1.5
低危
DACN
0.15
FACILE
1.00
IMCLNet
0.78
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Malware:Win32/Dorpal.ali1000029 | 20190527 | 0.3.0.5 |
| Avast | Win32:Delf-VJY [Trj] | 20240214 | 23.9.8494.0 |
| Baidu | Win32.Backdoor.Wabot.a | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20231026 | 1.0 |
| Kingsoft | malware.kb.a.1000 | 20230906 | None |
| McAfee | W32/Wabot | 20240214 | 6.0.6.653 |
| Tencent | Trojan.Win32.Wabot.a | 20240214 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(3 个事件)
| section | CODE |
| section | DATA |
| section | BSS |
动态指标
在文件系统上创建可执行文件
(23 个事件)
| file | C:\Windows\System32\DC++ Share\mip.exe |
| file | C:\Windows\System32\DC++ Share\iexplore.exe |
| file | C:\Windows\System32\DC++ Share\setup_wm.exe |
| file | C:\Windows\System32\DC++ Share\wmlaunch.exe |
| file | C:\Windows\System32\DC++ Share\wmprph.exe |
| file | C:\Windows\System32\DC++ Share\wordpad.exe |
| file | C:\Windows\System32\DC++ Share\Journal.exe |
| file | C:\Windows\System32\xdccPrograms\Procmon.exe |
| file | C:\Windows\System32\DC++ Share\wmpenc.exe |
| file | C:\Windows\System32\DC++ Share\msinfo32.exe |
| file | C:\Windows\System32\DC++ Share\wmpshare.exe |
| file | C:\Windows\System32\DC++ Share\WMPDMC.exe |
| file | C:\Windows\System32\DC++ Share\MpCmdRun.exe |
| file | C:\Windows\System32\DC++ Share\wabmig.exe |
| file | C:\Windows\System32\DC++ Share\TabTip.exe |
| file | C:\Windows\System32\DC++ Share\DVDMaker.exe |
| file | C:\Windows\System32\DC++ Share\InputPersonalization.exe |
| file | C:\Windows\System32\DC++ Share\MSASCui.exe |
| file | C:\Windows\System32\DC++ Share\ieinstal.exe |
| file | C:\Windows\System32\DC++ Share\wmpnscfg.exe |
| file | C:\Windows\System32\DC++ Share\wmplayer.exe |
| file | C:\Windows\System32\xdccPrograms\ConvertInkStore.exe |
| file | C:\Windows\System32\DC++ Share\wab.exe |
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
在 Windows 启动时自我安装以实现自动运行
(1 个事件)
| reg_key | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell | reg_value | Explorer.exe sIRC4.exe | ||||||
文件已被 VirusTotal 上 68 个反病毒引擎识别为恶意
(50 out of 68 个事件)
| ALYac | Trojan.Agent.DQQD |
| APEX | Malicious |
| AVG | Win32:Delf-VJY [Trj] |
| Acronis | suspicious |
| AhnLab-V3 | Backdoor/Win32.Wabot.R231859 |
| Alibaba | Malware:Win32/Dorpal.ali1000029 |
| Antiy-AVL | Trojan[Backdoor]/Win32.Wabot.a |
| Arcabit | Trojan.Agent.DQQD |
| Avast | Win32:Delf-VJY [Trj] |
| Avira | TR/Dldr.Delphi.Gen |
| Baidu | Win32.Backdoor.Wabot.a |
| BitDefender | Trojan.Agent.DQQD |
| BitDefenderTheta | AI:Packer.5C557E1221 |
| Bkav | W32.AIDetectMalware |
| CAT-QuickHeal | Trojan.Wabot.A8 |
| ClamAV | Win.Trojan.Wabot-7053120-0 |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Cynet | Malicious (score: 100) |
| DeepInstinct | MALICIOUS |
| DrWeb | Trojan.MulDrop6.64369 |
| ESET-NOD32 | Win32/Delf.NRF |
| Elastic | malicious (high confidence) |
| Emsisoft | Trojan.Agent.DQQD (B) |
| F-Secure | Trojan.TR/Dldr.Delphi.Gen |
| FireEye | Generic.mg.953774499bf94c17 |
| Fortinet | W32/Wabot.A!tr |
| GData | Win32.Backdoor.Wabot.A |
| Detected | |
| Gridinsoft | Backdoor.Win32.Wabot.bot!s1 |
| Ikarus | Trojan.Win32.Delf |
| Jiangmin | Backdoor/Wabot.z |
| K7AntiVirus | Trojan ( 0055c5c91 ) |
| K7GW | Trojan ( 0055c5c91 ) |
| Kaspersky | Backdoor.Win32.Wabot.a |
| Kingsoft | malware.kb.a.1000 |
| Lionic | Trojan.Win32.Wabot.lh0Z |
| MAX | malware (ai score=80) |
| Malwarebytes | Generic.Malware.AI.DDS |
| MaxSecure | Backdoor.W32.Wabot.A |
| McAfee | W32/Wabot |
| MicroWorld-eScan | Trojan.Agent.DQQD |
| Microsoft | Backdoor:Win32/Wabot!pz |
| NANO-Antivirus | Trojan.Win32.Wabot.dmukv |
| Panda | Backdoor Program |
| Rising | Worm.Chilly!1.661C (CLASSIC) |
| SUPERAntiSpyware | Backdoor.Wabot/Variant |
| Sangfor | Trojan.Win32.Save.a |
| SentinelOne | Static AI - Malicious PE |
| Skyhigh | BehavesLike.Win32.Wabot.cc |
| Sophos | Troj/Luiha-M |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
1992-06-20 06:40:53
PE Imphash
5662cfcdfd9da29cb429e7528d5af81e
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| CODE | 0x00001000 | 0x0000c984 | 0x0000ca00 | 6.572458888267131 |
| DATA | 0x0000e000 | 0x00000a1c | 0x00000c00 | 4.533685500040435 |
| BSS | 0x0000f000 | 0x00001111 | 0x00000000 | 0.0 |
| .idata | 0x00011000 | 0x0000083e | 0x00000a00 | 4.169474579751151 |
| .tls | 0x00012000 | 0x00000008 | 0x00000000 | 0.0 |
| .rdata | 0x00013000 | 0x00000018 | 0x00000200 | 0.2108262677871819 |
