1.9
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.66
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200522 | 18.4.3895.0 |
| Baidu | Win32.Trojan.Delf.j | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200522 | 2013.8.14.323 |
| McAfee | Exploit-Mydoom | 20200522 | 6.0.6.653 |
| Tencent | Trojan.Win32.IRCbot.nrc | 20200522 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
在文件系统上创建可执行文件
(7 个事件)
| file | C:\Windows\win32dc\Counter-Strike(codes).exe |
| file | C:\Windows\win32dc\Doom 3(fix).exe |
| file | C:\Windows\win32dc\Counter-Strike(crack).exe |
| file | C:\Windows\win32dc\Doom 3(cdfix).exe |
| file | C:\Windows\win32dc\Silent Hill 4_nocd.exe |
| file | C:\Windows\win32dc\FlatOut + cheat.exe |
| file | C:\Windows\win32dc\UT2004_codes.exe |
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 172.83.156.122:6667 |
文件已被 VirusTotal 上 65 个反病毒引擎识别为恶意
(50 out of 65 个事件)
| ALYac | Trojan.GenericKD.32159591 |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.32159591 |
| AhnLab-V3 | Backdoor/Win32.Delf.R238368 |
| Antiy-AVL | Trojan[Backdoor]/Win32.Delf |
| Arcabit | Trojan.Generic.D1EAB767 |
| Avast | Win32:Trojan-gen |
| Avira | WORM/Rbot.Gen |
| Baidu | Win32.Trojan.Delf.j |
| BitDefender | Trojan.GenericKD.32159591 |
| BitDefenderTheta | AI:Packer.1988990019 |
| Bkav | W32.AIDetectVM.malware1 |
| CAT-QuickHeal | Trojan.Backdoor.S4092223 |
| CMC | Backdoor.Win32.Delf!O |
| ClamAV | Win.Malware.Delf-6717516-0 |
| Comodo | Backdoor.Win32.Agent.~AACE@2m6u4 |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.2096c6 |
| Cylance | Unsafe |
| Cyren | W32/Delfloader.B.gen!Eldorado |
| DrWeb | BackDoor.IRC.Sdbot.16412 |
| ESET-NOD32 | Win32/IRCBot.NEU |
| Emsisoft | Trojan.GenericKD.32159591 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Delfloader.B.gen!Eldorado |
| F-Secure | Worm.WORM/Rbot.Gen |
| FireEye | Generic.mg.93ef7892096c6527 |
| Fortinet | W32/Delf.NRF!tr |
| GData | Trojan.GenericKD.32159591 |
| Ikarus | P2P-Worm.Win32.Delf |
| Invincea | heuristic |
| Jiangmin | Backdoor/Delf.hxo |
| K7AntiVirus | Trojan ( 7000000f1 ) |
| K7GW | Trojan ( 7000000f1 ) |
| Kaspersky | Backdoor.Win32.Delf.ars |
| MAX | malware (ai score=84) |
| Malwarebytes | Worm.MyDoom |
| MaxSecure | Trojan.W32.Delf.Ars |
| McAfee | Exploit-Mydoom |
| McAfee-GW-Edition | BehavesLike.Win32.ExploitMydoom.ch |
| MicroWorld-eScan | Trojan.GenericKD.32159591 |
| Microsoft | Backdoor:Win32/Delf.DU |
| NANO-Antivirus | Trojan.Win32.Delf.dbtjno |
| Panda | Bck/Delf.AAQ |
| Qihoo-360 | Backdoor.Win32.Delf.A |
| Rising | Backdoor.Delf!1.64C1 (RDMK:cmRtazrwdw7hO5gVhFx0G1UBa7K5) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Delf |
| Sangfor | Malware |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:22:17
PE Imphash
aae0990bf8ae1af65a22e31d4163da6c
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0000f000 | 0x0000d400 | 5.242858506337089 |
| UPX1 | 0x00010000 | 0x00006000 | 0x00005000 | 3.8094972813627055 |
| .rsrc | 0x00016000 | 0x00001000 | 0x00000800 | 3.7640536006953758 |
| .imports | 0x00017000 | 0x00001000 | 0x00000800 | 4.29845733461793 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00016154 | 0x000002e8 | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
| RT_RCDATA | 0x00012448 | 0x000000a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x00012448 | 0x000000a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00016440 | 0x00000014 | LANG_SPANISH | SUBLANG_SPANISH_MODERN | None |
Imports
Library KERNEL32.DLL:
• 0x40e1bc WritePrivateProfileStringA
• 0x40e1c0 WriteFile
• 0x40e1c4 WaitForSingleObject
• 0x40e1c8 Sleep
• 0x40e1cc ReadFile
• 0x40e1d0 LoadLibraryA
• 0x40e1d4 GetWindowsDirectoryA
• 0x40e1d8 GetVersionExA
• 0x40e1dc GetTempPathA
• 0x40e1e0 GetSystemDirectoryA
• 0x40e1e4 GetProcAddress
• 0x40e1e8 GetModuleHandleA
• 0x40e1ec GetModuleFileNameA
• 0x40e1f0 GetLastError
• 0x40e1f4 GetFileAttributesA
• 0x40e1f8 GetCurrentDirectoryA
• 0x40e1fc FindNextFileA
• 0x40e200 FindFirstFileA
• 0x40e204 FindClose
• 0x40e208 FileTimeToLocalFileTime
• 0x40e20c FileTimeToDosDateTime
• 0x40e210 ExitProcess
• 0x40e214 DeleteFileA
• 0x40e218 CreateThread
• 0x40e21c CreateMutexA
• 0x40e220 CreateFileA
• 0x40e224 CreateDirectoryA
• 0x40e228 CopyFileA
• 0x40e22c CloseHandle
Library KERNEL32.DLL:
• 0x40e1a8 TlsSetValue
• 0x40e1ac TlsGetValue
• 0x40e1b0 LocalAlloc
• 0x40e1b4 GetModuleHandleA
Library KERNEL32.DLL:
• 0x40e0f0 DeleteCriticalSection
• 0x40e0f4 LeaveCriticalSection
• 0x40e0f8 EnterCriticalSection
• 0x40e0fc InitializeCriticalSection
• 0x40e100 VirtualFree
• 0x40e104 VirtualAlloc
• 0x40e108 LocalFree
• 0x40e10c LocalAlloc
• 0x40e110 GetTickCount
• 0x40e114 QueryPerformanceCounter
• 0x40e118 GetVersion
• 0x40e11c GetCurrentThreadId
• 0x40e120 WideCharToMultiByte
• 0x40e124 MultiByteToWideChar
• 0x40e128 GetThreadLocale
• 0x40e12c GetStartupInfoA
• 0x40e130 GetModuleFileNameA
• 0x40e134 GetLocaleInfoA
• 0x40e138 GetLastError
• 0x40e13c GetCommandLineA
• 0x40e140 FreeLibrary
• 0x40e144 ExitProcess
• 0x40e148 CreateThread
