2.5
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.69
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:VB-JFU [Trj] | 20191230 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191230 | 2013.8.14.323 |
| McAfee | GenericRXII-WD!C11C34DDA495 | 20191230 | 6.0.6.653 |
| Tencent | Malware.Win32.Gencirc.10b07831 | 20191230 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .ap0x |
一个或多个进程崩溃
(50 out of 1024 个事件)
动态指标
在文件系统上创建可执行文件
(1 个事件)
| file | C:\Windows\System32\28-9-2024.exe |
搜索运行中的进程,可能用于识别沙箱规避、代码注入或内存转储的进程
(3 个事件)
将读写内存保护更改为可读执行(可能是为了避免在同时设置所有 RWX 标志时被检测)
(2 个事件)
重复搜索未找到的进程,您可能希望在分析期间运行一个网络浏览器
(50 out of 84 个事件)
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
从系统中删除大量文件,表明 ransomware、清除恶意软件或系统破坏
(50 out of 1329 个事件)
| file | G:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\‰??‘????.??? |
| file | M:\¤???‘??.??? |
| file | F:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\‰?a??.??? |
| file | T:\?4‰0?6.?–?.“b? |
| file | X:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\???“?c??.??? |
| file | Z:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\c????.??? |
| file | Q:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰??‘????.??? |
| file | O:\????.??? |
| file | Y:\?4?694-24–.?‰‰.“b? |
| file | E:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\???“?c??.??? |
| file | U:\??3¤??.?‰‰.“b? |
| file | V:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | F:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\?a?a?…?¨a‘a??.??? |
| file | X:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\???‘????.??? |
| file | C:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\???‘????.??? |
| file | D:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\‰??‘????.??? |
| file | W:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\‰??‘????.??? |
| file | W:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | X:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\????.??? |
| file | U:\??b’.‘?‘ |
| file | N:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\????.??? |
| file | A:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\2??.??? |
| file | F:\|’??– μ3′ 3ca??a‰.??? |
| file | Z:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\2??.??? |
| file | Z:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\?a?a?…?¨a‘a??.??? |
| file | P:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???“?c??.??? |
| file | Y:\a????“a.?‰‰.“b? |
| file | O:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???“?c??.??? |
| file | C:\Users\Administrator\AppData\Local\Temp\???a“.??? |
| file | O:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\c????.??? |
| file | Z:\?4‰0?6.?–?.“b? |
| file | N:\a????“a.?–?.“b? |
| file | I:\a????“a.?–?.“b? |
| file | Y:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\2??.??? |
| file | R:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\¨ˉ??§¥4.??? |
| file | M:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\????.??? |
| file | V:\??b’.‘?‘ |
| file | C:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\”??‰????.??? |
| file | W:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???“?c??.??? |
| file | C:\Users\Administrator\AppData\Local\Temp\??c????.?‰‰ |
| file | D:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\?a?a?…?¨a‘a??.??? |
| file | M:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‘????.??? |
| file | A:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | H:\a????“a.?–?.“b? |
| file | P:\¤?c’???‘? a?? 3?‘‘????\Administrator\-– ¤?c’???‘?\?a?a?…?¨a‘a??\?a?a?…?¨a‘a??.??? |
| file | U:\¤?c’???‘? a?? 3?‘‘????\Administrator\??ca‰ 3?‘‘????\???‰?ca‘??? ¤a‘a\·??¤ˉ·3\‰??‘????.??? |
| file | N:\‘…’?b? .?b |
| file | B:\¤???‘??.??? |
| file | C:\¤?c’???‘? a?? 3?‘‘????\Administrator\???‰?ca‘??? ¤a‘a\”??‰????.??? |
| file | H:\¤???‘??.??? |
尝试解除Cuckoo监控的Windows函数的钩子
(1 个事件)
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1727545404.657 __anomaly__ |