| .reloc | 0x00014000 | 0x00000710 | 0x00000800 | 6.25716095476406 |
| .rsrc | 0x00015000 | 0x0000167c | 0x00001800 | 3.2124871953120624 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_ICON | 0x000164a8 | 0x00000128 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
| RT_RCDATA | 0x000165e0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_RCDATA | 0x000165e0 | 0x00000078 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00016658 | 0x00000022 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library kernel32.dll:
• 0x4110c8 DeleteCriticalSection
• 0x4110cc LeaveCriticalSection
• 0x4110d0 EnterCriticalSection
• 0x4110d4 InitializeCriticalSection
• 0x4110d8 VirtualFree
• 0x4110dc VirtualAlloc
• 0x4110e0 LocalFree
• 0x4110e4 LocalAlloc
• 0x4110e8 GetCurrentThreadId
• 0x4110ec GetStartupInfoA
• 0x4110f0 GetModuleFileNameA
• 0x4110f4 GetLastError
• 0x4110f8 GetCommandLineA
• 0x4110fc FreeLibrary
• 0x411100 ExitProcess
• 0x411104 CreateThread
• 0x411108 WriteFile
• 0x41110c UnhandledExceptionFilter
• 0x411110 SetFilePointer
• 0x411114 SetEndOfFile
• 0x411118 RtlUnwind
• 0x41111c ReadFile
• 0x411120 RaiseException
• 0x411124 GetStdHandle
• 0x411128 GetFileSize
• 0x41112c GetSystemTime
• 0x411130 GetFileType
• 0x411134 CreateFileA
• 0x411138 CloseHandle
Library oleaut32.dll:
• 0x411160 SysFreeString
Library kernel32.dll:
• 0x411168 TlsSetValue
• 0x41116c TlsGetValue
• 0x411170 LocalAlloc
• 0x411174 GetModuleHandleA
Library kernel32.dll:
• 0x41118c WritePrivateProfileStringA
• 0x411190 WinExec
• 0x411194 UpdateResourceA
• 0x411198 Sleep
• 0x41119c SetFilePointer
• 0x4111a0 ReadFile
• 0x4111a4 GetSystemDirectoryA
• 0x4111a8 GetLastError
• 0x4111ac GetFileAttributesA
• 0x4111b0 FindNextFileA
• 0x4111b4 FindFirstFileA
• 0x4111b8 FindClose
• 0x4111bc FileTimeToLocalFileTime
• 0x4111c0 FileTimeToDosDateTime
• 0x4111c4 ExitProcess
• 0x4111c8 EndUpdateResourceA
• 0x4111cc DeleteFileA
• 0x4111d0 CreateThread
• 0x4111d4 CreateMutexA
• 0x4111d8 CreateFileA
• 0x4111dc CreateDirectoryA
• 0x4111e0 CopyFileA
• 0x4111e4 CloseHandle
• 0x4111e8 BeginUpdateResourceA
Library user32.dll:
• 0x4111f0 SetTimer
• 0x4111f4 GetMessageA
• 0x4111f8 DispatchMessageA
• 0x4111fc CharUpperBuffA
Library wsock32.dll:
• 0x411204 WSACleanup
• 0x411208 WSAStartup
• 0x41120c gethostbyname
• 0x411210 socket
• 0x411214 send
• 0x411218 select
• 0x41121c recv
• 0x411220 ntohs
• 0x411224 listen
• 0x411228 inet_ntoa
• 0x41122c inet_addr
• 0x411230 htons
• 0x411234 htonl
• 0x411238 getsockname
• 0x41123c connect
• 0x411240 closesocket
• 0x411244 bind
• 0x411248 accept
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-C GL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~ SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u |U|ttx
yu pUkp0hwhlj
u XUXPPT
u LUrL7D~DHq
-u @U @8+8<
u 4U4,,0
u (Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG∋"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
S*s~XkJ
Ar:mHzd0
I<n|(b[w
:"F2t
x}<$(x$*Nw*2
,lCf>e|
d]w]tE"]Na~
>N%q<G
nv/4U(y
>l3W(dW{dG";zH
1Gc~0,
b;H6VS%``jM
?]CdTwL2>2b<Gr!z
Z4\|DQyMD],34{+e
w?^>q%V
-5~ir:
!Smgs,\i
6k phr#
"'\Z5h
#Sr"sP>'AXj<k7lK
O`{(tKB
\t[S1W
;QA`KA6n
YADIcd]p =_wm;}\Mg}
e;]s |/w*c
"qb*{7o
,#A>CpAZT.x(@R
q&K-9&
e*B'Pf
LvJwUs
(G,cL3
`ono, \
iF[2!t
+umYwci
kE8bqM
qyd.F'^
G;_agX@5[
Avid.b+_
F<xGm E
4u&bRDkKAv3hA
yQGX_$Ub
Tor9bW
++\`iO1MG
x0|lU}6@+12!GX~\
|B;2B
He|AEEQCvv
xY9*_k]
#|]\;`R
e;$ZOCyLRy
(Z<n"R
DQfc*Y
xKua{5
7JW9y% \
?Z+9Xc;Ism
2=7!%62
'cXx AKh
Sgd]Gdzkko{f
d'CsyENT
b^"v($}d
=e|[(AU
/=Ycd)p.
&c(6m 1"d|A,< 3oM5|0]<j
0Iz:I8M>0
h<=dhg>8)V[l P
6{k(LAsg
]z|y|fnR
U~zK~%dW$}X
.,pz7sXQ/}jB$Oz]d
$pPa2-]
&4/\o.v/zi?
~>F =MXN1Q
s'7g!>W)c
eq6i5`]a
W,5BUK
}X^O|.3
E/;T-Zxk.X
]'NFwQ
ucNkn[K08>Ck
TQU;JNm
=QBxC\
^I-o2cu0dR),
<O% d^S
%Z*L;r)JR
${Wc316&}Q]
,P0C43
q3(wx>;
rY{YQV
~y_H>3*f
#{"P w9
#5rA>+c
^$q{zKDr
CL~p_KC`
@[6*eA'
w!_tX)
:&$}Z^w
AqW2V
D(?#im]
#Am47hG
qEpl8F:f1XTx?z@
NiSpo>$/[
j$<Ry^
sL#T3XiSMO
8["[y!7Z"'El
[0NRW;NLPbt
42k3L#
*eIcF|)
Nom}~ )5z3e
~Bt1MCY
T%kDPM euK}/
3p6< J'
:d4j)M;d
R41^?B
Jzd$0zY\jF~IdI
I;udjXE0d +mQ`
viM\;6`!
Uw4kE- Ru
2bB*XJ0
3CH/r+*U>
Q&"IOie
nrqq)5Y?e37
_:*B4x&M\)
F7jf4jB
Nd`9x C,
M 0E3?XV%-
C`!0+[rJv/
vq#~(L_q
+rR hm!?
`!rZWV
~xJ[H2[
B~K._JNa:?
pSeJ1$7
wH($?\OZoCO
Jh{Li~W
~k<r$c%Mx
py1"HhCx/-s
=gASSM8
lPY"+fO}OHcX\4Lu~
2mcVXxVyD
=Abe*)f
v8{q%8%q
N:Z\ m;TTa
Q|n59ck5'{4
[*`eY1
NfgA<02ZF
yoh&*uvF,
80IGgt
zd\y{F}mj`VOSXrNM
m,hrd+8A/,O`
a-\pyf
?,5BV/>1EpB
[q>t8^
ate2Hv<:"
?#^=t$D
RdN\.a}LXP
dv/HS(SA
m nOVm
;Fa&5/
Od!{Y`t|
B<1@%Vw;Cl
< ,-%
dSW(lu3l(@
^vc4sN
Ra_(9 pOeV[
`k`]49
,GXLnuP,.
