2.8
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.79
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_90% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200406 | 2013.8.14.323 |
| McAfee | Generic.bqm | 20200406 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b0788c | 20200406 | 1.0.0.1 |
静态指标
一个或多个进程崩溃
(50 out of 1024 个事件)
动态指标
分配可读-可写-可执行内存(通常用于自解压)
(2 个事件)
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Windows\System32\29-9-2024.exe |
搜索运行中的进程,可能用于识别沙箱规避、代码注入或内存转储的进程
(3 个事件)
将读写内存保护更改为可读执行(可能是为了避免在同时设置所有 RWX 标志时被检测)
(2 个事件)
该二进制文件可能包含加密或压缩数据,表明使用了打包工具
(2 个事件)
| section | {'name': '.text', 'virtual_address': '0x00001000', 'virtual_size': '0x0001f000', 'size_of_data': '0x00009e00', 'entropy': 7.980813184360382} | entropy | 7.980813184360382 | description | 发现高熵的节 | |||||||||
| entropy | 0.7314814814814815 | description | 此PE文件的整体熵值较高 | |||||||||||
重复搜索未找到的进程,您可能希望在分析期间运行一个网络浏览器
(50 out of 84 个事件)
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
从系统中删除大量文件,表明 ransomware、清除恶意软件或系统破坏
(50 out of 1329 个事件)
| file | A:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\???‘????.??? |
| file | H:\??b’.‘?‘ |
| file | S:\|’??– μ3′ 3ca??a‰.??? |
| file | S:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\¨??a??|?‰?.??? |
| file | M:\·??32.?‰‰.“b? |
| file | D:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\c????.??? |
| file | L:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\???“?c??.??? |
| file | J:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰?a??.??? |
| file | P:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\c????.??? |
| file | Y:\??b’.‘?‘ |
| file | G:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\c????.??? |
| file | R:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‘????.??? |
| file | I:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‘????.??? |
| file | E:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\¨ˉ??§¥4.??? |
| file | O:\b??‘.??? |
| file | J:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\2??.??? |
| file | R:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\???“?c??.??? |
| file | V:\|’??– μ3′ 3ca??a‰.a“?.??? |
| file | Y:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\”??‰????.??? |
| file | Y:\?–?.??? |
| file | J:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | K:\|’??– μ3′ 3ca??a‰.a“?.??? |
| file | D:\′…’?b?.c?? |
| file | V:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\????.??? |
| file | H:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | Y:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\???‘????.??? |
| file | B:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰?a??.??? |
| file | F:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\???“?c??.??? |
| file | N:\·??32.?‰‰.“b? |
| file | T:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\c????.??? |
| file | F:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\?a?a?…?¨a‘a??.??? |
| file | F:\¨??a??|?‰?.??? |
| file | V:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\c????.??? |
| file | K:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\c????.??? |
| file | W:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\???“?c??.??? |
| file | A:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\‰?a??.??? |
| file | Z:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰?a??.??? |
| file | X:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰??‘????.??? |
| file | L:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\????.??? |
| file | T:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\”??‰????.??? |
| file | H:\|’??– μ3′ 3ca??a‰.a“?.??? |
| file | W:\¤???‘??.??? |
| file | T:\¤???‘??.??? |
| file | H:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\????.??? |
| file | K:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\‰??‘????.??? |
| file | Z:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\????.??? |
| file | P:\??b’.‘?‘ |
| file | E:\?4‰0?6.?–?.“b? |
| file | L:\?4‰0?6.?–?.“b? |
| file | M:\-332¤??.?‰‰.“b? |
尝试解除Cuckoo监控的Windows函数的钩子
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545361.796125 __anomaly__ |
tid:
1856
subcategory: exception function_name: message: Encountered 1025 exceptions, quitting. |
success | 0 | 0 |
文件已被 VirusTotal 上 58 个反病毒引擎识别为恶意
(50 out of 58 个事件)
| ALYac | Gen:Variant.Ser.Zusy.287 |
| APEX | Malicious |
| AVG | Win32:VB-JFU [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Ser.Zusy.287 |
| AhnLab-V3 | Trojan/Win32.Agent.R81695 |
| Antiy-AVL | Trojan/Win32.VB |
| Arcabit | Trojan.Ser.Zusy.287 |
| Avira | TR/Crypt.PEPM.Gen |
| BitDefender | Gen:Variant.Ser.Zusy.287 |
| BitDefenderTheta | AI:Packer.CB3DBB9D20 |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.VBCrypt.MF.6162 |
| CMC | Trojan.Win32.VB!O |
| ClamAV | Win.Trojan.VB-3895 |
| Comodo | TrojWare.Win32.Agent.OEDW@8hwuen |
| CrowdStrike | win/malicious_confidence_90% (D) |
| Cybereason | malicious.455add |
| Cylance | Unsafe |
| Cyren | W32/Trojan.NLYT-3713 |
| DrWeb | Trojan.Siggen.12345 |
| ESET-NOD32 | Win32/VB.OED |
| Emsisoft | Gen:Variant.Ser.Zusy.287 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Trojan2.ANLP |
| F-Secure | Trojan.TR/Crypt.PEPM.Gen |
| FireEye | Generic.mg.fcc401e455add1bd |
| Fortinet | W32/Midie.6525!tr |
| GData | Gen:Variant.Ser.Zusy.287 |
| Ikarus | Trojan.Win32.VB |
| Invincea | heuristic |
| Jiangmin | Trojan/VB.cyhm |
| K7AntiVirus | EmailWorm ( 005483cc1 ) |
| K7GW | EmailWorm ( 005483cc1 ) |
| Kaspersky | Trojan.Win32.VB.cmy |
| MAX | malware (ai score=81) |
| Malwarebytes | Trojan.Crypt |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| McAfee | Generic.bqm |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.cc |
| MicroWorld-eScan | Gen:Variant.Ser.Zusy.287 |
| Microsoft | Worm:Win32/Autorun |
| NANO-Antivirus | Trojan.Win32.VB.ecifhv |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM17.0.60F9.Malware.Gen |
| Rising | Worm.VB!1.BC33 (RDMK:cmRtazp9y/6Y9phXifH2W9gr9lK+) |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Autorun-AIH |
| Symantec | ML.Attribute.HighConfidence |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2008-01-12 22:58:39
PE Imphash
09d0478591d4f788cb3e5ea416c25237
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0001f000 | 0x00009e00 | 7.980813184360382 |
| .rsrc | 0x00020000 | 0x00004000 | 0x00003a00 | 6.107907109092901 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000200e8 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00022690 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x000226a8 | 0x000004d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x422b80 LoadLibraryA
• 0x422b84 GetProcAddress
• 0x422b88 VirtualAlloc
• 0x422b8c VirtualFree
L6036067645420205055425166558656123612222504530118447006168206760377387083460542552277588268240847
N:}?{@
! Ou$[ zxfy
/Mc<3Gd!:_
{(=CIxJX~
~@gW7O[d
PECompact2
//#HOf
h~_Gfs
l_{:A-)&
5}{|<)8&Qo
_TV k5
EdFD:?