tid:
3012
subcategory: exception function_name: message: Encountered 1025 exceptions, quitting. |
success | 0 | 0 |
文件已被 VirusTotal 上 60 个反病毒引擎识别为恶意
(50 out of 60 个事件)
| ALYac | Gen:Variant.Zusy.297955 |
| APEX | Malicious |
| AVG | Win32:VB-JFU [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Zusy.297955 |
| AhnLab-V3 | Trojan/Win32.Agent.R287960 |
| Antiy-AVL | Trojan/Win32.VB |
| Arcabit | Trojan.Zusy.D48BE3 |
| Avast | Win32:VB-JFU [Trj] |
| Avira | TR/Patched.Ren.Gen |
| BitDefender | Gen:Variant.Zusy.297955 |
| BitDefenderTheta | AI:Packer.A560E03821 |
| Bkav | W32.HfsOval. |
| CAT-QuickHeal | Trojan.VBCrypt.MF.6162 |
| CMC | Trojan.Win32.VB!O |
| ClamAV | Win.Malware.Jaik-7111282-0 |
| Comodo | TrojWare.Win32.Agent.OEDW@8hwuen |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.da4959 |
| Cylance | Unsafe |
| Cyren | W32/S-a6d72e9a!Eldorado |
| DrWeb | Win32.HLLW.Autoruner2.53432 |
| ESET-NOD32 | Win32/VB.OED |
| Emsisoft | Gen:Variant.Zusy.297955 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/S-a6d72e9a!Eldorado |
| F-Secure | Trojan.TR/Patched.Ren.Gen |
| FireEye | Generic.mg.c11c34dda4959853 |
| Fortinet | W32/Midie.6525!tr |
| GData | Win32.Trojan.VB.ARB |
| Ikarus | Worm.Win32.VB |
| Invincea | heuristic |
| Jiangmin | Trojan/VB.cyhm |
| K7AntiVirus | P2PWorm ( 0055d3671 ) |
| K7GW | P2PWorm ( 0055d3671 ) |
| Kaspersky | Trojan.Win32.VB.cmy |
| MAX | malware (ai score=84) |
| Malwarebytes | Worm.AutoRun |
| MaxSecure | Trojan.VB.cmy |
| McAfee | GenericRXII-WD!C11C34DDA495 |
| McAfee-GW-Edition | BehavesLike.Win32.Malware.bh |
| MicroWorld-eScan | Gen:Variant.Zusy.297955 |
| Microsoft | Worm:Win32/Autorun.DU!MTB |
| NANO-Antivirus | Trojan.Win32.VB.ecifhv |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | QVM41.1.Malware.Gen |
| Rising | Worm.VB!1.BC33 (CLASSIC) |
| Sangfor | Malware |
| Sophos | Troj/VB-KLL |
| Symantec | ML.Attribute.HighConfidence |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2008-01-12 22:58:39
PE Imphash
6bfb12c0ac9e50aa509f27c55c68a1e2
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0001f000 | 0x0001a200 | 6.440664490009885 |
| .rsrc | 0x00020000 | 0x00004000 | 0x00003a00 | 6.113191262768062 |
| .ap0x | 0x00024000 | 0x00000396 | 0x00000400 | 3.6722237222963576 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x000200e8 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00022690 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x000226a8 | 0x000004d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library MSVBVM60.DLL:
• 0x401000 MethCallEngine
• 0x401004 rtcAnsiValueBstr
• 0x401008 rtcLowerCaseVar
• 0x40100c rtcGetYear
• 0x401010 rtcRandomNext
• 0x401014 rtcRandomize
• 0x401018 rtcDoEvents
• 0x40101c rtcMidCharBstr
• 0x401020 rtcMidCharVar
• 0x401024 rtcSpaceBstr
• 0x401028 EVENT_SINK_AddRef
• 0x40102c rtcUpperCaseVar
• 0x401030 DllFunctionCall
• 0x401034 EVENT_SINK_Release
• 0x401038 rtcShell
• 0x40103c EVENT_SINK_QueryInterface
• 0x401040 __vbaExceptHandler
• 0x401044 rtcSplit
• 0x401048 rtcReplace
• 0x40104c rtcVarBstrFromAnsi
• 0x401050 rtcMakeDir
• 0x401054 rtcCreateObject2
• 0x401058 ProcCallEngine
• 0x40105c rtcBstrFromAnsi
• 0x401060 rtcDir
• 0x401064 rtcFileLength
• 0x401068 rtcFileCopy
• 0x40106c rtcErrObj
• 0x401070 ThunRTMain
• 0x401074 rtcLeftCharBstr
• 0x401078 rtcLeftCharVar
• 0x40107c rtcRightCharBstr
• 0x401080 rtcRightCharVar
• 0x401084 rtcGetDayOfMonth
• 0x401088 rtcGetHourOfDay
• 0x40108c rtcGetMinuteOfHour
• 0x401090 rtcGetMonthOfYear
• 0x401094 rtcGetPresentDate
• 0x401098 rtcGetSecondOfMinute
L4585522612392019351756824053818531418103484377668343613474344332028033414254185430746570100210487
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