• 0x40e14c WriteFile
• 0x40e150 UnhandledExceptionFilter
• 0x40e154 SetFilePointer
• 0x40e158 SetEndOfFile
• 0x40e15c RtlUnwind
• 0x40e160 ReadFile
• 0x40e164 RaiseException
• 0x40e168 GetStdHandle
• 0x40e16c GetFileSize
• 0x40e170 GetFileType
• 0x40e174 CreateFileA
• 0x40e178 CloseHandle
Library oleaut32.dll:
• 0x40e1a0 SysFreeString
Library shell32.dll:
• 0x40e270 ShellExecuteA
Library URLMON.DLL:
• 0x40e280 URLDownloadToFileA
Library wininet.dll:
• 0x40e278 InternetGetConnectedState
Library wsock32.dll:
• 0x40e240 WSACleanup
• 0x40e244 WSAStartup
• 0x40e248 gethostbyname
• 0x40e24c socket
• 0x40e250 send
• 0x40e254 recv
• 0x40e258 inet_ntoa
• 0x40e25c inet_addr
• 0x40e260 htons
• 0x40e264 connect
• 0x40e268 closesocket
L!This program must be run under Win32
.imports
StringX
TObject%x@
Z]_^[SVWU
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uhf"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
_^SVWU
< v;"u
3C<"u1S
>3Q<"u8S
< w]_^[
Ht Ht.g
6WHuv=L
&]3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
tY)_^[
RPCHP\t$
-C GL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~KxI[)G
Y12_^[
PRQYZXt5x
YXYX_^
@~d@PQ@
YXYX
t#PRZXu
uM3Uh3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
USVW @
USVW(@
d2d";~
P'v_^[]
SVWU @
^v]_^[
UU1h`9@
QRZX1Yd
PQuZXSVW
$ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
USVWE,@
t93UhCG@
d0d ]ES
u_^[YY]
UQE3UhG@
d2d"E@
t3ZYYd
U3UhbH@
33ZYYd
Ek[]U3UhH@
p3ZYYd
U3UhJ@
U3UhJ@
3U3UhiL@
U3UhL@
U3Uh9M@
U3UhyM@
TBisBotUQSU
E3UhN@
EPE!PC0P'3ZYYd
E0J[Y]
SVUEp3UhO@
3WEPUO@
EEPUO@
UE3UhO@
d0d SU
E3ZYYd
d0d SUP@
13ZYYd
ED^[Y]
PRIVMSG
UEm3UhQ@
d0d SUQ@
PRIVMSG
MUVUUh@
~sEPUh@
3~dhh@
S lX`u[{$
u*h4i@
u*h4i@
u*h4i@
umh4i@
S hpX\u
lPh$j@
3C(0{(
u*h4i@
.deC(@
`P\\j@
S z\XnuYEPXE;
EZGTh@
PPLxj@
EH@Phj@
@UYhj@
[8PEAUXhhj@
0PEDAUX U2
guh@k@
7uh\k@
(uh@k@
XHu^hl@
|PEAUX0
Xu^hl@
@PEqAUXM
Xnu[hl@
PEAUXYhl@
GPExAUXTUf|
S xXwu5
PC0P,t
tPp<m@
lPhdm@
S hXu8htm@
S NXXBub
S LXub
P 3 jP8tD{(
P3Pzt={(
urh4i@
u5h4i@
u7h4i@
ufh8o@
3Ph\o@
u*h4i@
Ht*G=x@
73ZYYd
PING :
PRIVMSG
PRIVMSG
:Logare corecta - Nivel:MASTER
dfisier
:Descarc Fisierul...
:Descarcare completa
:Fisier Executat
QUIT :Updating...
logout
silent
:Comanda Invalida
(Net:
(Sistem:
(Director Windows:
(Director Curent:
(netbios_infected:
(netbios_tries:
(netbios_failed:
(netbios_accessdenied:
(netbios_invalidpass:
(netbios_logonfailure:
(mydoom_infected:
(mydoom_tries:
(mydoom_failed:
(scan_infectedfiles:
(scan_infecteddirs:
(scan_copied:
File(%cur%\
File(%win%\
File(%sys%\
File(%tmp%\
File(\
restart
QUIT :Restartez la cerere ...
QUIT :Quiting
rndnick
:Uite ca am iesit
ascunde
%rnddir%
%sys%\
%win%\
%cur%\
%tmp%\
%rand%
:Ascuns ca (
:Imposibil sa ascund ca (
%rnddir%\%rand%.exe
:Ascund ca (
:Added Random Garbage To (
:Failed To Add Random Garbage To (
registry
system.ini
explorer.exe
:Adaugata copie in REGISTRY
spread
U3QQQQQS3UhOp@
d0d hdp@
.com "win2k" :
C4PC0Ptu
U3Uhkq@
o3ZYYd
d0d EEPEPt,P3
EU3ZYYd
EHb[Y]
UxSVW3
x|UEEN@
EPE1PEP
U=|Pxv@
xtrworm
TFileName@w@
TSearchRecX
U3QQQQQS3Uh?x@
Ku3ZYYd
win32dc
win32dc\
trainer
serial
BattleField 1942
Doom 3
Sims 2
FlatOut
Counter-Strike
Silent Hill 4
Half-Life 2
UT2004
Quake3
tDHtvH
UUUEE$3Uhz}@
d0d }@
cEUUOB0U
t-EPU}@
Euh,~@
DCPlusPlus.xml
<Description type="string">
<Description type="string">XTR</Description>
</Description>
<Share>
<Directory>
win32dc
</Directory>
IuMSMUEEEE
d0d EU|
hX]u\\UG\`^
tu DU^DWEh@
Fu @U0@)Et@
u 0Ux0q,E
u # h@
dcplusplus.xml
upload
download
uTC,PZSC
[[U0SVW
EE;3Uh@
d0d 3Uhz@
d2d"U0
E*D_^[]
Ht!Ht,6
U3QQQQQSV3Uh[@
d0d cEp@
X>AEPEH@V
W3ZYYd
abcdefghijklmnopqrstuvwxyz
BFKu_^[
Unknown
Dial-up
UdSVW3
d0d 8lPh
3Uhj@
s3ZYYd
S3ZYYd
ZE.H_^[]
| v;}
N|7 vU+A
d0d 3Pj
Ea{[Y]
d0d Ph
2E*D[]
EEY3UhK@
d0d Ph
23ZYYd
:E2L[]
KuZ_^[
KuZ_^[
BFKu_^[
U3UhE@
q3ZYYd
TMyDoomU
UE;}3Uh@
PS7t[@
PRIVMSG
:MyDoom Infectat
d0d pP
_f3ZYYd
fuZ[U3Uh
TNetBIOSUhSVW3
hl3Uh@
d0d pPh
u3ZYYd
P3ZYYd
WM_^[]
USVWUE
!}]EPEPV
\Documents and Settings\All Users\Start Menu\Programs\Startup\
\WINDOWS\Start Menu\Programs\Startup\
\WINNT\Profiles\All Users\Start Menu\Programs\Startup\
Administrator
MMMMMMUEE
d0d 3EEp
EWPENPj
EJPU3oE7P
Z3ZYYd
PRIVMSG
:netbios_infected
UE3Uhx@
d0d 3E
U3E3E]t%EPEPEPh
EPEPh
uO]uNr%FE
EUoE_^[]
U3QQQQS3Uh
SVWU33C
netapi32.dll
NetRemoteTOD
NetScheduleJobAdd
NetShareEnum
NetApiBufferFree
NetBIOSThread2
334fuZ[U3Uh
U3Uh9@
d0d 3ZYYd
d0d <x@
/3ZYYd
%rnddir%\%rand%.com
%rnddir%
%rand%
%sys%\
%win%\
%cur%\
%tmp%\
us.undernet.org
XTRMASTER
fuck21
356746
Runtime error at 00000000
0123456789ABCDEF
Biscan
3Messages
System
SysInit
KWindows
UTypes
?WinInet
*ShellAPI
WinSock
apFunc
!uMyDoom
uNetBIOS
apInfect
&pWebServer
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
ReadFile
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
WNetCancelConnectionA
WNetAddConnection2A
SysFreeString
ShellExecuteA
URLDownloadToFileA
GetKeyboardType
MessageBoxA
CharNextA
InternetGetConnectedState
WSACleanup
WSAStartup
gethostbyname
socket
inet_ntoa
inet_addr
connect
closesocket
.idata
.rdata
P.reloc
P.rsrc
Rr@'v@
g)xa$b5X
/!Odcpp#$W
md#bat
h$;;o5
SDG):+\
A&C-XF'B!"
