1.5
低危
DACN
0.15
FACILE
1.00
IMCLNet
0.78
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Delf-VJY [Trj] | 20200810 | 18.4.3895.0 |
| Baidu | Win32.Backdoor.Wabot.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20200810 | 2013.8.14.323 |
| McAfee | W32/Wabot | 20200810 | 6.0.6.653 |
| Tencent | Trojan.Win32.Wabot.a | 20200810 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | CODE |
| section | DATA |
| section | BSS |
动态指标
在文件系统上创建可执行文件
(22 个事件)
| file | C:\Windows\System32\DC++ Share\setup_wm.exe.exe |
| file | C:\Windows\System32\DC++ Share\WMPDMC.exe |
| file | C:\Windows\System32\xdccPrograms\Procmon.exe |
| file | C:\Windows\System32\DC++ Share\setup_wm.exe |
| file | C:\Windows\System32\DC++ Share\TabTip.exe |
| file | C:\Windows\System32\xdccPrograms\inject-x86.exe |
| file | C:\Windows\System32\DC++ Share\wordpad.exe |
| file | C:\Windows\System32\DC++ Share\wmpenc.exe |
| file | C:\Windows\System32\DC++ Share\wmpconfig.exe |
| file | C:\Windows\System32\DC++ Share\WMPSideShowGadget.exe |
| file | C:\Windows\System32\DC++ Share\wabmig.exe |
| file | C:\Windows\System32\xdccPrograms\install.exe |
| file | C:\Windows\System32\DC++ Share\msinfo32.exe |
| file | C:\Windows\System32\xdccPrograms\inject-x64.exe |
| file | C:\Windows\System32\DC++ Share\wmprph.exe |
| file | C:\Windows\System32\DC++ Share\wmpshare.exe |
| file | C:\Windows\System32\DC++ Share\wmplayer.exe |
| file | C:\Windows\System32\DC++ Share\ieinstal.exe |
| file | C:\Windows\System32\DC++ Share\wmpnetwk.exe |
| file | C:\Windows\System32\DC++ Share\Journal.exe |
| file | C:\Windows\System32\xdccPrograms\FlickLearningWizard.exe |
| file | C:\Windows\System32\DC++ Share\wmlaunch.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell | reg_value | Explorer.exe sIRC4.exe | ||||||
文件已被 VirusTotal 上 66 个反病毒引擎识别为恶意
(50 out of 66 个事件)
| ALYac | Trojan.Agent.DQQD |
| APEX | Malicious |
| AVG | Win32:Delf-VJY [Trj] |
| Acronis | suspicious |
| Ad-Aware | Trojan.Agent.DQQD |
| AhnLab-V3 | Backdoor/Win32.Wabot.R231859 |
| Antiy-AVL | Trojan[Backdoor]/Win32.Wabot.a |
| Arcabit | Trojan.Agent.DQQD |
| Avast | Win32:Delf-VJY [Trj] |
| Avira | TR/Dldr.Delphi.Gen |
| Baidu | Win32.Backdoor.Wabot.a |
| BitDefender | Trojan.Agent.DQQD |
| BitDefenderTheta | AI:Packer.5C557E1221 |
| Bkav | W32.BackdoorWabot.Trojan |
| CAT-QuickHeal | Trojan.Wabot.A8 |
| ClamAV | Win.Trojan.Wabot-6113548-0 |
| Comodo | Backdoor.Win32.Wabot.A@4knk5y |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d88879 |
| Cylance | Unsafe |
| Cynet | Malicious (score: 100) |
| Cyren | W32/Backdoor.PJEB-4161 |
| DrWeb | Trojan.MulDrop6.64369 |
| ESET-NOD32 | Win32/Delf.NRF |
| Emsisoft | Trojan.Agent.DQQD (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Wabot.A |
| F-Secure | Trojan.TR/Dldr.Delphi.Gen |
| FireEye | Generic.mg.8167fb3d8887978b |
| Fortinet | W32/Wabot.A!tr |
| GData | Win32.Backdoor.Wabot.A |
| Ikarus | P2P-Worm.Win32.Delf |
| Invincea | heuristic |
| Jiangmin | Backdoor/Wabot.z |
| K7AntiVirus | Trojan ( 0055c5c91 ) |
| K7GW | Trojan ( 0055c5c91 ) |
| Kaspersky | Backdoor.Win32.Wabot.a |
| MAX | malware (ai score=84) |
| Malwarebytes | Backdoor.Wabot |
| McAfee | W32/Wabot |
| MicroWorld-eScan | Trojan.Agent.DQQD |
| Microsoft | Backdoor:Win32/Wabot.A |
| NANO-Antivirus | Trojan.Win32.Wabot.dmukv |
| Panda | Backdoor Program |
| Qihoo-360 | HEUR/QVM05.1.26D1.Malware.Gen |
| Rising | Malware.Heuristic!ET#87% (RDMK:cmRtazrrYkaDyEWOhQDBhcRFtlS2) |
| SUPERAntiSpyware | Backdoor.Wabot/Variant |
| Sangfor | Malware |
| SentinelOne | DFI - Malicious PE |
| Sophos | Troj/Luiha-M |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:40:53
PE Imphash
5662cfcdfd9da29cb429e7528d5af81e
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x0000c984 | 0x0000ca00 | 6.572458888267131 |
| DATA | 0x0000e000 | 0x00000a1c | 0x00000c00 | 4.533685500040435 |
| BSS | 0x0000f000 | 0x00001111 | 0x00000000 | 0.0 |
| .idata | 0x00011000 | 0x0000083e | 0x00000a00 | 4.169474579751151 |
| .tls | 0x00012000 | 0x00000008 | 0x00000000 | 0.0 |
| .rdata | 0x00013000 | 0x00000018 | 0x00000200 | 0.2108262677871819 |
| .reloc | 0x00014000 | 0x00000710 | 0x00000800 | 6.25716095476406 |
| .rsrc | 0x00015000 | 0x0000167c | 0x00001800 | 3.2124871953120624 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_RCDATA | 0x000165e0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000165e0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00016658 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x4110c8 DeleteCriticalSection
