1.5
低危
70 个模型检测该样本为恶意!
重新分析
更多

0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd

0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe

分析耗时

134s

最近分析

381天前

文件大小

117.3KB
静态报毒 动态报毒 CVE FAMILY METATYPE PLATFORM TYPE UNKNOWN WIN32 TROJAN BACKDOOR WABOT
鹰眼引擎
DACN 0.14
FACILE 1.00
IMCLNet 0.78
MFGraph 0.00
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba Malware:Win32/Dorpal.ali1000029 20190527 0.3.0.5
Avast Win32:Delf-VJY [Trj] 20240726 23.9.8494.0
Baidu Win32.Backdoor.Wabot.a 20190318 1.0.0.2
CrowdStrike win/malicious_confidence_100% (W) 20231026 1.0
Kingsoft Win32.Hack.Wabot.a 20240725 None
McAfee W32/Wabot 20240725 6.0.6.653
Tencent Trojan.Win32.Wabot.a 20240726 1.0.0.1
行为判定
动态指标
在文件系统上创建可执行文件 (19 个事件)
file C:\Windows\System32\xdccPrograms\FlickLearningWizard.exe
file C:\Windows\System32\xdccPrograms\inject-x86.exe
file C:\Windows\System32\DC++ Share\DVDMaker.exe
file C:\Windows\System32\xdccPrograms\execsc.exe
file C:\Windows\System32\xdccPrograms\install.exe
file C:\Windows\System32\xdccPrograms\ConvertInkStore.exe
file C:\Windows\System32\DC++ Share\Journal.exe
file C:\Windows\System32\DC++ Share\wab.exe
file C:\Windows\System32\DC++ Share\msinfo32.exe
file C:\Windows\System32\DC++ Share\MSASCui.exe
file C:\Windows\System32\DC++ Share\mip.exe
file C:\Windows\System32\DC++ Share\WMPDMC.exe
file C:\Windows\System32\DC++ Share\ieinstal.exe
file C:\Windows\System32\DC++ Share\iexplore.exe
file C:\Windows\System32\xdccPrograms\Procmon.exe
file C:\Windows\System32\xdccPrograms\InkWatson.exe
file C:\Windows\System32\DC++ Share\ShapeCollector.exe
file C:\Windows\System32\xdccPrograms\is32bit.exe
file C:\Windows\System32\DC++ Share\TabTip.exe
网络通信
与未执行 DNS 查询的主机进行通信 (1 个事件)
host 114.114.114.114
在 Windows 启动时自我安装以实现自动运行 (1 个事件)
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell reg_value Explorer.exe sIRC4.exe
文件已被 VirusTotal 上 70 个反病毒引擎识别为恶意 (50 out of 70 个事件)
ALYac Trojan.Agent.DQQD
APEX Malicious
AVG Win32:Delf-VJY [Trj]
Acronis suspicious
AhnLab-V3 Backdoor/Win32.Wabot.R231859
Alibaba Malware:Win32/Dorpal.ali1000029
Antiy-AVL Trojan[Backdoor]/Win32.Wabot.a
Arcabit Trojan.Agent.DQQD
Avast Win32:Delf-VJY [Trj]
Avira TR/Dldr.Delphi.Gen
Baidu Win32.Backdoor.Wabot.a
BitDefender Trojan.Agent.DQQD
BitDefenderTheta AI:Packer.81C3A79721
Bkav W32.AIDetectMalware
CAT-QuickHeal Trojan.Wabot.A8
ClamAV Win.Trojan.Wabot-7053120-0
CrowdStrike win/malicious_confidence_100% (W)
Cybereason malicious.1c2a4d
Cylance Unsafe
Cynet Malicious (score: 100)
DeepInstinct MALICIOUS
DrWeb Trojan.MulDrop6.64369
ESET-NOD32 Win32/Delf.NRF
Elastic malicious (high confidence)
Emsisoft Trojan.Agent.DQQD (B)
F-Secure Trojan.TR/Dldr.Delphi.Gen
FireEye Generic.mg.9a597471c2a4dd60
Fortinet W32/Wabot.A!tr
GData Win32.Backdoor.Wabot.A
Google Detected
Gridinsoft Backdoor.Win32.Wabot.bot!s1
Ikarus Trojan.Win32.Vindor
Jiangmin Backdoor/Wabot.z
K7AntiVirus Trojan ( 0055c5c91 )
K7GW Trojan ( 0055c5c91 )
Kaspersky Backdoor.Win32.Wabot.a
Kingsoft Win32.Hack.Wabot.a
Lionic Trojan.Win32.Wabot.lh0Z
MAX malware (ai score=89)
Malwarebytes Generic.Malware.AI.DDS
McAfee W32/Wabot
McAfeeD Real Protect-LS!9A597471C2A4
MicroWorld-eScan Trojan.Agent.DQQD
Microsoft Backdoor:Win32/Wabot!pz
NANO-Antivirus Trojan.Win32.Wabot.dmukv
Panda Backdoor Program
Rising Worm.Chilly!1.661C (CLASSIC)
SUPERAntiSpyware Backdoor.Wabot/Variant
Sangfor Suspicious.Win32.Save.a
SentinelOne Static AI - Malicious PE
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:40:53

PE Imphash

5662cfcdfd9da29cb429e7528d5af81e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x0000c984 0x0000ca00 6.572458888267131
DATA 0x0000e000 0x00000a1c 0x00000c00 4.533685500040435
BSS 0x0000f000 0x00001111 0x00000000 0.0
.idata 0x00011000 0x0000083e 0x00000a00 4.169474579751151
.tls 0x00012000 0x00000008 0x00000000 0.0
.rdata 0x00013000 0x00000018 0x00000200 0.2108262677871819
.reloc 0x00014000 0x00000710 0x00000800 6.25716095476406
.rsrc 0x00015000 0x0000167c 0x00001800 3.2124871953120624

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_ICON 0x000164a8 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_RCDATA 0x000165e0 0x00000078 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_GROUP_ICON 0x00016658 0x00000022 LANG_ENGLISH SUBLANG_ENGLISH_US None