F$Q [d
oB{( n
C?ZK1z
~u 8/TR
>(:t>`1sGVV,
eej/f*)(
~:2Ne*#
?V?'Y\D
w$AB 'a9g
5B1+T=@
%ldEOO&j
U0 fts\/
'NlU-f
gRu<.d
/.4[S(Xhb5P~g0
'ZB}FpR
#8$o?Q7MXU
q{ L$O|42!ds8
6MvP'D]U
)o4mhz
S'&J`Hm>/
W KS:4PHv
PdA>J)
<|p[k)
:!N=/}
UkG1vq
~&[m6w
q4y9@or
lJ?m*3
yDt_\v
kGL,n10
h $46(h]N
)]Dj+aT0
.~oLf3
vshm!C=b
JDTS6x
tR!.0a
O|vwC5e
:x*q[E
6^5@HcxkbNb&VK
f|tLw6
0QN'UK:L5
gWN)) 8?8
NR4o?@
;8WWu]
5:&A+R1Ej
j=0Fvw
2U_ON>vAi1
&1K6~N=
7riph+mDa
fm98a7=
T&/Vz3
T_C8ia6
qlfgCL
KgH=0#u[
Oh)#.`
\5\YL71m
puq"~E<bc
}lPo",
:h%RBw4n
2xoX01n_G[yMwH%
H\iT"_$cIp
eo7A*cE
Mpn-\C%5$h9C$
2}uC\OE
|]!Id17?_pn<=L`o8F $
F])=>X.++ `
\T1JBC+%N<m4A:
Ozfwn~
RG*"?!
C.AORXp
?YA")h
g7^-kE~#
JF9Bgi
Vl#UU?%K8
Mg1m{\:C
4K%ikM@Z2/
34{jR~%32
B(jW>A
]eTm qp~?1
:YT%b
z;x]e*\K/&g
C&g0'[><,bY
J2;{EIYCS
%w38}y{r}`pyLE
8D-g{}2"a
EEHQ.s %B/g.
'pZL:%RY/IYG|
N@I*CC.9:%I
1!?U&W2 w
*SbY>hs
TUO#4QULAd
dTp/aiS
,SN@fqw_
k.h5_j
_Pq)4(uKb
m?>d*V'tT
l6>>Q}s
VN""<[
3BKUX6
2qI]EsJ
k^|*U@x
7~yfs][fROF
}/ (U92TD
a H{07
v)RMK5Hy8
fnLyTA(
|4d kof
aAVA|g+T
q: F.g5Sz
gcqv1{Ye-
9J~tK^d
4{fDm.
(YkK`P
^:q]Ns30@R13,{<
G'dyx eA
E%7(O@.l_L
;;F\r=
J(YC^brIx
hh Qk1XNVL
xM[q!G:
(1O<'4
(mw^cX|+o
X\]Ou0y
4n1#,^
/<b({v
[9]yV3X`l
A8QG2U%}
[YL^)|>x u
<`$5VNyI~q,yHCI
JoU3gJ
V?]Z*2"4&tMH49
*$aIx!90]-
,fhETU:XD4
o~CI16y6^0B
-L>b! {]q&k
<hR2S,/.0
3|r&-O\
r @0?x4q~gR
#p!Qu}t
jz2L@\Z
IEBVC@
#1@M0+M"mc/R"
V1I Wy4e[1a}Iy
`dhuzU0r
LWFC2i(!
$WX!]E
A,\wLZ.E>}^YK2naeOTq&V
E>r-~ )
jWbs,$q
xb3l24
p`aR/u
v*3%~=a
htg\ n</6w&Q
<rYHL2
91/9X:d:{6xq
hTLw{d@
K9X[kr
?Je,UxX
P'3tCVH
h.}npo
eyA/D =GZy
]6<q[w
tU, ]}p@\"Ki
+|#B5#n.*GI
GWe`d{Qk
o]Ws!O,Syl
+IY|;@GG[{?_T7<g75OcsRXI
HKs^:T.
@5;BK2`
g> Go"
E,PoYA
T^KP,9{
UX4yeK
rHSKU5
6lkh*?r{<
xr*oAR<
H$oI6@
'km@n>A/:
3S*?QF
e0^6Cq
kfbC<GL
TmdQ Hw{ga4PD"eMX
Lkxq &
SE;|i(Fw(
\0}PxLu
bNg^f!&
]d7bDb
/|u{ iEw
NXAmS:(:))i6iKSm
1G}:ac"G
'u}KwM
X4^D&"Hge/Mc.^
v]_fyw=
O&K]*}0i
!LnnF,Mc
&vm"sUtBa+
S&b-E`)<;Z
$IwW>f
-nQqsWn
wz]mD;
P^xW=sh
dO7X|8/qAW+8z
PC; El@<
{.q>D> @i
LC/c;<
ZH|GZfu9
)zo.&}ZiK
&0Tz;h7s_l4J
_uVlHl:x+.#
fc4UWX{b?
mS_c6\
?nB?h[
hH LnC
- YMLhX|_bW{
5-$\Ho
5v,lF"1g[
e9W> 5kI
]*km1c\7
}j%F("N
8xy2{S
="}HT$
Oa|Ol8'Ng0
M*.u{/2d5
+Y(m@R
+"f93L6
g>kekWacv
{7H!k,
WGVo6c
edpDW3h9
2iV,n9%'W
Y'j|b\
_n:be1?
KS:agH
VHo6e/3#-
]#?B#3
]*5"^!
yx)q8F#*!|Z
j~>dcCHe2:eU
`DqM8z
R&t1w.;~
S8v`_!T
i6HYp"N$&b
w"qik`{%dF
a!@Pyls
IrdOAq]
[3[K!DRLi>5vWa
-ffsUj.T;~SKjGLq&?
4BXje7`sC
E.$?oC{
gllxtQ
[YE3tf
?0GHQ:vzR91Pw^
TPXbUl
+c2Fq]
9b~7J,N)0Nz>ef
@-b_7F
*7$qBo,
(hj/]]
k!g[,Kee
NQ(0sSNUsjg5`$){
-G<XR&)}
P@Cf|{6sWxf%zP
&e3W=(D.V|
=ZNCnRH
f G;!& (Z
A$ij+]
uum8TY
9`(p\'6fKQhj
<Nf@REcF.cbA
Zx(e66)
hpZ"0M<Co>9
?hV )N
h.=j|:YL \
T:o8oGhp+/
Yh|TzM6
tq$L2F
ju/X"HEG
.x#C`2
.Z$!H&p1t
2V WY)
lKmJ%Ui_EN6S"w
,b$f62
lk(iS}
KiYx]/HM
_AS1~!]
