb\qa~o}
fZlKp0
2N%}\cp^|@CH93p{KQ
3wL6 6ee!I
4/l2O=
kq{yzl
nf"#9~
3>8G? [
SzEwzc
9+6SLt:qB
O#k{(kly
)t%Us<
sx^7&Vov~
atB?`.Z
7b[|vk
@0e3"w*
'KhbP(
7"T] S4Q%
fGQ+eKtHc/o,
']u*~F.h
y-5xD"B
@'\{^I
A#15/TT
=JP9\sq3
%nNxX&1dT
{'V7j$Gz` ,$V0
p9lD*vgZ1.i
\\Qm5c
=;CJzM}|
D/>WD@
5x(u_%"
x(HdmV{Enak
xYz!,bFI
ILf.nq
>V[2U5
9\b]27pi@}
WmD[|[B2V>pl
oo.MaE
QV[*+67rdplq8J|phw
2S`KT'k
}X(a0zS
=': 8(dW
dX2BGXESkI"o?
F.lDzFdoFO|B5lM
}&T)m&D:
1aRjAT
GiSYO<Q}(
>T I/V9
XqJ<AGfY+*:(W
{?'yj~
d&Z"=:16
_7kR4&E jQ
5@~x?Wq1
y)cdr9
]|>*3G
%_E@_:*L
J BgvUd-
rS]n%Np190Rw|&l
DGoE_I
W}kW8@*)' K
!>&gA(~
!^q}_1z~b
LpipD<I(
$i8H 6Q3BxXi_7
qN`=|<\w*
l<Wb$"hBN[3+%h
2Sp2 E=~.@s
_{t@:zEFw
gP4_]1"
~&O`rZ"
[4/P9Wy
XVooN3iu5
8Bb~V6
MpRl1~=
q*rb1>WH)%K
Lmu%4}vQv-.h
5i`k>S
9,i\xi
*I:KOXkBg*
W@0=u*M,0A1@
pcL%5)
M$`z n/OP
()um&wb
IuE<q,Qw}EU
8Fc_~ O
%*08}Eyc
w~_C$~KF_
eV5en is|t&HZyWNH
t}.cm)lw
!C"H^*_(Qjy
`o2RW{
mRI>5_M5I[5/4FX
*p4U*{5ac
l.1gx!
?l^vlo7z*"--.
++Krla~\Gs
G*w.rEeo2
F"?46- A
G+^\eh/+<eTCmy
`0_*T(
]X^mPcqHgvG
9gaiM-dZ
NfLQ~-
cQGK#?
eiGLSS
0[FxNw
^N%* DVn
'| >`V ]H4wl
7^)e28^wV^<[#
n^/zP9r
$;B.h++
)0Z7f[EV )
NT$V<rI
+M?|ScB
hpfM\_?|
cu[I^>w
~Xxb5a
63<[{O<
@0TiD<FU
<rd7r`
BL|('_
dG5?NRsx#5
mE7[Lznc,<
.@^tB4
WBcF<*p:
7`XYWlc=oa
>SlgVSS*
'+'K5cDoa
30UZ7@
Rw4[W^5d*
>7#nFIGv
Wa:aD;
wg K~5ouo
Y1dH:ov
rr5BDjGw2$6e
!S7QZ6
M0_;u>+
N4!T4u>W
[W+;a*
J%RKL(
<,|Mh4d_!p0
(7BWat0
a!(sXnf
Qa1=M3
<i JL4*(
G ,WC>LI
d|)NYPS
cX{q(f
_h[1sc
5s:4IqI
rFyPTW
Mju#sfL1
[rF<%j
[c; q)^hJ
S[?/o%g.f7
kYWlD;'L(
epcdVC
!+ qA}
@K;w4tJ
1:/# 6
^,< ,9
;JC 2qC
! 3@@s
G+Zk!"