Imports

Library kernel32.dll:
0x4110d8 VirtualFree
0x4110dc VirtualAlloc
0x4110e0 LocalFree
0x4110e4 LocalAlloc
0x4110e8 GetCurrentThreadId
0x4110ec GetStartupInfoA
0x4110f0 GetModuleFileNameA
0x4110f4 GetLastError
0x4110f8 GetCommandLineA
0x4110fc FreeLibrary
0x411100 ExitProcess
0x411104 CreateThread
0x411108 WriteFile
0x411110 SetFilePointer
0x411114 SetEndOfFile
0x411118 RtlUnwind
0x41111c ReadFile
0x411120 RaiseException
0x411124 GetStdHandle
0x411128 GetFileSize
0x41112c GetSystemTime
0x411130 GetFileType
0x411134 CreateFileA
0x411138 CloseHandle
Library user32.dll:
0x411140 GetKeyboardType
0x411144 MessageBoxA
0x411148 CharNextA
Library advapi32.dll:
0x411150 RegQueryValueExA
0x411154 RegOpenKeyExA
0x411158 RegCloseKey
Library oleaut32.dll:
0x411160 SysFreeString
Library kernel32.dll:
0x411168 TlsSetValue
0x41116c TlsGetValue
0x411170 LocalAlloc
0x411174 GetModuleHandleA
Library advapi32.dll:
0x41117c RegQueryValueExA
0x411180 RegOpenKeyExA
0x411184 RegCloseKey
Library kernel32.dll:
0x411190 WinExec
0x411194 UpdateResourceA
0x411198 Sleep
0x41119c SetFilePointer
0x4111a0 ReadFile
0x4111a4 GetSystemDirectoryA
0x4111a8 GetLastError
0x4111ac GetFileAttributesA
0x4111b0 FindNextFileA
0x4111b4 FindFirstFileA
0x4111b8 FindClose
0x4111c4 ExitProcess
0x4111c8 EndUpdateResourceA
0x4111cc DeleteFileA
0x4111d0 CreateThread
0x4111d4 CreateMutexA
0x4111d8 CreateFileA
0x4111dc CreateDirectoryA
0x4111e0 CopyFileA
0x4111e4 CloseHandle
Library user32.dll:
0x4111f0 SetTimer
0x4111f4 GetMessageA
0x4111f8 DispatchMessageA
0x4111fc CharUpperBuffA
Library wsock32.dll:
0x411204 WSACleanup
0x411208 WSAStartup
0x41120c gethostbyname
0x411210 socket
0x411214 send
0x411218 select
0x41121c recv
0x411220 ntohs
0x411224 listen
0x411228 inet_ntoa
0x41122c inet_addr
0x411230 htons
0x411234 htonl
0x411238 getsockname
0x41123c connect
0x411240 closesocket
0x411244 bind
0x411248 accept
L!This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject%8
;u3YZ]_^[
SVWUL$
]_^[SVWUL$
uZ]_^[
YZ]_^[
_^[U3Uh
d2d"h@
d2d"=5@
u3ZYYd
#_^[SVWU
SVW<$L$
uSVWU@
]_^[USVW
d1d!=5@
2E3ZYYd
E_^[YY]
UQSVW3@
3Uh6"@
d1d!=5@
E3ZYYd
E_^[Y]
YZ]_^[
d2d"=5@
}3ZYYd
E_^[Y]
$PRQ$"
_^SVWU
< v;"u
3C<"u1S@
>3Q<"u8S
< w]_^[
Ek<1fU
Ht Ht.g
6Huv=L
VI3E?E3s
3EE_^[Y]
f=r/f=w)f%f=u
f=v)f=w#j
RPCHPt$
-CGL$
SVWPtl11
-tb+t_$t_xtZXtU0u
FxtHXtCt
~ExC[)A
FuY12_^[
PRQYZXt5x
@~d@PQ@
YXYX
uM3UhU3@
EP3ZYYd
f%fUf?f
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Iu9u_^[
PRQQTj
YZXtpH
S1VWUd
SPRQT$(j
Zd$,1Yd
t=HtN`
r6t0R=
t/=t&,*&"
3UhB:@
USVW$@
d2d";~
P'v_^[]
aSVWt@
^v]_^[
QRZX1Yd
PVSY_^[]
PQiZXSVW
ISVWRP1L
JZ_^[X$
thtkFW)w
9uXJt
8uAJt
t8JIt2S
PHXHI|
St-Xt&J|
t0JN|*9}&~")9~
tVSVWU
t@t1SVW
1Z)_^[
@+u<E@
USVWE(@
d0d ]ES
u_^[YY]
UQE3UhF@
d2d"E@
t3ZYYd
%3ZYYd
U3UhH@
U3UhH@
3U3UhAJ@
P~SD$
U3UhK@
U3UhK@
U3UhL@
TFileNameL@
TSearchRecX
U3UhdM@
EEb3Uh
tC&EPU
U3ZYYd
U3QQQQQEE3UhN@
d0d EM
EPU3EPtKh
EcPh0O@
system.ini
Explorer.exe
UEEEz3Uh.P@
d0d U,
EP3ZYYd
IuQSEE3UhpR@
tjtfhR@
t-u)hR@
u-t)hR@
" -a -r "
" a -idp -inul -c- -m5 "
software\microsoft\windows\currentversion\app paths\winzip32.exe
software\microsoft\windows\currentversion\app paths\WinRAR.exe
C:\rar.bat
C:\zip.bat
PHuES3
E.E&3UhT@
EPEPEP?
a3ZYYd
IuSVWEE3UhX@
d0d UEJ
U3YEU.Ef
EU\EUQE;}>%
EnSEcPd
to3Uh2X@
EP3ZYYd
IuQSVWEE
3Uhh\@
U3UhY@
d0d G3ZYYd
$UFuh\@
VUEL@t}0EUm3E
EZPE~h
=3_^[]
abcdefghijklmnopqrstuvwxyz-_.1234567890
IuQMSVWMUEEEE
+3Uha@
d0d 3Uha@
d0d EU|
u?8.t4uha@
u|U|ttx
yupUkp0hwhlj
uXUXPPT
uLUrL7D~DHq
-u@U@8+8<
u4U4,,0
u(Uy(6 $x
3Uh"d@
d0d 3Uhc@
d0d EE
8.teChTd@
N3ZYYd
_y_^[]
NOTICE
:to get this, type !xdcc_get
bytes)
uTC,PSC
EE>3Uhe@
d0d SU
E3ZYYd
EE3Uhf@
d0d SUf@
PRIVMSG
UdSVW3
dhEE3UhSh@
d0d 8lPh
d2d"EP
s3ZYYd
c3ZYYd
ZE.H_^[]
BFKu_^[
USEE"3Uhh@
d0d UE3ZYYd
U3QQQQQQQQS3Uh
| v;}
N|7 vU+A
M3Uhj@
U3ZYYd
EE3UhPk@
EPE!PS63ZYYd
E1K[Y]
3UhYl@
\DC++ Share
\xdccPrograms
EE33Uh?m@
d0d EUFUTm@
a~&EPUTm@
EZSUTm@
U3ZYYd
f\[YY]
EE3Uhm@
d0d EEPEePt,P3
EU3ZYYd
U3UhQn@
TWarBotUj
SV3Uho@
EPSE/Eo@
03ZYYd
IuQSVWd3Uhs@
`U\E\U\
EPSEPcfC
PfEEU:E
X/XUX8
3EU,t@
~&EPU,t@
EZU,t@
\uh8t@
L3LP P
PcPhlt@
EIHhlt@
DE0Dhxt@
\E>EPj
EPtPEP
SfPV j
EPzVt3ZYYd
PRIVMSG #hellothere :
&%->=
PRIVMSG
DCC SEND
IuMSVU
EN3Uhy@
d0d EUaE
EEPUy@
;~iEPUy@
EEU8EPU
EZWEPU
EZ1EPU
EEPUy@
EZEUUy@
:3ZYYd
PING :
type !list for my list
!list
 for my list
!xdcc_get
#helloThere
#helloThere,
JOIN #HelloThere
LIST >4,<10000
U3QQQQSE
3Uh,|@
YUuhp|@
?Uuh||@
G3ZYYd
PRIVMSG
ACTION
!list
 for my list
SVWE3Uh@
E3ZYYd
NICK [xdcc]
NICK [mp3]
NICK [rar]
NICK [zip]
NICK [share]
NfrSF3
Pzu _^[
31ff%3vcc%%112c23J33c22322332crc3cr233J2fJffJv%1[J33JccJccfcc2fc2JfJ223rrcrrJ2cc3f2r3r233Jcf2rf3ffJfrJrr3f2]fr[2rvJ23%1JJJc1fc22%J[rr]ff2rr2%ff32f2J23r323223J2rc333cc2fJJ3JJ2ccrfrJr2r3JJrcfc322f3cr3rcJ33f33rcrrrcf3cfrffJ2cff2r22fJJf3rr33rJ2f3cJJc33r3crrcf33cJJrffr2fJ2f22fc3ffrrJ32cJf
]2]3r]31111rfr2crcJ3[%%]]vJf3233Jr22fJrvvv[v[Jc3Jc3rcccrfJ3ccfffJ3c32Jfrc2ffr3cJ222JcfrJrJ322r2ff3Jr2JJcffcc3vJ]c2[2%Jv%2]rf2J213]3[v2]33[2[J32c2r33rrf2c2cff23rJJf22cf3crJc2fJJrcc33c2fccJ332rJJcrrffJr2ffrcJ3frJc23frcr22c2rcJc2cJcff2c3cfrJrf2rfr2c232cff3332fJ2r2c2cfJ23f3J3f333J22r2f33
J]"^^"^^^^^""""""""""""""""""""""""""""""""""""""""^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"=~\=yw$="^^"^^^"jCzyw6=^"^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
ff^ ."k^"=!24G;. .. .!nzL4OJ"~~.. . .=
]J^ . .!sG!7{^!s8G=.. .^68Vs2!;.;*}.. =
f1" ............. ._Inzoz6$295. ..^lkcv".."";"L. .=