• 0x4110cc LeaveCriticalSection
• 0x4110d0 EnterCriticalSection
• 0x4110d4 InitializeCriticalSection
• 0x4110d8 VirtualFree
• 0x4110dc VirtualAlloc
• 0x4110e0 LocalFree
• 0x4110e4 LocalAlloc
• 0x4110e8 GetCurrentThreadId
• 0x4110ec GetStartupInfoA
• 0x4110f0 GetModuleFileNameA
• 0x4110f4 GetLastError
• 0x4110f8 GetCommandLineA
• 0x4110fc FreeLibrary
• 0x411100 ExitProcess
• 0x411104 CreateThread
• 0x411108 WriteFile
• 0x41110c UnhandledExceptionFilter
• 0x411110 SetFilePointer
• 0x411114 SetEndOfFile
• 0x411118 RtlUnwind
• 0x41111c ReadFile
• 0x411120 RaiseException
• 0x411124 GetStdHandle
• 0x411128 GetFileSize
• 0x41112c GetSystemTime
• 0x411130 GetFileType
• 0x411134 CreateFileA
• 0x411138 CloseHandle
Library oleaut32.dll:
• 0x411160 SysFreeString
Library kernel32.dll:
• 0x411168 TlsSetValue
• 0x41116c TlsGetValue
• 0x411170 LocalAlloc
• 0x411174 GetModuleHandleA
Library kernel32.dll:
• 0x41118c WritePrivateProfileStringA
• 0x411190 WinExec
• 0x411194 UpdateResourceA
• 0x411198 Sleep
• 0x41119c SetFilePointer
• 0x4111a0 ReadFile
• 0x4111a4 GetSystemDirectoryA
• 0x4111a8 GetLastError
• 0x4111ac GetFileAttributesA
• 0x4111b0 FindNextFileA
• 0x4111b4 FindFirstFileA
• 0x4111b8 FindClose
• 0x4111bc FileTimeToLocalFileTime
• 0x4111c0 FileTimeToDosDateTime
• 0x4111c4 ExitProcess
• 0x4111c8 EndUpdateResourceA
• 0x4111cc DeleteFileA
• 0x4111d0 CreateThread
• 0x4111d4 CreateMutexA
• 0x4111d8 CreateFileA
• 0x4111dc CreateDirectoryA
• 0x4111e0 CopyFileA
• 0x4111e4 CloseHandle
• 0x4111e8 BeginUpdateResourceA
Library user32.dll:
• 0x4111f0 SetTimer
• 0x4111f4 GetMessageA
• 0x4111f8 DispatchMessageA
• 0x4111fc CharUpperBuffA
Library wsock32.dll:
• 0x411204 WSACleanup
• 0x411208 WSAStartup
• 0x41120c gethostbyname
• 0x411210 socket
• 0x411214 send
• 0x411218 select
• 0x41121c recv
• 0x411220 ntohs
• 0x411224 listen
• 0x411228 inet_ntoa
• 0x41122c inet_addr
• 0x411230 htons
• 0x411234 htonl
• 0x411238 getsockname
• 0x41123c connect
• 0x411240 closesocket
• 0x411244 bind
• 0x411248 accept
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-C GL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~ SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u |U|ttx
yu pUkp0hwhlj
u XUXPPT
u LUrL7D~DHq
-u @U @8+8<
u 4U4,,0
u (Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG∋"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
z\$-`$8?G"
:5~}*PTA
*8?i4J9
.vuD+rK)]eD
wuWr%Lj}lKg
6MtQ!>-rb
[V**8}uG
fF7_2nFV7b
nncrRG
1{@_*r7A)3
)B$<_u
n{v%q/X
CcYAbR|9S
o(8uXh
=;\K%q
{Z (d%
2R]0y?il
jy%of`!
->_fRG3d
:rRJMN58
J#,QZM[CaL CT
>r9in2!j/TZ>
J<8]Y2j
kD[at /r
MTM(YN3
1<!$#FRyaYnc[d
zlhlaT
lLOx[W;
:$0*%-
"XhQ+x%es
cR7kF<wVn
l4O0P
YnrRo!3
o+FTctbsq
5{ZjCS
&>$3(1D
Qmb98"
Nw0C}Rfc
wO)a&m[
t]3^`~
k%>wIP
~.`Fe%ZM
z T{Qv
hg{HW_
dhOmj@
%Q]SsU
{F5p7z'I^{
6z'9Ua8
<Eq5N[M
LJ'{G~H
LNO+sh5
~fD%tkb
8gc~-o
[wc> N(950
yuE!Ci&"
2!(V9m ndQ
ptTZEsQc-
{y9[v\6
Ge@'j*B
O(0=//BZ
n=Q>xGsAXlt o
}ziQ&m{Y5dnx.K:
~d;NqU.r
s/Yjmxq
));?M^*
If/\f$H
-^U]lZ`
,5?}{Q}OUa@
w)~M=Z,G-^Mc5fLKFB
G9!g-)
/Pd='A
X4:[fs%ob
tn`5g4+
SJ"y%x8
y#\m`_
2(t1hC}>J_D
~hl[_I
CwBill
2M"F^W;#{|@] R
S{L!L/F
3#]r[o+=
$Jvidk}
{m~7G2Ay
h"#T7[
MD%$+L6
D'epN=
Parc\o)`3\
mJM|D]5JPq
r>sRw#IE
;tSn:c&g"
Rus`JI
/L@TbXo+
<00KdR
f{QUJ{z2_[<
Y~rC95%F
xJ~xv3CD
4aCONt5?kl
W~cClnD~%
%7/0O
PH=t8]
/n Lp4
hbR (I
qvn/.].)G5uO?v
Szte~R
(sxd~~Fj
3<^5amH
I6~Y|Se-
Ghl>&D51bD
efIF(Ly
e4N~fb-
B%lGV]i
jRdQlfO_h
c1j'_omm
226{ua #N
[,[cQp'
L.bWzV;X
!Zw@cCT`k
0KS5 U
m!&?6[Q
6OYyc>?
%3^uuD
6!Pyyfak2h1%-
}c$230v
M&UkJeS6ax
(bBqRm1
qAth%s
Y;6tUDS
5hvfL*;
ta03MV2"X
3`mF =
:-6|}"e:
%at<%+[
8lz+n8So
h|:"6L
D]Rp*)oI
QO) ?!
y'/ y WJ
{"K<#9
$m8=0H
HJ@i?7:
v3:]Jl'
v`PE~2-@
y!z5!f
o:l^|6
qf!*<o'~
@zFW[o2
C-]u9 /cV
JyxP/=~N
}l%~>KTq
lB<%%>
v{j"j(
9>>U%AaAOP$v-
N.?Iaj
mLNfWT
/l8R5(
F| XI`h
ZS<$pA*
W0,.953
lCf9B2
ON=RQYy3
jinY3F
G9=$z"|
*JnA"@9;
v)`XEs:
6CiRV93
4Rv=/j(~
v0;]&.
D/"S~Y_m|#
Q|RFjL
4@K,1;
AQ!o ,)]
rd%r;H
W[HAD-Ut
ezqvh"i
?~cMyI
LDN5>96
HHf.UO
Ci%R.oBPd
C=vQ690
\|;"Jb:+ O "Y^
* _w1fRi~
AAG9eo7
01!Nf=
^cvfZwt?s
aLTJSNN
r y5U&j5.041EyF
qzo!db,+
2:EB`bvXX5
-(10#e~
w0kzd&
Eh]+z`<F
Xme?8Pd<&pK
3cAQ J0EN?tT'_ BS|QO
LW):me
TnQ.wP
&%cg^R
*)$hQF
`38j,q;
@- h5MfyHke
g*7]STI1,a
@P+}3DX|
kv1@z]LrFr&
aMUV'is*
wvMBZ=t;y
|UXU!v|FA<G!P\^Dp
*wYT@3nE>>
N6U'.a
V6U(d_!h*
yq hS=nc|!fIC#
/.4X6-|hz
% Zkfn
1eh\BP
CIR!83
}#3V4B
b?>kUWPuCw[
mGOEv9J)B!Z
/Nj7Kd/
3kh/x#;5
#G5_ y&y61
RCh~c7|
z>ocMC[d9"8
Nhy~$%2Ff
*?`Ix'#bzv (?