411113481935201931716513541814860203816745332781512313014022411113481935201931716513541814860203816745332781512313014022411113481935201931716513541814860203816745332781512313014022411113481935201931716513541814860203816745332781512313014022411113481935201931716513541814860203816745332781512313014022411113481935201931716513541814860203816745332781512313014022MZ
L1511131511132215111322115111322151115111322199201952546732214253741665717180073411106451466388787
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
471113541941201937826015041014263035565577508314464163310647471113541941201937826015041014263035565577508314464163310647471113541941201937826015041014263035565577508314464163310647471113541941201937826015041014263035565577508314464163310647471113541941201937826015041014263035565577508314464163310647471113541941201937826015041014263035565577508314464163310647MZ
L1511131511132215111322115111322151115111322199201952546732214253741665717180073411106451466388787
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
541113611948201944721731356462030356444213186125558381775512541113611948201944721731356462030356444213186125558381775512541113611948201944721731356462030356444213186125558381775512541113611948201944721731356462030356444213186125558381775512541113611948201944721731356462030356444213186125558381775512541113611948201944721731356462030356444213186125558381775512MZ
L1511131511132215111322115111322151115111322199201952546732214253741665717180073411106451466388787
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
412131119-22019-6578140376033555633863223740220111044850848412131119-22019-6578140376033555633863223740220111044850848412131119-22019-6578140376033555633863223740220111044850848412131119-22019-6578140376033555633863223740220111044850848412131119-22019-6578140376033555633863223740220111044850848412131119-22019-6578140376033555633863223740220111044850848MZ
L1511131511132215111322115111322151115111322199201952546732214253741665717180073411106451466388787
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
161213231910201962238378726553832335724046204241144245017741612132319102019622383787265538323357240462042411442450177416121323191020196223837872655383233572404620424114424501774161213231910201962238378726553832335724046204241144245017741612132319102019622383787265538323357240462042411442450177416121323191020196223837872655383233572404620424114424501774MZ
L1511131511132215111322115111322151115111322199201952546732214253741665717180073411106451466388787
Project1
O\9'C
ziSU5I%
AO:O3f
DesertAttack
GmbrGaara
$.' ",#
(7),01444 '9=82<.342
!22222222222222222222222222222222222222222222222222
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
3PG<^dL
[#yG>'Moj
M'4#%tn[V:
XhWz=p6V
>}+| |Zo
8`FqCI
sO%<<g&[`
KRg,Az
z+Zyp)m<EiRAon
';?j]{L}6
\kc<!*&3`p:nI^
NOkrhnGUzqk
Vk.Rtc
xrG wW?5
j)6hsb
$hgHH"`12p>XaF8v
iOhRI"
]dX2mvq
KAL["-
txwyt,jz
izy+R*>EA#
i+hw:[l.Fq
0xWNHd[hW
?-f}RIAvFA
~=k&Lck7I3
@S0};YYZ
Z44ZB"V-\}
^:C,Vur
hP]nc4
~s_8s\
y,QB/\
[)B<1n
eclO?J<g
H$wX%e8}
sz. VDVV
Q:+/TH
:M-\So-aP
:i;+5xB
i,o,7q }
,;YJl-Kv
"3_\(! Fn
t)7RVG]
P2I+D:Rk
[]t=6Z%Yyr
2s[;c`h
z ^+BT
3(rXylo
Yrs^wpE
\hK<3_]V>Z
Jf]9lABCmiP6i%W
,Q$x_:D
| ;V"+d
[hX2<13y
^+%xqPJ
U(S#jUKf
qE#YvBH]
~{@T`N.2q}
f3R]L}JI`H/
ZCMkY<I
p7BU2Z97mb`Z
NJ\wyybv
QE&Fq@
i|/tVhb`#C[
cwoy/9."l1?
${f{K WC
xP1]Dy
RM{Yh:d:v
d|9a2;
p_9IkME
Zo'N(kO
,Yb}=jT~_
#,WR}+
e]2&'&L
Esv`YQ'
Zv}&.g
6uHd1'c
EIu>bq
R[-E.f=X'<)e
[MFA?<Wi?
mR5u"F<
8'k:OcZRnXy~>{
5uuvR0IX
^xT"7Afs\N0
}OWfu;K('+
4mb4{}D
U{j${?
"$c9OU
vVl7_xVauHD
Utx_EG=R
EwC7<Ij'[
LNu_Z[
('QK18
FM]|ik6i5%cjA
O&M)BA[$Y
~62u{Z'se}f
=AW"d_yjYG
/I.{^b
RH/,na
d]R}" k
Gj'N%~
uNbS# \
()jdn%p
|'v._G?
p7/=1;z9_
0~iaW^<
XY(-~RTrx?w
y7p'v-[Ou
)b^>ze(I),GP*gs&Am5 L)
jm3D5;
e.gy<v
tk(m-"H
WK.l#R]d
F"Ij~Dpc
F :UMN
Q^DOFBI
+|1>5jO:3G24
s/GPjR~l
&o{pFG?PMzY
hSW4)Hm
dO/7e2
%,iYK
}iB|U!O
;QgKImIi"p
i@>`9]O=
I?0>;;d$5;7dA
1' zWxl:6
zab_8"u-|
O9<WpH
3HTMGJK
7:nJC,
>VMvVyY
AK@E{G
c#xzCw>E
+nwa0[v#NA
Q\gNybq^
V6'pHplp Nk
_$fKwCols
Syx$u!*
ZMs-YQ
aN3d~yS*]rz
'V{YY#y
^0OQMv
x{]VGc
;/0)X^y
.6xUcpC5
)Ij]Ft5
1)**waE
<Wgq(71
@$q_&U.