eKM4AMm
4'5EI1
bF:;FV
xc2/m)XWKj_
UTj84"~AlP'
k&.m|F
/5P&]V~)NJ?H
q?&1Y[T,a
bKEJ02C
iw5xv\mEKW
zyHJ+E&kxUg
KD1HBA
pnKIhNlfn}
WW'<4#}+;
7L.9BZvw1r}
~zY-/{
~wijkJ@9@5o2f
Lq_AW?,Q5
bn50RC
c+s,:0W
-?+*whhhx,rX=i{~m
}osSF1;^
t4-s6y
"byax[{/
13"*uKxARn
iAW/ `
6LQB}J.Up[:}At|=
f[B^J'kbq
N1<3yz
d)U3~\6
F.$/j
+-PuUZL<
n|k{\]:3y
_0lZENd
#$]cq}
y)RGL@;t|
P^lLsi
2v *&w3
4cK6DZg"hX
|cicC<ci|c
Us9UeL
Ge*W`ZR$^#P
)0I1U+Z1^1,,X6@(Z3
EO90/cb,c04Mc#=Dc<c
d%c E<c *VcFGcK/cY%c` ccBc5,c`cNfec}o
doqdcd;dKdNd^wxdlzd~idwxd
cj%d2:d
nZD)O^Rj0
{Wx<7^
;Z(M,H1
%XPcL_cIRcbcn)cq(cdJcc
uc-cDjcs;c
d4cYUcD9cD1cL)c71c
c#r9crdd>\dkfdOd
spqReebp]RYb)?
Eq+?)ESq
pbM?aYpoQ
syRzRb;c
$bwZ.Y
xucxlxls
UMxLdxLs
rvhOs^h
hXspXsb
vw^Wu{y
anS^cEi
[]aeiNl*p7p4s
2r!rru
wvo{t|\89<B{cr
~drxdb}d_ydpdqdkdddqndomddpdw
jd[dbdUdKdydcsdb^da]d_c_c]c
kcUicLfcWscVqc<nocB|jc
LVXR{U}@xA<zGHzHY/>w;A
NLJcQd#d&d(d*d
dU dN dC!d;3mdV5jdP8sdE+`d<-
/Wd 0Jd
6Hm4ac
~.Hen_ca
4wJODB[
aiZeUpP59gBf
~E[d]$k
2kkISsLn
>S3|s*}EUy"c o6S,S
B&n8 d
oD'+=Mow;
cag>UR
tptng_c
caf@sHs
d2yEsn|)
+`bxh1
zdAu"nN?jj
mQqIzqQmBDFs`m1Am
A,c9T6[FB8c
cAup{l
d;Ic;I
g!gW!v
M+Gck6
;/oks_+_klT
/e?kU?T8'
._juXju&j
Sa6wee!
Sq!7s>yUY
jkRoW&jW&
.u9jK2t9~
wkEuSzo
2lpk|T
q1\p`|S
4s0sqc
i^s~f0sv/
uwuwuw
rguwRuwBupT
wEu]]]p
t3]+Vt3B^g
]Gr^t]
q^c[[[c
Zo[uo[_
SSTT49i &#
cicc|c
|cDc8cNbci|c
YcY Qcdc
Acz&9c
p-T5RFc
cD/Pd<Rcd4zd,c$c
c#c?ck
S2GW;l/"
2WzlbI1
2cZKdmrd
bd9FdEJd'A>dMd
idkudWqdc}dcccc
c9d-d!d
R!jPMM
|~xw~f
h|~xUx
{||usp g
'ny(>
c~[~%Z)t
*5ek~c~[~
{hqZ;Uf
0 O.>>
Au{fsk<cf
{AxK;C;;J3Dw+6#dR
S[pBp:l}+
m^^nn~
v]Z>6#
qz+5l{
{zzzzzHJHJ6os
s=<Fb9@Bz
||||||||
-age.=CA
h|~||P{1{
(A9jrE
93SbTRz}
FI{~xl~
k5/||+}
}||@JD'C;3
Lgu~*u{
syP-{=
syky'v
% IaLQ`|Ky
@ FCE7$yvowt
0]~mzZ
:{\60C
Eky;S]g3c]g+#
c%@*n~
y9wHtY<
ltdtlztJ
yondRtlJtdBtHpkgc
%'IKbA
k=H/uE\
HBDcz8~p/~`/~+~}
~d}}}e}+
}%}k3}u},}=
}j_}5,
ayOryOr~2y
t[mp(n"'7[cc
#FI~|i
@BD,+/#
c%H,V5zVz
yyyyyyxypsylwy_
dy`ky]Nyp|ky
% Ijpp
(kbx`McJZLdt
cQ[vG\vspvZ
c%H,1v
]vyuquuuYuJu>uBu
Z/glu3
&Nccgc'c
*"Ho6|6|nH
W=NdpJ
<3{.PX}
||||||||v
rrvrrxr'r%
r&rJAr^r
thtru]rvLnwOZxUQ
dnI2lx
uRMNH5/
;{As@H^}|
}||||F@FHJL
ninon\nKnnnn#
nO)jsznnNn]nKrn.un{yn,
nNwxuv&k
#b6-c
I!- JD #?G
|QQ,Fu
(`#?H`
zzzzz'{
{zzzzzzz
{z|||||||||
|||||c
VK+!n{}rW
&<QcccqcX
4iU<;w
zzz[%
({NsMkUc][SS.K
izsz{zzz9M
50!#8OI!