Ch b%_~
B2VU4rwHxKR
JW"/?CF=T7
';F:T!/
lU:\wqV
*,2v^{N>ez
=!%+cK-
v$W?>y
wv9i?[i
YcT0nM.YDi0R><"A5Kv
v`tH[EhcK
6_O:!g
I7M{="
j}mfv :3#F
2#%V\69Dn(<[
^EI/2!NZ*@G)Q
@ Z!ZGQ
00Rs 'EOgF+{VN
)z[niMRm~
0@v'Y+> r
|F m'
4r+6&^Y9a?
oRsg!1st?")
5HG'E*i
1UFt_C&+gx
OjGE7MRA<
Dw[Zp0AB-Ejt7
d8~EfZO
D$aK,
UkTL@w!
xY7:L^
A%])r@
L0LD-m
L%@l\QCHh? d8;f8
ZLm|O_8$,t/
-p!*nNjW+
L9XQ"&
sIm;Qy5bIA*+1
hU ~ rXQ%v
3>^AB-*l!pH N-:KR;glD
AGMiCws
E6 B|_
+CEvkjj1-
}3E$%zzohg
C7Q`0@
u/I|AL
UfRf4*U
M';5ju!
%whrO&?. i
c!+:0MrS
\(>&(qXi
qIU#K`ei
0@w6H$yu
nJ{slX)|+H_w
{9kUq</V|`BKY
%;p]{-ZEgvj^CJRZ
:jPx}f:i
{l3y}t~8!#N
`4X3u*y
0*:'$x
TjQ}p6%&[
r92E86
.RXd\VmV$SO%^Nzhg
U[7^);HkM@
+U`BA1i
rA(B}J
yS%-.^%
\7Y,h[0Kgc
t(Tu3JTuhV}
g{2: Y
XDcScjtg-RT9,
kcxdT>
'/?:~m
+|$1FW=>"&PGu9US2
\#;G=#:l(
2i|tMi'u q$@g1q
@~wdspHg
</-8PLU8TGlK6
ZpIc?m<1jKv~>
TO+^{(
qvjFXV,jt-
j>dCgH
#*CSHaI
qyW'-2|
X.LHAF"d
VrAxbX
v.AHPZ
^m[-A0
R{C<"V
m.P|Sw
]uf-%_JN_-I*dKZh4T}
K~nG2e~
W!=aN@>
!,/!k5-hfi
r;18e,%@I$vC
{+v6'9
W5~|\'RW%c,
c#7Vk_+
<A[!Ng*0
?hJ.R:
<YKI+*Elb{
FM*gW'
Qqz\Pp
;"&#rR3%0
(A. U&s\
499hJ;
o{g,2c`
=#ZxGIl8EB%j03q} }
/-<DCHZ%("$ik
oJY&1P`
<K"-W?S#
6y!3(<x'J9p
X0eD)?
)Kuhkh
E49D=M
* VllMM_A!{CYx"
6',-b%9+
^^`If+pJ
*l?gk{lRZ^
V;xUO08n%H+v
EbmZ?fOi=
T$z.yb
c 01eOut
%\\XF
pVe}cl&m6OqRdE
_d_abM
"Jt3l:L
ZuH@lX
Ae/V(5[u
[uA7?L
2SF}YQ]
=]WUbB
^|^|W[(* J
_t9z&T&'7j^C<'
jSZ2kT{
NR z:0\V]4
XqAw_f
,!YT,x&
d'1>JQ
8U2S Va,U[Ck3
M=,sXvs$C=#nGl3
Hv#+X[d*c
p,NYL\
IFgW:^
>{}aj8y5
hB}(@aEmF
^*b.$Y}
I%Anbc'LQ~*7GO
&amH#D@
kR)ij$%e!
B:P{s2US
)s!r& T
[CsUQ+
%BbXe_f
HW>%p#
X5AWpVnC
j-?nme
Svn-o4{p
fz3K^7NTb
#QgZ&7p
,[.WDC
fTXuc@
z@"y.V
O50BN0+x0N
&9S:vYFD
'fB9J*x9]
G%^},+bXT
^$1Sk&$1wL<K
eukG0Xp|
F'JizQ3r{Z
;s#(,'H
)[yDKPe
}/<*TT
$"^_.|ajTN!3 h\[Q
AcLc0A
=gb{Me+~5}9}wj-5u
@\XOc#T,
6*+(VZk
AcT+XJ{EsQ0&
^MNB|UM
Vq$sE`6zA |#WsAA
>&STa&m*R
#.0O#(
EbZM3,O\
;[8u5Ik
#+?%da
a74&2jH
N#;#}r~
QeW6+o
MQ]wtuvmv!
4MA"4s7s
f5<\8~'
GKySk1Zg
=1rz|j
SK~V o
`}~ru.
lIROhNT
B*!t++5ruh?M
QsqmD!wh]U!
%`z 4t7Pm
Pj3=h`E)p{
_I3y~1GKJF9BL
`F|b/mE
hp,Mw.bl
?T*76T?~[
Y60&$.'U
$F9!#ro
OeaiA*/
=r1cn.
\{:N60VE;qE
R.`HA'
(eScd%@
@zTSo-}SvMBq(=S
x Cp)Qs|=!
dwtIqaEL
x'I~(oEE*_w
jMrFif?58lT>
x`h\/"
6J"!-@ZFN
"|_9i9fV`
/~b4QTK
G*Q&qgO%i?:
]2.^GDUe
K*pkD^8~A6x
:!fq1yuc
('%''pc
dM6..[Y
`6zve<'/:z
==46-x
(MKkNLO29
]SnsP7
i3QoC#_
rlC+|I(G
N6rK,%
*-%vK3?