#NxS"jy"&=
u=fb)+s<{9Q;]/\$"~
29,<s`
Fyx[p %qwmfs<"
a9+/BJ
JnuBW(
Qd\8);Uv
wBfF'M[&
u^_vCNv$G/1(o
B.T|90U-
GL3e&|
iZZw6j
Cjye}r
d*bOf`nO[
B}H]kZ
heZ=AHMfv
wjzT7y 3\?<>
cxq,#
Y.Pt\^\
6\L}Eeuy+
[qXn?|
=PAsj G*7
Vq$:!mdJW
f6{q=
,Vk3~FW7V=r4
,)y>>~A`
l~;W>e
p2fI@NeTc
|i*3,us5H
;/:bP`Y.
38Kp1V.!g7M
DNLw:R
o?h9]ZOukTUfn6IQ!.
!<(*[tk9
w50M'E
hbmw>:[J.kB{;
|%$n\=
aZ@bZqL1+G4\fV5b9y
g$kIZS9
C3h7A_
o~.hcsUq:#bK1y1_
UR+;&Z
<!8hc{^
w*L#rA}
z8,)5'R0d[rD;$i
%bac]SOWM!
2N;Q;`'
)>hBZK
N">GRq>
JU$_DF
@RwWjD
Z#tQ~&
JHCR/g.
8k>X}HO
J;Z[rf{XP\)
1gd]p1h
L.y1]J"
3M\fbhA
oT%?W<Hd
M1$_w,G
[r:,'v@pQ[
]:+Ee1{Mh
{Ttr(=h
'DCG:HQB~UQq
|!+@ +O,1h
n)k75Xw
%_(R0iF
8q; 4_ft
4OkxisOpnE=K
L%\H4EZQ
'IhVxPBt`
kKa#E=
BZ"j,GhD-3?
*zl@O;'
B>sSX$
BxE]d>
Y-o.rdS/
1JC)srH
1etl{ts;9
84a,Hd_&.^}6
5yCQM_=pQ~$
8<nJ+5
BHKC{YY
P~5O`z
X)4t&-
+eKM_I
dXi$@;G
%*mVPBB`V5
#(*Im%
/8Cwp:^{-wlYYtl
"]e?p "G).;JM
656Y48xW
J$PG}WQ16`<)
(<`vb'VL%'
*T7%0y|E
G+y&(
AxAiWLMj
W#58s_rsR
K[g)~4
T,P5S!S
m,v2a0y*
vNUfaN@Pt
E4o-_b
ol'Hni,Y
P}9Kd>T<$
]~bVft<
7|BHxpSmNAqS[Dn
1$U\c$kMY$
Ad|/D1G[
~Is2+eO
~ohTD%#C!5
h=Fo7<
~zeU:M{&8p^)j6~j@!y
|7@oCi\ID}kmIW07F'
@J8@cs.)
(4E9y\uI
`@I_L)
pmvV})
\_' nw5v
~U)OWO| G(<]Q
*6E;U5xo4
Gj(<s=~]8u^X
eWK(@F
zYQpkrI`m
f@|^ow>m_L`
r&)}1xQ
06E>n`
w6opGc=
(*$S\+T@}
4 eW^wOn4
5,!hf@
`DV6}w6
s\txs%6g\^@
f6I)ldNB
p|]zHD8PS
h}fa!VHx
~ub"hDj S5GBe
oZGCW\?6
vjL:Pc
6|V|&6
<+ )OA
K+2Y-:<
.Q" hs%
8G[&A.3
^5pS637$
y#\.mUWD
2x"6=/
X[JD"dSX)
?>bw:,
'!-:G"
&qr<m#f$tmCTzQu Og
R'uJ'Hi
;3CrU<6 .('
CoE=&A
-Wj fP1
1]qe+(6
l\HGMW
XIwrQ[@
d7+gcjL?:t
9GDyN<MU"ei.