/cbbbbbb
~`n_f_PI{
9{MsMkMcM(
oczc3c
Jm=<>@-2.B.s
4I/k65%%
vueeUPh{
____3_>__
_q_t__ _L
_)x_Z^m8_
V_\_-^_jyy_*S{_
4_75[*
]\=`U?_V>bVfWXXrmXuNQ
{YlsFkAc1[1S!K
OCt;3cB\:\B\?_\.|Z\
[[[.|[
c=:yQ[&[
X[;T[@R[2K[
fPXQRQ}MV\HVnSWiFT?A SMMsMkM*~h~j5b5<Z54R5<j5
E>D97>
)A-A^^5jS
K[VCx;
W_NlUjEjEj
LFxvw{oslkcHjX
DX:KXI3XD(XK1X)Xp
XCWFjW"?WnWnWnW"W)BgW33WUWWTWTWDWZ+WAgWAW
OWWYoZZMEO~QxQcRjR
?Fp{3.hs$'gkc
[nSnKfC^;V3N+F#4
sx)j}j}j}j}j}
c[T\T\T,
UzkTzcTz[TzSTzkTzcTBD
c!F=2nSjS59eS
SSSS{SyS
wjQmOcVMaP[_RYUDWKU)QBSC
<U<U<U<Ux<U)HjVRVJVRV78T8T8T8T
"u{skc[S8K
cTPPPyPFP>
PmP"fPVUPIXP
,P!PoNPw
NPo.PW.Pmt4PH__P
P)*qOWOOO
\RTRnW9%<cJc
I]6@=TV.;!W
lL8VWPJXHMYP1Rx/RqBSi6TQT
))p)28mBC Ub
.{+s~kc[^SK5pCf;3+
MLLzLrLLB5TM
|?LmoLm
OLmOLWVL
)LL1Ld.L
f/Qf;Pf7SVCRFUFj:A
18PMhM
`M0XM0PM M M0Mx62%bc
@o!_!_!
rwMEb,B;
LFxsc[SKd^SI
HHHHHfuH.
'6n TR\RTR6]8^9
<[B)/52A
KFpr[SKCx;W3a+d#[
uhdpEjE
c!F:|DYDQDD
giN!cc2c
j'g$mVlivktm{osqk2 fcL
s&xdAAA
AA>AjAl
AuA_A-<AlAfA
a^APXgA\t[AZriAGiVAEoTACmRA9sHA/q@v@t@J"ZA
\E66 -C
"B+%#alF
9x0^eec
DFbPt&x
{swkca[iSj
KiCc;P3h+r#l
W^d`=Z=H `=
<Vi=/.=
B=43=1(=Nb]=t|{=
#%'!#u
I I M+
z@ma,z
JoL^a>\kx
8FxoC;t3t+c#+:76:&E:
9s9\t9=
9e9rzq9UoT9Sm9Ik9?i9g9ez9%8
c<:~/u4[2YoHDMBK
jugY~cm[zTxODYc
pn;3s+s#
&!#& +
kgcc}um6n}6-6N.