A`8->ZfqoHj8=A
Vx^/zr
Kq*8ZkQ)fN"
=c_3Jr^}|[
I })N0qj"]
G3SUnj'B
Ui;u}~
c~D,5v
NC\\"5#
lX?Pf_idT
uFJ3gy:T7rtzD,r
Grj|cWT_
:w95+L'G
\lu|@LwRjaGss-M$#
;u>h T2.B`
hq!pudv'*
gV-k&SQn}
=zf79_
K7Fe2A
kC(_&,5Rqg
/3gvxR3
pu*HcY!~Nt
WATBdk{bKI
^%+_b5}
Mzo3e Gf#~_
a`6#>`K|t=soo6\
@kX4M&
qtz6Y<"
4\vUs,|2Vl
zQzJL\
!U=+2$/r&z
O=pXy(w:
Vw/o6hq
BB)QID{N*W
uPA4UV2;ABS
ZL&GG<AUm4a
90H<'k
YqZf>N
Czs:ug
6Q@/[B
m32Vf\
>ZJ;)iA,Qi6"
d752{O
[MHBcx4vPuPE
3j@^C^
`dl#"A
Khmupi3Bt
0t-F(L@
TF,fFvu
#mE&v[3Dr2KGeB*Nhxyl
7wy0s_"*?$uif?<
~,Y3Ivga
,8r7@GYC
C@$DHEH
hPFl#}
>$mS-z
B7?z](LF+3h-x9oPAh
#!wO>%
uU%iXP
&|"rl{13,
g-2:+`
il9{>
')p la
k;}.\W
Frz~AC}|
w1lAtk
k{cv|q?7?P'PT
/*{\C5:
&^l6{A
3 ]*i+
/NcFMo|Ub(~"4
JZcS>M)6
PRx'2A$TWzk4jp|<9K xo3
_a>uT.
V"Tq|jEWw
8vRELu!Q;
%lFJGb
-Rcu_t|TL4X
c3.Mpc9=+
6uPUz&
REml6vCRc|}
5T >J7|
i p_.LuE[~I'
0wyI\L8
=L6zKA
5ZndM#b
79j^00C'*
p%u]E_
j.j0hRVwgfT,`
itAI )
m4Xe>2
IgzXmFO^o
Xewsg~0N
CHJ>`S!3"_
b;|^t!4
l)&:A"V
I;qexPra
Tm!>tv3Q ~sLq5FD
=u7&%E=`d
_B.EjYUna
0""GJe
Pdny2*.}#H[m
wmha,T
]x.5!Ros
d=Tu`t
Qz(L"S@
D<&r:E
QCnYNOaD/#29
-X8B3oapOP
k"W`,R
$IgeB/
.9#`@Y.|
NI^5u&
T\ z^J
HL{IJjh3Q&
dp)]j[
ihT{I|
4-R(,Yi"
pu.I1r
%]+<F#i~x/
2tEWvc
\#Cm0OP#HM
nUBqt#,>a
)NG|$#A
0n,~K!a
:!{ tnM)^(8
>jA 0R
:x^B<Z};&sC
UESUnw"
NmI@glf
lZ7(~$M
r0Urm}
XmT5gy{
*n|E$w
)N]*BoI
G4 sjna|
ImB=YLg
Csw#UiQ'
{IWt%| ,
B*5}h)
pPUhKNs
2b*b#6rM~|Om[x!PAqFJoXh%
EbZ3mg_&;#yc^
6%btwVU=
%v!CcBR:-
-_r[bX^5OrN(zW
}hAaLL
SdWX|Sx&
<i+no
dCYGG|
/k>OkfA
]gh)N?f!
am~>d2[|Vht
g],P~O<
A"MOzkP
t?Yq.x|q"h._
leXB&A]Rz\~>?
UIfK'Cx'
05`ee-
{?D70&
vG:~e`..
g;;xUo
lO5I"7J?72'=%"T k
YZ>\
G]67$s>,Dx2'
>oqo$\
uz0jRGqE9!W
\`v*~29+WVVV
1ih#2x_7.
i5'mAh1i" b
pN7Ek[
L*?:@V]
\mxLj+t
nVZ$<%
h9-DRsy$VG7.
8N^ w{x
QIOGL&
_W|a]g_Cd;
P)gvp38e-
%3;N/bj
_A#d<2
qywrGw
qUve*5z%-H6
G^|mG^sszb
Rv@MuL
4_fw(NF
[;9j#$I
"Z!sk'
DdezO"(
tPickw
=@Z #5
fK6BxG&
o`w^xONn
Hc%+-Z*I
g'%OxfC
C3n,7>0Q!j~
FN!Rd41$b
55%)z!
*g:_Lz
aKYs.N6R(XGG8J
IV'!ax!
a!Y' \lebJ%ni
N3o;P/:
yn"]J]dDDS[
F8{jGi
-eE9K\Xx`R-jZ
2?*7+d[JeP
BCo{6}x'N[
fKri5h.
_17AYfzh
7F]H=.b\.^56
r#T#t=G`/
kCmnltW*Qa
p;U`bN`S
QejL'8e1mC
{2/@d {%{
VI0^429)$yhg
aY@bq
mauIWdPn.}P
&jTS'X
4idy8V]
%!NPj9
q7'G4` k5l&{Y
F=&Ua?.mj+N
3_a/`JU~CdbGx
lKy5 !
"m3>,c$H
S$Suvx
]K"^?BOC
9~&<|v
HXD+0
ET)r%JX.<
dVZiK'
{+NP)84ygK
|jNz0x
Uu="vH;
th7L7M
B;c4X,p.^
;UD}xw?{!
@b$4MC
G-%L@!WF9X3j
P35GE"3$Lwt
U>*xSw
?6wg0D*0
_F ';\
03TGIA#
x]($o\'C,^\D+
Y8Kk $W"
}iW0Je
sE`8pdelYVM
l5V`4#
9]}3$!X
%7u,xjl?
ae->]k
o9w`\KidZD\B 78 ^Q9
4R0]Df68vM
W?>imlL
Fl7Igp
A''X\-SC%
_NKoy<
{WBH2vF
ciIsJk8'`
bgD_)hV
2 h6p[?!2_
9aT}8hJ[
Q{I``8
D(7z/^K
G/=/$*o;
pyd#&?-
#Dv5<[-
J! V"3.
VOST fh,
L#=/Cl9,b
K.Vyt^"\
Z\kkwO7U
T.!Z{4{9
_LM&Qf-I q
_>X .t
%\^YEn!
KP.ujr
?J*(KPmX<
Gr{BgT9#%
Sk6m!r
"D4oD@
QMXl hZOi
j[<wUdA8=K
]k5MJ+
Jn];rL
Mkq4}H~mcL
V7]{Xg
(_nFTA
8CCfH+M[xb_^Yv f
LNi`BHDl5
7F%p:?0
=vBa1[2q
V5/+Ls
#Xi_&Y
?{+YQ@TI*
.{%jL(^w;
C\{t7fw8q
u U"F-}3Pmf.3 H
C81O)=!f
8*)4G[
1c07)5-rV
[4%=r~'v
g8~#(9
Q("+{x'5e E
f |Q@?A onD#R
oY)_$ JL`f_
.`bzLn
d"?J07U`G
,]BTwX
tV(LN79Rw
K8Vn)vJf)H
*9lZwZW
JNd3cYrg
\{o+1|EW
u0{<*Wt
zAvC%UC
"dd1+uP
VXrd#fIMYJ
k-^tq=N[<
>$OY{PpN;
0sm/<uN~
(XVNSFR
mOOCohD
Y9%k
(n+Q>bp1
|BjI:X*>7F!