9>oAA}
&l*7c^rzZ^H70P
|i7Krp
^~2jSr*J
n*@S5cB
}KGu#Fgg;\O
Zp:qOu':$
j5V\kSO
I8Sw|UVO=R\mG9
N4*Gw#1
][<QwQ
s7YtGwk$c"$`
~K6x$~4
A qWxwV=
TN6v4BM"@
hCCmGRV
Hl}NymtiW)
UFl' 2E5^|
]5~}t^Kq
\k:yc7W
CUc&yWV%9c
1I5++VNP}1
g55'K{Ki!8I}
XsTN<.
=1KV@QE
I%n"%,
?)nB~:cb
Ko`W,9
799>d Q;
?3]Dn,
0qE+}I@
=#PVeHSP0
12SFEI\wjM
{3nE9BWWc@
bFlxW_\H<6e
RA+Zs$
yo:<o 0?\sSr
Cw<pB#
=MGmt(\
[B2K~X^'Sb*w
\$y(x<)SkOaZ:Ot
EIo_[?<~u
`+N=SLdK
3`r; &dGWF
*@I_'^.W
~?*#W7C
S%}1WtF
%%Xd8Pb
jPq@ |C:M
EkhuD-=
!F/S,q
oOgR3ql!
u+k<mOIw~
t`_-dg
fqF*G-k{CF
1IWu8V+?u(
;9.dd E
xfx[Q0d{w$s
SKl'|R
CK2r$MF#H
9856{e
#px=Edk
I*0qbs
vUAB_NUkSp
~\u:1D[>
"Gk4U>[+1U
NO@ yi
Ws$ tt9
61_ZOk P*k
IP0?Pk
i>-}~e#
{N[,U}
Z56I2/
Ve[V3hm
U=M%YkK!,
:R}l1:o
-fsG_9A3A*
R:+JVXu[3}
`sK^m4^3
Rx5`ki
FgFGu>
&_AXCym*
k.r1wh1++?i
VR-FCO
}fB~O55
^+|pvR?
.'Pse'$4
?Znn"YcQ\(2:` (
y }Mo+E0O+=
ULO_mU
%?b2b9]
k|1*3K
7[p^A081
{E;Ql\2%;}j{HTII<X>3-o[E3Ln
YuFVX-,&
3U*FcRRB=@?geh&{
^'=82"
N5(4rCp~\Rn|
i%fn[L)9j
>o8i]C
yMtDfgR
p_f>0X
*T M_zJ[
xI6Z I
|Kw}P%
p1_A~wSl0G
-!PF)X
#~8#rtD
Tv\Np~U
6 ~"+KGch%?C
?h}1n|
cRB7(>J~
R)SfFD:
||.<kn
j;0UQ q
c$%~f<)$T
3* $^~
biGoTe
_WOZuQ
\X.hOC*VV5
^/tk ,5b
q;*}_`ivoum"o,@N
M>W%.L$}v
^!BG5i5
]E"%1C4
(\aI'?
quK_:+r@k
h:]i?j!u:
cVA<Z]{
Mh1Rw+wl,
[Iea{u
U0P=>7"B
]'KI C
;1UIn'H
EAeXR3
I;d5.J%
nZ#(e AFEr
;fDZ^c
Foqi3750
2#`N9^U1_\O
%UfmcT
R2~XqZ
C`q4H9=
XtPtsZL
m2; 4k'=v
R$("0F
&5'U,-g
fnW.R ,y3
;I%/,u
yj$bq~
i['T-5i
Qsj60kBn g
^_|}Nx-{7v
HRmfk87
Id>tn.A<
W^gisPiC5
h; /FuE
qwV6[oo
|@^Y8TPq9#p
8VFGsntEs
%-b,OF4|3
.{[C{Pu
C%wM2+o2>P
/|ZoC5Vi
fK]NfG-
SRK=VuV
yFjRj*=m9s
L]~$tq*
\v}?so
u=[F^;}
8LmOTY2
{zum(x
fm8N^}NnJ:
rrOkLomB*9
/#}~~e
u&Sq9 *
hx[>`~i Op
ox{H, [B
7M4>- @
j(.,J&
:`dKE+a[
C[!4;Rb%
~'Rj*i]
@A Sf`T
%i{{s#wc
Tr\#K{/t
Xf)ad;~1y
|TQI9lt(#
Oo|NJi
mm3K;9
[%buI6 x
#1,A8c
]XKMo$7
5Xm%|Y%
V9:v?5 &tu
M}5P xU
ov6=/k
z3vT&w2N2[
H&\h)<;gooi
:~tzjw
DypX()E
V*|@Kbm
$1zrXL
_)7%K!