1c^ . ,!%6***O8Izy. .!j_". .;w=;]. . =
ff^ . . . . . . . . . . .. .. . ... . . .. . .. .^|uuzw94V9=. .. :"=^,..uS?^. . . . .. . . . . . . . . ... . . . . . . . . . =
Jf^ .. . . . . . . . . . . . . . . . . .. .. . .. .. . .}6T6$i!+~,.. ~O4u{!!je^. . . . . .. . . . . . . . . . . . . . . . . . . ... . . . ... . . =
22^ ... . . . . . . . . . . . . .......... . . .. ... ... ...... . .6Ic35I=. . . ...^v}ca$l^. . . . . . . .. . . .. ... ...... . .. .. .. ... . . . ....:... . ......,.... .. . =
fJ^ . ....:..... ...... ........... . . . .:,!!<-!==!"... . . ...:...:..:..,. . .^!\, ..,,..:.,.. . . ..:,^^.... .. . .....:.... ... ....,:..,., ..\((?>(==^:. . . . ......,,.:.. ,."!!.. . . . ...^"~?(|^ .... . .. =
cJ^ .."J4nTn5TaL<.;"clJws2:. ..."=i?2ai<,.. . . ..^~%yehY3CAh5Ti~|~. . . ^11J3399T16c;..^)JL5o.^]ff2t??]3+=. .^?t{$]t=~|]t. .isfanzCC%". . .rsyz4LVYT9C~. ..^j5*hPDPe0TmaT1~;. .54wjtffi%J!. ."+jjwc%i]=^. ..;!?2t+mFDK=;(zs?;... =
r2^ .=gYDFSQUgDj-GkK5oVhFJ!. "!9m*JaPa?. . .;!Jau$UFU*a*n$y1VOb~.. . =UG0LskShqpU"^n5gpq8.=ATIIn2*m*U... "J6n3)!!=pd. .;*PpdUk}v+t^ . ..bZAgFPDUonPb.. . .!GZQPPms%+tij6DQ9=. .%UszufL4s4mj..)5m58T9&f! .:tnS$_!+&PDDl"IpDg=";. =
fJ^ .tXeT0kVqDF]xDqhs04GmZ^.]wTTCrkFV2[^ . ..^7Tr}":.....8CcVwu%"". ..=ZkasJ[%rOm&"{nZqff}\.=Vu1]rOk]zTk ..."royC3wDQx8 .+%bQDFFFh}". . .x8VYhhgg4oTk .:-az0{"... :wkkOpPP*T;. . (tv0gPUpAGbc"+kyw69*&mUG0&G.. .. ,~I&Qi. ....=21UPmTP2 . =
3J^ .+#d04kO5VUL#AFFL8&YOFFc=sanCv*qZac_,. . .|c3V~, . iVuIrsY5y... .=OC23c3cfI54"k4V?(69t.)g9I$JVUi!t[ . .."CCTyL*Zhe4....6!obQFUDD8i. .. :xasaePQUkSPx. . ~Fprn^ ..SFPPDbGz&$". .iyuJeFk5O4Ta$5w|i1oC8*4eG*O:. . .jcTh- ..,J=3gDOddh.. =
32^ .tWx50GGs$Ca"^=*h4xhyXWAx^-JII*gW52C^. .^ny$~:... . "9sC%]uGnb5v... ~8kkny6u$$2+~It^.:^^^.?Ume4zsbn~<l. .^+zJkhqDSkG.. .Sc?c5qDPFX1:. . :hOzfOxL8dWKg. ..=khb7. .. .9PDPQJ4GY%,. .%ghTkxOru]7wxu^.;|JnT*T&8Oh{.. .Ja$"... . . )+%mF8Feh~,. =
cc^ .+#h%l[6okkL..!x0*Zq5Zqde. "VsJ*XXpJ$" . !n37.... . ;++cj1+iyACi^.. ~CCuw9LOY4Vo[i, . .?d532taFULy8 .. ."jJ$5gqpDmIs ...Dp5rrsDDFX. .wVXQ6VKWKK#d .)qPU ...}WA*njyZkXF! ..}bFPpkx611axI!.. /%aOmmr!ti6... ,vn\. .=3w&pO*LG^. =
ff^ :tbuy6o0ZQW(..>x&ZAeDnbAs. ^sTrg#SAI+. +7". .. . ^$iilvr+&m]i" ~a9kk*G88TCc|... . .=LCJ2nSd&uT ..!ltfdZZFk]|s....WFV3nvlwdF$. .4OPdVdQQFpxT.. ~be!. .. . .[e55T5eFVFb!. .tQpQqPGzrT&G, ..<nfnn8$+i%w^. !^... . . +ombY&q9,^. =
rr^ . ?gxPSZFqFZ) .<AZUdVDC9bz "&f$qXPb6zf. ..... . . :tT6}JIck5t%|. )p*&890VcCy~ . .(shI+2FFxyi . /r9pAFQp$j!Y... #FD4s!/}*Pf, . .*pO*hO8nTf+. . .... . .. .lxUhLQDdLQq7. .=$khAQS8T*4j ...:=a!i+35*8oT=. . .. . .|o]IyZFA[Ve" =
Jr^ .iDSFgpqZxh= .!QdQSTXk$&T "e%veDFPzz1 .. .... .. :~VqCtju8z2Y) ..)8k8522%$5mc; .(aO7+IsxQFV=. ."$dddDeY$vQ. .eFQD5%kPh3>. .YZeqQPZU06uz. . . . .. . .)65OgDFAqUPu. .tTw$*Ud8Oa). .~xc!|jkaTs6!. .... .. .. .|Off4PVT8Fb^ =
c1^ =ZggAA*auv!..=SgQPwUn2r. "#V$TQPQss% . . ,";^;.. .t*dk3++*T6V= |YnC)"tI4*0+... .i82]ww6aPpx6 ...<8AqFhsu9uF . *PS#q1+!~<. . ,4QDqdDpDxw5b.. . . "!"\^...=?78xPdkUPA.. .[Gk0c]TLm&2_. .?0o$u[TLCzw). . . . ;^"";...+dmsYGO&DF*^ =
21^ ..)ggAO0n11]~ !*SbP8LI]t.."Kh6IdPUna] . . .."${C}:...|y4$a[=sTV*| . =3ti~!1GepG+. .. .ib$fC3CSDQF ..!eFDUnuIC5W.. nUFXSfvttCi: .. :ygPQGSDSh*gb . ..ia4h]^..|i$mVd*CAUDu.. .lhYeZVTs5&!.. .=u96zI6$n=.. . ...?s*n|...iPbq*Y8pA*n;. =
c%^ ..=OLCa&YIn8= ."J4L86yG4k+ "DWQxDQSsIs . ..!}=oZicz{3{"rOdbA*DnyCC~ ?8kL8Oonzc2t. .=*o|"^~lZPgK . .!qDQarvuCJ2L . .ITPW#uooont... .%qPbLJSpmUPh. ...!YZYG&aDOsg2swY9ZTrD5Lu. .iDx&bFdDPPz~ . .!3Cft"!t$8J!. .. "sT*GFDXKWWS]QqQxq0hPXq^. =
3[^ ..?PFamG&LpF( .!Gxh*nyr3&J. "KFDUUFFonV. . ;|3o3o8c+~"\~~7Cnbgx8C333! |G0O4mGkVnu+.. .=Y**TYGTmeFW ...!DUO1yzys8xx . IfsxFuow6y+, .|FZPL2rTmQWS. -xakmdUe8!!nPe9e&o?iT]ao. .jQZY6TGbZgnl . ..\IVhm7=z9)... ./wfJc}]w==0hUbQm400*&Qd^ =
f1^ . ,?SZ*n5cQAQi .!ASdegZ4*4} ."epQQmAFy*0. .=smS5yLa<; :!y0VAGko]ftJ? ?pp4VGV40GG{ .!asO4gDq44dX.. !q&6&bQXFQpP . 3u4qo&5yC(, .. .~dbph1cYKXG.. }p*0Tm*qg.. "pSaey/^_r0Uw. ..+UQh7)[y&dZ{ . .?na*kG{Cz%C!.. ;o9v%jJur=,.^)ObOuY*aOSFU^ =
f]^ ..=4OpT%2FgPi "VdUdUDDbUw .^5ZFDY#WzV* .*WK#qnQp". ~pbZx9T61vi~ =*GOGOGmL4Lt. .1oa&ApFe4gK . \hxpSFPFSWQq ..sncsAkCIC+. :=FAPh[1ikWA6. ,2DKQaUpYx. .&Z8A$^.>6qPz. .[AFps9aa88k{. .<L8*G89wu$$=. ..)051vCY6!.. ,tYy3kUk&ppQ^. =
r3^ . . .tQnQbywY4Y~ .!o&&AAAdFPs "U$%8#&Y9xb. .uPPLurVXF+.. ."d*YIf5*[[G&=. !raazIas&4*7.. . . .?U2aWxsDF*P . ..!ePDQDQFDOu]. OIo2u+uT447. .!sPWdl+7n[Ia. .)GWWgO$LG {ggqo++1PFS.. .=dAUdy4Y&&g{ . ./CyIC]]r$&i. .!$GT+c*wmL). . =1[khQb*nDg^ =
c2^ . ,tXGt5VTfaO= .>h5L&hgUQn.."XGzoae8*Xg .!F5(~)IYWPv: "mw5h&2r**= =yJO5J]vf96(.. . ..(D8~thFC1nOP . .ppdhLsCui1$....69nVwfuzr. ..\$#Xx]$Tynw%..=mhKQPV06CJ .+hhxivcyFpU. ..)VqdZVx$fLZl ..,t6OwC7f6ws(. :IxxT[Ynnw~. ^=TdpqQUYxZ^ =
Jf^ :.. .,tKxi6%ausm= .!psGf]5kYe5,."XgDhJqSmF&. "Zi?!!vTKgj.. ^G5Vab08$wk*( )L$r1uII6zt.. .)dUT%LPWJv4Q . ..^J$cuttt[fkm. 22*kwaYT647.. ./3pPhwm9o5k$..i#hbbqw$IC(. .7Z&9|w?iPbg$ . >+5hSg6urIZv ;c8mw2[2JV[/.."&Z*zfwma9a= . ,iUdPFdDs(o" =
Jf^ ;^:,..|ZFiJ1LarV=../Ys52|0aJct:;"bFx8&48xFb :ppTnYV%LXUI. . "P095d&&$5k4t .|8Or1C9TyG8i. .. =g&[yqXeVkg. . .;=Ja[$u35*Y. ci$Cn*948Lt: . .~&phT55$5G6..=Aoosa[{]u~ (9*0wy=?nUQI.. ^6sVb4?1$TQ7 .!OYz$3%iTSf=..~S4GC+cT98x?. .^nAFDQFPG;!; =
f2^ .=!/;:|SD{w$L*fI-..!ezLJ!nY49=.;"FFSO4mbdY0..XXUTT4O0PPn, "bctx*m*Ta48t. =O84$oosoG4+. . . .!}~;^!hPbaqD . ..!aTf$%L&[kmk. . ${IITmT69i:. .:!IaZez3Iw6YT..(zosTa&Ta49 !vom84Vx*5V3. .=DVGeS(Iyq1. =o6f]uw5DUI)..(U8Vvlr&sQW|. ~PQF4DQUP^:. =