VP,[px
D9Sql'pABJa7B
5a?abcdefghijklmnopqruvKwxyzVSD`#2
A/P([^_e#(/=b
u_-[Ml`
H Unkn$
'NT^oI7
9598SE
PRLdLAND9&#-
uiS!(kPx
h/R)dd
C<-s V
92z%F\?|
D5+AU]JbHj0"
9d+C.;P
BZCI!.?,T
TMyy+=
h&Ke &K&
)9)<X5PS8
fZRh@N
xWn<"r
5 IatO0 clx :D %pu
A-:R8K?9
c}U-fu\rL
y%/9``z`"d
z$K.ll\vO3)%
h BH.9:
$Jl@,8D
Vr[#o!?>
s q S!
} M"u\Program
G%WINDOWS.A c/6NT">
;FO\O_kD
]dt` A$_c
/zcB}q3$
!_8;h0
`08 U[rab$tVd<
]uNr%F,>\/{t
Nu?6fA
S9`8dgs
wH3e Dq
[P;ihp}
a7@pi32.d
[\duJobmA
o#ACBuf\rF
btt%h$
l&|r2A
Ug`@YS
X zW&j
kus.r.org
#vdm?I?fuck21735674 [F6
T$rf/
mxHErr/gR}Aime e
01234
89ABCDEFi-
$4M4@P`p4M
XhMtnO
p4M4|gM
J4Mtxq
N?GP&=O8
agmSv1
In&Tq9
Kv4UTyp$
@*S<API
o*bSopIMS
&pWebServ
Library>G
1c$*rV
TJLa^,
AtAlbu`s!
Closla[TiTol
iDeZ7#\TC~%
?%(Copy
`TlsSr%
iz0V;@ntu
ga8a cIe
bcp6e
/#&m/n.#d
Unh1wd.)pN
E)HOf7Rtl:wiK(
R<H)I3
.6O<nKey
`x6[>4N#5;clCn/A
2AkF:=ILST
(NuxIo
@SAXme=
ghobynaCZ-s
iZ_b5l
'BSSvS2Hs
+Orvdr
lSP'e!K
XPTPSWXaD$j
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
1wr'""@
3333;31
333333
KERNEL32.DLL
advapi32.dll
mpr.dll
oleaut32.dll
shell32.dll
URLMON.DLL
user32.dll
wininet.dll
wsock32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
WNetAddConnection2A
SysFreeString
ShellExecuteA
URLDownloadToFileA
CharNextA
InternetGetConnectedState
KERNEL32.DLL
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
ReadFile
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
KERNEL32.DLL
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
KERNEL32.DLL
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
mpr.dll
WNetCancelConnectionA
WNetAddConnection2A
oleaut32.dll
SysFreeString
shell32.dll
ShellExecuteA
URLMON.DLL
URLDownloadToFileA
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
wininet.dll
InternetGetConnectedState
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
inet_ntoa
inet_addr
connect
closesocket
[Bb1~Fgc0ACNW?}I!zR"
248F(I`n
ov+W$(W{
^i*[MC`TDO
qwrPFx
]5m2H2i
]~\-6)
0cA{XB();&}9
=V.o?:
|K*sX4
xG%V|>f}
kFM#l!
TK~i4t {
7! 3\Q
(^l<s0\*II6
}1](% |
Dt,ys:;:0bAe=g=-m
7hIv[B
;zl"({,UK
w"a/W
+/dG3YZ7
\7D9T"YB4
"N@>XHQ*
tyauDIrs
/[@*+R}9H=
PAq|: nM
vX<>U^=
nsxyLF3
KoW:@3
Lmi_Yj
%@3~q(E}gB&p
1#kwW6Th8
jPT;'@I
B>Gw 4w%
XTv/eBPfe9R8
epE-9?r
vnTiq8
gvHg1>d
Ke#a#HBU\t
BQNNqLGm
gBNFa|L
abH]gj5C
ZjvU$}iI
0J[8~U ZbMWcT0
(,Cl{TX
aBSal"QG
9d '_5O{y
9#oOhl+C~i,
wSM0}&
N%omBnUsyuY
EX`dyi5-
9HFVu@,
>dZ.xZ
WYe0TGW"42
PuBrik
N> <J]
3C/L$vPm!
1i!<1|%VCH
}Adfl[&2.
d%3?A@
\u+Lpj
y} A%xJ,<pr
9QA;O9
p\w?4iQ]Oi~ZAPg
sbE`gS
=W25]
,.nr8'm
BM*OU.
_n8TCh
XC-Ez;Z
}'Y%?1f7d?
{mgf O(
T5:Pw>7o
Vq9u.sOAf
7lPJa]I
ZLvjclN M
Gucb#og
.s@ o[^
9yMu\il
<tHnq;q6j
D<*h41
RC<KXbVA
*2$K@@C
AOMvL~+T
wZk5r_!A+
xcsEQb? cbz
|&`xOBslC/Rm
XjyRhu[y'yM2F}
|&()< jr
03k`$:
-GrM-g{]
ehk>J(3
' @MlMI
&o=PKBD
o5CyWB
Y] *-><Ia
.zxIm
O\fg%KfR]zeykd
4z UK8+
@cq-YH^_L@T^=07F
6`0F&0gI}lc!