$<Wo/;]
8$gZoI
svC/No?
zqDKa_
W n3Zs^
WZ$6Dl
(8XRi]).
b].u2@;"P
'T[XyA%Td;Tp:p:
2w]n$!
?)=xUu/
xW6HAl
zs_N*Sx'\
w*WQs}
o:sZuj2V
;H |!7uMT[-K
C1cnsp
Ckj^=AGa
px>4hEI
8;=o*J
*I+J!h:d
!H.nDv
{t2{67
]Z-/H>{(bd
/quXmlr
UUFc<bE
EJ2A?0F23=1Umh
jZ>q,8wpN
Vk4VS8
3zR1(f
^B`K3 U
k/;^k)4&2CB"a_
n\E9'c
t9._MZJ'z
?$lmJm
h4F6`p6
N}1NWQ^Mm
R#x,r2
wA]KlwqpTH
pg}oq$/$/
;<VIst
Z{|j}$
KHK0UU
>QKvLurKy<E
<mVH2R="h_
]Z-/H>{(bd
m^NC$,kE-I
GLM%y)}7k
_Em,ZHpn.`O-8t
N>nSTS^
#*ZBQHCJ
Ayd1wW
bx7[\*)oeu=A
%-lJbPf$m
WMOWe=
!6E@p1
fb3>`"k
msP!GU.
=u4n/.
{vFQpO
2=M{B,WZ
/Qn9]n
58<7\kBKo
Q-%|a}wVSze
3GWbhQ
-mkQG=i
WZMwm4yi79$v|mI8\2z};k^[yQhIn]MI@
o-]%*Zk=
|nhPppGc*ZMY;j|cU
~xoqp/q
P,5kSkY[^[
Qi&ivV
I{X\'--$Vw
'9Q9QESwV%+j|]
*|?<xVE>[
=z_ <?
;]BK[hnm
Mn[x7w1oGx4rc
^)}"y_I23mW=}r8hp
.=:r396F
:n-KO4_
I?+vO<`p=Y,l
?oRNk4
YY{H[5iI
?2;2{v_
|kzcVfB(X%
CLPKyuq
[YbHC%
I"dm"8
[d~:gh
OM?yI&
~$|SZMijl
3T|).n
H;n/u>c
8uToyA }%
@&pGu=Of
y#1>Dv
2<SV|g(5H&y
gyV<{x]
> \^jP/
{w];8?m
j)Yfq`t_^i~
;|_5-1d+o
~%G{M?>
2^iy]>A
IhzF.X
[t~:gh
-l2D-%.2
N';i,y
N2xTvA+
I)wq%e`)
KazakageSearch
lstDir
GaraKazekage
TimerSebarkanDiri
O\9'C
VB5! *
Kazekage
GaaraTheKazekage
Project1
.......................................................................................................................................................................................................................................................................