fJ^ ^tTnt?2mOszzqSc:^^!hmk6]i99Oo.;_Xb*50Lxd01;"TebbeV0smD]:...^u(rU0O9GLYm)...)8kV*z$cwG*%.,,.:.,:,.jKZJ~")gQFFa...,.(SQPDhV6rJ$Y....cICY&TC6C9j;,,,.^(3rzm]2Ircx8:~0Yq08m8G4hL:.:.tCCw6r(t4eZ+....[AQ&7inmwcU}.... ~m2fc9VUdg3~. =OYme8L9Tnf". ..(&0kT*Qbg), ....... =
fr" v5Zm9r*a5IqZ&^C"<eV0+CkZaTl.;<Lry04as9t13?wQDDSForn0n:^.^^uI8e0JtxGLm)...)L0Lk*T[f**],;^;^;;^^.7XDAholoDPK5..^^:>0PQPQWqrfcY:,^.rw$50O4O5n+^^^^^;t6u3sIo91c89;!zSe48*8GGAn^;^^!=$TVOTt7sa! ^^^vFq2=!sh0+01..:. ^^!12cY&40f!..=qqAew949&o!....{pV84TQDZn!...,..^^^.. . =
2r" >58qpLnIaJegh!s^!6u+=f&As0s^;!CJ4O5{Jwayu"?lQDPF*)7*a^;^;^3TO8n^5x*m|..,=0mLG84TCy4},^;;^.";^.+KDAqSGaDbPa.^^;^-wkbPSDU*ocL.^;.20zswVzys6i^^:;^;fa$fy$m8itvr^;{LG**8maaa;^;^^+ysm4q4YT".^^^%g$"ifIs0+a+::^. ..^iII45Om$!..?pxU8tTP*x0!...,|ksb&wdQAUv^.,:,;^^^; .. =
rc" rmGqA*If1mbU{n;_yur5f6bJ!!Im5$]aGV9".!"feQZZ}5n^^;^"s6bkt^.?Tk*t^,.(yaG*O*4nn&l;^;^^^_^;,=k*FdpAgZQPk^^^;^/%0nhpFKS0]5:;^;C4CuJI3$+^;^^;;zo9su8m(=%[^^iY5$$nu1f9"""^|5I6Ls*Skz[";^^^{6!.iY5y6iCt.;^..^!t6&L&VPkC_..)pUxT+kDOGk=...:taGZs1VDSQ^:^.;^^;;^^ . =
J3" :/yhxxGGf6*Sh0!!a+7J9L*8*G8m$65TTzuwu^^~n]$epqDxa6"^^^!YG*91?".^}O+^^^tuifnYLzmnIi^"^;^Ii^"^jg*~?+{%zmxg^"""^(rtjrwzo0*&^^^;^vzaLsmG*&sj"^^"~Js[C*J*a6CL&5/^==3uJv~OmxT"""^fxO8e6+ze+(3^^"^]e0naYeqT=T];^;;:?U84a$AFLJnj.^"dx4IkWP*45);^^^(ZFLzzIhPDq<;^^",.,^"":.. =
fc" . ?r8OVphC8pbk~!]1!?2]CC$wIL$wI6Cwc$Y*""+xDWFU4hgV]""""!ffomKXS=;!&7""^(ryT24Ooh6u1^""^=a?"""%n7=t{71a*Q^"^""to^=t2GOa5i^""^^}xAmGG4Vnft"!""lmCC4f9II50*f~"!t6$rii*m0w<";_CYoTmT+=o%!J^"""%VSgAP0xZuo7^;"";)en%C0Dbu{h%^"\o7tIqDpzsTt^""^lQ4Tk8cfVdU!^"";. . ;"",. =
3J" +Cl&mLhzomxs~+%""$01J]9Cj$uCk8onTuc""=ubFFPqbLG>""^=aJCxDFXejt9{"""{k4]n53mnT{"""!fJ!""+OkGeZFSaaYS""^;"iO^^i+3owV!"""""jh8k8kos9cc!!_ifiwCTuICz58a](!!+$11[&kG8f!!"!5*8*m&u"=1|%!";.=$0h8U&hG&ni;"""^tT2+aqF0}$q1^"^>i]fVZOn4U7"""^9&&fwaJ[CLO!^"^.....^^";. =
Jr" .j6(fOqVGoTe3"!fv_^lw%%kC+i1%CuG*Y09a=!!iSQZFbXSkz<"^!tG%jQPDDQhw9t"""jXdr1]1LTO%!-!=4J!/!!CSQPPQFOk44x!()"^+e"./)tI*&"!!"--|mY4YyC$163]+1Oat}JIwC$C8s52tv!!(%]uT8mGm2!_<+*8I5gky"=i=i!":.-!}y0wuoswk7"""";)fuJ0PDTcLD];"^"vS$0ATaZPl!">+mTC]zT5$Tkai_";,.^^!\.^". =
2f" .^"""!!7ffji~ti1rannxs1lcaaVnau=t]uC$n9oT5wwzI}8?$aw{nwY0s3DGtPboI&*eDhs5}!!-]0rr1]Csh4zO3_[g8(~|(=c8a6y6$z9[$S(Uh4~rh[=ijt}s{!!!!!!!}fjtI9o$*t3C*y="Tl|fut+j9c$x5?t=%&O88**J[?!8&m=7m9v}%j~_^"|zy^"+[jsv)iui>!\~~vxOs6Y*pDPPI!!!_~&nzO$*QKb612VmSSgpqYs*een~;"!1dGv++{i?~"^,. =
v3" .!$$Is40&hpbZgbp&k2c]In*&OCzOG8T0v+[5J3Cf6w$r3Ifz2bj|Is0hV4gU0S4=AWg+1ne9TZ]=!>tj7tj5sok3Aj=*gx!)=|}24T&O5Ow+t*Dtqn%]aPqZsGd0C?!<!!=!=~1Cf$f}0k+fYJ?!+wfs&6i=+31LpT?=tJw8LGkatv9iJ}+1=?utn5="_+cY9!+f56sUo!ir?-=!|tnZksY*a4qD*1=!!!!t300aGmL4VhgGkPbQpdoGxkYxl+c0bm}3azyi^;. =
22" ,>6L48eA0meG*GmLm4*i[Iyw$+&m***r1Jizw3[I198Yw1[+{jfFjj[YSQVkUx31i=Z#XJ&Gxs5Fp2t!iTsu%T0YO%spJuS8a~=iJOGV4Y84yf!]ZF)Tmt5APPq0mbS}~!!!()=||+lo828Dn|lt!=(&dSA2%v]f4eT!tvvJYVm2?"[$t$]n5C6$tvCm5t!y5)+f4h*s*G{7[?!=(=+fYuTmknozTrt~_)i+iCgVaGx*YOn$]4AUPDVo4QIUAJsxDQ9}JICaI{>.. . =
J%".^|Aqx*8epO0hV8meGG6stCCC*u%]8yGs$!)=i86c2]t1Oz*v!!"!yFClil8AgU05a!)~9KD$==))kX&~!<!=|=t~~)=~=TS%8gL]{IsV84V*kkf{="?tt?+hCi1w0m4eLY?!!=/~i?===|+5wgDsit==;!lUdU4it+2tIkST(1cccuVI^^!Iwv+%Ogg*0z*G0iuu[t$Z0&s1zhc=|=-==|)?+{+iiti=!=tii1v%t3dmzUqgp837}25s9u(ihU%69{SDUg[3no3i!^. . . =
[f" .;\(lCL*xU4&syCo0YaTV7$Clru6+)ttitnk9$o4&Jfu9o]i~=zWei|l2aC]7tt((?ipDe{~=%KXw~=~~((==?==~=}V&20OwaVLem4V5f%lt|~=}j+ti2%"-{f&Irv+=~~~(|?lt+iti1xSQril+vuLUqxuu+1ll]8pbn}JI3ftt~+]vuwj3{~)t$n0Ts5kC$oIzTI3{=!sFx2=(!"ii|=9[=)t{{7?(t]%r3{jYp5{55o3i|)|}3[[7+]PF{czkqghJ~(=_^;...... ..=
J2" . .!([mm*8oIYT8&ssSbT}}vtuwoCc4cqULv3s6w+(nWQ!tFZAL}+t+++=$WFh+|*FWu=!|=?tti)=i?=nmmyw88m8m&8i|?+}7j)tv7v+)}l}it7]i!tlt~+ts1tiA[+ii5PDg7j+IddAqkizQtff1CSqh5InJ2j]l8F43o8=: "2%[I$%1ooy8zf+(nQDd++=^+it]g%ii=|{+tJ+iju[lyggyj]j}t=\!!=1r{ot2FXvaDPASt^.,;^!()+++("^..=
2v- .==Ch*V8eiv8a8*8wASgkj+ta6oJvLv4DFswIo+9KFr^!zgAFdt=|?|t8QDt!hDZ%)(=i7tt+(!(i=[9*&*Gm4O8nl!i7%}7t+t111t>7v7j+Tli/)]v=!j6&f]iDsi[j8QQPt+7*SPqA!wFftJcyZdPsJC]j+caSPL%$ao!.,?2[vuGti[+$w*88ksIzSPpl1t!+7sDv++t=+ttntt]%t7Gxbf+uTn5T5ojj[]L(%Ue3dFPGt^,!t{aGxpxge8w+"^)
J[/ tc4qkG*5uG4GVUp[0*xPY!3Tmw++nreZPZwu$${IWQw"tjmFdKD&v>^!!IDpI=PXQ{(=i][}+i}yn*TI9Tw9u]TyoIl+}+i{t"+tIu7^t$I%i0$!^tc%!tLAn%%}De}{2xgFU~1*ADeQg}+6pz=$5sUUD6I2c7%3sAK*+z&IJ^:^1r9w*m+=t]lIf9mw*6&uZgD[ji/"(T4F1ttl}[1+*1|=j16eAh%{9TaTG4s9yari*lIPhGbFSw!"=0AZZZdgpSUzt". =
J3- . ^CY8*8T2|*8GahhxC={CVn2n4mt!!s9r6mKKenoIc{eF4+c6G0OFXPqVt=/"hgxnQQ&6$%7}]3(+2mxgUG9u$f20kY*&V0o6t=yt9$67^![cltmO!=Co9xPx[%uzQPh2jDFbm1GSASni=tfceerjw5DgD5oyfruu$6r|!Iz&6j=|$TV8af(tcJ$lt$osCcuT3gqZG+7+"}hPe1rfljII1S5%j%2xQQmjtoknYY8&4ekOeTVgUQQSZLa0hpZgUbd8yt!". . =
Jf/ ..=TG0r!;(Gm45b8mh.,;/+w0To;!^$w52{DKDFQ3u73Ae2JQF!IQZPDQD=IAqDDPp#4u1t[n7!uxFU8mivCfnJO*0Gm86C4O3nrl?(]$uilqg{IVFUULuo2iyIQQ05PDA0FgFDj...6n[VD0{vOAFZ]7uJk2$5^.^f5*$(80*Go9t~"y*$L*{756I}t==YpPQo=+t4A#012171+jDU0cz4bPUv2j2mT94FFQ0&V&TkLZQk4ZFSDPDPPPhs|";. . =
JJ> . .:&oLV*&":;]dG*CqmVh,..,!nGz3.!"a9ou)Y#PFFkcv%FZzyKWt.!L#DgFFgG%&pDPQWPTav=7IufeSq8kG2f2oGL29nV*&Jw$IGaJ5vlT$CIjCUb3f5DQUm1[57/%3xP4VDQh4qPPA^ ..O%bDsikeAF=/+yAJJyy",;3$$][V56y6!!~+yw2xO9fykfi%?zPPps}i+hDAarfucIt+APkCzOgPh]59362apgDDwoa6xUYSUYpPFSFZFG5%=^ . .. ..=
23\ .^ckG*gC.."w0Om7bGk8^..,taw5!."^u9as~+xPpPFntcPZO0PD\..!LdDFQDAsrGDqF#4uy+^=TAbg&8fo6viuaV4w[1uCLnJafu*5vCCzznIvurQpwzebdF3vss1i7tYQgYPPeAQQxl. .^TIttVxLisFAe!:i&PLu90i^^}J[fCocI^;~aLzzrdbGsvI9%{{JQQpktt{FUP6JIrJ%ortAPAz$bQp8]Y8}oVhSFpa}$C$0AZqLLkqZFeGni!;.. . . . . =