55551>
55y5r5ri5
z4xFVHMI@>F@LeBK^C
f..w%I!4
.h3^ x=
23e2o2of2+nf2!SY2 QQ2
Vh2[c2X[2]R2c)2e'2#2r
2#929(20/2>-2
10131)
D]FKZCr=
=c>e>P?3@-@C1A>+AL&B=A
(=# &
")%%kx
UxX{\Z
sQTkWScR[YTS#]KVC \;3+%#
wc..d.
YD 8.R
.-_-u-]
P7T2z2y2d2e1o1<474e1s1xH2
2m7K7Q8F5756%b+mAcc]
9,;@{me
BAr]3h+^#
+**_*u*]*S*I*
********
*rn*_i*@P*EH*>S*J*,2*)5*
t2Ag~-
M'N,A8383
4d<5r>5Z6P/N/0l0
^MV^F<
8J#$c#
<Uv$uc
[SKgCd3'*'-%'E'TU'>&
b @8E)|&JrY&Tj&Dj&Dj&
l&_o&uO&]N&
P0N0f/c/l.Y-)c-&
c+B)PK|?o1
#':,EgR
^jK!]iJDhEGXEY]iJZ?hJjL
{fsFouEoA P
oCKLp<JCvJDmxDB8:
9*9F,8
v? "fp
cS dxC
y(Wb`Tx~1I0!"
c8dUbtdwdFd dbkd5Kkd
dI\d`ddd{dWdydaudIhdX`db4dcHd
ldj(dP0d
d$,d1;dWc
ie^#URTrk
xox|YL )%TJhs]Z-jPOI
JdNdcd0 d* d
zd3HdChdK^dXYdmUd&Rd
dK&dofd_Ud
`d-!dvbdg^dvAd;f
9dV]6d
c9i*a8*c`9
tbQyCVA
INFIIY.QH
z~{>z~
|[|};}+
q'za}z^
::::::::c+
s'6t=8^<7
29/;=?
XjbViYn\v&
v9qkgiat\cVdTdEdEd7d1d]dYd%d d,d,d
d_cVcNcF
cAc9}cm|cl|ci|cs}cb}cb
crcu{xc
`7jBdC|B
xU}UOvP}[ZLGFFIReDdJ_I^G^RakV````j
dcd.dXP
dHW d>Y d8S(dU%d>c'Ac!:c)Gc!Fc)Fc8oc%<c
;c0Ac(>c;?c<Rc
ScIUcOFcM@cc:cb\ch^c
]7H Ykc
skjdmdlm1
=N>A&V
uR ~RB
bAA]_&.Tl%c
+h0EiPj
L4_0wO
t]|u?}C
`+h+Q$
]``:oV
O[QdJVN
XXiQNXJBA*
v^Q+=&&eNA$
h>WrrY
t[tstk
gq[xWK
k-ogqgq
pdR4XTPm
SRTXlxlslxR
(eaoq!0m
dqSpqn{
dq3pqw
hd^oq^+oqVxzQ t
;t1t9t1t
GtsZtktl
ztxddTsTdD
EdDTTsDdR
,d00c(c Oc
TTTuThTGMU"T)PL|X
ITkTnTThTG U"TS)KC{;3+SSnSSDSp_STcPNd/Bd&dy*d
cQc:QcqQcPcPkcPecPec/mc
dycc-d7Q`cZQXcqQPcPHcP@cP8cP0c/Gcjcyqc
Mb{WX
}KjL||pVc
yyy||8Uk;Rj
cKxqxuW}
y}QpQx
;554u7
H;$QN5Nk-Ql
M )o["dQ,N
NP]N\c
dKMiFXa@V[c:Tm
X..[.t[2
34\:R7=
2P3io4bh4[a5Lz01c<=
n1Q1I2@2
o0:Q1Iw
rQ6hC;sC
<<<<z{:k[<Kc ;h
c&_a[/
^ccic7c
S&]c~c>c
FIDU>F>FIDa}
~ENENEP
a9SaKaCa;
3#m+5s#
,RajaaxO
6YV.YF&YF
(v+f+f 2
B8=8=8=
*##T#^[
Jb<B"""D
X XR~8h
lLO\;F#3F#+6##6#
GqYccu
xawAX0
qccwca
]yb`uuuc1;Ji38$
JCC>."."#TM
%%J)L%
{4sltk`cb[VbS
Cw;e3Y+d_
c ?+qLL
-"e&HIFMtQ[T
a8o\E-|$XV$Xf
,G<whw
%#KM91
]6SJI.w1r
!EImO+}OV,J'A+
vPKlC/
K@OB;K7{8s]k]r
cdoho`oXffN
c ?+TDBZR"4')'
CFl]7m
'Kl|@aB>
v\%b}}}vF}}}
EIwE,Cxwus*.-
*>U?;{
[0SGKG
Cv;Y3Y+x#G
~C55h*="=4+JdMzSf8
_#C8D
KY!J!2!*!2u!*u!