+%6zY&'kn
9k>`C?C
9eS!:o(lLJ|gJ*`&4u
6q,,aTAc[
5cV"vWJ X
mEy}h]y* A
t<HiNj
xJ25nzx
yjvP)(Y)
6*V%-HMB
Ulv@m^x$s;1!5
!ggTYqS]m
y>="j@4
HJJX'e*{"dtk
#/b*C.L
vK]~5LLH
eFv$fV
Aj8 Qak
,W/vC-g4j|DNX4dE`\[
1L(>%Z7X
,sea:Ebpz=$-JtMB=?q'D
*s_];+?
5bChzh
hoz=rchqAo
#:'9)v
)~k645zK HL
z>BN:4
0 TSjj
a)X13a
[j;;&q4B-
~8m 0b
dhya`"655<N
iHIe.h`J
td,iAqk
k>\:p5
IlwoCN$
7zc+`Yyvun S_nc'8
|- WSop\!"h@2
uB!j7?%
{Zf.&@<
mGIWt_
M*;*;@
CIy"Qs^
R3'paeOM
y)vz (
muaAyK%g
#CWt}WNaMW(Uu5D(
"$'eh}K
{q@@XU.
:sl ^Va;66
W73h %
q}H,eUY
=XAf{S
h`,CD$/
v-[TC=
*>ih,V@
Vr[5Nn|};]3V3g
ARo*\F\Tqr5
!Y$E?G0N~c+Xm?R8`7@
aiyd`g]
.ji1E_5BFNAuhP9
NNX)]MX7N@0+
WL8D_Czq
a!<_H^;`A>Y
`m;:+wOv
D1.9"'aR
[#)ZqA
QE< e?>
Xtw7Qb[+8(^
`J#z~ZW
gMUp0:9X8}
3>yaRKT
C7rvyxo
g`'m-P
uI)X_Hp!b
Y9`$K;MO
={T4tO=b
}qYMku
4'-q:0
+g '_.
rsX~4C6o!W
G1[dq}+
YiZ;|zt
My~}ZF=
zTID)U
X.bp$J
WoW;@J
~qW4*Kk
_J;kbF,T\>
M@"uM7
gF0vvd}P1)O
4y*=Ls!!@Z
W"tKwKb`p
D.pP@^`gq\QBk:lWGl
!;?c"tzK
dw~vn*K
xpNfO_
Fn'3LR
/</'Ch`'
S8u'5\b
j"IZ7n
nFj@ms*N3
f5=5mS
H}&~dgIriZ
m +hx<aW_U DHFw^pcV$q
jefhku
~oIOMl
H dg>W`
N!=Ngu8z8du*\
Hrg$*{
`|d}OAn-u*?-V
}t84bM
!6e!`yUQK
5vL&;s
xGF@_/`:S<^`X
lhH>Y?
F4Y RISX~{>
=r$w*]>
pSh6##H@
2,va"kG8
G@S ].
BiIR(O'
zCZSro/
rEegA9Z
Nn=202
\LH>8QSOg
zK[{UY,Uh5
#G97)xUGF
B|1a.`0>
20M$u/
8OYqJMM|)
B[^J]YtK
ydrf<+_g
%YW83.2
2 ;IBqiD
8"Sg;f
s`U_mcrq[&G<
w&Y b<3
ZVbd- Y
skfHG*&
w6U.Q$J,%
9{Da2-1
u1kc/C@
* Q&o)}K|0
y:VNFH
k_ko{:"k~wAJ
>H{RG#4
jpMx.dp,
_>X1Q!{]T
D?}@.=I
t66jj m
'5.loI
Os`l@vj,
]nHa$E"J
0R`[I''
'qew<X[gF
FCcN?e~
%:I( `Aqc
_QFhOGJ
aU9-?>r1Oor<\[Ig0
;ih'<ur+
F4mz7
hIdrG[
w:Jv$#<~
-*9Y~o:
O!bW\T#z'
"Nk]a@RfZsGht
.\M1?ZmK
XXm\k.
Y.'{cEk:
T)Lxe^|X5;5
6}:F?|xve=}1[
IM@#{v
{LKZ,Gr[
%{+1 K
r^/ui:
R6Z '@L
>DaR6FS
m5[Xzg<
SU?}Xc2
1~]Uf8V
7_W$tk]U
VyD nSKN~?OJgh`i'Hj
mE+<LJ
zDw5GH
!o>n||t@M~<
V"@5TtD_zO]Dw\
RiXjKZ
oN:hdAZX
'Y4p.W'.{on Jm`n
T\- p-
{_vHk/
wDObF?'-
vOC]!=p
#y/0H2~H
GJy1i'9^h
h{v~vzj
4J[%//#%j
{)+)JssSI0FMz\
Wl<C3Rz[r2*93
mqShbc2'=I
/)n/1Z)
)W;}_ #5J!vO4x!
A 'mW6
y<~i[R
*8OrW!
w4wKcu%
0~{R3\>
+!-Oxp!Ps
+cC:T1'{r9
PT*_@*
sM{Zdu
u_i 8|G>
uC}b,"
)6X7,mE9
mnC?o1SfP(z
99a).%<?5<.
g0fE&[=
MtP'lBug
iB*&;QX
GL}] #
U2P!A`
=:WE=8
yuWy;4=o
aH`E#P
'h7x?O
PWW3%@)+A
ms*Fy;
LA% ;<q
H,8A2d{
xt(|T n
=I\k,_o
#ubu&[}
s 952I
K1(m<W>99
kv<gQ N!%
q[S3U!
:232 >
S?upo^
r8p\(.
_jgx|!
~8F;fui
n60G%8
}h@+4?KH5HHi
]klnlPM
^g{tb^&
TP_v| kWTbaGo=2k
B{C1d`Y+
QFHFDa4Z/ys$<pR\~
j@u87BL $z>vwFsa`
&CCoiLgi1`
h#![0J(f
RQ(9u'DH30
HacV79
bC@iDI
3Q}H3:
4A"_<sBC
,Ym8j3-
>d*TB*hEAI'
4jTD79y _%w}V%3
vqyFgwu^
)/U92PZk
w\q<Vi$C
pfGN2G<7?e=;
u!gUU1
sl%a$es
~Z|PzOl{
FD,\lF+"64
!mU2!9F
QCfu:E
E@o7wsz
TVI!L@8z
LcsX05
,Dz_}e`."
c\tp= L'
%nq09:$
yo$L^My*s3
_SgAE3
Jx=8BAB4W
'Tm_vHS
4P.Km.U;c
JJ*iPT
WJ/Jr}C
Tm+qb7
3@g]k`9
VzN'#Bd
#8Y#6"
F=43)N0K4w
.xv;9@uL
aenwEF
$lb1~K
YTG|Pr(I2qG+
nS,M]cw
XMYVB;K
2H$3Gc'D9D8y
UU"2JY!u
0whr:r<
BaZgwm$TL
}481}e,;L)?xl]n
x;UlQl
'U(eK9
[^6\M9
^WmWVCwr1P
%&#q3u
5t[bM#
4`dSiP=(7_XTtAh?