r2\ .;t$sV*0f(..^tGm&e~8V8G".,>2J1|!>|?%TTz(^>{shFxLC8PxghO?~!\=1[SbAxhTLeg*ouf)!|9*e0ortjsa{]Two4Yf2ura]{al5n$TasIcjc45QYOxPQe+!20n5$GwoeZxegZh$+~!=ilJOn6YZxn&hdG~l8gZ*iin9[=]3JC>rwIt:"%GLT5zebgV5cc{~8Zde[%0QQZ]6TzIo7nGZ85DDF8wTuxFQAGy?^>|I0Aekk8x84&nIJC2(".. . .. =
Jr\ ._Ca4&4%. .=mhmG4^3G8m=,.(aemmSKXFdPDbA&j]&hpDF[nTww8ksAFqAFPAFFbGA4q4FUc)!tt|t{6)!&xC?c4YTsV1iC$saC$$ouz*Lmw!;;(D{aqOUDQx57IZDFFVwKeaSAxYOG15GZFPPpQQgbbWPdhOsiQgZx=,;tmozuwwo~azkz"iCTG4wuL[r*xAAeIc~tQpqorpQZZTJJ9J3l}CCYAFkFDqmY$IxDQD*sgz_[xXWbpkYeDADAPQhf2f7". .. . =
2c_ .^+8TnTz . ^[dm0GJ;7OGm|..={CLAhKFdAZFPQQbQqxS*pFl3kdPUQUQdFQDDAUUWkkmZDFd[;.:,;+8y]LG+!ukZma**3[J[IOsuCI50*9[".^~b[apbQPZO44bFpQdPTPUmpgzCoUxPQFbSAggPUZQWPesskCoUDdv...!w*ns96u?wTY[=rGTy]|s9uTdSQFxyvt!kbFVJbPQaPC7%7fsLYbFD*DQb9waYPQPd8pb*+hPAqDPa&Ad&pQbDbAd8c(;: .. =
rJ< .!n8ayt;. "JL0*mf,t&Gm!::+^|rGXQSDQPQAAZQFFUY5IYqWWDpApFbbbUUPPFI+v&O0DF3.. ."sD1+*kk!!u&Z8$zm4oI+Jys$uzaoCIv!(=tba4bZdApqpqbUDSQDPwpUD0k*DUDPDDhFFADdPFqpn6*U8cVbpDi;"!+wL8sz89i6z$u240LY==LaJ4qAdDh3v"2ADgngQF1WO+%ueQdV2WPDeDge{9xdQqgO0XZYzI*SPZD55D&GmPFFpUQPb5_^.. . . =
c3- ."~~-;. .)0m4YT~.>$&G),;"...;<1$G*dQQQpgASGYVeeAbKFgpFPqgeSx4T3tVTYheTkx3....temi*hef;^7kmhn)Y8Gaf3Iww$JJ6uc$CfcCe*xZd*eUDDPDdPx8z+%nLhhe4hPphSA*O4aOmO5u6hhZg06hPAh$nVLxo4k4wwwcwr9y6ms4!;"9o5J7USASpOr+tDDDOFpG=FJrOSXxnJfdPDZdQ6ugFqZ0+"iKQhl+8DqxFh3PFexGheSdZSPg85)^.... =
cJ> . . &GYm5!...-uk=:... . ...:(2C=""~!(=i]lvzYyzj)_~t)>"%dZZZFDhDd{[=: ^j!,(UZ0+..<688d~!+ra8Gowu]=|ITnYz$]2dgO8wGwv}!^"!%rC?,iFqbcIhXPFFx\,,.."inFDxd*35UxanaVmwsmyo9$v=iifa9jw6T{..^owoT%tlkpQZd5uxDFqQ8!"yDDQF40PXx0dDZq51mDPZi;.,^ion5pFpJ5DA%sUFb3/;"9SSDUdZWK+>. . =
J3- . . .VVom]^. .^7a<: . . <[3^ .;^-ir80&Vk5T!.."";,.sDSDpUFPhQb(!+! ^"..+UG4~ ^C8*8+"t58*8o6fu3cJv=!?ticTghSV0GJti;;^yak="xPDF4?}gFFFPTi"^. ,"$DYpG5k&kAd&6a*&e*6$uII+7+I$?%soy!. ;$56yf^.|GApbF4yqPbDs/!pDXFg=2xQbVUQLkYahdgd)=?tlv3ossan!OQPu|pDDD{^.^!iaZPeXgxy/ . =
2v! :0kw8!. .!s". . .. ,tJ:..^|}eZq&LbUaei..^...!QQpDqbgP8QWt.^^.;...%mL4^ .^JmmYJ::!I*9o[icz$+;;!1eDSS0GkQ4mx$t"^yhY!jPPdDD]=+QQPPPd8+. ..~smbxVmnxDpg*1[c4Tmoo$uf{+~""CaVt. ,1yC?..;!sQpUO}eDVDJ!wDPQP*;^isPZUd44LeSdQYaOhgUASd*G5t"agDC"7UQSA],..."(nbpeex". =
3v! ^k5*k:.. .;[^. ."(:=j0SFggZeFUUzIx;..._vGPDge8DQFIQPe".. . .^z*$~. ..t**h$;"i06$y9$$Jzz$?~LbKDPmfzhepUQZh*sGYu_PQKKgbg6=thDPUPWF=!i$VeeVoI7tt~";:::^!?iwo91?)?lyz3t~"^"tu$$[?=!"~LxZDVGAxxtupPe5i".:^=Gxebk4LheAAqbPPPFPZPZQk$)n&xC.^?eDDP) ..,^"~(|{=;.=
3%! "5ws{. ..^^. . ..^!wUFhPFpGhFPYGDV^J+./&QPpUa/^gDQG"5DX+ . ,i$!... "dGZC5G0$!kTC6yIIV62zUQFFQ1tqQ8qUFDZPShpptcFQq$PPA:,.^eDQKPpJ"\|IqGDFPFAPh|.. ;nkO4L3{aI$r[c$G*8mm[=LeUDSqZADSpPbYa9Y$VQFJ+!^;^+VqhVV*0OsyGFUUb&5ksvjl==!^:hFQa .!FDK*.. . . ... ..=
3v! 6s6! :^. . .;+TAQpDqF9chbDowDx,!]"$DUbFG!:;DQby:tUZt . .;2t,.. . ^hAO3Yko~"2kzwo6o3aGuC&KK8YSu)yFpSOTbSQPhT0oG#KViFQg^ ..~seWQDbt,^tyCFAPQQpDq<^"(}%=C!!5ouii(JT4mmLat$uexPPDAPppPQ4m&8shqDs4ay6=^<+ZAee*0utjl{i?!><"""".^<";SDPI . ;qWWx^ ... .. . =
3%! .!T43, . .^ . ;=pSpQdZe+cZDZlJDq,.")FdDpDv.:!PQUt.^}x+. . ./J! .. :kVsa]!;)ayCIu*mCtry3UKP9kD6!ipQbn|vbAZDgdsxQK6!QDD(. :"=9dQUS!.++7#dd*ADQPWe7^.^;,t^^o8mc(.^!=++]2tCCIz4QPbgQQFdphV8ObQQFFDpAGr="iap4xVori!^;,....:,. ."^.hSF[. .y#KA. .. . =
2%! .=V]^. : .^lmUgpgG5=,^GbAS"JgW^:iYeASgV;.;jAZs"..^~( .;~_, .. . .z3Iy^:..ukT7+2Y&o^^i8KK8$qp4\"eFPh~^"~9GZg5PDXs!mqP. .;|zmmj^!;+DPPs|rLPDWDn^...".,20wz=....:::;JC/"~(lu6Tx8SeUAeDPPFdUPphk+"t7(FPQpxn[!;. . ...ZD#i >fSD[^.. ... =
Jr! .|;.. . . .^wb*p0nJ!...-yqD*=.!gq"1edPz!....|ZQ;. . ^^...;. . }4qz. .:Ym5!.^{0o3^jb43PDS^."LFQK+. ;:^_gKC7&taFF=. ..^!",?S9qb(.."C&PPA6\.:..:i;!x8=... . "$C; .vOZDxzPP1=4Qx~:... . ^;:(FDAL5UQdk?;.. . .nXP" . ;wh7^. . . =
fJ! ^=. ...^jqx&a(!;. .vgFSi^.^wd!kdgw\.. .thg!. . ..:;. .. )08z ^&*T^ .!T6o!5h!!23FPU!..+QdX9;. :..;e&!_~=+hX+. ...;,^^~u?2Xy;..^!tyDxI; . .!.^3dI". . .:=2:. ."qU#pi3QAC^^=mz^ . .^.,\DFg47LpDPO+".. .A*; . ..=qI". . =
JJ! ."_. . ,;=v{t~"... ^Vbh0". :tauqgn!. .. ,tQ&^... .. . . ."n*{ ..^G9J; :;wyuc6+,.!lDUAt^.!eFK8>. ...;h|...:"yX]^. .^ ..~+;?gQ=.. .."J*q=. .."..<JOt. . ."+. .;6dQUt!4p)t"...)!. ..;, .>gp#Z=t*DQFh1; . . .re%, ;0L!. . =
f2! .,: . ..,:,:..... . .~PFm!. .^vC)":.. .^3Q!... . . . .+&t >m9=.. ,7Gr:. ,!PQP%t.;ieKgf". ^),.. ."P0. ..;;. ^^.;zWu^. . ..:^";. .:...^29;. .. .". ;CxeC";1x|^;".. :^. .^"...^]aDW|,+&PQD).. .jz". . ..!i|, =
3r! .. . . . .. ..IZP|.. .:"!". . .^9e; .. .. . .^{~ .=Ti^. ~a2z^ . ."SPh+%".^iXAg{. ^;. ,nx<. . . ... .=#Z!. . .. . . ^!^ . . . .=F8=: .8t:. ;^.. .;^:. "^igDl .!nDAI^.. . =_. . . . ;!; .. =
cc! . .. .. .^kI-... ...". . .."+^.. . . . . . . ^^ ..(!:. .,{aw! . ^SKI,:"; .uPPG^. . . .. .!G>. . . .. . :$x).. . .. . .. :. . . . ..!~^. .". ."". ... . ^.^1b: ..^"C", . ". . .. .:.. =
fr! . .. .. . ../9<: . .. . . . "".. . . .. . .;;. .(^.. .!y6~. .;pK%...^../0qq^ . . . . ^7!. . . ."o(. . . . . .. .. . . ^",. . ...^!.. . . . ..!oo. .. ."+(;. ;. . . . . =
c[! . .^>"... . .^. ..: :!.. .:ow~ :hF=. . .~8p~. . .<>. ^!. . ... .^. ,!r, .:^^, .. =
r3! . ^^... . .. . . . ,; ....{9~. ..&V^ :|$7,. . ,;... . .;... . .). . ... . =
13! . . . ... ^=~.. .}!. . ,i^ .. . . . . . ; . .. . . =
J2 ....... ... . .. . . . ... . ... . ^/. |;. .. .. . "^ . . . ... . .; . .=
crt??()iii++++it++ttt+iiititi+itt+++|?()(|?|)(?(?()??(|)((?|)||)))(|?()?)()()?)?()|))|?)?|)|)|||||)(?|?=?====()?======)l====|})============+==================================================================================================||=)=========================================i
e3ZYYd
sIRC4.exe
C:\marijuana.txt
uk.undernet.org