Jantung
Moonster
Pemusnah
Penyebaran
Penyerangan
Project1
SU5I%
TO\9'C
zi^^znM&KW
lstDir
+3qC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
GmbrGaara
TimerSebarkanDiri
GaraKazekage
KazakageSearch
DesertAttack
kernel32
GetSystemDirectoryA
SetFileAttributesA
wininet.dll
InternetGetConnectedState
kernel32.dll
GetWindowsDirectoryA
DeleteFileA
advapi32.dll
GetUserNameA
UserAktif
KillAV
VBA6.DLL
FindWindowA
FindNextFileA
+3q"=h
user32
SendMessageA
FindWindowExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
EnableWindow
9 `
FindFirstFileA
FindClose
CopyFileA
GetFileAttributesA
GetDriveTypeA
0 0
0 0
0 0
0 0
0 0
0 0
0 0
9
9 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
0 ~
9 0 R
0 ~
0 ~
0 ~
0 0
9 0 R
& 9
& 9
0 0 \
0 0 =
0 0 \
0 0 \
0 0 =
0 0 \
9 0 R
& 0 R
9 `
9 `
9 `
9 `
9 `
9 9
0 0 R
0
9 0 R
9 0 R
9
9
0 0 \
0
0
0
0
0
0 0 \
0
0 0 \
0 0 \
0 9
9 `
9 `
9 `
9 `
t\/X5d
t\/X5d
1x/p5L
hXlhltG
>lpltCl
$`1x/l6
hXlhltG
>lpltCl
$`1x/l6
T`1x5T
0`1h50
0`1h50
0`1h50
lllh*1l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
qh<lll
Xlhqp/l
pXldqt/l
ld#l*FTlh
pXldqt/l
ld#l*FTlh
q4<l4q<
*#$l(*#
' %lhH
lx>\#t*#llp*#h
xtlph\X6
lx>p#t*FX
lx>p#t*FX
lx>\#t*#llp*#h
xtlph\X6
lx>\#t*#llp*#h
xtlph\X6
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
t`/x5X
l|\<,L
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
lhld*1h
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
l4ll^:
qh<lhqx2
FP]/@ 0
F`]/P @
Fp]/` P
F]/p `
F0]/
@0 P@0
*#Tl*#P
TPd`\X)
qh<lht
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
ld>T#`*#\
#`*FDl2
1`>`#d
1`>`#d
d`X\T`6
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
F<,`$ld
*#\l`*#X
d\`XT`PTL($)
*#\l`*#X
d\`X`T)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
#`*Pld
*#\l`*#X
d\`XT`TP)
ld>T#`*#\
ld>T#`*#\
pXl>#3lp
pXl>#32
lp>#,*#
#*#lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
lp>#,*#
\<,|\lL<
\<,|\lL<
\<,l|\L,<
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4`,l
`X\T0,)
FD4Tl>0#*#X
`\XT06
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
#*#`l>\#*#
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>`#*#l*#
td>\FD4
l>#*FX
l>#*FX
zZcf7'
tXl,>$#(32
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
#0*#(>
#$*# >
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
lt> #0*#(
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
>$FT40
RsPstPs
Os*Ps1+Ps~DsHDs
PsPsoCsPsxCsDs3|Os|gOs[NDs
Ds]QsibPsnDs`Ps|OsDQDs>BsSHDsIDsJDsqPsOsVOsOs`Os OsOs
MSVBVM60.DLL
MethCallEngine
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ProcCallEngine
.')Okx}[t7E[
- 2($E)$N,-Opz|
}Wl7Hk
,,)cccBBBjjj
-# >'%L!&F14afkpibbfJUtuu}
AAEnnq
*(? ?'!F##F""G=CsPze`~b}g~h_}^_^fzBDj
+!$D'#E' C*&@HMrcy_~`
e><m%!F
$#;<:N@>GMQ^
## D'%E#$G'$A#$C4@\y_^g==n)%M&"A$!D
+#!G95W&%BU\tZ~a{5:g$$B'"C%#B
EDRuwluuXk'$D&"B "C
8=Gmut0.L'"?"$C(!A'&T03`
xwyaqMY)'C"#B&
[ajy**K&%G&#C42{
}|br0=Cn{3.S23y0 S!$Q55=
& %$V`wz7:[$&L*%E;2s
$(+8]h{S_|3<^0,H&$Q
3*%NWSRT^]XauXUz.,n
5 ":)'U=7:=-3^enzw|KMWjo|jumu@>c43|
bbp5.q4-n-+^;:<;8<`]`g@=i;:
?=6*-g;<<8&&>+5?;6
!573v31}5688>=HHatbe8:
=A5GH[41u01w9799963/Yceghqh~-,F7>
<DJ) a6574}98=:}1+ekwdgLOggc8/z
5)$Rzvz
!?97979<24Y1.c`c44T0*Z$&Q"
,1,e+,d:7;8::+-L2.tNKmTYiHGK.1-ef_
.1X*(G$&Q+*j
((W.,f0-t:9::()M5662b77=386
OPTKNfKRq;1x8:y-,N5.v;8
=1+i-+f4296'$J@:-3_~~{[`k$"
GFJBDCTOK
#%{20SJNp96@8@G{<7=9RQ\
\`WMQW;8L)'S'(U1.m55,*a8<42`81cGWlv~$ !KHQPNCz'!