Ck5H|`2Y+
i?k(69kL
sp&rM vt
X&tNsR;
n-|4:o;S\
bVbSi~MVEu
[.;q2"
gF^~g}95jsT
O<`7Bh^
z&tS?!1
?Zh&@)
u3M;`@A&C k
0P6Z+,F^T^
;>%h[ i
@=]{rH lOdE
y_XJ6oyW
NQ0;\j
' ckb/UD
E(F*_JUO
RTYEEGYYD\Em}>3"
,_4<P@3P?.
Xf3>4x"XDc
h &IS
2*3kLdmJ5|Wp)CLfRA
(Lm!P]o
-c_IS<<A
EgE-l(j
MYTz`e={
!//a7T
$|j?=9:P
#:h/T[
Tx]<1GLd
Rup`2%
-=TR&b
X*Ezw
py-76g
f2O-;Y
sFe5,d5
/Y.A|vt
V<q4[H
M2faS)=7b
saY,+b7+
"H3mFolv
yRx!vL0R
.ji7:@x}"
#%!0Ib20-
xcMzEWBz
'zxX**hx
:X'J]`|wL
7F&G]d
[Hg6D\>@/cS;8
ZTHm}m
%1iFW)~v
ekhqz=
;d>`qc=
UP;g1-Oq
ND/Od{<Rsq
~Hi7PxUQKBk0?,0
'Zswu[Xk
/w`vVP
8ov0*#+
}2 <_3
o)Cn#`dP
"0eS:$Th
:K&"I3NZ
|wl32kW
VT[l-
BjkfV"cl2
C )=Z,
+5X'^a
,+bEB&G]
iF=+XH|
/st&AN
Ys<vr|
UXC5mkS
)XNVDJ
I!=susiT@Q{q-G&
GY"YIy
6ZgdE2Ak
Z|0mgp*
~n+t]@C
)<hQvcZf=)| 2
,aFuZ0
DXJ@RX[
v,U_ob5k?'
s'|v@g
0;(D^5
|XTtS2p
zTQB?Y
Gg5<D2{
Jj"KV<
BH)HE7|
2~pa&W
1<QDjec
x~ KsrP
8%{k"g
v?)~0`v
)t%@AG
L&B$L
y 9c30c0
"k;zG)
,Gzk &9:S|
(_LM17e
5p<l %OTy]!%~c
;hVG )
$A02/+
4)I]f>h
knqD_
8:z7w
vjX{!u
kNF6h\
"N;*fLZ3SF
tEB>M!|:~umX
wfP.q/
/= C0~|
pMQ\!zuW~vRGv
+qMQbJC:"
DvR{~FK<UD!)w|
G85IE<H,&*Czlp
X5)Qg$p
3t68Ad^y.
OixM!"onWpF
5l!?|W^l$
g"O _6
T.t3bO.,`
!G!jl9 ]pz
5/J@fhix''
}<\SaG99f
{.LGMd%}&QT0F2D9U+<
m`d*l&k
*PI^F@z
gFaa>,<DIoyY0
sTUX|iB
4<}kT_~-B~L
2`~4PY
b?#xc6*]0
=LD XQJ!
@*jy.{qZ^
yzlZcn
-,$Zxa@,
gH\Y4r
Cj@p8D5
A^EN6 d
P{w3<h
IPHUBD
<4rluL=\:'x
{*~5Fa1Da*
"Lf#R]!C;rCd
N'94]`,L
}cI"+#lq
DN-wuB{
=e<S{BTWU
xY_8d;{pi
]gbE(;H
r,(6p%FylK
&-|'X?
r`sSn_J
K0h" %C
<J=CO;H[
89G4V#aG
&Nal6G@1
J[m T\
hc=gtt:'k
so}U4pU}e
X;xYuEK,oO
n;svt9P?-2#S
9\)S35V
Y/R [f
>J -&2m
~1s8]SP
+EGQS/(
0A^[r/<
Djt_@.
Gs5B!^o
p}^2]%
w|v?f9L
lKp|{IILvC
mFRT.UjY>[m@S
R^dp9Wu
>p@ks8
R ~U,2
dRg,>tx}
%~"%JO$
"HQVk/U6V
5_*J2JHz`=)m^U!Uaj}
Y{V5.b/
*w!1%h
uR%xISItGhrw
ys(PZ.)YI
m lJ~Y16
Gg`RG}Ck
e(.f-i
:^Rj-l$
$ QB\>yBJ
pMKc<a
ij(xh}
;w:1:vD
6M<79(
sF|af^
TG>H8X[n
j7lWJLm
|i3|sc+mg
0@]Q[
fr653=s,WD
]wjFk1
u2?g5jit
C1K?~l|]r;
9:7\NUC7a(z,ZPHQ^OC5[Uv}a_!vDi(
y6"dDeV/fQm1*Vc
\P6O!rQb
;aV2x[Q
KT~R:,
@mk^#t+TO
|!2QIbF%lypbn]9
xh\.TP
S:7SA=s
CU15^ft
U?[a-BvF
Kb_|RY
&4d0#)V9
!uw4(g8W`
blT^\=7
ej0tN>aK|lbqc8\
7K-T8zOJ
`X0Fw.
\pg6&wSs
zmkS^m
931.k:L
q|I){VB
`UK!3Bu
XHK/PS
o*B2#*m
?xWG{Ko;Z]+;
b+ax<"y
^chpjFQ=8Au
B?NZfDd
:omxJB
WDP%Dvh
NI/ZMO
C#RD-0+_4
AU<oE@
#b:H[u*uz`
#Ni_!S
>B[uX&l:v
Py5.pmJjc
lrcd()
gV =S]:4i\}N
Ke/\vz7E}VX
tTqFuK,
r!40+9
?/56vc0
j-m}Did
77pJKP:I>c#?
QzVmXp_U.Q
%W[$2&
\*9'>k
&[{4(
-7 ;=p!