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
WritePrivateProfileStringA
WinExec
UpdateResourceA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetLastError
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EndUpdateResourceA
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
BeginUpdateResourceA
user32.dll
SetTimer
GetMessageA
DispatchMessageA
CharUpperBuffA
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
select
listen
inet_ntoa
inet_addr
getsockname
connect
closesocket
accept
0,080<0@0D0H0L0P0T0b0j0r0z00000000000000000
1"1*121^1f1n1v1~11111110272
33E444
5X5555567
8/8:8E8M8W8a8k888888888888
9 9&93999S9Z9d9n9x9999999999
:2:J:R::::
;5;_<l<<<<<<<<<<
=#=|==
>'>,>2>>>>>
?!?G?S?[?????
0#0,03080>0Q0Z0x0~00000000
1*1J1b1111111
2$2,2222222
3!3+31393?3E3L3V33%4C4O4W44444
5+5D5]5n55557
8/9X9_9f96:K:~:::0;7;f;
=$=5=>=T?[?l?x???
U1]1f11222
313G3^3s33'5555555
6.6:6N6X6k6666
7A7H7j777'9O9V9n99999
:c:v:::::::::::
;4;?;\;f;;;;;;;;;;;
<#<E<Y<<<<<
1U5^5i5n5v555&6-6?6]6f6r6y666666
7"7)7-7G7P7Y7j7t7~77777777
8,8=8N8Z8_8d8k8r8|8888888888
9&9.969>9f9n9v9~99999999999999999
:#:/:<:N:;;;;;;;;
<"<*<2<:<B<J<R<Z<b<j<r<z<<<<<<<<<<<
=$=.=8=B=M=_=r======5>}>>>>>>>v??
0l0{000000
1$191X1q111111
212I23g4444A5s5{5555555
6'666E6T6c6r6677z8C9V9g9w9999
:Z:M;;;;;0<Q<
=)=7=W=g=== >s>>
1A111222
3M3U3`3|33
4555)686\66677]7776888 9>9i9999::
;C;;;;
<2<D<<<<
=-=p==3>?>L>^>d>p>>>>>>>>>>>>>>>>>>>
? ?-?5?<?U?Z?d?s??????
0q1111111182R2k23444
5I5V5v555
636Z6o6666666
7R7o777777
8-8M8e8o8v8}88888888
9+9J9y992;:;];;;;;;;;
<<\================
> >+>6>A>L>W>b>|>>>>>>>>>>>
?%?0?J?U?`?k?v????????????
400111
2,212@2N2222222
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8h8s8}88888888888888
,000409999
WinSock
System
SysInit
KWindows
UTypes
3Messages
iconchanger
sDeclares
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
)%ZH_
`e1Df$M
oTyR.Qc
nZ7a8#
>PQwN
87SPGE{0sQ?bB[ s6&Z?f9
y.bX$N
sqfB|n7
D{%~,:
5HB]/?Rb
S5_(U_e
]D&?PPm@,
y3+ER:
{!pRBR*X
E-;v9o
Jz6*}Xa<
E=$?ue(
U-s9\d_X`f
ZC2214
f9K1Hx^?P
.Ry."l
}PcCGy;]6\
A{Ms:;k
x'aV(^Z
+1_y en
OD[XZm?
Jp9`bIf,f_
Oo'7-K%$
ri)-tpEe]
\JG9fn
W$cRdzVx<`*tn
"Ond{`xH
FUJ4?p
UtKjOJ
9y$^?-n
z7goU6
PjTfxr?%
-ruT|<
KQScXBW?h;
NdIrO
6 FEC6
0Wt{S04*
2K^/F~l"/'
v@yocHCD\s
057KfN
sF961d3!
KBTU!H
X_0%L=S]
;4x][0+.
/(BZe<@q
I@ju65V#o8b!KLO##teq
y?/cKY\;
XYHEMp
^o6x!FCq
bSHk5LHg
>h!;$9
~4r|ZI
$^fe}Cw
&Ko&T2@
jAWQ'U@Q
xfAcYz)cv
!ST<wT\H8
O/%2)wLwB,5$Q<
(ZUN<Fb\Fs
JL;EHb
/:._$~wz
<&6F~v
$l~5*5
.xdN-<
WC\xpPfXoM~
T(PO6!r:kQiF:!
>~h(W;
WQG`Aw
}PoM]M
[BM]%rO
KRHzGI7n
yT){[5ZS<
m9iPdZ4[
Aots~h
^v&f,Ra
@R=fq/
6'Oy!B)A
AwT}kh<C
b<hpoWL
PvS":VHLDZY
G/Z)Vkl4
R9xR5]5
aKvWgZ-
;M0T(v}y0
OtJ\dDi
6kx^=,T
CX[v#%BahIbSp
(rG';0/r
GS@B>H
'^cs`wP%
3{qRUC
fNfEY(?
{q!wKjM%
P}PKKu]*i\
pere]se
HW5sE0U8ff
a/1:Uer
nhx:`>
ZF,:<>$4
{0&Xd(
.nvS^_oW
\&'8X
7]Fbyr4N*
CMFN{4a
uH:$<4]."Q*v
p[yN;Sw
{'6}fe
\F}c|$d
x~>B<T
f:td#si
q',d!x0b
WygVh|
g_Mv-^t
wfx>J}
;d7>'|9A
@a*Ji/sV5J'p8Xd
MS%&tj_
kBAkJJU#J
=-YJA?
7G^ N#*
p;ltv
eq3'1N
z8J!T0]#_
?b0c_;j
z8WRR)
K?q_GAg`
99[c)f"YI
ZyKP`ZH
JI=ub+IK4!
NxP{hQL|F@a";.#d.
\c+#\$lI
c]=767m)VG)/
ot?[{l){DeFT
d ieHy4xW*(
`Hu"&q
[}&f!!o
,P^#Bu|=[+cA
qm+k(
"RHW,H
U3jDXr+:0~0Sm #ClD8h)YO
|\)BAL4R"dW
yg3uB;e
CqBBOk
q(At<Q
Q<SSZNu4b!8F
wmfYauQX
*wT8:I
JjzB$lv
?"3NL/
TM#,KDK
:DEWzC;]
q9M@O8
F[aYQF{OZ"#3
^0iyQYlOj}
,-}LKeo$
uQ)zQ(4V
s9>6;34
W5;jH%?ZBkj/i{
NC3Qneo
Q}uhYD,8[uwAG
!ZI%fY0
"wujKK
-/#|=j|0
,Xd3bF
K|'}z#
LI'ncN
qe/=.JcmoP
Om8`Yy
I^Xv0G0
,/KIE8
G-*5^[/pxH_/nI9
U=~&(
Qm f?pQ(
&rsfbS
$Fex+[
Fz5j w
QD5h_I5
#8]_D%Ofp
Gz1*]$f1}jC
Lreu$d
|dyZ^tBh!
\TcN '
wpUOu!
O<}I<<O_G:J2XN3m
/3=W.W;c
8:aod)
Bn?HTND ]$
e}MjO3^>r
C=o?m6|_
ZSrzA%6jd
ED=c(N0.
o^Ivs`
}-8~w\,
:N3}Wz<T
B;wnm6
A8;hZc
t;&ec)
x!}UCxd/Fj
2u({8
$D_QvV^
o[K}$y"t
~wfU?$JLPV
Fun;(CcJ
4nba+V'
}Lal=E
9[0/|m
7\8k}M6
w^}Q/5
Q0F7zQYuf1LS[IJ5UPX
LTAY_zBE
W?bKim:W;K
#;D^tYC +
2bN_E#13
KhH{C^L
Y| Gm)A
"|tSgR5G
W^F3[$>d
@[Y6%R
@}^1N9:$z
LMU-upwQ8~?[*
5E>E)^h*9rY
Mqp\[#
)j0#EG8e
mx<DOHc]twPK7
XlNmTJZ
kF^(;gzU
!J)E4+noh=)
t4?H.$%
dTdq;s#c&
)|^bvd2
&84h?"
^q8m=E"
}Jz1ESB#
IN,e8;
oXU/
4D@ns?D
uP+.bP
b@x730
dU6u-scw
lE+-Y9
F5||G+=
y}mn:
/k/}H-
h}GI0F(h
IA=#aO9fyA<yZ-mkbn.v\IZ2#E
QK'}Zx
=[K:)*oW5
^|]/KEy4
A'O!:o@H9
u1iJCbR
fHnW&nT5L
Fh"6{"i}
d0}-KG~
WGG+VWPE+wi
#3>QZ[~
G/X,n=&m
#nTD"4(b
z$^*/L6F4
$/a~'7]!
]R"AbC
Ul^LoWY$
7*vh|x"
e%)3q ON
-yyn>W
`en'NEi'(l
qv;\2$
q']`xK&*Jt
R{&8$Cr
Ka+2t|T|
QS!hLy!p
u*0`t]L
5Pg-FPDJcRj
^'';;XBqC
Z86Mk-vP/w1
IP!C.sUn
1H}Iqr
+?T'p#NiS
WW'U"K,
{R Kr*l
]az.>{Wc
o=]>8$a"61z
.S>Q5>,r
#bPz++s/
#8Qn{=Q5i:
wQCb_::~.1
gorcjss]
1K9xG_K
8&+<:}
!_bTq;.cd
lVvE$E08i\na
qI>c*V%5Xm
Fn&g0N9jw*
3!3eF_yo
G(o^5^|
p|;iI_H
Lp:|Pc8:&bj&
%"=HoWP
T]EIHH,$x
&=Y3h
xyimBB/odjB*wu
O?a=R7o)V
q/:wN1Q
/tMS8JRa
Sp`JP9
b'`98\(sp(w;
Iz]+qa
{qd[p_F\r
j{5vG$n[/%/
pNhw*3_
&)yc^*(
uIJ/3z
_FNW'p
;kQo;!'ObB
- k8t9%
iI'G1F
r)@)K ("~
TSDT_6
=*)c#kO}TL*Zf
Ax'NpI
Ojs)HyyH
m99`.o
;}Ak.9z+g
q&|:7
:Y_yu;)y_
8b"~,AzHl
_heA6M
oV+]5|
`Ao>MvKE^~.l`
QeTmp<&
VCr1c`
(^5dIa<L
Leb3'ZfU
VX*oupV=hO
ZGe^pp(\PU
QtnfF&7Td!&8f
_&Yga
)A"Pb@
dd9w}c
JGy9'EXu&\b
!F(50O
O86g%C
,C&5uXl'S
0s9yET=L/B
d3I,G\|$
ON}O2:c
y6&"#7
V^wL*p
OKXKtn
'n;XQ>
rpHhd4r 9p[#/?
[}g.5 \
K3LOXU,
+uP{_
KI:R(b
YwfdbbU?F3/
@4A5.)
,I@Q~R"
kA[w(
WZuFj^MG$
85Ne(B
z(H(_\[
Q?O%XX
f"h,*8
,?PRsUz6o#O`/O
.DV =t
M9QG5D
$oX019%
yK7=ZK.3:
7dDsg8
YYZ~1]aS
nqcG?3\
zWl..R
@A SZY7zFf'
:E&@</w
nS+tNkUD
2fl+x. {d
X]rX4e
{ s1lU
M-fMTy
L+OHspR
qJ338|
`y2L1f
z?UP$9Or:G4
+>}g;}{p
{pUmFo
+N"Hxwz
j{y?*4~7x`
^J3nphz[p37
-r$*Mv'n_1SD
/Y9e8o
Gmq9[b)rcc