I xFxCF
k"ysJ[
@vrsdSxrC1
R.S:VRks
-GnW3j
dkk64ZA"
OOVJj2
z4?W()G
kdk"pp
&Ne+jC#?+
h`Gi8$*p
L'(SCb
kz(+_E@=AQ[w
;vzUC8
KPXf@P
=[6.u-Q?Kr
ZEpP~D
T*!.DY
@lnC{7]
proa>8
UW<H?D
|Dbx5(
! 8O[,ZM
X(Ipvd
'al&XaFqx
>pjm5o{+
B[J}2(
]0Pm4Ga
=00<^P
[B%zc)`;
A5oP^|;c
MUYOB70v
' |/? 1`
PU&VaM_ewN5
}9rkZ#fm
@'Sh N)j
ZVE3cl#%Q,L
=T`&A+
2Au|,1P
g;MdZKN?5
=^.Cr_g
NiPD^e=/nc<
:wq*A;
5#WirVE>
zr6>~Q
&d@RZ]IW
b)_Bu2
+HE:Pt{ENt
1[`w%j
sR,R5{>j<c{
?y2Y#_"l
ORY\~O
2 auW`
a $m 8D
SM0g9<
"xMeG)`9@X
i3/db$Y!kXA}t(6n@1v
o\xdE2]n z
E F\TZ48ugN-_?AD
"ze~yb(
-o,mDL
y#>GP9
yBes3Y6 Y~{
?Dm h#
!`NOU p
^kCiq;}
'Kfd*..
bnkHHV+,KJ
D5AurgIBW}^b
M}yxOI%y`;9
0I$,O+
a-{%B.^
Dwto@$0nuUdEH
I}w:4@c
B%gOmQhtx)" $
P@zxxw)C
[w{nL^7_
I}v}1'
VmHnz:V
7=1b{Xm\k|NgW
of1e1Lq
_3'8 |=@W
L CU|bS vt
Zt#O.%
X/Ul@(0)0
YA?*~r<ve^Xp
3pF(41!
6Mdbtq
RH(Z(u
v~U[dXW[=>
/bSg*}x.
\-7jwXS`s
4='E|=HS`
=?*IJ:
]{^ub4;iiV
[-(VECW
olS3K5L;
S3)o7&Y2Cc%bV
x"me8N
bZ]"%f
Q&:9(t
euK_TzuX,
>2O!}ExhZs
En Ry;S
]%?-H
\6#^]P
XE-g<WGo
0H#.7
:(fq ,X
6xiv4({
2X,Q5u
; ?Ax"
xm).`G<50qnNlB5
jGdhlIrS?
yLP<Mx"
E-c~",',0
oGY4uQ,)'
G#d !U< 3p3
*0eOMm8~j
Sm:xddF!'3tP-O1<y^
cQ`.u1YYb4w2*<)<
h E2ihq2y
U)p2:W@.
#x>YgH*a4<4vI
,~M:4mo]U
dgj"`kL)Buxt\
ihv7J3
V {m4L4,U
I&-^`uhd{I7Z
44wU)}|S_k
2zKj?"nu
lsG)\K{
4,MW|=h{7B
qWCc+p^UOS;ts
sQ~1"VlJH\p
[Nybu B
s-aW]
?@\ xmd
3m(.H^m
<QV%.-&18\
Ik#,#o_?"blz
zPk|_hQ@$
~N0p[p+H
{ELB#*,n=wd
+}j'So
E9OTbdA
-((M1NxC
DJo.edB. ev%j
W5N_P\WcV)
'),m)-s)5Cs#
ZgF{AH&
zZv$s8br
Cb1=7.
sS,9;1J
.u']r[
Q({^+Xzo
|AK`seQ-Z_Z
YMgfruj
3CG!B7
7%-5oOvoM\
eMSe$3Ssc/.e0
9MKT5,HL}:rR
hS&B[_
,M@@H5
1P(y5W+
zhYgLh
uVBv6D
&a#Y!{Va2hm
Ck5"'03X
6s/`jE,8
*79IshJdO;pZ
,KAoJ:A3H
q&Z0*P!J
fnk:30,*
(_41t^
glaVGBu
&Ios0lZ
'vzq1 mc
kadZ}hD5^,'
JX.~;`fjt,
~4u~C?ry
>[PkN6IB
9xCoF^
mk>}rZGX
t &Kx$
pe*<XbchI
-\'}?'g
|V.f)e
/<%x,4Mqc61a
c+\_p$rBrJ
HDVPVXPo
:l%(G/
+#A()!
ji'0dG.!r3Y
qQ=wp[A
s.@LHRY}}q
H UJz-y[t
1FqH(M
MM&Nft
Rmk?[3
q2<Ylog
`\~0LM5>iuJ
H#bC.o
[*7+i|R-}ucJ>z
;4]p0s3[$`$H..-c
Q(7_B< >UF
#Y+<|XD
T1R4`Sy
~lO<EG>]
:kfzW{
m~vAif7
IX]*WzGtOV
%dv>"YM;
hm-Hj!j G-A
R~vJTV&Xl
Eco:*kN
AHFC$:R
JXqlOa6W
.M*Ll?
I@Ar.coE
jy1S{m
"=~d;yG)
;;[uR^|;
A`edbz_QBuFt5_tV
%(F<!}
ON5(QcT
p;iM#D
fZN!-Dv
n+U~uj
?wliYu
5OJ RWB_a
~zm0'K
pu3P*:} 6<@"h%<s
vfHc\+\
||(6{ZYP
t)O7x
qHtj ;?Mup*1
#0D$U`p)5}
8~gEp94Zwg,;,_
A,>b rp
$4U8Rg
dtI=:_p
-uQCA%`$(_;5.A(>} lz
}NEJ+Th*b
p)8bPR
{sK=5<t[G;F|h3
P[wI#^'
Le!3`!