6RL<Mc%
i25NI}h
f[Q]<2$a
-MJJ'tp@l
3,Zk5ONg>
!1tlcx
j@~24`M|3La
ff>?+j2x
ZSWqw3wz?>
D* 2Z7lTa
0 *ShJ
K*ihwm
>a[Hi)\f^'E
_8kjY(MNw]c
>=_A~;Wz
J5^XWW
M~a4.ek3a
,wd,a}=o^
`@]^F"
`iQ 'yU.]EM
@&$(U[\~qX;}
2Q~NFR
^ !JQ\,&
>>qDkzME\o}s\OwSl\
?+a]EZ8
&}'lH)g7z
hJ2w@A*
m\yv6p@
QpoX9V|Q^!K
63}_<"{(
k]_-l 4
*1x;LCoI
EX,96yH`[
K&5^T0y<uc
)"VN0 &q
_,qy2x*
_dF6?oSG()[
[]Lcjhc
W}/SYQ
I:@M^j
$0bIj#S
)n.QubYLcmwp*S
!.Muoc
nE`n30
nS?pX28
Bd@g+[
\}|3,wRK
!*LcXn3~U50A}q i
N^-$+a&Q
n@)dEp
O|TNLS2aI8X6
B~W"12[j,5
57-8'il['
0udQVKP"v6V46&;+SN
4^^bO&1
Cj1jB0Z2Y
be/U4TjX@c[gyI
vB d[5~d//
jW~jq3]Ua
,lU%}\0X
"vA-*!h*~ZyKi
/qK%ZT
5I}m^l
U`0$Oqm
ZFOIB3~@
Zmm6M7
\# 3d1
gN$LPMsUK
m82~=[)|
OWS<EU
0efm"r
*$+a(*3wx
)q9^GoD
O flW/
@miP*v
&R,Y0p
9qN8}G%T`
Y]r~oL0
2j5aP:'FM
QsrO@w
eOR6 ?6.Js
-KE`>M
)j@3%|J"
\ kPaI
wiv2{R
<Scd zOW)
dqA3iSS.X^^
_(}sK}@nE
9\3t p*
e?J"R<
Uk?&F!
6=k +bg"
%}On\;
cNX!-O.;
5N(,?"\F@\
%w~>E(BYB
p;&,[M
"Od.Vdq+S
xJR.(Y5a#(JV
XQl9Z`Do4~&R0qZ`
$bG bz_
w- -Q g
e^<:UJ
f[|Ls\"vG|,[r`jKx
14'j%U0)]`S)oP
"r[Xko
&7"3F"
+06KkaSn
K%S/Fgn,nlj^Z
IN'"Br>*r.<$vz(q&-
(2J>'Tq
Eb }e:
BY 'LwtBtvAG
'IZzvhd.
m,`aXu%n
z]~ d5;Z
WzTL[J-
/?n0T;
1Kt93jMt
I}!r";n
.MS~l88{3m'E"
)d,)w`XOP
^&WaMi6<3
l%Va8S
d~?j95g7
"Oc24jg.I
gO;jYud7$b seR[y
`pVM6T':gdRJ# 4A
!mQlE:'
afUF mI
=G]S_j
0:3XK#
't'`{F
:Aej2eN^
#1FGjt6
6Gh04U 6oGCaq
!a95}g
sC.]5>&%k
eLgTfVnQm5
)ozp~#
& #ROwF}
;J({h9
t=0i]Ku$
w|\\FaBTfh4e7! X3ChIz6
4E?i:5
;=7!9+
Uj+}n$
]l$6\i
}<5$;kZ
vUe|Fe
Fp*,!r+e
;JCC(J^
@O])3ZI
NAbi.`3u)C
'Zf]a)4~
]!D'],\Y
0;-c-?_
Pi$IT*z
,87>:&&q
ph(~*'d
0)#Xh
(q *=^
14NDj,
0D~.s.H
caRUxS{@O
sY9Sei$n
zp\n*XZ|
cA9"^V2
WLXbFx$q
e81c!Ag6HBHq7
40?Y v
WB}[7}
<t%AhG4D^L)XnA>cM;bNOS-Q+X
v*EaL6f
LL$MZAK&wUyN
W]Zt>TE1c,%4
{mw+cv
;{Qu&}AZST
iR$e9%
!m=m$d&0M
t\cx&KMp%s
bXBbIC
/%V"j?gP
z@SeaC=
W Y{f>
xBx%@R
|q\|J+"#.1
Pm<2}FR
NLtf(`
VbM,/I86;J<
B(@1w>E
y6t%CMx_ dfbolbf
)t$Q8mY q&3q
,P0x)f
Ds, o%\1+9vDonY
}D(X (QW
ue-/9r\%
Lia- d/ [
#}QbnVY6z"D@.GL!Xj
`%u? 9
Yzxh8soS
II1OZY
K~xy,t
(h@#gq
]cLUJB
aYdWeRR
1aXpoN_s
rh0"]k=;G_+GF
{;\rA/
5}<&>Da3L*H3u
*IAX_a01{#
<xQyc8d<bF.
Ey\pT4p
^?mmYE5&
8f"ab<(5=
aRk!:q
OtNB[]j
zMry'L
?%Z2+-
g.Rb@{ 9BPV
UC2hL<
0>oU>KpY(
rpN%MB
H .6Zjxi`A~'1
C'UElbU
kc0Hb[
EA88]D6l
[1sy^5
1\ !R6>
@ V>J$mTd6|<
<rk$9fl
plmxR RU
K7O,esK
XrK,wL
rEr\/(_`b/
BC303~
])h4,%
L]ef}L
?:=K Br
)72)z`iii
x@=*nuwN
ehI{o_8+<p
%N!Mw}X
MH4#[pd.
Bi/<g_v
wv|9}7%xCQN*
:+Ax"%h
CsNRtu
FQ!R;$
*G`K4^SYHQ1s*D
[>La4Kf,
XAoBo
<QK9y"s.
6!<xA0XYtO\]C
N?1Ysc /9~p
JV-Ic'
x;HUmOSrM?qjWS
e#+GRv
&}xyZDmQ_P%H1
pkw:\G
ORb %(
J[tE,? X
>Qm79I
iA&S<}pbI1
-X;xfl
T7XQzwUlc
cmu,5jx>U
7'!~>n
m68qeMq
Hvus\a
E&v2LO
<7t~7U2%x
5(>`]_{@
zq*{YCxZ2+r#{
s0[aq>C/k
)JI-ahsT')`2
zq.975
lgeM62BU
bYbM ]
!{3&(H
h(csB*~
x2^~%)
U#:^SU
b&E~51C
'}yd9Cz8c/@vKsS
[Rz6^4
=4=9*h5-
ur-&.g
^o/NDH:wz!{Vl
#1DAcv 1
1ff7Q{zeM
Y;gY}'qm(
Ms`E \/X?
"(!DcOi>DOi
<C"K]x
HR88zuDnn?m2S9K/
U$>GPf63:OfaF0
L+y^Wx^LH
Vsv :z
tu|[zOJ
dbRZPk>>aWF(
>2TsPI
}QB|}m^-
#n;_Od
WCy^K9+t?
}^CYObk<
l3k1=[-T
d*D&=B^
VZkMw//
/6U}}_*
Ohc=_OrgeRe^|E
\&R&/+Y
D!\t3_ZNe"
.6(u{|
x:u"WR
<lB/&.
+4}s[%
<X"}vJ5
K$|6g5 Q
CX R0xK/GFN
,~4>*F
(p?(WU
B8clB0
zjUB~9
95/,fuy
mvZxJxhQT
kp@-J 8
6"\0}Zr!
,t%+V$-,&
jPBD7~1
S =EL
,75P^~b7;1s<={BuV
/T dBirE.%]?
FvNUWf
tL0L)0=;p;
ni{?(i
e0/hF+KMd;=
9Oalbq6CN^%r
f5xvu2
43AhXc+d
QUH5Tqa
xW_P]ps^tm?RX=zO
3Wbg\p ug
oftM_F
uJFlZWy.