c ?+zXcQsQ
UsreS"P|^&!!yzqo
3:C:42
L{'Ys Yk
[TSqGKtFCA;E3d+
6LE=S[C[J:=UDlno+C{_wZrW
;TZ:>A9
p$lpGuO
KFx<+.
CE0q;~
8Z,n!g{
GkAcpb['iS'aK_Cj;_3m+m#
NFKczrz]q
eF~fnSkk[`\`|i
Kc_c(c
3zg~l}{4
BJusNN:*txOQcUYzz~~r
jjnnj~l5+QA#]
S:K6Cc6/N:3B
G6"K:&?>*CRyRQ
a%9A%``+pg+j5Vi<R`/^[YR
}{inoq
#<c 6[
';432+6#/
Zr8;LE@{cw2nx-qB9h\5S>!J,E(D
cA/GC*@XZA:A1>
h5b}-~
%;o?3s.
GdOIu`L
_ePD9`
BuDtGuvDGvO~B~4}R
cccpc]cEc)c#c
Py]C/Q%K
T|7iccucHc c
b[7L Q
cs=5-O
'a\WfWfWVWVW&W&
'F`hcvc6c
44n4n4
K>md#:
\NGh{aXsfZkQcQ[dWfi83
DK317H__2SK3"4"$*~
?)mMLLLPj:`
wiD3E:B=KDM
P"Q%/F{usekec[STegK
3bvx+>#
hkUrU]DTOG/i.c.Z)e
'!?V2C*C"3
c!F2U)>!Q@'
'}. e({ {
W{?sGkocW^g[z
clefpP@
r}UK=k|KlKlKLKLK
71mUTGE64*
yk*c[SKCV;cL
s]{QPVH:p3x/e.{S:z"yN
At\T\jpM
\TM|NtNn%
8/D|D|$
[3SKC;03Xux+`ux#Xux
7BpM{sca[YSiNR
E/.1{)c
`7XFzG
'!NjjjxT
d\ll\\LL4
[SKC;&3&+
!#EOi%R`
c!F>?Xph
671+-<vSu"
49$I^c
+N@{=W^`
1@G9;E?Ac=YVOHUJ
!:ANOr.rGr(u"W
570R<OU
DDBx@(P
{?s.kMc`[
deJ}cD}YN}O|
5|k||cl|/| |R|G|
01V=WZQ8R1
b|UrWpi^cTMZOX
7Bp*[8Sdclxj}yUySySyEy/y)y;y-yxx?x/x0x/xxxqxoxexp
oxvQxzMxUbxLcxGxEx_x
Tq\qH!h
ON*C A
*V[sdmiRgg
upu?uet
c!J>tstctc
l%CFYZ
irwWgYN[DJ
ccHc$c
IObsn}}~6D/
hk^ad_{]xs}k
qWqHqEq/q)q:q7qpUp}qzpmbq
=Twc#c
"oToTo!6
lzxwB.-
kDc4[]SgKYC\;3+#
-m,mWm
x0s.ys
Bq{b0m>l5k
I.% F.<$+9)?Djrx0c1c
QuCf;a3c!j^
yjMDjC
i1i/i5i(i
i{iYiWinioiQdiNiiNbi+7ispi&
*=)}Gq
xdobAoZnutnznyn
bmCj;m3g+n#!}
kcNofOTfTUf-Ef2Jffo`f
1Je{\e
b>pZor~rOq=q:lC"k)$k&
;m/h'sNWnTqpRp[kPjjms
6O)08Ze
?FeLbK=C
skc[SKC;3+
bkb^hbdpb\ibNbxNbIOb7Ob<4bE5b+%b *b
^oaRaaHaIaVaGaa=a
Y+Qb+QZ+@b+TqLFPdWbWZVU~UOT=T
?CUHZG:@4|
itgo@[DX?Sn<P{&
7F4alcZs[[sS}KoCq;
c'@8,F
?$J1z1
LLLsL@
9.~tsl
gg^q+,
eaEQTa
oO3^Pw)a(o
2i O(o
k:- d020&
+J3)R#b\/^"W
Rk$_q_
roeL-7
nehi~feJi>`[" G=/FYu~nySb
c-titl
<BisxXl|OIAu>D\EXmCD)LG5>D
EX-CD)LG>D
EXCDLG>DHCDNA@
MJ;kED@HC$sNAKJ
UAKJCD
GCTAKJ
w,,,,L3
BUHLYZ
_O1{|A
99#8X"9K9N
PL3Ie414)4d1
OW3nW3fW3hW
5>55K>i5,=5<5<
6Q96Q6Q6
R)7TF7T7R7R
8+I8O8O8
9@I_9QI9
7U#'rs'1
Y91dd_u
151@1N1a:p:
~::':@:
y;Ipp<$f<e;9U4<=US<@EM<F^=6k=
7=&=&=
yMj;rMu;fN;BN;K;K;K;K;K;
Lr<3L<AQ=QQ=Qa>
R>9R>9R>|R>Q>
O7?PH?Pe?P?N?N?N?
znwN-C#
9<6yvD
-8i.7q.7
/tm0ex0e0U/U