:Yo]ppS
0i:kGo8t)
(FLSR0k
e:5 wB/
*+o51)
xPVk{s?5
,!oJ31C\7
/X+tUiIH
y.H{Ns
Y{VC!MluiWC^^Qb(X~;_
>RIF)S
:ob9%3
6QmRBTe
nE}\]iY
T?uC5"
'K%|cBt7l
|NCd*&
v%<HMMKc'[S
'[|8$Gz
`~#^dI=
|9EccKac
=LrK/[I-
t z^20~5C
k[lJyt7v5
1G_[ 1
] ??U;;6h;w
;FbL\4
0R+2;O
L`'{$V
o^6OCe
|x&$u1%
4]A[&Q
wnnl.r
6ED9i)Z}P_cI
pV9K!z
Ph[$T^
<I";4Q
$GFqBLFL5%8D
\.y\EB
o?$s. Q
q+20<[Ar*
R\4#V>GL?H^Mim
5A] (3
]y8QPehSp9];`F
OQ=[ep#u\Z
_p Bpy
>,\t-!1h#}
}4ec^L\}
[3PYvG0Kc1/t
JI6s,}(8r
YIJil;
I$Y^a1"R>v%R
n}[EY$
@ysD.U#09Gy
xK<vn,
-U}q8z2Vl<g@i[
|;EXks`
)f~~D)
h+N=h{7pwM
I,*TT+V
qzHe_30
%')lU+ Uk
l lG9
q[Np+dBUp
<Uq;ye4
P:_#j[
]r_h]N5S1F*T
G!~exnC
{G8j&]Yquy
!rst2O
]gt e?5
Ofy'C <
8RRv,t
1eLZT4K5
.1hbW3*w
;d9s3 K
BtL([.HF
`t rDd<
7vb}@^>
D{#\i|D<
N*&TLH7<
XyX.psfE{
g:\K2(Lvhs
KZ<[oM
.lAZ@v!?Xibf
!BE)[9
=*FfCvu~`)k
2M; vht#D3'
H}:$`*hNWr[HPl
!78:_u~
6J%bi8
w{|.frkE1-/#
{'sLM3
`$:T{0]
yZX?BH(
sWEKftN7y
LE j>g?,y_
B&o}!l
"OymDm
smBbG<
u?u^U+c
oh[U'h
IrV(Pal
:*c^87
|WD*n\J}7
p6CU. ?M
"b*6!O
fd=T/a#4sK3 3@2DkI
P5F< ]4
!ogK/<
> Z5@taw
7t-RJ&
Z"K04YR
>l V S|
C3-Y7fg
^*d*Jrf
KOt>=wa
"Nd&-m/OEA%d0c>r
3OTB&_
1_|(}(B.
R aJcYZ+Rv
\O".3[%[
{=b<o[#~W2
yR:j1E!8
RqamBLD
\{Md/9!w
'{2!7)
3!67TZ
g>QK^p01
%L|50
q*)y]r
d\\RdEf
FM.Gu'
E6bEM2(uIQ
uA%B9(rR{'9B
O4\,)F
`Kq#0:`
cdRNA/z
SJD",f+~P
_O'9y<iBp
U bT{2m
GoX\m7~_.
Z9W%*O% e
jkn~vPK
Cu&URT
.og*{yqO
g}z6Q0
NZ1JR%\/,L-ri
_U?_X(Vg$h
P&$V-2e :eZssY7P+lR;H
x}&o\t
=;YTx}g$LdI(
#LeQwCQLZJ
i9mQRL1
S3gId|+(w'
XKf]rXF7
t0uc'<
^F6_CA
s@_a|_
;,:2Iq
{/j5?n
qP1F;cTT
}6kRs@Er`
[I& O?
i^wy&4`
i&5"^k
n(OcSI
Dpg"e=
|hkch0h
jmf;+m)FaF
Nrlp:Q
|964AG
HEmcjUMO,w
Rx"Vdv
I1D56B ~=)*A
^?Kh2+
J`^KNi&+OesJ
/L=^xG0=
Js,yw N
m>R2{$
y4rmRF2
;}1Ph!z
N3#]#tH(Ol<`
Wj$&`
br1BW\&[EK)PDW#
$rfh}K
Gc)8 V`M
gdo[o?
#"B'"(*AO
,1Q4Nb
rp@%E~
@UiOd;1(v7-y
~AA`d{mn(" 9>;
q./fSNC2R_R
+;niezj
71n[!WVo
z{";=VE4c<\<8
}M9oU9
</W5A+Q
G <c,$'
C"m=Yh|0o
e<&A9,
~~~fjGt
AXv #,lD
S: O f
Me6#*9
zB!>a4Kj
5E#E<[<_(Z-N
r8/Ea*w
{Sv`21iL#
Ti.8'5
j@i5Ia
2\=:f-6F
"JWDyyvOG
Uw"l?3
Y:X$iiZ,
y%GD4Q
aJ\R5|!.PRpG
o=H3nhOQGe tb
MLKphYX:R_@3
!Y2e65
)6}5zg5
=l*fqRb
m^fMbaJ
3;+V&q
jEp\+k
YglS9|*u
+*:e0nm
8O"RA;WE
iZPUQ R
iCDUE;)
]0']O^
K #QA#
;TU$gF
:z2Q-+f[OQ
M~oipgl
W+[zmW2qgL
#YVGH{
~{_F;"yZd;e
gPILJLE(U
kv<e 'Z
TSCk3VDCtL
nX?:kph
C~1k-efA7C2/
oBL.Jy
&TTcL4
1LspC5._zK"
.dd{GN
&W.Ue'
`{-<E7<eE\<:i
R.?#=G
SOkZn>
[ciH.'
Q_+CACdf)z
M*!Tpt
P(S:j[Q
SAg)/N~7MU1m
k^UOr,Fn<
g8QPYKHw
],eb[T
(y]40sA
:+>~Oo[sBB7@_f}i
Ep21>' We
6d$eod8?
w:xX_g-/K
S5ka-8v0V
%83^Z9
LXr^dj
[YOq~1<XX
D,-TraSK
b@=Wdb
Pn(G&:8
DsEAHm6
AJk| MU]
nr?,=E
u@T/B=~w:
>fQ6|`m%*R^
1FP>'2+
6Z:ZCq
qr>Xk^,
=UNngYc8
Yb$gzT
+.$3[<
95tz'2L
=p@/.(
2EIVLC
`=@Y:$E&`l6g
`c`q~Fw
[<3%k7aU
:hjPLFE}
FP$9UXcB
(4cm
_8[dXxV
c'<*^MT Yu^X^,S
q/JlcI<?
)_-YRc?