?P\C@l
3^d\;A
!B|tXu{
`Qa`Cx$8D]M
j562><
O;^A=#
s|>ark
eKqw54Li~w
{2aXTRq
44o9lU*q/[X
{*}9c]u
g|]+}2y#
k4@\`[
fi<6XK
GUmC"q[
'KDeD}v'
7z&BYw
GkwdEb0Z3
@i'E6Q
$B&hl~Zgvdn%
W81UZ~g;w(l0|>m
s)k-[A|B;>cN
E~Ag~ex$`/3pd;!k
!~"5#s(tV
_u'uCR
`yd7,q_
wDOQy/H&
%z9"mDF]hI
Zvm~DO"U
)ztG{/'
e.%YSPk0^M;!
'GL[FoC
*}Hv8_mH
/7>Pb2C^,L
,r7h;g:5\y
]\%Ob<o
glz<Ws
?K!&dY?
dz%K}z#
VW,jMV1-
6/GR@x
GK^+du
L?#l-8I9
-._q>C;-
%Eo*JT
3;M2v.u
ZoK>5G`Ql;=2Ol
}jMe{5?i"
f]-iOgK}N
g`kMB(2t>d%<6oU,0
eu3-p/
qmR}IJN
y`/C$[\0xj{w}r~0\D
HEM[BhSAa
RM9AuC}AiZo=^7F
j5~*rTcY:
n-*=D bSg
MOZ[hu
XR\7QHOq {
+2XD8Q7
lK(>xk~Hw?-]TQ
r)w\F*%<
V&Of1hch3,= [v
%zIP]K
i[xI5`
~xWF5?I7\+;
aYs)!R`Ke
nhI_A{
@uh(gn$(`
`H]YDQ
Y.Ur|*Nu"uJ
] xc6CB7l|
D=*N>1
>pgsh$*
)vWI=V\>W
x@Q!gcC
c H7Cc2
W4npc:
3dquQae&@)P"
ZIE5@l/x;(h]uB{r,T[{=
mWIZ/VfD
B,e*d@I+
^x#}eYd4
is0=:a/
J=z/`w@
J{^OwRu
CpST S
2mvF,~x
SQqV`+AY|;s
\<#59I#
9pI795
F#>K#H f~
l@}{Myb
; `WpMz~#oHmX
V;];o^{0&j
J3w}?LJ
4 W)Vz
`ge,zgw
M.t`H.~
85ZfghA
Z[b8M&7jI
6'[Vw?
>VQ:2DSV3
DdC}Cu
9zW("Bk1:
'<2<c,UW
vP@Y`l
=)"k@&
2k>nBH
VaqjYN
'VZ-ij
Lt+2c0LYk
D]Hn3>7(T#<A]az
t1"+N9
I.ix6
C 5I,_}
7zcsPUS[ IF
5mb#m:
Q@[H[{AY0^
lX6sVL
OzbwRBSE
w1.ZT6vtBg~6l~
(55.!OP
H3I0wZ'98Vxo*
&Q(U>N sF'E
qafZ)@
$*}4s
08$^H143o|s[%S0
[IAj*I
3j3uMD(3
|[ RMY
$o-Lb6ya0;F>7.on"
juW<rBZ
$q:[9G/
*=cjvQm"a4{70]
7Hr|qYv<_E
fk\LrXPd^;<
C2z{iCE`6`G
niF:wU
t}1c|~
y$X pn
8f09;Lt
6'b+S#
'qJv71V"$
^k2`(QB?R%[
}c:U5I
\'[*=ShT
''q lV
sg29%-
(AK/)q
z`,gS,
=d!C4rl
`oK#?Z
h.<FMV7
Ba~Y8nu!wJPopQ./+>{U F
~A!E>Pidcq
1v!bZu,u
_YqI\_$
=2rZk3
77A</&>do
Q_U[TQ.
H_uI($
+_m=2I!0,GR
F<Ve]D~;'
,dB(Ib?aH
2zvjr}
]9NlMd
JDyPnss
`;ZBEo(kP&y$q]M&c4
SA/n9Wq
^`z+WiR "-B{$
i.)cw+-f
VdnC?a 1akl]mi
iO>I~gq,<oda8<dYQk
fekzusT;
BG2m,B$M..
>^"LW@
f0B\5$
yu?k+
M-Y!PJ
q:?z%n
pp+bh4!1-`5$m2,l)
0R0<y/q&vf.
}s%$s5gzi
>E|! ,
ES!`>l#
aW!=x)J{k<HQ<KZz
Z2e}1zTYt.
>y!0fOs46(3W
PvdM!N0
e>Y:xT
k8g%U,B<yGa/
;myHECHnYqwJ&
B^]*ollXrB
,"3WurFdK
oJC78*
qKssSok
7 {:Kst]v53E{l[
VS.~JMV0
>rn[|7]K
:JW0x({
3?&BlEk
~MN 5gQL
]"/Z[cmoU=
oUwlu#f(
-l+,OrG;
z|>Dse)9'*G
L80(61pO
?!Be#W:c'#p?(
=K+n~ 6[e],'
Q]5qw
Gr sLB[
[h/Ow|t
f8{ EFQ
M$p=fV
L"7H*NfF
G~ZLM6
3`@&Y}_lf%c
0lhnOnL].F
3<h=*
G7= 7W
N`m[ U
R;?&QG
}zwAPur#{YS
6ZXiB0
AT _7]+
)Vk.1E$`+
</dBn4:>3
7,eL-.
">i6}{d|x
W1[+wG#$
r0vOkE'P
3o#?Wc$0
J`(~6B
PO;E,z
_<$Obo
lIbF(hN+
)xBGo+K
#{VXpTy-$DlG
-#e3X}
|r!{eV
<ttm]R
ONLTq|uD
s/yP |Z
"7-U<<
D!]};~
u^J7]Lq
<Id.'tcL
(%Ut'v:3zGT
_yXt+c
ZbLRY{
b?-K;(=M
4nI4P\
6W| 4y-/,
{|X@N4enJy?
06&AMf
>-vCl`zY
LH[p*HOBOc1}\p;C
a>J-79%
>*~ ['h
)3sOn(l
LH[p*HOBOc1}\p;C
a>J-79%
>*~ ['h
)3sOn(l<+Pi
HCOfH_u
GO+{}F
mN7_At>~ Re
5.o?H9tWz
5~c<wr6n
W1vr2W
EXi>Qsi7<y
}u!{jwfV5Y%R''tu
{;^"R}:w}l
61'snQB;
;0gBSejU/h'
,_g=H:?