!Sf7Woym9
xUlIdz3+
ES#'#u/[WGc
C3dHRT'
f/G}Ap|Z
\APQ-}2vk
s!PE)H
[4UvaYO|
rix`5D
_R3qR0^8/
>28q+=
!K3idv
t7Kb! (n$\gFW
k|z]-YCR&
YK[KhU
"OvG<tN
atSkEGR
6V<_S7
1W6AXga61{
J+'L(zE|v:y)0I/"
mA1R\4ADp
56fx0m
iu}n| /
yY kvH6
%q6oG/
`BI'Xi@j
Jo)GqL]
9e`RYS
0"HbBEE<
K"l F0
Dn@n"9
6,Ls||-;-
3i}36Onh
PxiX)u#
`G!`b
fgiTO@
Mw$t\79
"C[M3rRDTdx
mw{|>d3Ce
<P8R@L
Yg8b C#
q" "&n
~*)8^'I
ZTg7<k[6C8 c
4Im`e\
c[M@XVz[
.m*NORmRs?iv&
C$vnqs=
d2%hc
Z[VS2\]+ H
bBy4~
tm#@/~
[.FO9%q20/
,Ck<)Q&
}6p4c3HBb
IL7|VaY89}-g]M%
#ls_r01Y9
cND:Uk
FT^gP>
Y\}{G]W^6!
a0,w&E`Ll<(
;l@K'&
+MMB~
8LNxD5
8D|>9DdEs
EnSD0J
Qt=W9G:8R~3
r/T])\m
1dz| x&!V
T_9{sq4y<P
; A t[KI.H
d(;KuX
fk7-1hDB
`#^~I\[
JwJb/)b3L
e2"1&A[[Pa)'5;]Jw E
L?tj;T
G<B[JAe^
IQ`g(T5SM5r2a^
}' 'ZlvC+(eUp
G}l\MgpI?9Vl>
H[4M"5Z4U
:")2g*b
p9j~.M
7Tiw+eU7O=
)Zm4{V
Fq3@SU
ABi>NZq3i
701/)b& J~
AAnV=&gI!?
p5!gK0\P@
.uNSY'a
7-! Z%i%=
3Bg}e{_tpf*s
PuESb^(g`q
N*Dw$;VXfJ{>
vLc|'|r
+/^4r?To
c6j7`d?
U#NrrO@J
RMSPil
MN6}PIL
<r+sIT,^BJL
jd0`=(
id$E &;k
/@fZ)]yHFH/z:0H2
lVm"EF`m
=mhO>6FL>W
6_fRA2.+o
7:24 sb
?*S;3]
Df-aeyn=
v&'.Mi5dyO
dYx)+Y
'CyNbJ
3wrt_^N
kmO%`LW
'XOG]E
+r$T<"
'4'j7Y`<^)ez>ah;\;Y69Q)
4Y*2:&}FW`j
TPf$FKX$(
e`dFUS
6??b@l
0D&C 05R
&usNn3(
p5!e{kI0
zEk\ay]Jpan
Y"oT-rB
)k`R?
|D/RC7*rH:
ho L8*N
*0oQK@ST>
j4]]c*k I eulR$:2*%v
QOB~8c
<*\~eue
w&rIy]g[
0RX=gHkld}A*^
[b46TNk,|NiOt
kGJwuvw[-
UJdS?m
V-k#1xa(e,|
c9v PC
JU_Y:?6yFWBW`
E|v;XuJtW]~-e}?
t=]{nW#f SwC
|M1{X}{
k-8t\8y@
NK6T= Aj
.wQo,Mb
dPz=-x
A'~tJK/|l5A!*6U;S9Jp
+J,# 9
(|ICGMY
9n*.SDx
ihbVS*:<0
ab4A &{%
ex$uXUCSB
shQAT\
y0E^7ik~
?$JKTOI
J9K`uJ/m
6-4\,iv
} "SzZ_]
$6M,r=m,
ev\Q:S.
i]#,3GjY
r( CK(Zj
JYmZube-
D0vD&=)
84wA#4({V$
|/<$YaE
u?7lJt?Y9>
W1D!3Jr}9
HJDe:l1gKnD+
{<d8R: [IVPGj
A^0B\^
MZ3\K>uc\
b&FbUO
K2TaAO
5K/ :N?5hJP
P=4J]:
m2nxl~
ZbHYK
TW*J)nMU]Mhr1:]
,u=\O(
PXjj=qI
yj])k>]7b
jK d0U
k96>\&
2>QTnf]
v*'d*K
(Rd!>?
569-p5
v\qeMz:
M,aOB[(\ktw
rTi44J
`A>|j>i,=
K8g]LO
_wFvKh
T~ZRXo
M[L4R@
9wdV6^.
*JAl&twE>U$OO
-{3dX2;,{W
iCDy R
DAe!OR#
hO}I8cZV-
He%|T<(}M)'bX+M
iv:`$#TR@f
c9ugrEr#
=c38 5$^/
5@7D*v
`OPY8@
=)86gtS 7
4Rrq[?O=
gz <D5
XkFe`.
O$YD*dS
*=IJT)/e
<'!n1+&Li
*LicUQF)M.
Gy976$4JzBrl]
lu IgUZ
+N=ty,
Ux]Fw(V
n$nn&PnK~.