/4:IHh00S@<;;@@87I>
C@g31z32k
7,*])(Y-'U/*i<3x<:81W+)V]b<Hk/=Gglg#$%<7j)+[=:7;97::$%M
:4z32|75>:8860t%*Z-+f@:&.M,-f//\lGLlltAMW
:;3QW[5:6$%+jtq5:u+*V>7;=85-.k22q85\DCL
nls;8k23689;97<78778)+T+*R:8DFm]f8;b~
tzeyq{_o}|+3??9.,[9331}+.m95?@nZZY
0.]4/|85:899::98*,V&#N98:6v*+Y-0`u{89Vw>FWEL`::.,g/2y66
;6GBKOY
lok&%U12s./x66=655'(I)%O6465,*V54oCIi{98^rKEC?S24U<83.s787252x
'&C86:8;6-.j837:*+T'$F94780-W..rA@gv/-`_jabGDhn@>WDOk:1x<:2,o54+,d))`3+a
!E@7;6;.-r/,b@6781,l*&J5/w783.Y,/vKI|Xdy,)g9;^;/J04Q8:;:0.j78=;:895-*w/+\
$#2<;7:=:0/l))`65<:::75w<8e,)i8844c2/o4571I%,UMDYgV^SMLLlh1/[2,T3<O0*l>=;7<6@;998:8:>:?6B<w
$?C]<:97}#!Q()W.-p<7::::..u43x6531w:6z./o0/
,'K'+S75EDuwdhjj[Wl1+i('L63pB6.3{99,,l*,d75?9?A
0.<(*W64:9;;:823w./z8730t:6967554_-&S41
<?MNzyTUr.4[30y*,G0/o74/1u;7:51/u-,`
!:0/y<<9899::11p31v871/y35<:74*(a.([+.k=:@>DJl^e~:2a53w;5..[00v7:21u76}9:<;2/w)(J
0-C,*c9944
++n;88:/0q34:80/v33x::85*)a3.n()_88:8HH77kOTr99]52b20t66><-)d91{6631y11u97=:89-1k
"#K55{32ZST\##BA556t10z<865
1/s30u78;9/,h3/q2/u1/{9798:;=:20t22q86A@A?0.s/0r34{31y41x&*]*)a95|:5+'a
&83T@AK
H:962@931x*,c1.t2.r589610p22x2/y22s54
99:<20{11r65
A>BAA?4600w/,r7112w0)gIJN &/=<W
acrD;99/1l)'j+,a20s21}3/r88961/t<;20{31r32};:<8/+t//t:7AADDA>5644t74j7446:9#&=
95M1+^'"H
0.<*'[25272/x69:64/u>7=711y20z>9=;0,x64z9?ADGCC;;8+0m
*=6y;<00yipv
2)^948522|>4%"U//o9;<887/0z98:86283|=8FA?A7;8;55>;GKN[0+C)('
+%U875687wNOf
80;:;99898=<:;9;96>AFB,-^A=;787
+(g98?<LLa
"<8:<63~$'>85}:8::==JH[X_ab_ $<;598x
:7u99rbdd
y66Pon~74s673.llly*)[@9>BOJ
aef''F
==Q:9;:_
.1TD>MGosu
$ W6<8
22TJEosx
kernel32.dll
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
Pa%i5N23-
Uru4<E
7*Idu9M;
w3_^[r#MV
S7(hu#j
Hu6"
sG*DS,u
[b)+Nq(8V
2z7T2=H
$U^Ynboek
Z`Ca&\.q
y_sT]"
rjxY(X
J>>FA.
@1/ 2H
#hS{@;X
,+KjH@sQ#'7
DuH:- Wt
? P(L&H
%uC0KX@
RIP3EZ
zl> @^
t5;*V0(E
'nPPCx2tMsa^}(K
!Z-'6;2=2 @uV
dT)}&nAH+6J^ |
I--,@h
PWQS r
msvb]f\"
]A<f8Q@2I &ZhlkoM
5kEWo*0+m)
`3Q-vP2X:
[+HAqp
licat@on eqr
u.T>he<cd
%s5lyvn}tAba6idS8DLG5Ld,al J3*WI'c,bus32M'agBoxAwFx3tf
kx8l?ExitPL
GtMT)l
t@Ac&v
P"<SH0&zI
`t$$|$(3
r+|$(|$
|(|Y%B
USQWVRW
ZPR3C
Z^_Y[]
MSVBVM60.DLL
MethCallEngine
rtcAnsiValueBstr
rtcLowerCaseVar
rtcGetYear
rtcRandomNext
rtcRandomize
rtcDoEvents
rtcMidCharBstr
rtcMidCharVar
rtcSpaceBstr
EVENT_SINK_AddRef
rtcUpperCaseVar
DllFunctionCall
EVENT_SINK_Release
rtcShell
EVENT_SINK_QueryInterface
__vbaExceptHandler
rtcSplit
rtcReplace
rtcVarBstrFromAnsi
rtcMakeDir
rtcCreateObject2
ProcCallEngine
rtcBstrFromAnsi
rtcDir
rtcFileLength
rtcFileCopy
rtcErrObj
ThunRTMain
rtcLeftCharBstr
rtcLeftCharVar
rtcRightCharBstr
rtcRightCharVar
rtcGetDayOfMonth
rtcGetHourOfDay
rtcGetMinuteOfHour
rtcGetMonthOfYear
rtcGetPresentDate
rtcGetSecondOfMinute
281213351922201918025815617033235842642617020111684513175035281213351922201918025815617033235842642617020111684513175035281213351922201918025815617033235842642617020111684513175035281213351922201918025815617033235842642617020111684513175035281213351922201918025815617033235842642617020111684513175035281213351922201918025815617033235842642617020111684513175035