::C$Uy
Yz}(O 'aA5
X~P'.:\]'fk
b^=~E5{e
E}d2[mu
4ApC7sD
2]!a_{6K
5Rx[eUATau
Ncq-vy~
.fvu{z<x
EB~:1ix
>`OtbF
SA$2:'rQ
h1OY U
KVHEpxr;{
^7s66uE
K#MRryQg
tF%xe)f
, t5p
]}shWR#m$
vU!kn:7
EDid#~2V
#3!*huf
MKvbqRx
71|lPS=
~"Kzgw
'nG}yJ%
-kN\g9\
^|G%m@"E|
q*-M^,
[n0p&TQ
)Qa5s>
sk8:jpIeIFN
,kB4cPre7|h`TS?;pr
XRSn|:
5F/9I:IZjN9yX8
h}{k6r
WI7I N;
ybOH2JS
.vH{%~I
x9{vIR!x,)~ }
3f}m/|I)
5weDH9d-V2}
l*LpXi
7%# n&+ivw9q>ZswK
6!}5UN4
yX+G}K-t
Eici]6b
(}A 4<-8fs'tS
2=/m~@092
y:I?v}_mCF
sD!![~o/n8]/MS#gooiFG`/JvY
aooj!L/w4
OHe,S~
u4O'^W
t~>}=6K
?"R&qq
W*P`OA9vvv
kFIe9Wnmx
TZ0_Y9A
ioc*+287hB0WbhDWy5
KGVBQe
$<,avj
``?i6\
HO#wy@_H
e# ;1Q
BQD_:,a
T,*ugpVk\k@<We
#PEyl{j
}28MN! T
4u,dcN
SDydYR3N
frxR zcw[^
k!`=DN#
_#~IgV
oq,O+G
^jWQ+;
dBj1@H
|b>pZeeL+=
hDB{9c63
_bL!#u7k7qH
omi$ sAswhz
zR uA=e-
/d7f|dM
L`@n!|68z
I8Sn$Z
<lruLAHh
=/Q=o{P~S
Qk|{\=x^E
qtD4(q,K'
e' e.Ft
?!monxU_]eT7DRx+
jy]q7yR
EG@:=nkLwn|
-lhI\IX<^
I)7`gL-U
n~=a:M
"~"RW@
T4h._K
@QJN9a
&3C^`aAJ
@?jeUsRhSE41~
CB6);ZmjMyW
;R>aY8
L2`O `E=
Ay(( L}7]oqi
]"fAD"s
EnXy^
o^/t8uI
OD6j4ERf <sm7;?o9
u+M\(!s
1g2B*~I
.)nmrK
\L2Tb[=
f~{>M3u
+f6^%^e
6u[xAd
Wl5 ~&!
j)KWT7(
ADk~D>1FsWuzPFe
&_v<;!A
o$mj.Cr
~8F2RT&tc'
#Z_}Uy\
Ve)&uLhK
Sp[Iw*Qi
E4(VmhYX[B?Dv
5],!m3LT["]S
seZhiR0]p$2
U(LK|v
p2"jdG
d:CL0!N>_UaJ1|
lJZ@t1w
dZnZT8
%NJ`m+T
&tH^p%
sM|8{Yf>
4qORNA4u]q
2h"cuT7/!
S!3t&~
UH-R{(
5tQ'mdKmVV
{s:RV{
OW5QW<Fz
~{SGB=wQ>
>j,m-G8 qG
Br8c(71y
30[;;w
swuE9Fy)
i<4JI+.l
p|=J!<dGh;jt
bt,/s {
YUixa[
4fc9CG<
B[S?~hD0qEp}
Il\JF9[.S&+
zWl%9
1MC3@r~>L
+.;O#Gn
ky+Jnu
Ufsj e;
rqXI DQ
vKjx#SUw?r
Du v yY}N
t^PC8|
=H(/$={o{
FNJ$#&wN
+N8Tk <
N-"0rS
k#SCaE
^Q,,c6
&[m|]Xw10w.>vvnB+
>Ygei9e
tD)2Go+3
VS}E#b
-^I]=I^SX}
?"} :f<).0A
7LP5e}tJ3t/
f!YbPhieU&t
Sy<\Se@)
vCJ$3k{!WX
h46xw`,
,F2/}h
xtZptdDr
d"r p}CVH
+H-Tw+
WY6{H/"BsI
&a$+?r=
<ISOwEU|ke
u*=p52t*8,S6zO`V;
X}suF4,#e
IZ60Q^g
f5xC*CNqMzf|c,
<,4k<i
_PWBo-
X9SAG9u0HUyy0aVkPD
uxnXDq(ePN."
Rzs T25ym
s&:3JO!.
2ee?H)K"J
<+5|0Z
Ly3^ssI
6H}3jXQ3
Vf:b^Q
lKBk}@
2`5lut
98,T0-v\V4,T-V}6jJ_
x1!&S9k
P;W9GX4RbD,
([{Swv
s8.Fm.9+*gVF
k %B8'5>?;$/3
WuB=qu
]Tq3&rLnx*
=>x"+R_V
aJEn%~
rK,WS[
b&/\ Y
R >PST39^i
`Qu[fRpw
6@+Eas
lf.?]n
(#N7Mxu
IgtfJo
gYj D;Q
^x8kc}
AG$?3%`
__S] }5a}
eY'lyAHL~y@/Gm
LW;e|ff
})<:cIu
)Gb7m?GY 0
"y-Q/Tw
NZ[f"%5f3
U)1(SkZ
mbh1':
ME|CQ,}67LY~$/OM$_
E70A^n
v]VNfauy=
fTFu1E$;S#, _N
C#0GEVM%^Nqh;j
,p7Fu0G
}=Eml9
WqlYXrEAQ
}K'>Xo
XI"7M$
J0ss<2
f6P[4J
:a8Gg8
zT_Wns$d)
M+v2dM
MpDx2t=jbn
^8Jm~}I
!97Js\
B`_kpX:;8L"Q\h
+<3fv8L`x>
= 6q?u
;_:3iO$IKa\
t[_D[eu
/mDc[w
2k6D<H:p m_
#n,j'4Q1bI:'
Bzv/E}!'\
cQA>P,N
N>_(Nc9j[<Z
2CP6iro.}2
b3NnOz
x!k~+dg'
TX6gC*ar
N=8<M@T)
AE.:GRs&
S%R7"fo!RbA
v}272C
E2YHNAO
]BxX=91vE
l i8}Svz
'QeQ6}
t@B^n$
}p}R'}k4Ck
;SFD9q
}~1H .