X}* lNFJ
!r(Px[
~hs{o'hlp
gSd/|"f
(9VdRyQ1,w
%3[$-/
`V 9j^
I"1\&#
rHAOg8
PDGinpn
-B dQ,V
>bJixHq}o"@
3yH.W =
_X:1E|1[2m
;|UQ:_
?V!*I*
WF_78%a8Q
'e[e7A6$ p
Z#3)_g P
o)e&xb|)gg4
e>puU;:h[Ig
o#'!lSX
1z;%Z^.[8aDXE~"
i550Q3sy
7X~R 3
?<^ztZGAP)
/z*K0m%/i
?Us!i&Rg
^s|{)D(
?X)g;Zg
Bs,$H5
"(e.m
6{J>#uz
o +|XGW](ci'jf
X5 kE%
DEyCjO_^r
h,2E(M
}}%[_#
+J<ugeEPr
Eq':|G
sRwu@,[
@VZT,\)h
N}T#X3
AOW-y0Q
$$W}}(Hp8
K{UoBh\]h"$Vf(yub
likZ_v>
$h*+@Q
=;5toEP
`>aUE86m
k* tyQ
@' Je\,]/&@
GkLcE7
]e|8$vF.cx%]z
Z$8(.Ju
&eh5{_
q:5|Cl
ABM^1be
>Pn$AQ5
[WAZa]pGjA}
r^3AG}Uq:X
.n0Lz(
`5{3Eg6f
]ALsL`l64dlYd
@ xaLcBn
>2/ZJ9
\{~Y]Tc
T|=f@ {A
^(5a\oDr[R[/
T+B=A"0;
>3E^^Ro
.>| h<!@
FNfY"'R
xFf1Q"
kLy^55)
m8c3|[
&7i;^L
Qb*/a<kA'"vmc
{|6_+-
=FS(DFe0)
h~6@WjV*E^T=Rjy
Ktu]-\,E4M=T6DM*|
pHj/3r.
%-F;!ms|j
@cTbTxk9u.
l:KDGm`
c.}<00D
w%h$(]Oy
}?,~XG
h[KEvu
l^O"4A!#vb3Q
$8'li?jld~Muu
q@i#rc5f
/*=8h P9
@ ZrNH
C)zD6*
i|p_JMRs
n]Aijs
06lRpng+e&
?c-9P}F
pkB(AEa~
bb6l&VqleP
\],z0/rzOFaS
t9h%Aj2G NudDu
[T7G|MI
?cU~:n
/w&$rJn
jHzkRc
6dUpApDqhH
qvD-I[TM7.
%J@Q 8{
r?|+zC
yMWKd8m;p
Cp4=eC&Jl/p
G^o; v
GpxH{&P
qh_s"d
ASZ}d3/@
2+;4OB
;yD1Hs+
zI'\e;R
CfX+a"n
f Dr>a
SX<{FWkS1
M>HC"o%(
lvbr|6Yas{>
& 5<]6)c}
hwQ<O:(
!_1}rT
vNNz? lF-yROlp#"T8p
EhpF^LK_%
HmGg=
ANj;=41
M#9H+M
f=+v,\
+p.1_Y
3/![.AgiGB>b6
J)v*N&
V?" |K
Iyc1mVv%
kFB1#g2eN%}[k
{?WI";
KdGXcc!hv%
Ma#h8tK
Y~e`!&=
tR/{_R\
"j81kT
jbB#Hk9L
@o`k!gjS
9tKg u18
T}n>!@.
Hxx%8M-KP
9U5gi
eRZ"vn
LJ6P`Js$Ay{X+Lon
+s%Pa,$)
\U9Ullf
BuPWnY[n
H.GJ:Q"<.]
4^c-h/kWOa
>1 Pem
_gA~C5
`.?Ox7CyA
RTosE*L~<o$n?
fLVF<B?
rjdm+kx0c@[3
M&xNt,
K:<)tno4Kz3^*&^
}3AU]&[2,G
eS|&wLqS
l][tSc`Uo
e|ON{aV,K])J54
^M,Mm[
w9(5Y\Ur+J
h@vdAUFh
/|Xs]J`M=j9
f2Qn;|m
D{]Zz a
zs/--QX
,&>))v\Q
jq{96:L^}
1i;+v)
u_T8Izv
l^viCgQ
70fI:{-k,
^&Ug!8
z8,UEA'
(?T5Ur
ti}mcJ
O:(xMcl+OK
XHu+c/W8
e7(lkc
UbS.FjK
J=4i5d
AF6i)*
FIiE)\
KAm5cN,m5lj6W5#d"
^v`ob}
l*sE?t
v(r/~[O[N]
Wjri9cRD73KAn4/vX$
Bq6S{`q(6I
klS5.F
},F?M-
sEZ%~M]4$YyD;%Vkx
7/{?N&4<x>
W1:\Pqp
Quh_@X8+^
W 7e2F
5C4?$}G^s\lfr? NY
-_(GZ]YY $G<
,sS1)D
dISy~n
0Kl0&~
U`[>li*B*]ox
dxtXRq'^xp
oy'w>H[/O<^t{3t!$P
8Ml=D]bU(&+
~fAGaBVo7S. lT
FM%E0/
`{k~|$?1x
<mDPj\)z~
KX4& |h
/c`a9k BL/
b}jD(>A
QJBGI4}p!{
s*Pq=j=
AG;)!s]2fj1h
lr?}V06
fq#E4(
F84'p!KSsgp
p%BGMX
D"\GKp(w/YjektKn
$khor=v
a`RhxS
{sf{U&
8K{Lmp#t
'~VUZO9~ir"7zk=M
KJkRVK{b
FE E:{`2Z)Nqjh['
|Mai}E
}7d]MQ97
e >/Y|+TeW4
6Le=({,^l[}
2$bUncFj
J|?+R8n
E,v+bm[Wfo
hqd:PAc0
2OPzM\"
Ag#;_#;U
B[Ks*&
Q*[8P|
)NwEgx
i]I&9Q}lG ;
#L@9F=p
}I$M`t
Z AeQd
(ok_e^
H6#7`{=
J^bv|mTKFKuW
^D\$q@.v%
+iNY_7
9qHztt
O1>*.!5
sw!mM1
?'[. {
YFV{y=t
3 '_;.am3
&M>QXtZ!fN
(.r-zSF>*
,eUS~F
.r-Q*+'Z
u3zi+M
4}p]%uocIlrs
kxjbqH>?