FGd[ttR/Y\M{-x1"}
D�V�C�L�A�L�
P�A�C�K�A�G�E�I�N�F�O�
M�A�I�N�I�C�O�N�(�
Process Tree
- 0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe (1612) "C:\Users\Administrator\AppData\Local\Temp\0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | ac7d26fd3705d364_wmlaunch.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmlaunch.exe |
| Size | 257.0KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7e78d5a1ac33fd8c51e03411ca2d6762 |
| SHA1 | 53c7f835499aa5fad40670aefde804001e48f585 |
| SHA256 | ac7d26fd3705d364a8c7af3cd461f62a041f1419d5c345b72ec704aae5d6b249 |
| CRC32 | F2E21979 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b42112cda5f5e77c_wabmig.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wabmig.exe |
| Size | 144.6KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | d1a7fdf8f1b7f07c6d08d9d19ce3d51f |
| SHA1 | f3b71df6197dcf77208aa82a0426794d4a3625b8 |
| SHA256 | b42112cda5f5e77cd5ddef3203aa8784ddcd0098ec6fec262043ee1ad942d75d |
| CRC32 | B60FEAC6 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b44dcaa6beb5d2e5_tabtip.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\TabTip.exe |
| Size | 219.0KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4d9e1706d8e96adf3798dd4e041cbb1e |
| SHA1 | 2e894efb8311e5544986f561ff2df67e2dd85116 |
| SHA256 | b44dcaa6beb5d2e593bb856bab387580f6f7476cadf0a71f6a3ee7880b8bf5d5 |
| CRC32 | 43E386AC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9e1cb3f3924aff33_convertinkstore.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe |
| Size | 188.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b4fea10b9b077574f952a77b366953ed |
| SHA1 | ffdc870887a64e4ad81f497661332c441633f442 |
| SHA256 | 9e1cb3f3924aff33f1db3f8d2da51526f63439a6ee31d1d917e668731ca9e939 |
| CRC32 | 7F3E147C |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 08d916ab8009ab4d_wmpnscfg.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpnscfg.exe |
| Size | 165.9KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 64b9366b61b854223db27e2fb7c77532 |
| SHA1 | 0fbd3d55d14bc6b267120b8473348208c3163a16 |
| SHA256 | 08d916ab8009ab4d1be2fb8eec9f58ffb0b950ff7e10115509e6848a8c6a89df |
| CRC32 | 8ABF2CA3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | b53924a8c38038d8_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1017.8KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b4d2c0e2428fcd3ec1b13e3083de3a5d |
| SHA1 | ab147d2cb942fb01b72b60662553347e750c0b8c |
| SHA256 | 303c16a8f74052ec801ce79beb4795fab54ba2a835ddcb82f7cc3bb2c505d8f4 |
| CRC32 | AC2159FF |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 7331726dfb901017_mip.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\mip.exe |
| Size | 1.5MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | aa34aa529a08af5e7c5208cc380d1549 |
| SHA1 | c84db1cf62a6f14cef92a4961c7ef484b2a4ac9b |
| SHA256 | 7331726dfb901017c1c5089317b67bbc52626800a8735e081054709af70ab81e |
| CRC32 | BBD97D14 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | fbcda6ac19458f12_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 993.2KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a7c7253439503b4f6eb64afd9ed44ab7 |
| SHA1 | 4fd807e72a62087bf2fde44a7d94eda889f5f804 |
| SHA256 | 5632c35f24c78f68fa720f5ea342072e399d16b005f18d7504573777b8ca00b7 |
| CRC32 | 7B48ECBC |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4ba4d6082f71b217_inputpersonalization.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\InputPersonalization.exe |
| Size | 374.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | fb74a27f48d448a0311fee495b665672 |
| SHA1 | b12b001203f66dbc5bacca15e6d43b4651110ce5 |
| SHA256 | 4ba4d6082f71b217d8dbb92606b8bb5f7abf4e2b5bd02e6b94d5e5d47496780d |
| CRC32 | 14829473 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a7bc4f0bd23e3521_wmpdmc.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\WMPDMC.exe |
| Size | 1.2MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1ff7fd6f43e1288004d97fc799b65123 |
| SHA1 | da66299ab293956db8bc72f373e4817d50503b82 |
| SHA256 | a7bc4f0bd23e35218fd909a2020a758596c8379689eca9a159052e907b5e367d |
| CRC32 | E8501402 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | cf19fdbdf5e15e4f_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 957.1KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 86fd0b7dd4ab9f68837cded0186484ce |
| SHA1 | 2094162a58815922a9861abf24472873cbe1a006 |
| SHA256 | 0023e9de56142d276c7a009d629e2cac71cbe887c1f3420c693cf4d90eda6f61 |
| CRC32 | 44554E83 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 2cc4dd754d1648b1_setup_wm.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\setup_wm.exe |
| Size | 2.0MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4f8578234380f3293985349e39848c1d |
| SHA1 | 06fe55413e4ef8b2caf478e243c273c43cfe8880 |
| SHA256 | 2cc4dd754d1648b1de6c0c7cfe082216683bfbf0a2e4bb508cc0899a47ea9373 |
| CRC32 | 79E6CC67 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 072ab9c49462097d_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c557ee92a0a89ba862cef84027e31bd2 |
| SHA1 | d03ea4a97a2eec4f351297d5042267d1fb55130e |
| SHA256 | 6c0244c3bef0d43421174984ba9d1daff8660db4a578c732dfe3b3f779f67617 |
| CRC32 | 971E6CB1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 9007ffb473253ba2_msascui.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\MSASCui.exe |
| Size | 938.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | f70e8ca181b11b7e75f32d80450cba2b |
| SHA1 | 5ed98bfa0e0ee74da86f1c05faf2e3e3a297c1a8 |
| SHA256 | 9007ffb473253ba229b90167839a76bb13eb9e359f63647a7838f7656cc580ef |
| CRC32 | BD0299A0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a36fe2af4b82738a_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 70d2060a4bce3d98871fcc02479c5c72 |
| SHA1 | a4f1b1593ebd09b5d380f52351c16405ca36863f |
| SHA256 | 97166f0c8f232d0895e1ef08e89f0cc2bba393d7c0f9b13f93d4b3942b607ad0 |
| CRC32 | 6241A714 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1b69dcd83751c8ef_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9ae537cd0606a00e680edf5b125e8728 |
| SHA1 | d509338bc853797bdbee7f31d4529ed843066559 |
| SHA256 | 3eeb5a290b5bd09db2075c24b4045bbad6c9bfc86bc6cd237836f2f88b3b91fc |
| CRC32 | D456E4B8 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 895aeb22d26fcfee_journal.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\Journal.exe |
| Size | 2.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c22b44ce8acc3b8a1853a6cb695e5e01 |
| SHA1 | 47f2c8c8549af94a93642ae12bfaea4ce2315fad |
| SHA256 | 895aeb22d26fcfee1bf40b4ddcad9c21a6630c7cf0cb581c0e47b8a15fc8c43d |
| CRC32 | 1C199927 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4ac208473b2fa468_wmprph.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmprph.exe |
| Size | 134.6KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c8f015206548e8e52c7f697ee3f1ccd4 |
| SHA1 | 3e00267834fdead103b2de64100f280d1bd6dfb4 |
| SHA256 | 4ac208473b2fa468046a783958fb5ca2f10b938df34c1671e9d8b11ed3b34342 |