6ZIRO-
V~_{?|o;1O8
wHbO&{
O0cqZPZa
B/FA[N/C
)$'!Y}M.J
2"NJi.rlUz
O{/Tl#!1
{~nhp-
+>gX,#
?{gK`h
y;6ClDznejMfb
Ff#{1`<XB]
e'*`vw
'h!c1P{xo|/\1<~u
S:X@+*ODNqjY[?</wJ
ZwF"#v[49
}vYB-F06
qb2,*A_;1
!Jw!)D
nz Tx
Y W3 cr;
BwsqM{5n]
\EH7TFm
=m6\)#}EL
Mk!ri/5'i5
O{k[5viS;Mlz
d0@m+ 6
~g;W;FZ
N=w,7CY%:7
?`R41J4L^u ?B0
`fK}mC9eh*D
^.57%-5}
?DU$OH
M~ 'e3Z
` D5R#3?0wQ HQ
fm>bqJX
rpucbO
x,)}4f
REOXs,
Fxzp" 8u
EW)N=bK-R
u')Ig4v#"qw
EqKrWC?o*|
:%((:\dCm
cQYM&_rG&a
aZUP8N_q
^#cF*^b7
5X:)z|
;y`h7WG?f
nyx?9R~#~
a?XgDc &
k 1C~r
]6p q9
]::V3]#
3#\c^T&k"S4PR
sF' Jog|$E?fL|kx]Q
yJAeZR
#AQSrwMoU
dvZH@U,=
6w!k/\<f
gC?9$O+
w3)e*)
2l~RFDmMzJ
7MudX2dC;8
](yk^)a
)M?v>SoL9s_GCU
cS(uR6
j/nS1X[L
&z4C{"
nevY?=
kkq68~La lf
wy>)\` X#
E|~iS>O4(
\0C05K\o!
{-LfR; NxT
vSR67M&
szf'R1a
w;q8j'Gz9ZH{X
}R{~,=/t"'KHk
7L'E\y
4=pG (Q@
I1lo&mjJ
PGK]#4
v8DQC L
)lA-B>U7Hmbv9-&j!6QW]Sh
]$wqh4[J2>V
$JAyY{::0Mp#
C]f>0fd;(-U
-~1l!@
zc,mRu\
8'eVM:v/
]cKM}HyJ
%x*C^9
TrPyUn3QhtLL
y|DVn7
qE>2'y
Zi[=e| WV0hGcd&[
p<;./V^=~<;eDz@5gG
beK?[%Uc
r5QVyw
PEpcU$,U
@5Alju;v
\}n~#YLP
_9R1r5g
h^`*]wH #
G<Z#dI
Pr X_0
-W<<rlH J
/MH;a%A
FHp=?xk
}5kF&sf
+\@Ux\o2v<7%Rp
l&4ZU:
Zm$D<.!M
+nc9>*
fkd1VuTd
g?aWW0;
*s1\*T
s!#`~~
UIXv#q
=CL{!9
b1g*_?pq#r`2x
k9b|"?>)MYQI#-
[[b7rs
xHb[t
E-E~\+gEQ
Wm#u?iM<
W}v1%c su
kySUa^%0C
zCZh@|FO9v>bsv
D9VqvM-
7P6F|k&mJtn+Em3
%QVG?-G}/N[da_tV
CC_~@
C.y3hX
<q H<^b
vHgQY=;s#1
PRo"D<|;-Q
9]C2"0
,<'5}PQ_/
w{W:%G
={<_#5
[:kc@;<F,
5?,! x
5c#Nl0
a\Sp.|
IAz&mIn!ij
(GFhVM
UN_P,$'A s
jIVLLJ$n
*b#909
3dEEL()h
W;Hfn'Kr PWG
Qt(rV6_
-W.}`>XK
dGKbXX
_p>)&uFAJ
_FX0rT
$T. 5qrz*\
m4EQ={
.52o#**T
LfNo35p
9)mZa7^x!
#;j6m82
3IculU
Bm/|t`=
f$A `g
qB(prdK
;#f$^s
6RLD$bZ^8%{O
'&LGoFT
8$R'dN8M ZcOE?:1
K-eQaWwt8
@Tm?J 2]XX
hPWplD
oc~%R*b
p)NL,zHzC!
['boP]0:x
T|iH#]8
d&mk`?A>Z
\s6fUr;sJ
Rv@Jwg 4\jgcI
eR{/PXp
?2wQ`Fy
WwXf2t$O_)h'd
Tr^c)(%
?tJ8.j&(;
$o^1e
q#0:Ie
Z[|HP,
Ra82L;)3~_4
Y(P;aU4Avd
,2FZbfgO
F%AqN"
v_3.Hc1(P^'+DXd
|BPg Fv\
jJ;&5JJd[.3e.=A%2
hnUw#YW_mT
s/*?H%%Y9Ej
4)_+|k/
p+MXl
.C(f7Z
^PH {G+\0
^HH<O;GFn
;@VW?0
vcA0o!ESfY:;w,>X_
|h\uAG
}g]+3eG
#_}Y_'
|Eyrz){X
\4Opm_~pJ
`D]xkle31h@
W2/Edr
1#CTIZpc<
xXZ|Fl%{
l(d>zc@j?
)k!(!^{ZC_#E%#fq[k|J|("#
ghn69Ol%
~T`+[9tTS
_},o(Ku?_\m8
>y8TAK8d
lF0:Lxy-
W4Jphj
Zc&J;O\
&Jpm]eqI+
/^nhmI6WxV
zausDW6
QVlq)-
8B$qj"sC
b3Wz(J
EN[M\0
`R+6O[a^[4|]
/DE8oR#
d%zX#~<lb
ISO[AbNpb
YK@V=p
(w::>=
JbZ;>>
C*{7PoC0C4(g
K9MwkVO
]Oy%^)PVWF=QS)RKoWUd]Bfy
*VWwi$
7B N7IH]
rQ6c<g
5R _u/
Z>0UzPbn?/
!I~Mb !W
4uD J6\g[#ikWY
.^%"\c8DWw|)} t
"x=/z&K
;K%,*i
P, s*m?K
SiqIr-z
EeL3^$
EB)[DhbN33my#
Swd bBz4pc
OiXR@e
05A~vWO
c47L]&{(s
V=*A=>
V*z/qO^*
'>E2h*DDj
ItWs|N
Xd'Ovq
b}slGNQw=eca,g]x^!qH
Mj_K{<
penS>k?KW
?^9C[o.p0TXFu,%
/e_[2cy
0hYWBi
s%v^gjo
l[86Q&
&:.YzDM2g|7
x;a4Re
UY_*;r
>w]Eex$ae%:
g@>Xz,
TH(H,8I2E
I!jGH6H
U%9E ,
ATH+|d0SFgq-pu<1
K 'Jf V8Bx2P
\8,n~J&vKcv
JgKZOZ
="\^j??G
mL.g=>u
iVabp(
tgZG [am-Y";+:B
j}3TB+^|ZZ#
[GnMG}!,
n_D/s45
^Q00UJ>
tk 9G&QGB}w@Tq$XeVMS
9aTqk.vTsM>2hRA
L5SrOl9@x!
2X)3^:
_nqI_BG;
g9?h&G5
XCmI/b3wR
Fomb>N4
*'PhUhQztD^Xf
)5g_Tm
yB2])$
vuFRw8h
? _jA2
bNEPg$Cc"v`-
[*]u(a(
QJ5@lf
S~L}R@=%>)"
w3mOt~Dd
d@(&Si
1D$yvXEl
CpQ`wB
H7,+81
4j\P@.