KLIC9fK,M
zr#Hh1\
N26{at
rsvX${
+B7z@5
:Z9}.+
J{#GdzGB%{^W
Ryv^[#
0\rw$7
`e)[l,VyG
YgXs~Q>Vo
wKPVlpx
4_`[F<
^m{7vGV,B} a-|
rkpE,I&
h==*hn6
=reyKEdi
T}iaP3=OA2
v.P,n:
UPmE{'UO$;
,U-Tk ErLsAJReL
4^ Ev=@EIj!U
7{<[q_J
$OrwIL-
`V3L}V
You3\ u
%yp9>U
8'D^`:B
@i%Nu7
v3OZ$I&IB@
u|Rv'U
}6%'BMMo%
pWL|$q
m09'l&
RXqN_9U
M)@f"
,odsQ{
9m'JQB
{ch!mu}m,G)
d(F:mg`lX79W
:PyF-5
jrh:Y8
t=4*-C,
{L[x2xHA1
fp4[)\tw%6&
@o<jw(cK
~5KJY[G0[th
Xh_ "/
o4}d\]D
rN,UPg'#\>Mqie7B+QM
SYk =5
ji+sd:V=
mK/\zwJxi/\
RrL[c>|hd
GtGM2`Q]
#=y!GnDai61
g0x?X<
sp@0o}R
{eQNpv!C
:[Wo0!
]rL@I1
@LpThD_
-{p`;4q{
x_xEi#3[hAXR
O |_lR>W|b&
<zZCLp
.fmHB|
.,B!|No
?#Sk-qy
+yMwJAN
\8@TsV.E
mg`<dM9~
Z#,4c;
^!hp5\\J
LN7[Tt
f|:oNpS
(~/9zX;kUe?
;X[lyN++yE&.
@V:3^ERAtx
Uq+mBEdL-
v{RA"%Ec5qQ
KWJVZzTxF8
0L5t}G
9d0fi`c1Z|
5?s~OWP
PNRWG-a}`E1RL
m~;8[2Q'
qqr,,<J$
(o-A~ '=
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
USQWVRW
ZPR3C
Z^_Y[]
334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434109211730642019085454837123146444211842103734668752217054210921173064201908545483712314644421184210373466875221705421092117306420190854548371231464442118421037346687522170542109211730642019085454837123146444211842103734668752217054210921173064201908545483712314644421184210373466875221705421092117306420190854548371231464442118421037346687522170542MZ
L1350112056720193605007202328832115336251150482732855305687676037738708346054255227758826824080487
N:}?{@
! Ou$[ zxfy
/Mc<3Gd!:_
{(=CIxJX~
~@gW7O[d
PECompact2
//#HOf
h~_Gfs
l_{:A-)&
5}{|<)8&Qo
_TV k5
EdFD:?
#NxS"jy"&=
u=fb)+s<{9Q;]/\$"~
29,<s`
Fyx[p %qwmfs<"
a9+/BJ
JnuBW(
Qd\8);Uv
wBfF'M[&
u^_vCNv$G/1(o
B.T|90U-
GL3e&|
iZZw6j
Cjye}r
d*bOf`nO[
B}H]kZ
heZ=AHMfv
wjzT7y 3\?<>
cxq,#
Y.Pt\^\
6\L}Eeuy+
[qXn?|
=PAsj G*7
Vq$:!mdJW
f6{q=
,Vk3~FW7V=r4
,)y>>~A`
l~;W>e
p2fI@NeTc
|i*3,us5H
;/:bP`Y.
38Kp1V.!g7M
DNLw:R
o?h9]ZOukTUfn6IQ!.
!<(*[tk9
w50M'E
hbmw>:[J.kB{;
|%$n\=
aZ@bZqL1+G4\fV5b9y
g$kIZS9
C3h7A_
o~.hcsUq:#bK1y1_
UR+;&Z
<!8hc{^
w*L#rA}
z8,)5'R0d[rD;$i
%bac]SOWM!
2N;Q;`'
)>hBZK
N">GRq>
JU$_DF
@RwWjD
Z#tQ~&
JHCR/g.
8k>X}HO
J;Z[rf{XP\)
1gd]p1h
L.y1]J"
3M\fbhA
oT%?W<Hd
M1$_w,G
[r:,'v@pQ[
]:+Ee1{Mh
{Ttr(=h
'DCG:HQB~UQq
|!+@ +O,1h
n)k75Xw
%_(R0iF
8q; 4_ft
4OkxisOpnE=K
L%\H4EZQ
'IhVxPBt`
kKa#E=
BZ"j,GhD-3?
*zl@O;'
B>sSX$
BxE]d>
Y-o.rdS/
1JC)srH
1etl{ts;9
84a,Hd_&.^}6
5yCQM_=pQ~$
8<nJ+5
BHKC{YY
P~5O`z
X)4t&-
+eKM_I
dXi$@;G
%*mVPBB`V5
#(*Im%
/8Cwp:^{-wlYYtl
"]e?p "G).;JM
656Y48xW
J$PG}WQ16`<)
(<`vb'VL%'
*T7%0y|E
G+y&(
AxAiWLMj
W#58s_rsR
K[g)~4
T,P5S!S
m,v2a0y*
vNUfaN@Pt
E4o-_b
ol'Hni,Y
P}9Kd>T<$
]~bVft<
7|BHxpSmNAqS[Dn
1$U\c$kMY$
Ad|/D1G[
~Is2+eO
~ohTD%#C!5
h=Fo7<
~zeU:M{&8p^)j6~j@!y
|7@oCi\ID}kmIW07F'
@J8@cs.)