| CRC32 | 1AF1D552 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1bbcdfb13bf68a34_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0b88534c377e6080d59a43271cc96189 |
| SHA1 | e93f79489530d020dba8224c081243c990657834 |
| SHA256 | e9ed7e023b1c061635fa497103d9a72b8c39b2d1c52f7e023a8f638334e6e6a3 |
| CRC32 | 2C4BF11B |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e586195e07427067_ieinstal.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\ieinstal.exe |
| Size | 263.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | bb1e5f6bfcbf98a743828b21fac7b9e1 |
| SHA1 | 2c4d22bcd9934eb820f1cb5c1ccdd0f8a077490b |
| SHA256 | e586195e07427067e75cfdab5108ce461e92f232b634c499dd584368fd528c48 |
| CRC32 | AFBF1EFB |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | e436c7a2248d49d9_wmpenc.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpenc.exe |
| Size | 144.4KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | aa4c02cdcd43014504fcbfe731a6776b |
| SHA1 | 625b4037e79202d9da8f8ccdd616b7c4feb27b25 |
| SHA256 | e436c7a2248d49d9fe3577c9e4d62b44580c9ba5827e64f6f0893120a4c66fd2 |
| CRC32 | 572091A9 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | c22850714674a9a8_wmplayer.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmplayer.exe |
| Size | 163.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6aa6a99ce39dbe70543260d03ed2354b |
| SHA1 | 6a36f9b7a89769da13f8d40e499a6a6fd1b9efad |
| SHA256 | c22850714674a9a8ed0aa2aac1196486a614e28d832fb38ac7f4c9b7765d4b44 |
| CRC32 | B493C3E3 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | ed9bc84d4a4b778d_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 949.7KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 3406bc134ea32e66273ab868181242ae |
| SHA1 | 37ddddbddc19a518562885f730de09c9b140ec3a |
| SHA256 | 3312f18dd38dd9cd9027d038ed9462c576fca737c81ff9e116a66ecf11c82ab6 |
| CRC32 | 22A2E423 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d19f7e0d46e22136_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.0MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 463c717a8028bb66355af13b4c8bb721 |
| SHA1 | fcafb7ab0b84693027e8e09b14ce3cc76fcc40ea |
| SHA256 | 09400999eb5a628b6c12ca2863f1fb94cf60ab9cf46b96785dc8a708729b162c |
| CRC32 | 1774D446 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4faf0ed6cc1cdd3d_dvdmaker.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe |
| Size | 2.2MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 5ff55046ca57d4ac35dc9209bf6751f0 |
| SHA1 | 8b8f9448c88be7487c9db2c0c14b46fc4a12db36 |
| SHA256 | 4faf0ed6cc1cdd3d44bbdcf6aa15e7c375d2a33d26e235aeb3c64e9000f45459 |
| CRC32 | 2ED8ECF7 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 8110623e5b82edbe_procmon.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\xdccPrograms\Procmon.exe |
| Size | 2.0MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 81e585b27ce5166e06aac1d57206f34d |
| SHA1 | 3324f1fa86a7db30642860ac5cf27132cc1a122d |
| SHA256 | 8110623e5b82edbeafa57665c0582c789d5e242ef77c92f32442e842e069baa1 |
| CRC32 | C2B7CF26 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | a1e88659a4ad4f4f_marijuana.txt |
|---|---|
| Filepath | C:\marijuana.txt |
| Size | 21.2KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | ISO-8859 text, with CRLF line terminators |
| MD5 | c0214c7723fe7bde6bc2834742bcc506 |
| SHA1 | f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3 |
| SHA256 | a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73 |
| CRC32 | 0D0BD2E9 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | eb0eedf85e7b7af0_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a8723f40fc88fa441153dbcd5e7081e6 |
| SHA1 | 2327297500c1b3580e15574c39636d3d93320805 |
| SHA256 | ba034f7847c22bdcfe4655744fc7ca216200d134a3b67d05c1b443558035c056 |
| CRC32 | FB8330DE |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 4083f57a9b99aab2_wmpshare.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wmpshare.exe |
| Size | 158.2KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 58502b50f1d18cf68a3ebe9547bca631 |
| SHA1 | 5024df913bd63254513e0c3ed3fb0db09de6ede4 |
| SHA256 | 4083f57a9b99aab2feb7364cf57f6779ee81592d88b19bde2ba9037af08a1782 |
| CRC32 | 2870A767 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 494d59c3d712b7a2_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.0MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 10f4b0964f696ec73ac5c83a2c0bf2cf |
| SHA1 | a140b4cd4ff70fc2fbad56a1581e5a9b610a090d |
| SHA256 | 0ffa9e690637cb709c31081bffeac4f1334a3a6de3c47977b7b2c61e5cbab5bd |
| CRC32 | 61F98A3A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | dc97d23e8b042475_msinfo32.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\msinfo32.exe |
| Size | 370.0KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 29401fa16a8c6a02b4bd96d968f1c81a |
| SHA1 | 8eb50734b14cfd641e81df01af60f19044e03858 |
| SHA256 | dc97d23e8b0424751e017046a01353d72b7b4601bf21d67bd47a82fa05a174dd |
| CRC32 | 4BAA08B1 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | d686634094480d37_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 1.1MB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 47f055c5b91b5432f515356c5bad2f6c |
| SHA1 | f3299b6202c18ba8ada8b59756290b7f4464349d |
| SHA256 | cc9b83a8eeeed2d88b125d9ecdfba78a5108d5bc41a3ba463275f4676709c3a1 |
| CRC32 | 88BCDA29 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 1fbf6fee10ece86a_iexplore.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\iexplore.exe |
| Size | 678.8KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 0f0841efbdeae95f7aa648535951e5ab |
| SHA1 | 13e60a1c54c4d4c47c2782a50e9febca09cb32a9 |
| SHA256 | 1fbf6fee10ece86a2ed84e65f3b5cadb3c50acc8495f08fd6dcecb46a857b707 |
| CRC32 | 1A969B02 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 074eef24e282e375_mpcmdrun.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\MpCmdRun.exe |
| Size | 186.5KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | ac2028c51f34d41214d948a490de476d |
| SHA1 | cd535c9fdb34f183668a2087ea9496e685d3bcfe |
| SHA256 | 074eef24e282e3758c0a7d6c3b35c67610c982facfe62870c98cb97aa0ad1fb7 |
| CRC32 | DAA70CC5 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0dfac555af3aeec8_wordpad.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wordpad.exe |
| Size | 969.9KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 9b91c85c1822b8119f85e0ec68ef95d9 |
| SHA1 | 2c840c1c1eb8e3f86ff9ae0390d57564ad1e2461 |
| SHA256 | 7757d6239f427968b0838d86165f4d9ecc2c8113c2045862f3ac45b59478ab30 |
| CRC32 | FEA11296 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 759ca41363e4b129_wab.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\DC++ Share\wab.exe |
| Size | 504.0KB |
| Processes | 1612 (0cdb616350293f42e9503e1b028863c9bbcfa7e34ac767ad8a9ed02c29e5f091.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1d73a3d7442f91fe24727f919374b43c |
| SHA1 | 59993eb1f28aa32b4e8331952b4919a548e4e9f3 |
| SHA256 | 759ca41363e4b129e214552539cf3e09ac47ec9cecb292fa1f0f39b18e75f44a |
| CRC32 | CF6AFAF0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.