2B$ipN
90m-\&JeA`>
=a:Jhr
`ju@;]
qI4q[`WTU<r_Tk!]MKGDDD,,^_9
bJs@A ~_
IXf(4zLbXfj
Ei)TiOK[
BRbhBDJ%cBw4+j
5#dDA?muP
^+QmV^==:X
Jg<sG4
}wj.m)u?A!(
2+QR{0TrA)hQ2b
+[b-\K^g
X ]O+qle
8,&Z,T|p>
HmMrq4
g9hm#r2;
0YL]o7
T<#zON7
)}aX?c#
:L*xu2
O`.06HMf)
K!6V'AS
I>5}oQ91e1Y*
%O?GIP)Y<H|
n5wIbP_I{D^l
T4 v$yT-[A.[H
e08"WC
CY-#p 0K]
Fm@xG;k7Q5?P
Zz7m7zfsOMMm^$1<F
5F3tJm
y8Xm+q[=2ugG&/<qz
?*5r_:
`EXZ32
Mb`|F'Y
cr/"gcD>
]|JCGrYP
Uk=s^Y
+Q>kYx~`:
u%E~^3
&1@~ZSjhpGn
>kL]ZL2,
]|-J3:')qFs
j_F+X?m!!3[\bk
Qw*gyGe#
]U!ENp0"hC
40M(kt}Vt8l-&`(,
8?03iOVZ{W7D8{W'
FBT3*{ A<,q
EXQ*B}Sg
"fXTF-\
?8f{~_
(_ JQ[YSyc|N:
%hCvJo0!
?55tt<X
Mo{4G1
\.:_=:z)tCe
)r@qFbRlPB
n$F>5Ca[
89R2|>/
OaKyMRg+#_CM:
<XhmuJa>
g4P!@{0e:
/Xsa[>)
qPt*t"
?L!'B
DV.;T$
9Jjhhe
$+%,r:&
B{OimM
@dY=No[.)1(b@
OH2,+N
6;E9(m_Ra
E<uNxf4
[ R/7'%
P^[foXu.
{MbD}8
Q^!o&V
EvOu\C[Y;
z'-~]vI/
AT>5d\
<[d/*6"4KVHN4vGL_
"-Y:>L
>cj;~ %
qeK?= 6T
_kU[~A
a2BF 5
^TWc(z%Lw
PtE<{A+
3"Ps%n
O "mNJ-A$A*i#
BHLC05
kwWa_dn3
4zQ=M0
u7(QP%%>
@4u@I\_R"A
6p.r`93#`M,q.
877,>e
AZMQNQgSZvNEBxr\KyA@8\Xa1r
L;mcUEU
VBHPOG
fOpV?Y
%+v$n80e
e(JP>ZpH
U5_0Q/0;I
pPuKz\@j1f
@WIiS=I'm#
5yHA[zB`fX.
X!BZte
#KQex69EsZWdSz
;wPJsu4kuk#UL#
b1U]\S
R(\M`#f-b8Z~
lTzJ%
mz:XUc&EmPq
boDOO+q!
Uo&:~6Yd
q*,?T,y
"Xs} r
$*}up1Hz
Gj*l=5R*ov
qO<o^UrP[u<y
h2=cr'
njl5%a<NB*
8V66:9
NKU!k]ZL
N TrBSn%[i
wh&3Q/e[1L'
JM(~4O[MzGI.&{{\
90SPk%3!r"
rXNKP
ks(j!7\9u9g{
N]N<;i6f
j:dd0rl+Z
-!obwwJ
e0+2[o.|IQBf
`[a/o]H@|>x
~R$XQj]S}'(l ?%Gq
qkfZqj4=GGj
NXFdI dY
KMASI i
2>6;m5
>RV}Y^w-?
0!Cn/F
jYi'?.s(5
bmp=J
jNQ*6)c[U
dy<Z 04B_XF
9lhsMHk
bRig(M9OM6j|
)]/?)Y
%F%7RK
k .%.o
&?L6~V
E,2_LGZY
4qqnf7r^
t_qlJpIUD/
[\/ban
41qVc"w
vm&OoU)nH
TIFV6F
k}>_Ha
nIh:5|
US Uo7a
nk(on=_b<VCI
.qZmv]VB_Jm
/*QY1\:Y#!CUq\.
C@5lZ=
0bfLL#]
6!()]P6:#
o9mv7FN
JnxjxLRA
q5P_-fMZi?u(,
5wy|0V^H
(w/4h_je
FJ^hY"%c
h@5q@:
0k"qO$J
%5*}s4t
%vq/J%M<,v)
O~&BZ~
DnX3jv
y?h}>[
8:kEQC=j"
AVy$,T77HD
XSXaY|^39Cnm\V5%==]
|A&f#/x
vQ7^vyE
>-Oa;Kp:?H
ovUl2ErH=
UVw0.h<FF
(^^zlhFsXs
&vOCOnNsK|9HM
+ro-,t
vSEYpP`1ds
T(~#.O1=f
-}4abq@F8~RFb
!+8CNI
raQvH{t
HXE?fS
olJ<?*[
/%%o>c8r
XEI #KXE)
X_qn%k@`?3
mc\[!,
Q{e^:;
L<8LZ{CDa
^t?GNg
J-}! _V
q o,'&0
gs\faGM[u
s8Kekc)7iuN/
nf}hM=\=a
^W>:+M
*Cqk0w?
XMBeJ1:E
M)0cBDR
_SMn e0l
mJlC39%
{{}ct4 _ joH%2f\G]$uS
WvMn V4zm
S\]V(Xe
@!.8/~#Mf^
: ;OFi:"OUL>*R
11f9~}S
>)cA_&{
xhf-A-``
O- "M@8HGx3
XB]Q;#
bP8Zc
l`3yQb
CCt(EI
kfWSkzLYp[
\?N[*+JW@)lCt
}rN,TT#
+mV%76
OtJc#*
W_|B;.r=
lFC6oqh&
_.SexpM
'I @WCSB-2
2FYVi<
!P_DJU5w
:Xu=eHoBQ
mCc(LKuHFj
n&l:voZ
xbv&*9
^ ;r3*,%1qN<t
=v&hv}
oO-Cg6?^"eeeNK
_:7}+)
,7RK&P5
it4Rdb%6P
olK<H)yc[_
6j}!Qd
7s*zABH
{k |@Dr
wA^"!anO:skl+
Ol v- [m,Q
2o"o'e]
x&Tw;jul
f>{iK];(
*t6l~aB![aC:
KiB.BE
R+W@b@!g
q'f'jl
P<hj+V
p>n.G%-
;JwJ</
z[]X:=5[
j f d&9wdb}3TSJX
1Q`1H>ur
Gc/+p{z
W/kII9Z`V|6^
5X!QG gp
fC5Aozb
$obBPU
aOPX6KSzYlj
'|2r[h~
^d4q%C*ZC
rvgi'Z
){\p kb
uQ$ZomU(
dCB$TT
f[heet
O.g)O+D
T+J*M
N+yvC;1%
>fz"m
D?&qJvD'n
&8\@#L
MD$K5h
GWvNLeay?