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
1�&�'�(�.�2�5�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
:�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�(�
@�@�@�@�@�@�
@�n�g�s�\�A�d�m�i�n�i�s�t�r�a�
@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�@�@�@�@�@�@�@�@�@�@�@�
@�@�@�@�@�@�
@�@�@�@�E�l�P�a�r�a�m�
E�r�r�o�r� �:� �
W�s�c�r�i�p�t�.�S�h�e�l�l�
r�e�g�w�r�i�t�e�
\�s�m�s�s�.�e�x�e�
=�{�2�5�5�9�~�1�
\�G�a�a�r�a�.�e�x�e�
\�c�s�r�s�s�.�e�x�e�
�6�5�5�0�0�
�6�5�5�0�0�
L�o�c�a�t�i�o�n�U�R�L�
6�9�4�-�2�4�
/�.�.�.�.�.�.�.�.�
=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�=�
�:� �2�.�0� �
�(�3�.�0�6� �
:� �1�2�8� �
�(� �5�1�2� �
� �:� �9�.�0� �
� �9�.�0�.�
� �1�0�)�.�
� � � � � � � � � �(� �
2�5�5� �0� �0�
R�E�G�_�D�W�O�R�D�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
R�e�g�D�e�l�e�t�e�
3�2�5�-�1�1�
1�-�0�8�0�0�2�
1�0�3�1�8�}�\�
7�-�0�8�0�0�2�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�4�0�9�0�4�B�0�
C�o�m�m�e�n�t�s�
h�t�t�p�:�/�w�w�w�.�n�a�r�u�t�o�g�a�m�e�s�.�c�o�m�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e�-�G�a�m�e�s�-�A�c�t�i�o�n�
P�r�o�d�u�c�t�N�a�m�e�
G�a�a�r�a� �T�h�e� �K�a�z�e�k�a�g�e� �B�y� �:� �P�a�r�a�y�s�u�t�k�i� �V�M� �C�o�m�m�u�n�i�t�y�
M�i�s�s�i�o�n�
D�e�s�t�r�o�y� �H�o�k�a�g�e�F�i�l�e�,� �K�S�p�o�o�l�d�,� �A�u�t�o�i�t�V�3�,� �A�u�t�o�r�u�n�e�r�,� �B�l�u�e�F�a�n�t�a�s�i�,� �S�y�s�,� �V�B�S�v�i�r�,� �P�o�r�n�F�i�l�e�,� �a�n�d� �K�i�c�k� �A�n�b�u�-�T�e�a�m�-�S�a�m�p�i�t�
F�i�l�e�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
0�6�.�0�1�.�2�0�0�8� �(�A�)� �U�p�d�a�t�e�
I�n�t�e�r�n�a�l�N�a�m�e�
K�a�z�e�k�a�g�e� �W�a�s� �H�e�r�e�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
K�a�z�e�k�a�g�e� �G�a�m�e�s� �A�c�t�i�o�n�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
�K�o�t�a� �C�a�n�t�i�k� �-� �P�a�r�a�y� �C�i�t�y�
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
K�a�z�e�k�a�g�e� �o�f� �t�h�e� �S�a�n�d�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Process Tree
- 0cc97dcf54fda0f66acc7b08ca20a3a93be4277bb197d3a4183efc9782887de7.exe (1932) "C:\Users\Administrator\AppData\Local\Temp\0cc97dcf54fda0f66acc7b08ca20a3a93be4277bb197d3a4183efc9782887de7.exe"
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 1c9c1c08a851ed8f_28-9-2024.exe |
|---|---|
| Filepath | C:\Windows\SysWOW64\28-9-2024.exe |
| Size | 746.1KB |
| Processes | 1932 (0cc97dcf54fda0f66acc7b08ca20a3a93be4277bb197d3a4183efc9782887de7.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed |
| MD5 | deb870d6debae3aef7816d2bfc75c74d |
| SHA1 | 6f967437dbb5077ccc6f7ff190261450bd7562a1 |
| SHA256 | 1c9c1c08a851ed8f2e8b12713e4946e7db34dd9a3dfd9e68d454039aa7b5ace1 |
| CRC32 | 19372E9A |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.