79IC7Iv7I7Im8:8d7Y979
:7*:7A:t7v:S6:
P6:|6:6:8B;S~<uTr=4=R5=Y5Z>Qj>RR>lR
QN0N3B
cvvvvv
vvv+?w3Gw;/w3'w
n5io4qO4yO4qO4O
5y/4q/4)/'51
S5:5B5j.r.Z.b.
y:q4q:y4:4}:4M;
5<M5;]55;e5M;9L:L:L:L:L:L:L:
L:L:Ne
FwIWIQ25Xr0w
>"8k(g?
W:>dEd%?c
QR+W:cM
/IApRAlS
H/@/8/hkl
YH(@(8(
7<BH(@(8(
I8Fw;)0uF3
8@kE L
Nw<`E`KC
Fe6S]?(
Nr>w2.>
gM4Nuc
`5`#!!H(
@(8(k=E
@(8((E
aS<u9D
UXJ48gE0c
9/uYwtX
-pD2Mw-pUcBEF
r3@`MT(nN;C3
`:>dSQ
0cUEI4M3O_'<B>
(<BQ1`U
cMN](<B|D4_4<B
QW:cT?R
<B50_&
Rw'<BdJ(
<Bfr8c
\=BU(;
)SR=jD
wQ:>d5jD
3]] )Qw
u`:>dY.iD
<B>69<M
(3M,2-@h
A4MN's
6>,F-<,
E@F^:cM
_5'~%(nD
?<Bcn
<B=$;*
.'5w@Wc
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndPaint
GDI32.dll
SetBkColor
ADVAPI32.dll
RegOpenKeyW
msvcrt.dll
lQ+QQQf
UWVS|$
t$dD$\
T$L3;\$L
t$t#t$lD$`T$x
D$t#D$hl$x
D$t+D$\$
D$@d$@L$@
;s#D$H
t".)D$H+r
)D$H+r
L$H+t$`+
T$8L$PL$xf
D$\l$TD$X3|$`
D$`L$D
;s`)L$4|$4
t$4D$H|$t
D$`D$t+D$\
l$8f++
D$T&++f
T$TD$PT$PL$XL$Tl$\D$\l$X3|$`
;s/D$H
;s;D$H
)D$H+f
t$(Nt$(uL$0
T$,|$`
)D$H+f
l$$Ml$$uP
)D$H+f
$L$ d$
p4$Ft$\tZL$
9l$\w`$
BD$tIt
|[^_]^eS
2-eu*{bx
|G-fB12~`
KERNEL32.dll
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcessHeap
GetShortPathNameW
GetStartupInfoA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
FindClose
GetTimeFormatW
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapFree
LocalFree
MulDiv
QueryPerformanceCounter
SetCurrentDirectoryW
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
SystemTimeToFileTime
TerminateProcess
UnhandledExceptionFilter
WriteFile
lstrcatW
lstrcmpW
lstrcpyW
lstrlenW
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
CreateThread
CreateFileW
CompareStringW
CompareFileTime
CloseHandle
lstrcatA
GetSystemDirectoryA
CreateFileA
VirtualAlloc
GetTickCount
USER32.dll
EnableWindow
EndDialog
EndPaint
FindWindowW
GetClientRect
GetDlgItem
GetDlgItemTextW
GetParent
GetSysColor
GetWindowLongW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
LoadCursorW
LoadStringW
MessageBoxW
MoveWindow
PostMessageW
RegisterClassW
ScreenToClient
SendMessageW
SetClassLongW
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetWindowLongW
ShowWindow
WinHelpW
wsprintfW
DialogBoxParamW
DestroyWindow
DestroyIcon
DefWindowProcW
CreateWindowExW
ChildWindowFromPoint
CheckRadioButton
CheckDlgButton
CharUpperBuffW
CharLowerBuffW
BeginPaint
LoadIconW
GetSystemMetrics
LoadIconA
GDI32.dll
SetTextAlign
SetBkColor
SelectObject
GetTextExtentPoint32W
SetTextColor
ExtTextOutW
ADVAPI32.dll
RegQueryValueExW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
msvcrt.dll
_XcptFilter
__getmainargs
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_acmdln
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_initterm
_wcsicmp
_wcsnicmp
wcschr
wcsstr
x'd|39A$
X}}70g
>=6JNw[)^\W
A nJVj5d
_:,K,~
.uoWhyO
w{F3wPE
FSQuJ#E?./ t^*G
B5^ z.k
_+KMU1
R/RT_;?g.{
peePe@
nY~zHq6b}
=Q~IJrV
pg"=18+tA,3m
tz1'8k2<G
wuvP"vL
.dJb>]_%
\zYS4@e
{/?=w7<IZh_
vbX8t+[EX
PHFj!K4@
] zZfx-Hp{
Ml>Ph[
wQnK'_C
@�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�g�
S�O�F�T�W�A�R�E�\�1�1�a�s�s�e�s�
c�l�s�i�d�\�{�0�8�3�8�6�3�f�1�-�7�0�d�e�-�1�1�d�0�-�b�d�4�0�-�0�0�a�0�c�9�1�1�c�e�8�6�}�\�i�n�s�t�a�n�c�e�\�{�1�2�9�d�7�e�4�0�-�c�1�0�d�-�1�1�d�0�-�a�f�b�9�-�0�0�a�a�0�0�b�6�7�a�4�2�}�
a�e� � �u� �
�p�l�c�t�o�.�
o�g� �p�c� �
o�d�p�I�i�_�L�s�
J�O�Y�_�h�k�
-�,�+�+�2�/�q�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�1�9�0�4�B�0�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Process Tree
- 0b52096fdb710db9f48e5161ce8854e6e8bce0b873fde51b556dff9d1379061d.exe (628) "C:\Users\Administrator\AppData\Local\Temp\0b52096fdb710db9f48e5161ce8854e6e8bce0b873fde51b556dff9d1379061d.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | ad0645d20bac4ed5_iqbjnwa.exe |
|---|---|
| Filepath | C:\ProgramData\Mozilla\iqbjnwa.exe |
| Size | 225.8KB |
| Processes | 628 (0b52096fdb710db9f48e5161ce8854e6e8bce0b873fde51b556dff9d1379061d.exe) |
| Type | MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS |
| MD5 | 582d32a18e6791e57f234a80507938a8 |
| SHA1 | 2b2f15a28984436956692797a0c450327fa665f3 |
| SHA256 | ad0645d20bac4ed5b068c1ff3f0fe6a1fc5042db0a6f3c5fcff4804cfc68d345 |
| CRC32 | 0E3D680C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.