(4E9y\uI
`@I_L)
pmvV})
\_' nw5v
~U)OWO| G(<]Q
*6E;U5xo4
Gj(<s=~]8u^X
eWK(@F
zYQpkrI`m
f@|^ow>m_L`
r&)}1xQ
06E>n`
w6opGc=
(*$S\+T@}
4 eW^wOn4
5,!hf@
`DV6}w6
s\txs%6g\^@
f6I)ldNB
p|]zHD8PS
h}fa!VHx
~ub"hDj S5GBe
oZGCW\?6
vjL:Pc
6|V|&6
<+ )OA
K+2Y-:<
.Q" hs%
8G[&A.3
^5pS637$
y#\.mUWD
2x"6=/
X[JD"dSX)
?>bw:,
'!-:G"
&qr<m#f$tmCTzQu Og
R'uJ'Hi
;3CrU<6 .('
CoE=&A
-Wj fP1
1]qe+(6
l\HGMW
XIwrQ[@
d7+gcjL?:t
9GDyN<MU"ei.
!Sf7Woym9
xUlIdz3+
ES#'#u/[WGc
C3dHRT'
f/G}Ap|Z
\APQ-}2vk
s!PE)H
[4UvaYO|
rix`5D
_R3qR0^8/
>28q+=
!K3idv
t7Kb! (n$\gFW
k|z]-YCR&
YK[KhU
"OvG<tN
atSkEGR
6V<_S7
1W6AXga61{
J+'L(zE|v:y)0I/"
mA1R\4ADp
56fx0m
iu}n| /
yY kvH6
%q6oG/
`BI'Xi@j
Jo)GqL]
9e`RYS
0"HbBEE<
K"l F0
Dn@n"9
6,Ls||-;-
3i}36Onh
PxiX)u#
`G!`b
fgiTO@
Mw$t\79
"C[M3rRDTdx
mw{|>d3Ce
<P8R@L
Yg8b C#
q" "&n
~*)8^'I
ZTg7<k[6C8 c
4Im`e\
c[M@XVz[
.m*NORmRs?iv&
C$vnqs=
d2%hc
Z[VS2\]+ H
bBy4~
tm#@/~
[.FO9%q20/
,Ck<)Q&
}6p4c3HBb
IL7|VaY89}-g]M%
#ls_r01Y9
cND:Uk
FT^gP>
Y\}{G]W^6!
a0,w&E`Ll<(
;l@K'&
+MMB~
8LNxD5
8D|>9DdEs
EnSD0J
Qt=W9G:8R~3
r/T])\m
1dz| x&!V
T_9{sq4y<P
; A t[KI.H
d(;KuX
fk7-1hDB
`#^~I\[
JwJb/)b3L
e2"1&A[[Pa)'5;]Jw E
L?tj;T
G<B[JAe^
IQ`g(T5SM5r2a^
}' 'ZlvC+(eUp
G}l\MgpI?9Vl>
H[4M"5Z4U
:")2g*b
p9j~.M
7Tiw+eU7O=
)Zm4{V
Fq3@SU
ABi>NZq3i
701/)b& J~
AAnV=&gI!?
p5!gK0\P@
.uNSY'a
7-! Z%i%=
3Bg}e{_tpf*s
PuESb^(g`q
N*Dw$;VXfJ{>
vLc|'|r
+/^4r?To
c6j7`d?
U#NrrO@J
RMSPil
MN6}PIL
<r+sIT,^BJL
jd0`=(
id$E &;k
/@fZ)]yHFH/z:0H2
lVm"EF`m
=mhO>6FL>W
6_fRA2.+o
7:24 sb
?*S;3]
Df-aeyn=
v&'.Mi5dyO
dYx)+Y
'CyNbJ
3wrt_^N
kmO%`LW
'XOG]E
+r$T<"
'4'j7Y`<^)ez>ah;\;Y69Q)
4Y*2:&}FW`j
TPf$FKX$(
e`dFUS
6??b@l
0D&C 05R
&usNn3(
p5!e{kI0
zEk\ay]Jpan
Y"oT-rB
)k`R?
|D/RC7*rH:
ho L8*N
*0oQK@ST>
j4]]c*k I eulR$:2*%v
QOB~8c
<*\~eue
w&rIy]g[
0RX=gHkld}A*^
[b46TNk,|NiOt
kGJwuvw[-
UJdS?m
V-k#1xa(e,|
c9v PC
JU_Y:?6yFWBW`
E|v;XuJtW]~-e}?
t=]{nW#f SwC
|M1{X}{
k-8t\8y@
NK6T= Aj
.wQo,Mb
dPz=-x
A'~tJK/|l5A!*6U;S9Jp
+J,# 9
(|ICGMY
9n*.SDx
ihbVS*:<0
ab4A &{%
ex$uXUCSB
shQAT\
y0E^7ik~
?$JKTOI
J9K`uJ/m
6-4\,iv
} "SzZ_]
$6M,r=m,
ev\Q:S.
i]#,3GjY
r( CK(Zj
JYmZube-
D0vD&=)
84wA#4({V$
|/<$YaE
u?7lJt?Y9>
W1D!3Jr}9
HJDe:l1gKnD+
{<d8R: [IVPGj
A^0B\^
MZ3\K>uc\
b&FbUO
K2TaAO
5K/ :N?5hJP
P=4J]:
m2nxl~
ZbHYK
TW*J)nMU]Mhr1:]
,u=\O(
PXjj=qI
yj])k>]7b
jK d0U
k96>\&
2>QTnf]
v*'d*K
(Rd!>?
569-p5
v\qeMz:
M,aOB[(\ktw
rTi44J
`A>|j>i,=
K8g]LO
_wFvKh
T~ZRXo
M[L4R@
9wdV6^.