X"%{^1
Nx|)$;
V=MUy8
n[v3>$h7
nh{e?m
fixjHlgM]y
M%=:px
Jc%"v!
)dbzFL
|MR4l'T
G+9(N /Dq
CfH@=f.Us6,
t2tZ$i
rF\?'Ww=
#l=mA2
>>'8aa.t
.&>Sm+VZ0|+#-]
W3DaCK
/rX5d}!m
/zJ)s+On
.* L`5$V@
_Qn"NA
(>T#6j^
\>Id:f83Ts>.,6=Nb'
F ;l.}gI
1"}WKd%R%WD
[?WT5b
lTlJgH
d;%yw}Y
1C=:4U{sb
/<UUX:Q
&d\5+5~FKG
!a@uDq}D
K_Wx!`
Yk@4_oXN
8^#`_A$?x
3MfsOt
3zo#PsFEN=pJ.7
,4?X%&\x-
3m?9dvX
hDhxCl"
oc<l]%
=.u#>&tK
RL6oJ,K?K?I1bx
FkSMA!
|FR7<*e
ah1)8=
3Ci^;<w
@dcbB^t
m"J)QRZo+
kc.(O@mhyq
g&NfjK2&
9MSu//
ko-x@i
[jWN-t
m^@>=n
t`/T/T
+#fh.jS
dnR}*@]F
i`V#3w(
RH<~\Kp
:+4>Y:`
sWz"S9E1
(>]reE!#@
A}e*XYfEX9
<~NblT
ypf;;vkk
Heb%b~_[v
[3tb4\
D"6jiG8qhZf
SX7j0r@Fbn~k(7<e_
s~*rRIBn<]~rv <
(XmXxJ
XucNCqI]Gc0f'X
3G~ ]F
NN3M:}fG@J|
A;}<Cq
nVMLEbK
gs/[86ppK
Z.0Be@S-
4D\`Cl'xe8rt
SC@x6+szOl;
Hd@58D#
bVvdBN=
B?ID4s2r\.Vt
OOk,1lKQuJ/EH3pEl>\P}
DzSC("X
C+>M0%
`}iF2u
^o2>[t
1'MV"@
?%Ge1xhFOF' OZr
vy;FrC
ERiP1b-d]uu
FUy"Dd
SE,Ur4
g,&[aY<p
Sk;deZ
BGkV_@u
7_0B[~
lWiC8%
0s#}ae
[S`3ux4!
y9Cr[|BCe4O0c
|,!j2{-]{
JeDn8iERefK7
@�@�@�@�@�@�
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�
Process Tree
- 3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe (2236) "C:\Users\Administrator\AppData\Local\Temp\3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
| 172.83.156.122 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| us.undernet.org |
A 172.83.156.122
A 104.152.54.52 A 23.228.66.219 |
|
| dns.msftncsi.com |
A 131.107.255.255
A 131.107.255.255 |
|
| dns.msftncsi.com |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 65473 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61714 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51758 | 114.114.114.114 | 53 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 11ad52e787e80d51_doom 3(fix).exe |
|---|---|
| Filepath | C:\Windows\win32dc\Doom 3(fix).exe |
| Size | 148.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | ad20b231b2faac6a7af16429407bb4f1 |
| SHA1 | 89f6b9b567d8a8fafeea91358e49eb3607b78378 |
| SHA256 | 11ad52e787e80d51fa175b5efd8308f6d9f5bb761b9ed47fa77ba44b1dbd9836 |
| CRC32 | 6A397CF4 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 77cffe2ea7665335_flatout + cheat.exe |
|---|---|
| Filepath | C:\Windows\win32dc\FlatOut + cheat.exe |
| Size | 151.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | 36e3136d43a146637e30109498a7c034 |
| SHA1 | af70b67335736837a92fa7b4160629aaebd6e4b8 |
| SHA256 | 77cffe2ea7665335e8f36e3459dea38deef883185d3366cdeee4f52c95ee40e8 |
| CRC32 | 3BFC896B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 5a396014f8f8bd72_counter-strike(codes).exe |
|---|---|
| Filepath | C:\Windows\win32dc\Counter-Strike(codes).exe |
| Size | 148.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | a5930204ab22b89699fae6ef0e38eada |
| SHA1 | 057ad5484ba369bcdab87353a86b79e803a2938b |
| SHA256 | 5a396014f8f8bd72fb964ae40881acb3ba04b2006c03bbca97d0a53cd88fdd65 |
| CRC32 | 975B858E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 48b2699a7d6a945b_counter-strike(crack).exe |
|---|---|
| Filepath | C:\Windows\win32dc\Counter-Strike(crack).exe |
| Size | 148.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | c9d50ed6e2ff5c4583fa2cef253ae60d |
| SHA1 | 7afea695066939ea7155750cfbb8a7461833b132 |
| SHA256 | 48b2699a7d6a945b0eaa4ee30b9a2011ea3a9ac6312ff47d3bcf63f6d4ee6332 |
| CRC32 | A083BE7E |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4c2c1069dab89301_doom 3(cdfix).exe |
|---|---|
| Filepath | C:\Windows\win32dc\Doom 3(cdfix).exe |
| Size | 148.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | c82ff5fda38cc4815fbabd5f8a2bf721 |
| SHA1 | a6517307657621c443c2688de61b469d42c03dbd |
| SHA256 | 4c2c1069dab89301de5a5e83b2f99d9c34144e331c7d1e9b61b7e635dbab154e |
| CRC32 | E487930D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1f3e771687919def_ut2004_codes.exe |
|---|---|
| Filepath | C:\Windows\win32dc\UT2004_codes.exe |
| Size | 150.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | 3965c3032c7e95e33c4446a9ce1f2c4a |
| SHA1 | 2f0e896f6653656a00717036e6b7282e74fda990 |
| SHA256 | 1f3e771687919def69e047c942808fc1e50939bf24ad21bb4c176e919a712c81 |
| CRC32 | 2DE2DABE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 890c43c7a88cbc93_silent hill 4_nocd.exe |
|---|---|
| Filepath | C:\Windows\win32dc\Silent Hill 4_nocd.exe |
| Size | 149.9KB |
| Processes | 2236 (3fa43a67e9da62df1961efa55d5c2cf02ec53c8716b34f0e1b85e0c805e0ee14.exe) |
| Type | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | 037bd6bf1468d0ae6f8902a1de36c640 |
| SHA1 | 9e9b6375e9cc6af2f70fc8904bf21169eeea3205 |
| SHA256 | 890c43c7a88cbc932217e8e33892b8c918f6385968e09b29c6faa65aa04352aa |
| CRC32 | 8CE5BEEA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.