Ggz C,
?c9Q1V2C9;
@wkyQ 7d_.2{e++Hfp
=2?aF@KEO+#vv^tT?^!
z`RwAh
Dx#?5uNm
vJ6>s)
:&H'P5M
o):"V3-L
34j .-
G0Kufb#do#
A,r,tf K
ZSo5lu
#g{[t1
aV;(aH&Z4
RCYVZ)&-}y+zj
52ur2`
os6CdR@
J{@N'F
#s.I&Fi
:|LE{o
OJ(*,[rVw
~mJeu
?9SM^FMe
RtZEsB-r\7U3Ya
o5{!Rb oL2}1?
y2u((1Q/DM
<3M@$UQL>yx
bw*JIKS'Q
6H1kD-YF{d$
:(TtU<wB
YDdoI4"
SoA<L(o
|IrKl6
&j%B9N
=P_ZdjFDg
-ljbOq
p0&RbV+u
UT(rT%
:r<H/S
\HKp$U
5g!~G:6
O_|OTv^
3qm%xU$
U7w}2lT;\4$7M
{@Q=bB/d)y0Y
4F@zk>W
I!/II}X
USEAG4%
![l#k?Y+
4Dw(ocRa
_w"`ys%
8u(5torM`ZNv
uYV1Fc
dvadZQ
o$]oUI~Q9r:
} _eK6CK `{
`K7,k+s
i<{'&qV
m (EY:
K-n{"y
c#,Z;v<#2
wGA3boq
.X1gts
ry +m>O
S);?!!
!/ un_
Lw;d@@
~{]~oOj
g0iDAKE!i:k
#Q$2|L[
4iy};bv7=
pqJbY|f
-0!}+G
Zc66JF'h$GMcda?%%"1Clk)YDF:b
x,mv9oNk}L=
Z)hIx7OG9-F
kW5[iNV(Bw
}i>7F 82
CSc=GA
=>DI!]
E7d@L3q
xF68d&z
jRF6{(.X6
,YL\SI#LD
zD._E]*@hI]KM/F;i:
|h`l^a%^JDU
*jPph&{| "
w'M1b@V'0p%2W
Nd?1q7q#(u
Afj{{ .V8FUW
654LgM
;oo_~}Kn
yqI*\~u-
Mj=R?mW
SsqoK$w
ffpxSR2
(p.uT'"
r:4t^h
@j9M`H:B-u
L_0B5J
2X,*I%D
1nwTk*
pPm3"h
8Bp`nu"U
*b'?[b*J
3'|\u=,59x
e^S,Q|]l.z'{s3?[g 2
ti^M5huo`@
kF2p7"3cP`|2q
V=f1| H{
|!{'.$O
R6!Fp<.
bz.^ HGOOd}74@yl
60qhB*
>NM!u!r;W
wqdK(hn[+U
}+8O(I
U[VYcB-A
{F>c3?h
jmt_v8
;uL+!["
+J"VEuWra
dzqz\Cp
[dy@*(4Wk.I
tD\Amq
![BNs$?]0
ow]tV$]Rgb!x
+#$0Em}
<al]&>vd
GO@V\fv
(]x6t&
38.H{3[kq
%^q`s)u2
)G|n.E|l bXX'y
=TnK%w
F%NG))Ud
4gR^@e
II}\7vmQ[6)()y
UEKN4y
CL%@9d!=$
##3oL2BL_Sj9
[-/P!VV
?2U| ~7-u
jva;b6u
.?@l/Gs/),(>s>
uh8gv@
e_YQ#A"a(
ip`(slO6GTV
$]Q/6}
H'Rbi
b{`?eT
}X|7v`nx
o2[%!R~y
F>rrAV
O?ec4@
TTi,$E^J
<N>.!O
#{@p M,
# dD#y
k T[8e.pv
e<ONIPA5bR
;4S8d$(
+A\sH4FDN
-i^yzg
MlOw9"
tL~fx"{
1UuT$u%]yo:
cz^1E`
Pw*|z% v
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�(�
Process Tree
- 068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe (2736) "C:\Users\Administrator\AppData\Local\Temp\068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 6f9692f96d9f4431_wmpconfig.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpconfig.exe |
| Size | 179.0KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | efa69fcfaf52213dd1df7de819827df5 |
| SHA1 | ae19fbea2e3d4ae0b84d2d2e4fc9ee34e50e91c2 |
| SHA256 | 6f9692f96d9f443171a873eb3e3e7cfa1b53fdfc77947b8bbaa671756cfae5da |
| CRC32 | A4D70836 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 36f9dbfecb3f09b5_flicklearningwizard.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe |
| Size | 905.9KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6bd9de8749baff1556dc8cce102be309 |
| SHA1 | 1a1e2f85a32a9a7ce4db041ab22df9dd8dd7a2de |
| SHA256 | 36f9dbfecb3f09b534069296cb1117f8b464082df34aac7738c3612507f469f8 |
| CRC32 | AFAA7C57 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0db02c88380db6e9_setup_wm.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\setup_wm.exe |
| Size | 2.0MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4c797d4600ec3c4bd26f8edaaee25e19 |
| SHA1 | 820f8502e06fda9b0b235ae5922699466f6611bc |
| SHA256 | 0db02c88380db6e951e80b8e116fc1d84bc76846e893045a782d8999fde18c65 |
| CRC32 | EB60D0E1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e2993e3cc31a5e48_wmplayer.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmplayer.exe |
| Size | 163.4KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fc7371240a880b0f78715fcc8a22ff47 |
| SHA1 | 8e895621b15d52bf0483d013f7e464eb9d46d4d2 |
| SHA256 | e2993e3cc31a5e4846ed6a7f19c69d98233dec3371d5c7c831d84ba80cba17fd |
| CRC32 | 477D8818 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cbb8176fb07b054a_wmpnetwk.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpnetwk.exe |
| Size | 1.5MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ef2c14315d7fb118da0a5c7cdaaed9b4 |
| SHA1 | 7e9a7074f780e1d3fa2e5f4d6fe3b42287513b7e |
| SHA256 | cbb8176fb07b054a330c6e3236770cdae39ea3e300e5edde3b07332453414472 |
| CRC32 | 5A0EB853 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3292709dd3c078c9_wmpshare.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpshare.exe |
| Size | 171.5KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 029c3b14de9d9cf72139af27896331f3 |
| SHA1 | 1d251b6138776dcd792203dae7f74c2668bb19bc |
| SHA256 | 3292709dd3c078c9ba3c7c6c908f285ee586ea417a6eabe6cc9ea0fb46f5f959 |
| CRC32 | 779C657B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e12a72592b6307ea_wabmig.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wabmig.exe |
| Size | 187.6KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ee307f2a815a79205da3926fb6bf6cdc |
| SHA1 | dec306a3472221f7b1ee141e73c1df4329b72b58 |
| SHA256 | e12a72592b6307eaf2c7567d1be058199c504aba74f2c1bbc36fc381cfe76ba8 |
| CRC32 | 572D0CDA |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 04ced4a483716eb6_wmpenc.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpenc.exe |
| Size | 144.1KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3574920fe41a608c56f149600f9875eb |
| SHA1 | 7ca8c1c8990358a7dc19abf571c289dc859f1cc2 |
| SHA256 | 04ced4a483716eb6ae32e9177bb5b24c92c1a8a77b72ed2bc17cb702b4ad4450 |
| CRC32 | C2458647 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | aa2b08a47453ba2a_ieinstal.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\ieinstal.exe |
| Size | 263.4KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3c41c1e8e86d40b364fe220dc23674f1 |
| SHA1 | 75dc5a03b4f8ca6e2bd290dcd86c1bd550da2d8f |
| SHA256 | aa2b08a47453ba2af0c1d0ae1b14fa6fb91fa2a89cb2bf53b15e910075751e15 |
| CRC32 | 15B8196C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 3afb6397246f48ab_msinfo32.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\msinfo32.exe |