*JAl&twE>U$OO
-{3dX2;,{W
iCDy R
DAe!OR#
hO}I8cZV-
He%|T<(}M)'bX+M
iv:`$#TR@f
c9ugrEr#
=c38 5$^/
5@7D*v
`OPY8@
=)86gtS 7
4Rrq[?O=
gz <D5
XkFe`.
O$YD*dS
*=IJT)/e
<'!n1+&Li
*LicUQF)M.
Gy976$4JzBrl]
lu IgUZ
+N=ty,
Ux]Fw(V
n$nn&PnK~.
X}* lNFJ
!r(Px[
~hs{o'hlp
gSd/|"f
(9VdRyQ1,w
%3[$-/
`V 9j^
I"1\&#
rHAOg8
PDGinpn
-B dQ,V
>bJixHq}o"@
3yH.W =
_X:1E|1[2m
;|UQ:_
?V!*I*
WF_78%a8Q
'e[e7A6$ p
Z#3)_g P
o)e&xb|)gg4
e>puU;:h[Ig
o#'!lSX
1z;%Z^.[8aDXE~"
i550Q3sy
7X~R 3
?<^ztZGAP)
/z*K0m%/i
?Us!i&Rg
^s|{)D(
?X)g;Zg
Bs,$H5
"(e.m
6{J>#uz
o +|XGW](ci'jf
X5 kE%
DEyCjO_^r
h,2E(M
}}%[_#
+J<ugeEPr
Eq':|G
sRwu@,[
@VZT,\)h
N}T#X3
AOW-y0Q
$$W}}(Hp8
K{UoBh\]h"$Vf(yub
likZ_v>
$h*+@Q
=;5toEP
`>aUE86m
k* tyQ
@' Je\,]/&@
GkLcE7
]e|8$vF.cx%]z
Z$8(.Ju
&eh5{_
q:5|Cl
ABM^1be
>Pn$AQ5
[WAZa]pGjA}
r^3AG}Uq:X
.n0Lz(
`5{3Eg6f
]ALsL`l64dlYd
@ xaLcBn
>2/ZJ9
\{~Y]Tc
T|=f@ {A
^(5a\oDr[R[/
T+B=A"0;
>3E^^Ro
.>| h<!@
FNfY"'R
xFf1Q"
kLy^55)
m8c3|[
&7i;^L
Qb*/a<kA'"vmc
{|6_+-
=FS(DFe0)
h~6@WjV*E^T=Rjy
Ktu]-\,E4M=T6DM*|
pHj/3r.
%-F;!ms|j
@cTbTxk9u.
l:KDGm`
c.}<00D
w%h$(]Oy
}?,~XG
h[KEvu
l^O"4A!#vb3Q
$8'li?jld~Muu
q@i#rc5f
/*=8h P9
@ ZrNH
C)zD6*
i|p_JMRs
n]Aijs
06lRpng+e&
?c-9P}F
pkB(AEa~
bb6l&VqleP
\],z0/rzOFaS
t9h%Aj2G NudDu
[T7G|MI
?cU~:n
/w&$rJn
jHzkRc
6dUpApDqhH
qvD-I[TM7.
%J@Q 8{
r?|+zC
yMWKd8m;p
Cp4=eC&Jl/p
G^o; v
GpxH{&P
qh_s"d
ASZ}d3/@
2+;4OB
;yD1Hs+
zI'\e;R
CfX+a"n
f Dr>a
SX<{FWkS1
M>HC"o%(
lvbr|6Yas{>
& 5<]6)c}
hwQ<O:(
!_1}rT
vNNz? lF-yROlp#"T8p
EhpF^LK_%
HmGg=
ANj;=41
M#9H+M
f=+v,\
+p.1_Y
3/![.AgiGB>b6
J)v*N&
V?" |K
Iyc1mVv%
kFB1#g2eN%}[k
{?WI";
KdGXcc!hv%
Ma#h8tK
Y~e`!&=
tR/{_R\
"j81kT
jbB#Hk9L
@o`k!gjS
9tKg u18
T}n>!@.
Hxx%8M-KP
9U5gi
eRZ"vn
LJ6P`Js$Ay{X+Lon
+s%Pa,$)
\U9Ullf
BuPWnY[n
H.GJ:Q"<.]
4^c-h/kWOa
>1 Pem
_gA~C5
`.?Ox7CyA
RTosE*L~<o$n?
fLVF<B?