UbTsC{6{gxVQ{5ZFS`4q
%6+hCF>`$0-*=]
'@|>y=
"$%]q{,
\V,x^?
dHX/>1
f+{]u35X
DKmun|OG
_}-y=k
jADD.;c~Lo
B)+>t[
qvf W1
g|M15.fQLa\Oi/_
:n::}{
_:iB)E ;$b
7,_b_P
\dIQz)
iLNZ+L$zT
3s2j#0Ec*zQ]
)|)#D^]
JE(/33%O)
V0+Q#eW:
6?6~iL2%
b7ZX; z<
r5g{|G
9%~1w;2`/h
pRK;7b-
>YKzmnVb~t*
K2}.gi%*?-B{
kNx{A@;HT
nT ^Gi1
T%P_m]A
mJtT*HnRd&
RI]'0c(
+'v~@rj=%&,`^.
<p|k1D
Yh+|2$1
4q{?h~o
dw-T~j<
aJ~iR={X2kU'tm1B
w&Ab8s0h'}
F;j6|+@
~,W*Bp4z
5$onX
x=b]>5icn
)XXa/w}x$
Po|&=X
O4BY+h
%v"!),+xh+py
iQN0z<
"Q=%EkF
`5P[/ga
zCA51jW'Sl'
p-wKZdd
6=MvA8AE#6~pJ6y
p#90*%
:.(a<>3}
3S2R]`
Oa3p7S57
VexFW
Y.q3KD
++;?K)
aPG_*y!
w@r&7.
^0xoxk5gcj5O
X>AfFp
;(#=}(=
Bn\q^CTzTn6fV
*cfAT/Wc
g~,OaazW<
W V4BpBZzU
8$"7;C12<i$KB
YhkY?3MIW
p^bJ+U
0UC1@t
b|$'45X_Lnu
x+A$.]xb
}_<.n-.B`
w-]uEL
f_iX`Hb
L+W^&,
<?%??aW#YT-*{2
O0 r~*~
2ciJv7q
?#}Z@b
*Q\5qF
+7wm'"^CI
joME+c
M9!7>el
9(#t #
rbkk~#?
L<N(s<Z
mK0YShi`H_[
BI_IJ;
nmY(PJ F
G\)HN5
*3I|%n
!7tjxp.@acG]ikJZk3
-aSECy8%W>w~./(qO
Uyb'NE.g
'j2f{,j
4KRGZ4E:UdH
n,dW[FC&~
zSjZn:!0_
]peA6()
Sx49~<
v]p^A.
<!_P!.|9
rosU>u
zFB 8d
^YLijr
#R%pRe
"O$A=*8{q(q
U4?5:+-
Fm?5O&>'
3g!BuH
4z+6sR
__?w;B=m5\
3fUeO9_?SeKz6G$~9
O$r.V^
"@}~0LmH
y5pgM2
v.dAF
B^_&OlKJ
A+7Ie7p
MZbg]<
a%NK$qP)LYyM@T
m,/^^A
p2V5i97
1'qc%Ai
%kER9H
-`MyQ7
Zo+*u'hw
GR_dP',J`)z
Bpnz?y
V=0<aV
<#wOJI5
uoW8Lq
t8w^!;VwGc
7p>xgd>r3@Z
L7m=}`g
&x@BoNrb fr;:
GYpcQ'Sc_\
_ucs'Dr:)
6eMtJ"FD2p[
<foH;3{u
|?M$HF7
a,e#Ms>S
kxM\SL
@`u+Sm
8[N,1%8
)+ay_eD{}qK
U+A&hc&x
t(=d3R
8Vr2Uq9c
~vd=Ku6
'66>uC
gguIr_
@rPY8]l7rIN
WsUGnBwDX=
TE@GGEco<5M
k(Dc<89Ug
!Wii8t
([I,StA
s8`0w<n
0Cu7}gAUPk&6h|T.|!@
PJM[^KB^.#
Yaua,0B5$,
AYAhHwscC
y'DX,Wek
{F>[;T5h
~dl\)
SPF2xX; E
=#} 40t/+
h)"4dM
5nEU S(t
Tfw'9ae
?.Jw&a+^51sh
IbP(kX0_
1c>&M0}?
"CZo3a"rV)Y{
0gm(D$
=\&~'u
gnvvq}
PrT*OP
u^O$|q
3tI:B"
B#ujS. LAY
gBvNBp
5f!&5g
ZF4GarkBHh
K=[2GS*
x +.b^i."<+dk`0U+q
smt:*]
-GMQ,^vX
OdiWAM'}x
&9i8VGg"8HPf
NLUGdaCD]
^|'Dk<GVk
{h}[yre%h
k8RUOQ
)Zi>}mQwi
0JQT,
%SLf}K
}i.&O.jyat
(3+}iHa=7+
& 2^w5"'D(
YjTtg-
QT.wvuE"v47
REZn!
dt!Fe6#[6
j#$~s
==1M0#4*a`
ar`CF^*
P/!goJmm[
|/$o`Z
.!f8YGd+GQ<C&'hw
aba'|\W/@
c&+NCVyk
-:'LgKQ&F}?m
55oO?M(
BE^gji;[X;:0(
,/5|u|h[U
W{q:P*
d5)mRK\
id(X?qh^H2%H9|
tmLU$u/
xF) A<
q59)yw
aB8=[=,
$SV.Tc3:5Y&{MB
NKrSzH
%W#Ib-'V
xnUGGhE
#zT6/*p
xu?gcM
y# 9OE
HU"PEC
"`jNJ5
q,*P|:$i
C7K^(P/u
}}!!83`Y4Y1iR5}
>7hyTq
?hQEBDVT
#a4paE
vErBt|;yC
;EmNIh@U<" E7
V{]JT_Jq
P'p@ICgLm9k
HS_O"t
@,sq"_@ 7
f#4#D#K
So\r80d8m
uV>)$$n
P_&CeC6
BaHn]5
nfDcij
Xb[s|*z
cYCtu-h%[%x_B
N=?"]n_<44wK!
b$D3b?w(
<xn#q8
{7g;zBL'#
8,g0VYA|=/V
<w^@..{2N/rt
RCU-_UK
<kmARWck:
]BtLPdh q.
kPW. pK^
1Ileh)d
G{D*m8
?rKDuL
CZUi0#
vsbzkk}E<
}qRO~:
wGG7~Pe".O7
OaQ_``<
MLM2 $
Y@4]~#a!
U,Hi'KQ
[&{$9$O1!#i
J0M1p7
!'yjZV
iaT~[}
]3997o
EM9/K,u
Q2@J}H
F'DLcW~
.p]sr4
E'ZU!q8
3_r{(o
Q$"9)Gd|
MXh,!G
R#:%4Z5~OhAC3
ro?i( PVL
v~YhXTfx'@
F:uM^F7
&r",^_
uZQsetx
-i%5XrI]
RdThGj
d5A&|So~ha+zyFJe
%CR(%3[
hqyO`#Xl&!S
`q *iT~
":OAG
.R0EDc
TN7bi]l\s8
xs8 ?
YC6}#K')P]
&L+YT%T
fzH=bY_
qrW6NnI
7[&U
zFTRZWex>fh
62dzb[8
!(n$M}
x` TwXM
&os$a[o[@
94w9G5PQbNBa{
;~#P$Nr
$wR;k(%K.08
|C2_a,B
JN}|5@
M7yidi[
'48'Kj7UH
0iA\R{J_>
#jpdio]
}I2X8s
))L*k(Uib
fJCB0[5
Dne(^R6
&//#?$+~
kY,,Z8
Z}YF[ {
lV%!,czXcgp}2n
3w`\fI
<\t!n\y[+(>ND
7Zj5s$"Lg
:>G_W<
asA?0B
C27>O0
'r#*/QZ
IOl0hb$
S>|&5zZE
lL{;z$J
uh,%_C
G)/WLw{Je|=R<{
QWpc9M(Sw3
QfL|~{d
Z#iU]m.
hs'21p
Ciwa7yJ
NF'/h"kk
B7'H]U#l
bn|3~/
T_-.zP_'`
cjYdOw6
O-A,A_
CG'p4(
S(d76&+
McA5H+
gtyN}/I
"qy.$JB
P`Vb,8
ee|_B]
c0*C<4
+ e9#B
p9E1dj
|s_A2ZmP
hTZ2,do
sv[bE`p'
^kvy3hj
9wXyoh
'+D<V_
ESAHxx[
50EC8 /+
[j+?CV<
}w,+}0k}Y9
~37@~G
+.nG7tyt
?>Euvl4DE&?n
+z~N&[X
5B&l-@~wN\2
+%hE9)
i,F9!}t
u<1Z_^
\sW`tq
HAchPH
~)F>)H2
EK9Xy;
GE&B2Q
SD}xFv1
x'}>UhDP~eCKaVwI
nP>Hr`5jD
};pID-nt
}a,SQ@M
#pj`qF)
=Pk#R>]N
{U&B-5g\
14ElXR
Cixl;sZ$J!
emJZs]
Aq5kh6
4y]S%S
jq4D,0W0a8U
6P?>)Q
0;}XR<H
~IM3f_7
<d|F/l
?apGX"4t
D-s-<t
!$7i77mLq,kXH
OX,Tmv*
kyNl*8,f
^7#F,,IGT
V!1\5k$Ww
;BsaX>d#=
I<>frI1I
+ZXJ6'
#XzVMyV
3r(;a@_9Ql
U`;5Ye5zDz
bH*B8viI
`)b)C/
1)v6ywO
H/kfP'
.KT]\s
elg));|
yn`]1X
2J"`=a
?<iCg|
(_U\>^
;G_wrse
)B!nS|W
tw}J$jDE
_|mF!$
0i:j,r
vYeB5I7C
X,/PQ4
Y|2+Ks}
E*L9aH
#!U5IA3$jt
Dm8\,d
.N>Il&
I%#XJX
mW:(vnB]
z)^'P}u]
*-`^\EeH|
?MPE7Z
6KbbKI
)`4IT,v,uK
^#<\4E0EZ[?
Sd"jJO<VS{u
#<$-x>x$?
z'0"8s
Bx__qn<@
+?U!@z`
Md.jv3
Jbz{:0q
C@zb;j]
bs0Q\UOHax
t1?AoN
|T_ A@%fE'q}at
]"'<qR3W
7s-<{-=pW
~0pDE%2_~T
y(8&<H
\dX#Fn
5jQg&L
6(YR;4-\
j6*~]Q94
J?sdNhw
B*y)?K6
(]`o6m
A&ff1kL^KU
h_yLXc
9srl$N2b!
kb=prThj\
ixY&gQ
x%51V?:/e
YJ .`Pb
Z?:,#+ /x
TJ=)XE
>"AOhV3
rY1 }5$ImFw0
n{VSBr
^P\<CQv
0Ui$no
J7d>.b
xTd*ZLn
!WJj/qF'xC?
!#av =U
G'L)1%
|'*{Q"<D3g
Bp{V~cp
c)CQGUct
CqvlI<~A
c;}^3i5
+}kY$WGHE
hqsZ@
x4{SUJ
YbB@iKY&N
wrq(!tsp}-2OT!)[#gQ7!\F"
N.JOC-g
7z(;#uKV!D]
;`!kp>Ul
|\;NO
/`',e-:
_y2z'Wn
RPOSncF
[+F^wn1E/6<D
XAGk{v
g<4!G2$e,9m?dw
qV-p0X-4}d
{iucf`
^iqXxY
,B \CKnur]E
`!K99t
fw5F\T,
yC=}b[z"
;MInq~Xc
]A=kH-/ x
kRd5H'
=M [|8~!@
FY4.HGQ
Dk|QmSfR
9.<:sZW?sd$P
xuuvtk1
|ay[g!V
L(eA'x%$r.5u$
J r^qAPi
A:%_'Vhr
@t.=q_d
LW,Q=x
j#*XkH_
F64hP
y{qJR.>
V9Q:4g)
Eg[p:Eu
]+d"rwi8R
Li*,8Xb
wkxCc`
9#?`HkpgcQw-qZEM
^w H(Kz4V=
;->Bdv6~P^Ez
w-ex R
2n3JkWv[2
<OyZ _
,r@RAbu
C9+ #3
@zK o81lr'
r$$P.Pt
f6(cwgp
\Uf[^i
"nAoI<
[z[&!
2Pvc@`
PDYC2,
}30U9 VR
(Bdy2m*M`A$#
9MUKv}T
iS.QEt@(Xm
4x![Jh*F
o%Z+O*j
>"@|q<%
F?wvqw
SMaAr)
_O9L8L$
B_Vdtt
[/E</-q
tCgEq85d!
TPqT|(V
ecC8fk9/i@`
?`s-zr>8CoLs
3lr}O$WA!~Yr7hK(H
,8tZ*%
'NMxZ3>
-2|'EA
q+fh:T:
R(>W67Y*
3rp#bf
' <Q0c
*lCH8~}V:2l
!x/%/oa
mfHTZB
d1nAPGXaV
RkQOUZN47
$ONSn.X'rd
skl:ayN
O@bG1N+M;
!3t tLhKJu;
sPdft^
%ukL]tFu*it_
7Pnh b4
i{d&{
DVCLAL
PACKAGEINFO
MAINICON(