| Size | 369.9KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | efb1c87269722054e2b769affb7e28c3 |
| SHA1 | 1c220eabc3e6d95dd13affff7ec5abb8d44c48f4 |
| SHA256 | 3afb6397246f48ab3c650fc4a72642f590dca7a03cfb5552c9df3f9b49fed048 |
| CRC32 | 47CBA966 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1078cb87e20d6043_tabtip.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\TabTip.exe |
| Size | 218.9KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9188c57449fa8adc1b8f15352bfce424 |
| SHA1 | ee878ee43f58adb78380e0ec4297b63cbea60b06 |
| SHA256 | 1078cb87e20d6043a90e576c905e7f6a3f441f1b055f049f1cb96c79a5dbeccf |
| CRC32 | 7183FCFF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2aafaa74aadefecc_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 4.4MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9714264b640b5fb2e9d9a9db560ac0c1 |
| SHA1 | dc415b706a331d9e84bba73e65ed4c1670206c42 |
| SHA256 | 2aafaa74aadefecc654a1ae919bf7cf659bc79d6d2884e50af0a5f3c51becb43 |
| CRC32 | 843D11F0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | f01978946b7156d7_wmlaunch.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmlaunch.exe |
| Size | 256.9KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4b0a0853828f5f8e6192325c16e7800f |
| SHA1 | ba12787f074a3163760f449f09765c2278a298c0 |
| SHA256 | f01978946b7156d7450ede0f77c682872a8e4e857f831857d7f9c37052df7801 |
| CRC32 | 46EFB8DE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8ebad393611a0830_wmpdmc.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\WMPDMC.exe |
| Size | 1.2MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7292fb147097faf7dfb89dbad8cbe918 |
| SHA1 | 8f740374711ab73ff659d59501623bd8de44c67d |
| SHA256 | 8ebad393611a0830b61edf7ccea00bc31a576fc0a45db0156f1f6d6234678ac8 |
| CRC32 | CCB13D1D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dd7179b3cb0468b8_inject-x64.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\inject-x64.exe |
| Size | 183.4KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a734a7619ce5455dfa042c20dc28a62c |
| SHA1 | 54140df566a3fa4021787c30e7070c90ef8eda62 |
| SHA256 | dd7179b3cb0468b85f72417995b1e82540366421ecacdb7933de107049e96110 |
| CRC32 | 2A700369 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cc798b4a60fb88b0_wmprph.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmprph.exe |
| Size | 179.5KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c0febae7c4b5af8737c55536f637fd04 |
| SHA1 | 61d151179045f61397dd9687d2267e1ed1481bfc |
| SHA256 | cc798b4a60fb88b043a4cad7dec131b2cab68411461f8368a9aa85f6f494379a |
| CRC32 | 2ED05863 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 6ff43ca7b71503c8_setup_wm.exe.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\setup_wm.exe.exe |
| Size | 182.3KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b87e9f6407932afba0293af6470db399 |
| SHA1 | 5abac47f5b8ede75c5ac0a9eed0ef2e1410a671c |
| SHA256 | 6ff43ca7b71503c8d87a0608bfb0bd7247f01e28bacb8e38c7a40786aae58ac7 |
| CRC32 | 851C4E96 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a651b2b6e94ea274_inject-x86.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\inject-x86.exe |
| Size | 175.7KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0bc07e283b8f31bcbd62eeb32956f235 |
| SHA1 | b6a0b7992ee7ca8a37ff41219c8fe211efb9a137 |
| SHA256 | a651b2b6e94ea274a8eaef33f3efed1a692d4a6cdfa47c668d1c6982e4c5ffcb |
| CRC32 | 210AF6AE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 112d35079807acd0_procmon.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\Procmon.exe |
| Size | 2.0MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4b54b437cc809c3ab245d01702d7d832 |
| SHA1 | b1db429472944f61055315a5ceb5e37fad53cf48 |
| SHA256 | 112d35079807acd0e226ab9f5ae7087b3e53483ec562d8575f7b4bf54fa646d4 |
| CRC32 | F10B8E48 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 100159f34206672d_journal.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\Journal.exe |
| Size | 2.1MB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6970ae7367df966f689b3c124e57e253 |
| SHA1 | 1332405d3d6e88bb9c424448bc3e38648fd7aca4 |
| SHA256 | 100159f34206672d4e87e5e832bf5cb6e0110bd9b78d5db645b89cd20ca7a198 |
| CRC32 | 8843F2B1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8c7f29f65ff3a265_install.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\install.exe |
| Size | 549.4KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8df13dd1da5b566a3cade35ac1485e13 |
| SHA1 | d4b3c90ac45dee4e858fc55c5afa8c00c557c4cd |
| SHA256 | 8c7f29f65ff3a265bc6312894e599737581c0f53be682a0dab5a61784333854e |
| CRC32 | 60AB3EA0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dcf70a972688211c_wmpsideshowgadget.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\WMPSideShowGadget.exe |
| Size | 161.9KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 911d48937278a8f447507acd28430583 |
| SHA1 | ab31cc375f197c2e503078ad21db51e21804abdd |
| SHA256 | dcf70a972688211c9032ce6f68a49ee9fe8b5cae4048089b42574d399a23dfde |
| CRC32 | 9D760515 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a1e88659a4ad4f4f_marijuana.txt |
|---|---|
| Filepath | C:\marijuana.txt |
| Size | 21.2KB |
| Processes | 2736 (068d0cc43d0918beb77a3be758d8218f8fa4b649b8fc3ee8f601c9b569732c00.exe) |
| Type | ISO-8859 text, with CRLF line terminators |
| MD5 | c0214c7723fe7bde6bc2834742bcc506 |
| SHA1 | f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3 |
| SHA256 | a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73 |
| CRC32 | 0D0BD2E9 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.