rjdm+kx0c@[3
M&xNt,
K:<)tno4Kz3^*&^
}3AU]&[2,G
eS|&wLqS
l][tSc`Uo
e|ON{aV,K])J54
^M,Mm[
w9(5Y\Ur+J
h@vdAUFh
/|Xs]J`M=j9
f2Qn;|m
D{]Zz a
zs/--QX
,&>))v\Q
jq{96:L^}
1i;+v)
u_T8Izv
l^viCgQ
70fI:{-k,
^&Ug!8
z8,UEA'
(?T5Ur
ti}mcJ
O:(xMcl+OK
XHu+c/W8
e7(lkc
UbS.FjK
J=4i5d
AF6i)*
FIiE)\
KAm5cN,m5lj6W5#d"
^v`ob}
l*sE?t
v(r/~[O[N]
Wjri9cRD73KAn4/vX$
Bq6S{`q(6I
klS5.F
},F?M-
sEZ%~M]4$YyD;%Vkx
7/{?N&4<x>
W1:\Pqp
Quh_@X8+^
W 7e2F
5C4?$}G^s\lfr? NY
-_(GZ]YY $G<
,sS1)D
dISy~n
0Kl0&~
U`[>li*B*]ox
dxtXRq'^xp
oy'w>H[/O<^t{3t!$P
8Ml=D]bU(&+
~fAGaBVo7S. lT
FM%E0/
`{k~|$?1x
<mDPj\)z~
KX4& |h
/c`a9k BL/
b}jD(>A
QJBGI4}p!{
s*Pq=j=
AG;)!s]2fj1h
lr?}V06
fq#E4(
F84'p!KSsgp
p%BGMX
D"\GKp(w/YjektKn
$khor=v
a`RhxS
{sf{U&
8K{Lmp#t
'~VUZO9~ir"7zk=M
KJkRVK{b
FE E:{`2Z)Nqjh['
|Mai}E
}7d]MQ97
e >/Y|+TeW4
6Le=({,^l[}
2$bUncFj
J|?+R8n
E,v+bm[Wfo
hqd:PAc0
2OPzM\"
Ag#;_#;U
B[Ks*&
Q*[8P|
)NwEgx
i]I&9Q}lG ;
#L@9F=p
}I$M`t
Z AeQd
(ok_e^
H6#7`{=
J^bv|mTKFKuW
^D\$q@.v%
+iNY_7
9qHztt
O1>*.!5
sw!mM1
?'[. {
YFV{y=t
3 '_;.am3
&M>QXtZ!fN
(.r-zSF>*
,eUS~F
.r-Q*+'Z
u3zi+M
4}p]%uocIlrs
kxjbqH>?
KLIC9fK,M
zr#Hh1\
N26{at
rsvX${
+B7z@5
:Z9}.+
J{#GdzGB%{^W
Ryv^[#
0\rw$7
`e)[l,VyG
YgXs~Q>Vo
wKPVlpx
4_`[F<
^m{7vGV,B} a-|
rkpE,I&
h==*hn6
=reyKEdi
T}iaP3=OA2
v.P,n:
UPmE{'UO$;
,U-Tk ErLsAJReL
4^ Ev=@EIj!U
7{<[q_J
$OrwIL-
`V3L}V
You3\ u
%yp9>U
8'D^`:B
@i%Nu7
v3OZ$I&IB@
u|Rv'U
}6%'BMMo%
pWL|$q
m09'l&
RXqN_9U
M)@f"
,odsQ{
9m'JQB
{ch!mu}m,G)
d(F:mg`lX79W
:PyF-5
jrh:Y8
t=4*-C,
{L[x2xHA1
fp4[)\tw%6&
@o<jw(cK
~5KJY[G0[th
Xh_ "/
o4}d\]D
rN,UPg'#\>Mqie7B+QM
SYk =5
ji+sd:V=
mK/\zwJxi/\
RrL[c>|hd
GtGM2`Q]
#=y!GnDai61
g0x?X<
sp@0o}R
{eQNpv!C
:[Wo0!
]rL@I1
@LpThD_
-{p`;4q{
x_xEi#3[hAXR
O |_lR>W|b&
<zZCLp
.fmHB|
.,B!|No
?#Sk-qy
+yMwJAN
\8@TsV.E
mg`<dM9~
Z#,4c;
^!hp5\\J
LN7[Tt
f|:oNpS
(~/9zX;kUe?
;X[lyN++yE&.
@V:3^ERAtx
Uq+mBEdL-
v{RA"%Ec5qQ
KWJVZzTxF8
0L5t}G
9d0fi`c1Z|
5?s~OWP
PNRWG-a}`E1RL
m~;8[2Q'
qqr,,<J$
(o-A~ '=
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
USQWVRW
ZPR3C
Z^_Y[]
334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434334094012627201923175682405381853141810348437766834361347434229212930616201912627808070856065320501738377123662615351734229212930616201912627808070856065320501738377123662615351734229212930616201912627808070856065320501738377123662615351734229212930616201912627808070856065320501738377123662615351734229212930616201912627808070856065320501738377123662615351734229212930616201912627808070856065320501738377123662615351734594316662575320194904836444332028033414254185430746570100210459431666257532019490483644433202803341425418543074657010021045943166625753201949048364443320280334142541854307465701002104594316662575320194904836444332028033414254185430746570100210459431666257532019490483644433202803341425418543074657010021045943166625753201949048364443320280334142541854307465701002104182914251081220198175682405381853141810348437766834361347434182914251081220198175682405381853141810348437766834361347434182914251081220198175682405381853141810348437766834361347434182914251081220198175682405381853141810348437766834361347434182914251081220198175682405381853141810348437766834361347434182914251081220198175682405381853141810348437766834361347434435210502411372019338356606803786586106264347721844603345825654352105024113720193383566068037865861062643477218446033458256543521050241137201933835660680378658610626434772184460334582565435210502411372019338356606803786586106264347721844603345825654352105024113720193383566068037865861062643477218446033458256543521050241137201933835660680378658610626434772184460334582565
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Process Tree
- 04785655cb1e2c4ea8e86927a1f33ca6ae5752029491724ac0870f60229955e3.exe (2336) "C:\Users\Administrator\AppData\Local\Temp\04785655cb1e2c4ea8e86927a1f33ca6ae5752029491724ac0870f60229955e3.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 8531c22cff4dd1ba_29-9-2024.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\29-9-2024.exe |
| Size | 111.5KB |
| Processes | 2336 (04785655cb1e2c4ea8e86927a1f33ca6ae5752029491724ac0870f60229955e3.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed |
| MD5 | 0e847ab7808f2e3b63cc9b809b0d151a |
| SHA1 | dc8ddd3cd7e9c71fa5c3426677566948750a28bb |
| SHA256 | 8531c22cff4dd1baf1ba0d7e7b5208be2767d1d55e0277b7f868be3ed2c3fbd1 |
| CRC32 | 145B9F21 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.