Process Tree

0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe, PID: 1932, Parent PID: 1612

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Name 1455219e122c23c7_dvdmaker.exe
Filepath C:\Windows\SysWOW64\DC++ Share\DVDMaker.exe
Size 2.2MB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 07cc28dd3dedcdcd758667893cec7954
SHA1 cd93e4b8405c32d7aa7dd96e14119eaecac4cde7
SHA256 1455219e122c23c7660168e77cc13d4fb89bfe92e4ad477c1ca750b545b3c2e8
CRC32 D340EC0D
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 9dbf99338bd76387_inject-x86.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\inject-x86.exe
Size 154.7KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2be79da5bc55dc4e22379892ca87ecd4
SHA1 b3a865f72e542b0ad8e642178d9d4ce6c1a8ef01
SHA256 9dbf99338bd7638753820cf6f5ea6405ddb66de346297aa046f2801281eaa639
CRC32 EFDFCCF3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 12e561e68a0f7b40_wmpdmc.exe
Filepath C:\Windows\SysWOW64\DC++ Share\WMPDMC.exe
Size 1.2MB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 525626967d2c292a9761a4f74849c56f
SHA1 7c7ecfc6f4871f3fd70b8f1ce61a5bfa1c4455fe
SHA256 12e561e68a0f7b40bca2a1d3cf61acf5107798f24fc3638d54b5ab74a83cd9ca
CRC32 ED764796
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 0e023e02d9cf903a_msascui.exe
Filepath C:\Windows\SysWOW64\DC++ Share\MSASCui.exe
Size 938.5KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2db797d32a9e0b1ac8dec7afd6b2a79a
SHA1 a9ea578f36e63c59f2345da66a175aaa2fc95cc9
SHA256 0e023e02d9cf903a2feb0c57ddb67b5bcb0481476f079e7f2306e8043a848187
CRC32 3B917BE3
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name e27b593a336ba2fb_journal.exe
Filepath C:\Windows\SysWOW64\DC++ Share\Journal.exe
Size 2.1MB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6c809d1f672d272eebdb5539d4eb290e
SHA1 4e05cb8205075da96d3106b3bd97ebe400210d84
SHA256 e27b593a336ba2fbc1d1b8439e7037d95c81494fa7b8f3f1d92863365223bbc8
CRC32 53402C8C
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 5736f5f727f21005_procmon.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\Procmon.exe
Size 2.0MB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 088ff0a21ebe59c287cfa25fa974d9ab
SHA1 8f13cc0a0426cd9b9ac3af5a5cee4691bbbe774c
SHA256 5736f5f727f210059abea1e98ed9fa8895968c2212e99d645886dea3036797ff
CRC32 25298937
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name d11ed215bf4b8574_inkwatson.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\InkWatson.exe
Size 388.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6a91d273997e3e896cd8563352017f97
SHA1 256e231ed84d336a88caaec2d08b411169da4084
SHA256 d11ed215bf4b85748b2136c77b732f16e5df06f9b6c22b70bf46fa638771cbd5
CRC32 8A71D7B1
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 1bbba15d9cf1f5b4_mip.exe
Filepath C:\Windows\SysWOW64\DC++ Share\mip.exe
Size 1.5MB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c893649230dd634b850527d8bf9c2641
SHA1 d6bbc9e1dff44fe403e3a87f65f5e48f72e1696a
SHA256 1bbba15d9cf1f5b4883fb84ce2983b78867b144dea5f1bb4ccd5f09979dbaa33
CRC32 67DA0767
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 5e902e9d8802df65_tabtip.exe
Filepath C:\Windows\SysWOW64\DC++ Share\TabTip.exe
Size 219.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8a11522cb4047f69aec0f0942bc79c67
SHA1 229ac64557acd3cab67edb7d992e8af9ce80e72f
SHA256 5e902e9d8802df65ada6095057eff4f333bceef35162ded82c56cf2875c2f896
CRC32 C5C88AC8
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 5eb4ddcfbe40f876_iexplore.exe
Filepath C:\Windows\SysWOW64\DC++ Share\iexplore.exe
Size 678.8KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a69413da5d50b428ed062d0b63443d7b
SHA1 6ecb89cd29f066c072cb11ec7cbb1140a828e5ac
SHA256 5eb4ddcfbe40f876f34f2e8b8f6ec1af78c9d47135bc7a9743fcea1568149b58
CRC32 39489F65
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c4cb966e329a5aba_convertinkstore.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\ConvertInkStore.exe
Size 188.5KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 0fbdaab0362124c8b5f1a0857b85f715
SHA1 a40e792d09866b28be72ada0564ac76ad988a1d8
SHA256 c4cb966e329a5aba01d7d78118460d24965dcbefb69e1275d343079c6acc3d61
CRC32 D4423950
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c41cb1483eb5f0b6_install.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\install.exe
Size 549.5KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 341e8376f3a4c5e86b2315df9d694e30
SHA1 a58cec621442d8110a2938f0c5ff93590f5cc3cc
SHA256 c41cb1483eb5f0b6f4c60814ffdde69f9accbb2ea231c59b0c676a5df5f1b0ac
CRC32 7ACEC950
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 1631941ad2b9c1f8_shapecollector.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ShapeCollector.exe
Size 679.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 c92b5eab0246e437af9619006189780f
SHA1 ecea2f91af15fe25267c1fa9c3653c60b4bd6185
SHA256 1631941ad2b9c1f80060128dd16b40a2033129d83db304b9cc162b48340bb59e
CRC32 93120D61
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name c4a57357ca988c7f_flicklearningwizard.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\FlickLearningWizard.exe
Size 906.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8c9337f9ca63036935307772ec0bb3b9
SHA1 5258f8eca8640788aced0b6b8e3fdf61d57ed538
SHA256 c4a57357ca988c7fc535a073191431cfdffce766216a3522ba9c746c5e22a1a6
CRC32 B7BC68B5
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name a1e88659a4ad4f4f_marijuana.txt
Filepath C:\marijuana.txt
Size 21.2KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type ISO-8859 text, with CRLF line terminators
MD5 c0214c7723fe7bde6bc2834742bcc506
SHA1 f3d8e78975bf169fc1ed3ae95ad41d84ff6a36c3
SHA256 a1e88659a4ad4f4fd55f246ab076dee048881fcac3ea8a300e2fe8cdffd88b73
CRC32 0D0BD2E9
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 65dcda6a1730cb3d_is32bit.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\is32bit.exe
Size 118.2KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 01261be216918c8476cf28e4f758ecd1
SHA1 82b212e2188656eb30d56a998b82ba8a4ab031dc
SHA256 65dcda6a1730cb3d98566001193c3379d92fd9354039c9223033ce7e7ee70529
CRC32 074E039E
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 8672fd06cfca5c1a_execsc.exe
Filepath C:\Windows\SysWOW64\xdccPrograms\execsc.exe
Size 137.5KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 489d26b0cc2fdd708f74c8fa6270ba8e
SHA1 4a01c90149a991e1a1698a3ee2db342adbe78c12
SHA256 8672fd06cfca5c1a0c173d98b40eeeafb8fba8e3eb1e0ecfbeea07067e3b1145
CRC32 87AE21F4
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 7f17598c00ffa2c3_msinfo32.exe
Filepath C:\Windows\SysWOW64\DC++ Share\msinfo32.exe
Size 370.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 093b3597c53c1f6e1b2de63b7bb196ab
SHA1 2674332a5686718f7c6ac3a467ce1f2abf92ccb7
SHA256 7f17598c00ffa2c35bebb8787ae92d7bfed2ce320913e10546be45964a660c85
CRC32 496BD870
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name defc7e632237bb33_wab.exe
Filepath C:\Windows\SysWOW64\DC++ Share\wab.exe
Size 504.0KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 93e12bb6065a6bec1ba8d55c467272bb
SHA1 75d8c0e02ad440a9f04e40e84852f0ef654b1851
SHA256 defc7e632237bb335f470d8845b327bec79b2364ad31a4f42cd8b6cb1b5044dd
CRC32 FC0C2C87
ssdeep None
Yara None matched
VirusTotal Search for analysis
Name 6adfce8b01b20955_ieinstal.exe
Filepath C:\Windows\SysWOW64\DC++ Share\ieinstal.exe
Size 263.5KB
Processes 1932 (0a0b8d825474a3ef4633ae14caab1688b4f48b19f8a4fc3cb381ad5c7f1c32fd.exe)
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9c97e0379ef65359105409b611561838
SHA1 fb38b898a0a0177ae879e0dfd4cedcc476c67154
SHA256 6adfce8b01b209550242f42b884646a854ee80b8c7f130a6ce1850adcc3f7036
CRC32 9A097C9A
ssdeep None
Yara None matched
VirusTotal Search for analysis
Sorry! No dropped buffers.